anoniem Geplaatst: 14 september 2007 Delen Geplaatst: 14 september 2007 Ondanks mij virusscanner heb ik een probleem. Tijdens het opstarten worden er mails uitgegooid, die de scanner tegenhoudt. Dit is mijn Hijacklog Het likt me iets met het bestand cmbpk32a.dll, maar het kan niet gefixed worden. Wie wil er naar kijken en mij helpen? Logfile of HijackThis v1.99.1 Scan saved at 11:07:03, on 14-9-2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Creative\TaskBar\CTLTray.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCLauncher.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\WINDOWS\System32\cidaemon.exe C:\WINDOWS\System32\cidaemon.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\System32\inetsrv\DavCData.exe C:\Program Files\Norton AntiVirus\OPScan.exe C:\Documents and Settings\Piet\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1FB357EC-9647-464A-98DD-321A5EE1EF89} - c:\windows\system32\cmpbk32a.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe" O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adapter Utility.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office\OSA9.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing) O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing) O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) - http://www.zugmap.ch/richtplan3d/pages/plugin/gvista30161.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0 O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab O16 - DPF: {AE4CEC9D-C836-4579-829B-4C345101B3B9} (GVista Terrain Renderer) - http://www.dilas.ch/plugin/gvista/gvista2709.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68 O17 - HKLM\System\CS1\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: suxoukao - C:\WINDOWS\SYSTEM32\cmpbk32a.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Routing Protect Access (DATEING) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing) O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Digital Media Adapter Application Loader Service (XWPCApplicationLoaderService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe O23 - Service: Digital Media Adapter Host Service (XWPCHostService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe Quote Link naar reactie
0 anoniem Geplaatst: 14 september 2007 Auteur Delen Geplaatst: 14 september 2007 Voer de volgende acties eerst uit: Klik op Start -> (Settings) -> Configuratiescherm -> Software en verwijder het volgende programma: [b:38d40d4ebd]Hotbar Web Tools by Hotbar ShopperReports [/b:38d40d4ebd] Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:38d40d4ebd] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing) [/b:38d40d4ebd] Klik op 'Fix checked' om de items te verwijderen. Open de verkenner ("Mijn Computer") en kies [b:38d40d4ebd]Extra[/b:38d40d4ebd] -> [b:38d40d4ebd]Mapopties...[/b:38d40d4ebd] Controleer onder [b:38d40d4ebd]Weergave[/b:38d40d4ebd] de volgende instellingen: Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen) Uitzetten: Extensies voor bekende bestandstypen verbergen Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP) Selecteer: Verborgen bestanden en mappen weergeven Verwijder de volgende directories: C:\Program Files\[b:38d40d4ebd]ShopperReports\Bin\[/b:38d40d4ebd]\ plaats een nieuw HJT logje aub. gebruik dan wel deze versie aub. http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe Quote Link naar reactie
0 anoniem Geplaatst: 16 september 2007 Auteur Delen Geplaatst: 16 september 2007 Bedankt voor je tijd. De programma's [b:9ac3c42f9f]Hotbar Web Tools by Hotbar ShopperReports [/b:9ac3c42f9f] komen niet voor in de lijst van software. Het probleem is, dat zodra ik de netwerkkabel aansluit mij PC mail gaat verzenden en Norton deze gaat scannen het zijn er wel honderden per minuut. Ik kan dus af en toe een netwerkverbinding maken. De bestanden cmpbk32a.dll hqfezmcm.dll adsiisexm.dll en divx-xx0.dll zijn aangemaakt vlak voordat de problemen begonnen en zijn ook niet in veilige modus te verwijderen. Hier is een nieuwe log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:24:40, on 16-9-2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Creative\TaskBar\CTLTray.exe C:\Program Files\Creative\TaskBar\CTLTask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCLauncher.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\WINDOWS\System32\cidaemon.exe C:\WINDOWS\System32\cidaemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1FB357EC-9647-464A-98DD-321A5EE1EF89} - c:\windows\system32\cmpbk32a.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe" O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-21-583907252-706699826-682003330-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Ellen') O4 - HKUS\S-1-5-21-583907252-706699826-682003330-1006\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe (User 'Ellen') O4 - HKUS\S-1-5-21-583907252-706699826-682003330-1006\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (User 'Ellen') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adapter Utility.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office\OSA9.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing) O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing) O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) - http://www.zugmap.ch/richtplan3d/pages/plugin/gvista30161.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0 O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab O16 - DPF: {AE4CEC9D-C836-4579-829B-4C345101B3B9} (GVista Terrain Renderer) - http://www.dilas.ch/plugin/gvista/gvista2709.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68 O17 - HKLM\System\CS1\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68 O20 - Winlogon Notify: suxoukao - C:\WINDOWS\SYSTEM32\cmpbk32a.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Routing Protect Access (DATEING) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing) O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Digital Media Adapter Application Loader Service (XWPCApplicationLoaderService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe O23 - Service: Digital Media Adapter Host Service (XWPCHostService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe -- End of file - 13819 bytes Quote Link naar reactie
0 anoniem Geplaatst: 16 september 2007 Auteur Delen Geplaatst: 16 september 2007 Ga naar [b:04175a270d]Start[/b:04175a270d] - [b:04175a270d]Uitvoeren[/b:04175a270d] en tik in: [b:04175a270d]notepad.exe[/b:04175a270d] Klik op [b:04175a270d]OK.[/b:04175a270d] Ga in Kladblok naar Opmaak, en haal het vinkje weg voor [b:04175a270d]"Automatische terugloop".[/b:04175a270d] Sluit Kladblok terug af. Download [url=http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe][b:04175a270d]Combofix[/b:04175a270d][/url] naar je Bureaublad. Dubbelklik [b:04175a270d]Combofix.exe[/b:04175a270d] Volg de instructies, aanvaard de disclaimer door [b:04175a270d]1[/b:04175a270d] (continue) te typen gevolgd door [b:04175a270d]ENTER[/b:04175a270d].Tijdens het runnen van de fix, [b:04175a270d]NIET[/b:04175a270d] in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log [b:04175a270d]combofix.txt[/b:04175a270d] openen. Plaats dit log in je volgende post aan het einde van de fix. <<<< Plaats ook een nieuw HijackThis logje aub. NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren. Quote Link naar reactie
0 anoniem Geplaatst: 16 september 2007 Auteur Delen Geplaatst: 16 september 2007 Bij het opnieuw opstarten van de PC liep Combofix vast. Ik heb het programma nogmaals uitgevoerd. Hier de logjes. ComboFix 07-09-13.3 - "Piet" 2007-09-16 15:06:21.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.0.1252.1.1043.18.111 [GMT 2:00] . (((((((((((((((((((( Bestanden Gemaakt van 2007-08-16 to 2007-09-16 )))))))))))))))))))))))))))))) . 2007-09-16 13:23 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-16 12:22 <DIR> d-------- C:\Program Files\Trend Micro 2007-09-16 11:58 123,904 --a------ C:\WINDOWS\system32\hqfezmcm.dll 2007-09-13 16:16 123,392 --a------ C:\WINDOWS\system32\hqfezmcm1.dll 2007-09-13 16:11 <DIR> d-------- C:\WINDOWS\system32\AppCert 2007-09-13 16:10 87,552 --a------ C:\WINDOWS\system32\adsiisexm1.dll 2007-09-13 16:10 82,432 --a------ C:\WINDOWS\system32\cmpbk32a.dll 2007-09-13 16:10 81,920 --a------ C:\WINDOWS\system32\cmpbk32a2.dll 2007-09-13 16:08 57,856 --a------ C:\WINDOWS\system32\divx_xx0.dll 2007-09-11 23:25 <DIR> d-------- C:\DOCUME~1\Ellen\APPLIC~1\Magic Academy 2007-08-24 21:46 <DIR> d-------- C:\DOCUME~1\Piet\APPLIC~1\dvdcss 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\Shared 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\Incomplete 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\APPLIC~1\LimeWire 2007-08-22 11:58 <DIR> d-------- C:\Program Files\LimeWire 2007-08-22 11:22 0 --a------ C:\WINDOWS\system32\oSbkpg71.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-14 15:40 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-09-11 23:25 --------- d-------- C:\Program Files\Zylom Games 2007-09-11 23:25 --------- d-------- C:\DOCUME~1\Ellen\APPLIC~1\Zylom 2007-09-09 12:19 --------- d-a------ C:\DOCUME~1\Piet\APPLIC~1\SopCast 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\vlc 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Syntrillium 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Symantec 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\ShopperReports 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Real 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\ppStream 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\PPLive 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\MSN6 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Microsoft Web Folders 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Lavasoft 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Kazaa Lite 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\InterTrust 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Help 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Google 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Creative 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Azureus 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Apple Computer 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\.ABC 2007-08-12 23:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games 2007-08-12 20:23 --------- d-------- C:\Program Files\iTunes 2007-08-02 15:41 --------- d-------- C:\Program Files\PokerStars 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll . ((((((((((((((((((((((((((((( snapshot_2007-09-16_142320.92 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 78,786 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc009.dat ----a-w 96,318 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc013.dat ----a-w 454,114 2007-09-16 13:03:16 C:\WINDOWS\system32\perfh009.dat ----a-w 514,440 2007-09-16 13:03:17 C:\WINDOWS\system32\perfh013.dat ----a-w 32,768 2007-09-16 12:57:42 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat ----a-w 16,384 2007-09-16 12:57:42 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat ----a-w 32,768 2007-09-16 12:57:42 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat ----a-w 208,012 2007-09-16 13:01:47 C:\WINDOWS\system32\inetsrv\MetaBase.bin ----atw 16,384 2007-09-16 12:58:03 C:\WINDOWS\Temp\Perflib_Perfdata_2a4.dat . ----a-w 78,786 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc009.dat ----a-w 96,318 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc013.dat ----a-w 454,114 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh009.dat ----a-w 514,440 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh013.dat ----a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat ----a-w 16,384 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat ----a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat ----a-w 208,012 2007-09-16 11:41:19 C:\WINDOWS\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB357EC-9647-464A-98DD-321A5EE1EF89}] 2007-09-16 11:58 82432 --a------ c:\windows\system32\cmpbk32a.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTStartup"="C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.exe" [2001-06-04 01:00] "CTHelper"="CTHELPER.EXE" [2003-10-06 15:57 C:\WINDOWS\system32\CTHELPER.EXE] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-24 10:04] "nwiz"="nwiz.exe" [2004-03-24 10:04 C:\WINDOWS\system32\nwiz.exe] "TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2003-09-14 16:26] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-24 10:04] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 12:38] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-25 19:07] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-08 19:16] "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 17:32] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14] "NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 11:50] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-18 00:20] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-21 17:22] "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-08 12:23] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-22 22:28] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 14:00] "NOMAD Detector"="C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" [] "TaskTray"="C:\Program Files\Creative\TaskBar\CTLTray.exe" [2001-06-29 01:00] "TaskBar"="C:\Program Files\Creative\TaskBar\CTLTask.exe" [2003-05-30 01:00] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 19:30] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] @= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\suxoukao] cmpbk32a.dll 2007-09-16 11:58 82432 C:\WINDOWS\system32\cmpbk32a.dll R0 PrecSim;PrecSim;C:\WINDOWS\System32\DRIVERS\precsim.sys R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\System32\DRIVERS\DcCam.sys R2 A4SII300;A4SII300;C:\WINDOWS\System32\drivers\A4SII300.SYS R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\System32\drivers\dcfs2k.sys R2 rvymvtzo;Creative SoundFont Management Device Support;C:\WINDOWS\System32\svchost.exe -k netsvcs R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\System32\inetsrv\inetinfo.exe R2 XWPCApplicationLoaderService;Digital Media Adapter Application Loader Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe R2 XWPCHostService;Digital Media Adapter Host Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\System32\DRIVERS\itchfltr.sys R3 MTD80X;100/10M Ethernet PCI Adapter;C:\WINDOWS\System32\DRIVERS\feand5.SYS S0 ElbyVCD;ElbyVCD;C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys S1 Exportit;Exportit;C:\WINDOWS\System32\DRIVERS\exportit.sys S2 DATEING;Routing Protect Access;C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\PIJFEQ22.DLL,Export 1087 S2 G11AV;Trust 610 LCD POWERC@M ZOOM, Webcam mode;C:\WINDOWS\System32\Drivers\G11av.sys S3 DcFpoint;DcFpoint;C:\WINDOWS\System32\DRIVERS\DcFpoint.sys S3 DcLps;Legacy Polling Service;C:\WINDOWS\System32\DRIVERS\DcLps.sys S3 DcPTP;dcptp;C:\WINDOWS\System32\DRIVERS\DcPTP.sys S3 SNCT511;PC Camera (6005 CIF);C:\WINDOWS\System32\DRIVERS\snct511.sys S3 USBCamera;Digital Still Image Capture;C:\WINDOWS\System32\Drivers\Bulk533.sys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs rvymvtzo License . Inhoud van de 'Gedeelde Taken' map "2007-09-13 22:00:01 C:\WINDOWS\Tasks\At1.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 07:00:00 C:\WINDOWS\Tasks\At10.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 08:00:00 C:\WINDOWS\Tasks\At11.job" "2007-09-14 09:00:00 C:\WINDOWS\Tasks\At12.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 10:00:00 C:\WINDOWS\Tasks\At13.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 11:00:00 C:\WINDOWS\Tasks\At14.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 12:00:00 C:\WINDOWS\Tasks\At15.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 13:00:00 C:\WINDOWS\Tasks\At16.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 14:00:00 C:\WINDOWS\Tasks\At17.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-13 15:00:01 C:\WINDOWS\Tasks\At18.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-13 16:00:00 C:\WINDOWS\Tasks\At19.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-13 23:00:01 C:\WINDOWS\Tasks\At2.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-13 17:00:00 C:\WINDOWS\Tasks\At20.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-13 18:00:00 C:\WINDOWS\Tasks\At21.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-13 19:00:00 C:\WINDOWS\Tasks\At22.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-13 20:00:01 C:\WINDOWS\Tasks\At23.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-13 21:00:01 C:\WINDOWS\Tasks\At24.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-13 22:00:01 C:\WINDOWS\Tasks\At25.job" "2007-09-13 23:00:01 C:\WINDOWS\Tasks\At26.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 00:00:00 C:\WINDOWS\Tasks\At27.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 01:00:00 C:\WINDOWS\Tasks\At28.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 02:00:00 C:\WINDOWS\Tasks\At29.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 00:00:00 C:\WINDOWS\Tasks\At3.job" "2007-09-14 03:00:00 C:\WINDOWS\Tasks\At30.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 04:00:00 C:\WINDOWS\Tasks\At31.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 05:00:00 C:\WINDOWS\Tasks\At32.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At33.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 07:00:00 C:\WINDOWS\Tasks\At34.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 08:00:00 C:\WINDOWS\Tasks\At35.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 09:00:00 C:\WINDOWS\Tasks\At36.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 10:00:00 C:\WINDOWS\Tasks\At37.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 11:00:00 C:\WINDOWS\Tasks\At38.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 12:00:00 C:\WINDOWS\Tasks\At39.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 01:00:00 C:\WINDOWS\Tasks\At4.job" "2007-09-16 13:00:00 C:\WINDOWS\Tasks\At40.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 14:00:00 C:\WINDOWS\Tasks\At41.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-13 15:00:01 C:\WINDOWS\Tasks\At42.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-13 16:00:00 C:\WINDOWS\Tasks\At43.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-13 17:00:00 C:\WINDOWS\Tasks\At44.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-13 18:00:00 C:\WINDOWS\Tasks\At45.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-13 19:00:00 C:\WINDOWS\Tasks\At46.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-13 20:00:01 C:\WINDOWS\Tasks\At47.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-13 21:00:01 C:\WINDOWS\Tasks\At48.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 02:00:00 C:\WINDOWS\Tasks\At5.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 03:00:00 C:\WINDOWS\Tasks\At6.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 04:00:00 C:\WINDOWS\Tasks\At7.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 05:00:00 C:\WINDOWS\Tasks\At8.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At9.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-07 18:01:08 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - Piet.job" - C:\PROGRA~1\NORTON~1\Navw32.exe . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-16 15:13:32 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run???w????\???????w^?s$????>?wH ?w???????w*??w4???U??w4???????D8?s4???????|92?????\???\????????H?s????-A?w?????_?wc_?w\???\?????????_????? Z?w\???\??????s????\??????s\???`92?d??s`92? Z?w???????s??? HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background?g scanning hidden files ... ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\MySql] "ImagePath"="C:/mysql/bin/mysqld-nt.exe" . Completion time: 2007-09-16 15:41:02 C:\ComboFix-quarantined-files.txt ... 2007-09-16 15:39 C:\ComboFix2.txt ... 2006-10-27 21:29 . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:47:35, on 16-9-2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Creative\TaskBar\CTLTray.exe C:\Program Files\Creative\TaskBar\CTLTask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCLauncher.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\System32\cmd.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1FB357EC-9647-464A-98DD-321A5EE1EF89} - c:\windows\system32\cmpbk32a.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe" O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adapter Utility.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office\OSA9.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) - http://www.zugmap.ch/richtplan3d/pages/plugin/gvista30161.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0 O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab O16 - DPF: {AE4CEC9D-C836-4579-829B-4C345101B3B9} (GVista Terrain Renderer) - http://www.dilas.ch/plugin/gvista/gvista2709.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68 O17 - HKLM\System\CS1\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68 O20 - Winlogon Notify: suxoukao - C:\WINDOWS\SYSTEM32\cmpbk32a.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Routing Protect Access (DATEING) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing) O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Digital Media Adapter Application Loader Service (XWPCApplicationLoaderService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe O23 - Service: Digital Media Adapter Host Service (XWPCHostService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe -- End of file - 13163 bytes Quote Link naar reactie
0 anoniem Geplaatst: 16 september 2007 Auteur Delen Geplaatst: 16 september 2007 Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list][b:10863da97e][color=blue:10863da97e] Collect::[9] C:\WINDOWS\system32\hqfezmcm.dll C:\WINDOWS\system32\hqfezmcm1.dll C:\WINDOWS\system32\divx_xx0.dll C:\WINDOWS\system32\adsiisexm1.dll C:\WINDOWS\system32\cmpbk32a.dll C:\WINDOWS\system32\cmpbk32a2.dll C:\WINDOWS\system32\oSbkpg71.exe Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB357EC-9647-464A-98DD-321A5EE1EF89}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\suxoukao] [/b:10863da97e][/color:10863da97e] Sla dit op op je Bureaublad als [b:10863da97e]CFScript.txt[/b:10863da97e] Sleep [b:10863da97e]CFScript.txt[/b:10863da97e] in [b:10863da97e]ComboFix.exe[/b:10863da97e] zoals getoond in onderstaand voorbeeld : [img:10863da97e]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:10863da97e] Dit zal [b:10863da97e]ComboFix[/b:10863da97e] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:10863da97e]Combofix.txt[/b:10863da97e] in je volgende antwoord samen met een nieuw HijackThislogje. Aanvullend zal ComboFix een gezipt bestand op je Bureaublad plaatsen, met de naam [b:10863da97e][4]-Submit_Date_Time.zip[/b:10863da97e] Tevens wordt na afloop van de scan een venstertje met de titel "Submit files for further analysis" geopend, klik op [b:10863da97e]OK[/b:10863da97e] om de upload-pagina te openen, [b:10863da97e]kopieër[/b:10863da97e] de vetgedrukte padbeschrijving op deze pagina, [b:10863da97e]en plak[/b:10863da97e] het in het invulvenster. Klik op [b:10863da97e]Send File[/b:10863da97e]. :wink: Quote Link naar reactie
0 anoniem Geplaatst: 16 september 2007 Auteur Delen Geplaatst: 16 september 2007 Aangezien er een probleem was met het combpscript, heb ik het een tweede keer uitgevoerd en opgestuurd om 17.25.. Hier de nieuwe logjes. ComboFix 07-09-13.3 - "Piet" 2007-09-16 17:25:16.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.0.1252.31.1043.18.113 [GMT 2:00] Command switches used :: C:\Documents and Settings\Piet\Bureaublad\CFScript.txt * Created a new restore point . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\cmpbk32a.dll . (((((((((((((((((((( Bestanden Gemaakt van 2007-08-16 to 2007-09-16 )))))))))))))))))))))))))))))) . 2007-09-16 13:23 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-16 12:22 <DIR> d-------- C:\Program Files\Trend Micro 2007-09-13 16:11 <DIR> d-------- C:\WINDOWS\system32\AppCert 2007-09-13 16:10 82,432 --a------ C:\WINDOWS\system32\cmpbk32a.dll 2007-09-11 23:25 <DIR> d-------- C:\DOCUME~1\Ellen\APPLIC~1\Magic Academy 2007-08-24 21:46 <DIR> d-------- C:\DOCUME~1\Piet\APPLIC~1\dvdcss 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\Shared 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\Incomplete 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\APPLIC~1\LimeWire 2007-08-22 11:58 <DIR> d-------- C:\Program Files\LimeWire . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-16 17:21 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-09-11 23:25 --------- d-------- C:\Program Files\Zylom Games 2007-09-11 23:25 --------- d-------- C:\DOCUME~1\Ellen\APPLIC~1\Zylom 2007-09-09 12:19 --------- d-a------ C:\DOCUME~1\Piet\APPLIC~1\SopCast 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\vlc 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Syntrillium 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Symantec 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\ShopperReports 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Real 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\ppStream 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\PPLive 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\MSN6 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Microsoft Web Folders 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Lavasoft 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Kazaa Lite 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\InterTrust 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Help 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Google 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Creative 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Azureus 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Apple Computer 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\.ABC 2007-08-12 23:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games 2007-08-12 20:23 --------- d-------- C:\Program Files\iTunes 2007-08-02 15:41 --------- d-------- C:\Program Files\PokerStars . ((((((((((((((((((((((((((((( snapshot_2007-09-16_142320.92 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 78,786 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc009.dat ----a-w 96,318 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc013.dat ----a-w 454,114 2007-09-16 13:03:16 C:\WINDOWS\system32\perfh009.dat ----a-w 514,440 2007-09-16 13:03:17 C:\WINDOWS\system32\perfh013.dat ----a-w 32,768 2007-09-16 15:42:14 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat ----a-w 16,384 2007-09-16 15:42:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat ----a-w 32,768 2007-09-16 15:42:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat ----a-w 208,031 2007-09-16 15:46:43 C:\WINDOWS\system32\inetsrv\MetaBase.bin . ----a-w 78,786 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc009.dat ----a-w 96,318 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc013.dat ----a-w 454,114 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh009.dat ----a-w 514,440 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh013.dat ----a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat ----a-w 16,384 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat ----a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat ----a-w 208,012 2007-09-16 11:41:19 C:\WINDOWS\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB357EC-9647-464A-98DD-321A5EE1EF89}] 2007-09-16 17:39 82432 --a------ c:\windows\system32\cmpbk32a.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTStartup"="C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.exe" [2001-06-04 01:00] "CTHelper"="CTHELPER.EXE" [2003-10-06 15:57 C:\WINDOWS\system32\CTHELPER.EXE] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-24 10:04] "nwiz"="nwiz.exe" [2004-03-24 10:04 C:\WINDOWS\system32\nwiz.exe] "TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2003-09-14 16:26] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-24 10:04] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 12:38] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-25 19:07] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-08 19:16] "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 17:32] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14] "NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 11:50] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-18 00:20] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-21 17:22] "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-08 12:23] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-22 22:28] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 14:00] "NOMAD Detector"="C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" [] "TaskTray"="C:\Program Files\Creative\TaskBar\CTLTray.exe" [2001-06-29 01:00] "TaskBar"="C:\Program Files\Creative\TaskBar\CTLTask.exe" [2003-05-30 01:00] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 19:30] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54] C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\ Adapter Utility.lnk - C:\WINDOWS\Installer\{13515E3B-B512-45FF-BA78-0F677794AC99}\Launcher.exe [2004-10-22 15:54:37] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-05 17:25:55] Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 07:25:38] KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-01-06 17:00:20] Microsoft Office.lnk - C:\Program Files\Microsoft Office2\Office\OSA9.EXE [1999-02-17 15:05:56] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] @= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\suxoukao] cmpbk32a.dll 2007-09-16 17:39 82432 C:\WINDOWS\system32\cmpbk32a.dll R0 PrecSim;PrecSim;C:\WINDOWS\System32\DRIVERS\precsim.sys R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\System32\DRIVERS\DcCam.sys R2 A4SII300;A4SII300;C:\WINDOWS\System32\drivers\A4SII300.SYS R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\System32\drivers\dcfs2k.sys R2 rvymvtzo;Creative SoundFont Management Device Support;C:\WINDOWS\System32\svchost.exe -k netsvcs R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\System32\inetsrv\inetinfo.exe R2 XWPCApplicationLoaderService;Digital Media Adapter Application Loader Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe R2 XWPCHostService;Digital Media Adapter Host Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\System32\DRIVERS\itchfltr.sys R3 MTD80X;100/10M Ethernet PCI Adapter;C:\WINDOWS\System32\DRIVERS\feand5.SYS S0 ElbyVCD;ElbyVCD;C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys S1 Exportit;Exportit;C:\WINDOWS\System32\DRIVERS\exportit.sys S2 DATEING;Routing Protect Access;C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\PIJFEQ22.DLL,Export 1087 S2 G11AV;Trust 610 LCD POWERC@M ZOOM, Webcam mode;C:\WINDOWS\System32\Drivers\G11av.sys S3 DcFpoint;DcFpoint;C:\WINDOWS\System32\DRIVERS\DcFpoint.sys S3 DcLps;Legacy Polling Service;C:\WINDOWS\System32\DRIVERS\DcLps.sys S3 DcPTP;dcptp;C:\WINDOWS\System32\DRIVERS\DcPTP.sys S3 SNCT511;PC Camera (6005 CIF);C:\WINDOWS\System32\DRIVERS\snct511.sys S3 USBCamera;Digital Still Image Capture;C:\WINDOWS\System32\Drivers\Bulk533.sys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs rvymvtzo License . Inhoud van de 'Gedeelde Taken' map "2007-09-13 22:00:01 C:\WINDOWS\Tasks\At1.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 07:00:00 C:\WINDOWS\Tasks\At10.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 08:00:00 C:\WINDOWS\Tasks\At11.job" "2007-09-14 09:00:00 C:\WINDOWS\Tasks\At12.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 10:00:00 C:\WINDOWS\Tasks\At13.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 11:00:00 C:\WINDOWS\Tasks\At14.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 12:00:00 C:\WINDOWS\Tasks\At15.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 13:00:00 C:\WINDOWS\Tasks\At16.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 14:00:01 C:\WINDOWS\Tasks\At17.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 15:00:00 C:\WINDOWS\Tasks\At18.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-13 16:00:00 C:\WINDOWS\Tasks\At19.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-13 23:00:01 C:\WINDOWS\Tasks\At2.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-13 17:00:00 C:\WINDOWS\Tasks\At20.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-13 18:00:00 C:\WINDOWS\Tasks\At21.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-13 19:00:00 C:\WINDOWS\Tasks\At22.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-13 20:00:01 C:\WINDOWS\Tasks\At23.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-13 21:00:01 C:\WINDOWS\Tasks\At24.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-13 22:00:01 C:\WINDOWS\Tasks\At25.job" "2007-09-13 23:00:01 C:\WINDOWS\Tasks\At26.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 00:00:00 C:\WINDOWS\Tasks\At27.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 01:00:00 C:\WINDOWS\Tasks\At28.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 02:00:00 C:\WINDOWS\Tasks\At29.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 00:00:00 C:\WINDOWS\Tasks\At3.job" "2007-09-14 03:00:00 C:\WINDOWS\Tasks\At30.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 04:00:00 C:\WINDOWS\Tasks\At31.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 05:00:00 C:\WINDOWS\Tasks\At32.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At33.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 07:00:00 C:\WINDOWS\Tasks\At34.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 08:00:00 C:\WINDOWS\Tasks\At35.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 09:00:00 C:\WINDOWS\Tasks\At36.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 10:00:00 C:\WINDOWS\Tasks\At37.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 11:00:00 C:\WINDOWS\Tasks\At38.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 12:00:00 C:\WINDOWS\Tasks\At39.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 01:00:00 C:\WINDOWS\Tasks\At4.job" "2007-09-16 13:00:00 C:\WINDOWS\Tasks\At40.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 14:00:01 C:\WINDOWS\Tasks\At41.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 15:00:00 C:\WINDOWS\Tasks\At42.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-13 16:00:00 C:\WINDOWS\Tasks\At43.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-13 17:00:00 C:\WINDOWS\Tasks\At44.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-13 18:00:00 C:\WINDOWS\Tasks\At45.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-13 19:00:00 C:\WINDOWS\Tasks\At46.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-13 20:00:01 C:\WINDOWS\Tasks\At47.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-13 21:00:01 C:\WINDOWS\Tasks\At48.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 02:00:00 C:\WINDOWS\Tasks\At5.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 03:00:00 C:\WINDOWS\Tasks\At6.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 04:00:00 C:\WINDOWS\Tasks\At7.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 05:00:00 C:\WINDOWS\Tasks\At8.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At9.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-07 18:01:08 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - Piet.job" - C:\PROGRA~1\NORTON~1\Navw32.exe . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-16 17:45:48 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run???w????\???????w^?s$????>?wH ?w???????w*??w4???U??w4???????D8?s4???????|92?????\???\????????H?s????-A?w?????_?wc_?w\???\?????????`????? Z?w\???\??????s????\??????s\???`92?d??s`92? Z?w???????s??? HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background?g scanning hidden files ... ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\MySql] "ImagePath"="C:/mysql/bin/mysqld-nt.exe" . Completion time: 2007-09-16 17:49:14 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-16 17:48 C:\ComboFix2.txt ... 2007-09-16 17:17 C:\ComboFix3.txt ... 2007-09-16 15:41 . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:54:43, on 16-9-2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\cmd.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Creative\TaskBar\CTLTray.exe C:\Program Files\Creative\TaskBar\CTLTask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCLauncher.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1FB357EC-9647-464A-98DD-321A5EE1EF89} - c:\windows\system32\cmpbk32a.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe" O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adapter Utility.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office\OSA9.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) - http://www.zugmap.ch/richtplan3d/pages/plugin/gvista30161.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0 O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab O16 - DPF: {AE4CEC9D-C836-4579-829B-4C345101B3B9} (GVista Terrain Renderer) - http://www.dilas.ch/plugin/gvista/gvista2709.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68 O17 - HKLM\System\CS1\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68 O20 - Winlogon Notify: suxoukao - C:\WINDOWS\SYSTEM32\cmpbk32a.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Routing Protect Access (DATEING) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing) O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Digital Media Adapter Application Loader Service (XWPCApplicationLoaderService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe O23 - Service: Digital Media Adapter Host Service (XWPCHostService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe -- Quote Link naar reactie
0 anoniem Geplaatst: 16 september 2007 Auteur Delen Geplaatst: 16 september 2007 Doe onderstaande stappen, 1 ) Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list][b:a279eff8d6][color=blue:a279eff8d6] File:: C:\WINDOWS\system32\cmpbk32a.dll Folder:: C:\DOCUME~1\Piet\APPLIC~1\ShopperReports REGISTRY:: [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\suxoukao] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB357EC-9647-464A-98DD-321A5EE1EF89}] [/b:a279eff8d6][/color:a279eff8d6] Sla dit op op je Bureaublad als [b:a279eff8d6]CFScript.txt[/b:a279eff8d6] Sleep [b:a279eff8d6]CFScript.txt[/b:a279eff8d6] in [b:a279eff8d6]ComboFix.exe[/b:a279eff8d6] zoals getoond in onderstaand voorbeeld : [img:a279eff8d6]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:a279eff8d6] Dit zal [b:a279eff8d6]ComboFix[/b:a279eff8d6] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:a279eff8d6]Combofix.txt[/b:a279eff8d6] later aan het einde van deze fix in je volgende antwoord samen met een nieuw HijackThislogje. Start Hijackthis opnieuw en doe een systemscan only, vink onderstaande regels aan sluit alle vensters behalve HJT en klik op fix checked en ok. [b:a279eff8d6] O2 - BHO: (no name) - {1FB357EC-9647-464A-98DD-321A5EE1EF89} - c:\windows\system32\cmpbk32a.dll O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll O20 - Winlogon Notify: suxoukao - C:\WINDOWS\SYSTEM32\cmpbk32a.dll [/b:a279eff8d6] start je verkenner en zoek nog een of dit bestand er nog staat. C:\WINDOWS\SYSTEM32\[b:a279eff8d6]cmpbk32a.dll[/b:a279eff8d6] Zo ja probeer dat dan te verwijderen, desnoods in veilige modus. succes. Quote Link naar reactie
0 anoniem Geplaatst: 16 september 2007 Auteur Delen Geplaatst: 16 september 2007 Hier de nieuwe logjes. Ik had al eerder in safe mode C:\WINDOWS\SYSTEM32\cmpbk32a.dll geprobeerd te verwijderen. maar dat lukt niet. ComboFix 07-09-13.3 - "Piet" 2007-09-16 22:34:37.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.0.1252.1.1043.18.158 [GMT 2:00] Command switches used :: C:\Documents and Settings\Piet\Bureaublad\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\system32\cmpbk32a.dll . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\DOCUME~1\Piet\APPLIC~1\ShopperReports C:\DOCUME~1\Piet\APPLIC~1\ShopperReports\cs\Config.xml C:\DOCUME~1\Piet\APPLIC~1\ShopperReports\cs\db\Aliases.dbs C:\DOCUME~1\Piet\APPLIC~1\ShopperReports\cs\db\Sites.dbs C:\DOCUME~1\Piet\APPLIC~1\ShopperReports\cs\dwld\WhiteList.xip C:\DOCUME~1\Piet\APPLIC~1\ShopperReports\cs\persist.dbs C:\DOCUME~1\Piet\APPLIC~1\ShopperReports\cs\report\ag_ShopperReports.xml C:\DOCUME~1\Piet\APPLIC~1\ShopperReports\cs\report\ag_ShopperReports.xml.db C:\DOCUME~1\Piet\APPLIC~1\ShopperReports\cs\report\send_ShopperReports.xml C:\DOCUME~1\Piet\APPLIC~1\ShopperReports\cs\report\send_ShopperReports.xml.db C:\DOCUME~1\Piet\APPLIC~1\ShopperReports\cs\res1\WhiteList.dbs C:\DOCUME~1\Piet\APPLIC~1\ShopperReports\shprrprt.log C:\WINDOWS\system32\cmpbk32a.dll . (((((((((((((((((((( Bestanden Gemaakt van 2007-08-16 to 2007-09-16 )))))))))))))))))))))))))))))) . 2007-09-16 13:23 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-16 12:22 <DIR> d-------- C:\Program Files\Trend Micro 2007-09-13 16:11 <DIR> d-------- C:\WINDOWS\system32\AppCert 2007-09-13 16:10 82,432 --a------ C:\WINDOWS\system32\cmpbk32a.dll 2007-09-11 23:25 <DIR> d-------- C:\DOCUME~1\Ellen\APPLIC~1\Magic Academy 2007-08-24 21:46 <DIR> d-------- C:\DOCUME~1\Piet\APPLIC~1\dvdcss 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\Shared 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\Incomplete 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\APPLIC~1\LimeWire 2007-08-22 11:58 <DIR> d-------- C:\Program Files\LimeWire . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-16 17:21 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-09-11 23:25 --------- d-------- C:\Program Files\Zylom Games 2007-09-11 23:25 --------- d-------- C:\DOCUME~1\Ellen\APPLIC~1\Zylom 2007-09-09 12:19 --------- d-a------ C:\DOCUME~1\Piet\APPLIC~1\SopCast 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\vlc 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Syntrillium 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Symantec 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Real 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\ppStream 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\PPLive 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\MSN6 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Microsoft Web Folders 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Lavasoft 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Kazaa Lite 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\InterTrust 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Help 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Google 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Creative 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Azureus 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Apple Computer 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\.ABC 2007-08-12 23:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games 2007-08-12 20:23 --------- d-------- C:\Program Files\iTunes 2007-08-02 15:41 --------- d-------- C:\Program Files\PokerStars . ((((((((((((((((((((((((((((( snapshot_2007-09-16_142320.92 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 78,786 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc009.dat ----a-w 96,318 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc013.dat ----a-w 454,114 2007-09-16 13:03:16 C:\WINDOWS\system32\perfh009.dat ----a-w 514,440 2007-09-16 13:03:17 C:\WINDOWS\system32\perfh013.dat ----a-w 32,768 2007-09-16 20:42:17 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat ----a-w 16,384 2007-09-16 20:42:17 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat ----a-w 32,768 2007-09-16 20:42:17 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat ----a-w 208,013 2007-09-16 20:46:46 C:\WINDOWS\system32\inetsrv\MetaBase.bin . ----a-w 78,786 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc009.dat ----a-w 96,318 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc013.dat ----a-w 454,114 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh009.dat ----a-w 514,440 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh013.dat ----a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat ----a-w 16,384 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat ----a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat ----a-w 208,012 2007-09-16 11:41:19 C:\WINDOWS\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB357EC-9647-464A-98DD-321A5EE1EF89}] 2007-09-16 22:39 82432 --a------ c:\windows\system32\cmpbk32a.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTStartup"="C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.exe" [2001-06-04 01:00] "CTHelper"="CTHELPER.EXE" [2003-10-06 15:57 C:\WINDOWS\system32\CTHELPER.EXE] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-24 10:04] "nwiz"="nwiz.exe" [2004-03-24 10:04 C:\WINDOWS\system32\nwiz.exe] "TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2003-09-14 16:26] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-24 10:04] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 12:38] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-25 19:07] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-08 19:16] "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 17:32] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14] "NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 11:50] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-18 00:20] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-21 17:22] "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-08 12:23] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-22 22:28] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 14:00] "NOMAD Detector"="C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" [] "TaskTray"="C:\Program Files\Creative\TaskBar\CTLTray.exe" [2001-06-29 01:00] "TaskBar"="C:\Program Files\Creative\TaskBar\CTLTask.exe" [2003-05-30 01:00] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 19:30] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54] C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\ Adapter Utility.lnk - C:\WINDOWS\Installer\{13515E3B-B512-45FF-BA78-0F677794AC99}\Launcher.exe [2004-10-22 15:54:37] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-05 17:25:55] Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 07:25:38] KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-01-06 17:00:20] Microsoft Office.lnk - C:\Program Files\Microsoft Office2\Office\OSA9.EXE [1999-02-17 15:05:56] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] @= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\suxoukao] cmpbk32a.dll 2007-09-16 22:39 82432 C:\WINDOWS\system32\cmpbk32a.dll R0 PrecSim;PrecSim;C:\WINDOWS\System32\DRIVERS\precsim.sys R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\System32\DRIVERS\DcCam.sys R2 A4SII300;A4SII300;C:\WINDOWS\System32\drivers\A4SII300.SYS R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\System32\drivers\dcfs2k.sys R2 rvymvtzo;Creative SoundFont Management Device Support;C:\WINDOWS\System32\svchost.exe -k netsvcs R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\System32\inetsrv\inetinfo.exe R2 XWPCApplicationLoaderService;Digital Media Adapter Application Loader Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe R2 XWPCHostService;Digital Media Adapter Host Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\System32\DRIVERS\itchfltr.sys R3 MTD80X;100/10M Ethernet PCI Adapter;C:\WINDOWS\System32\DRIVERS\feand5.SYS S0 ElbyVCD;ElbyVCD;C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys S1 Exportit;Exportit;C:\WINDOWS\System32\DRIVERS\exportit.sys S2 DATEING;Routing Protect Access;C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\PIJFEQ22.DLL,Export 1087 S2 G11AV;Trust 610 LCD POWERC@M ZOOM, Webcam mode;C:\WINDOWS\System32\Drivers\G11av.sys S3 DcFpoint;DcFpoint;C:\WINDOWS\System32\DRIVERS\DcFpoint.sys S3 DcLps;Legacy Polling Service;C:\WINDOWS\System32\DRIVERS\DcLps.sys S3 DcPTP;dcptp;C:\WINDOWS\System32\DRIVERS\DcPTP.sys S3 SNCT511;PC Camera (6005 CIF);C:\WINDOWS\System32\DRIVERS\snct511.sys S3 USBCamera;Digital Still Image Capture;C:\WINDOWS\System32\Drivers\Bulk533.sys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs rvymvtzo License . Inhoud van de 'Gedeelde Taken' map "2007-09-13 22:00:01 C:\WINDOWS\Tasks\At1.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 07:00:00 C:\WINDOWS\Tasks\At10.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 08:00:00 C:\WINDOWS\Tasks\At11.job" "2007-09-14 09:00:00 C:\WINDOWS\Tasks\At12.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 10:00:00 C:\WINDOWS\Tasks\At13.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 11:00:00 C:\WINDOWS\Tasks\At14.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 12:00:00 C:\WINDOWS\Tasks\At15.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 13:00:00 C:\WINDOWS\Tasks\At16.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 14:00:01 C:\WINDOWS\Tasks\At17.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 15:00:00 C:\WINDOWS\Tasks\At18.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 16:00:00 C:\WINDOWS\Tasks\At19.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-13 23:00:01 C:\WINDOWS\Tasks\At2.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 17:00:00 C:\WINDOWS\Tasks\At20.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 18:00:00 C:\WINDOWS\Tasks\At21.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 19:00:00 C:\WINDOWS\Tasks\At22.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 20:00:00 C:\WINDOWS\Tasks\At23.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-13 21:00:01 C:\WINDOWS\Tasks\At24.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-13 22:00:01 C:\WINDOWS\Tasks\At25.job" "2007-09-13 23:00:01 C:\WINDOWS\Tasks\At26.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 00:00:00 C:\WINDOWS\Tasks\At27.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 01:00:00 C:\WINDOWS\Tasks\At28.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 02:00:00 C:\WINDOWS\Tasks\At29.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 00:00:00 C:\WINDOWS\Tasks\At3.job" "2007-09-14 03:00:00 C:\WINDOWS\Tasks\At30.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 04:00:00 C:\WINDOWS\Tasks\At31.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 05:00:00 C:\WINDOWS\Tasks\At32.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At33.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 07:00:00 C:\WINDOWS\Tasks\At34.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 08:00:00 C:\WINDOWS\Tasks\At35.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 09:00:00 C:\WINDOWS\Tasks\At36.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 10:00:00 C:\WINDOWS\Tasks\At37.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 11:00:00 C:\WINDOWS\Tasks\At38.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 12:00:00 C:\WINDOWS\Tasks\At39.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 01:00:00 C:\WINDOWS\Tasks\At4.job" "2007-09-16 13:00:00 C:\WINDOWS\Tasks\At40.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 14:00:01 C:\WINDOWS\Tasks\At41.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 15:00:00 C:\WINDOWS\Tasks\At42.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 16:00:00 C:\WINDOWS\Tasks\At43.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 17:00:00 C:\WINDOWS\Tasks\At44.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 18:00:00 C:\WINDOWS\Tasks\At45.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 19:00:00 C:\WINDOWS\Tasks\At46.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 20:00:00 C:\WINDOWS\Tasks\At47.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-13 21:00:01 C:\WINDOWS\Tasks\At48.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 02:00:00 C:\WINDOWS\Tasks\At5.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 03:00:00 C:\WINDOWS\Tasks\At6.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 04:00:00 C:\WINDOWS\Tasks\At7.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 05:00:00 C:\WINDOWS\Tasks\At8.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At9.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-07 18:01:08 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - Piet.job" - C:\PROGRA~1\NORTON~1\Navw32.exe . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-16 22:52:17 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run???w????\???????w^?s$????>?wH ?w???????w*??w4???U??w4???????D8?s4???????|92?????\???\????????H?s????-A?w?????_?wc_?w\???\?????????_????? Z?w\???\??????s????\??????s\???`92?d??s`92? Z?w???????s??? HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background?g scanning hidden files ... ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\MySql] "ImagePath"="C:/mysql/bin/mysqld-nt.exe" . Completion time: 2007-09-16 22:55:52 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-16 22:55 C:\ComboFix2.txt ... 2007-09-16 17:49 C:\ComboFix3.txt ... 2007-09-16 17:17 . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:07:10, on 16-9-2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Creative\TaskBar\CTLTray.exe C:\Program Files\Creative\TaskBar\CTLTask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCLauncher.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1FB357EC-9647-464A-98DD-321A5EE1EF89} - c:\windows\system32\cmpbk32a.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe" O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adapter Utility.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office\OSA9.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) - http://www.zugmap.ch/richtplan3d/pages/plugin/gvista30161.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0 O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab O16 - DPF: {AE4CEC9D-C836-4579-829B-4C345101B3B9} (GVista Terrain Renderer) - http://www.dilas.ch/plugin/gvista/gvista2709.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68 O17 - HKLM\System\CS1\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68 O20 - Winlogon Notify: suxoukao - C:\WINDOWS\SYSTEM32\cmpbk32a.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Routing Protect Access (DATEING) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing) O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Digital Media Adapter Application Loader Service (XWPCApplicationLoaderService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe O23 - Service: Digital Media Adapter Host Service (XWPCHostService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe -- End of file - 13165 bytes Quote Link naar reactie
0 anoniem Geplaatst: 17 september 2007 Auteur Delen Geplaatst: 17 september 2007 Wil je dit nog een doen aub. Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:2e9dd7bd5e][b:2e9dd7bd5e][color=blue:2e9dd7bd5e] File:: c:\windows\system32\cmpbk32a.dll REGISTRY:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB357EC-9647-464A-98DD-321A5EE1EF89}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\suxoukao] [/color:2e9dd7bd5e][/b:2e9dd7bd5e][/list:u:2e9dd7bd5e]Sla dit op op je Bureaublad als [b:2e9dd7bd5e]CFScript.txt[/b:2e9dd7bd5e] Sleep [b:2e9dd7bd5e]CFScript.txt[/b:2e9dd7bd5e] in [b:2e9dd7bd5e]ComboFix.exe[/b:2e9dd7bd5e] zoals getoond in onderstaand voorbeeld : [img:2e9dd7bd5e]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:2e9dd7bd5e] Dit zal [b:2e9dd7bd5e]ComboFix[/b:2e9dd7bd5e] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:2e9dd7bd5e]Combofix.txt[/b:2e9dd7bd5e] in je volgende antwoord samen met een nieuw HijackThislogje. Quote Link naar reactie
0 anoniem Geplaatst: 17 september 2007 Auteur Delen Geplaatst: 17 september 2007 Hier zijn ze ComboFix 07-09-13.3 - "Piet" 2007-09-17 12:19:31.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.0.1252.31.1043.18.124 [GMT 2:00] * Created a new restore point FILE:: c:\windows\system32\cmpbk32a.dll . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\cmpbk32a.dll . (((((((((((((((((((( Bestanden Gemaakt van 2007-08-17 to 2007-09-17 )))))))))))))))))))))))))))))) . 2007-09-17 12:01 756,224 --a------ C:\WINDOWS\system32\hhlsmrhk.dll 2007-09-17 12:01 684,567 --a------ C:\WINDOWS\system32\libeay32.dll 2007-09-17 12:01 68,608 --a------ C:\WINDOWS\system32\mmqliqvj.dll 2007-09-17 12:01 48,640 --a------ C:\WINDOWS\system32\tnzmdbzz.dll 2007-09-17 12:01 46,592 --a------ C:\WINDOWS\system32\atmdcpyk.dll 2007-09-17 12:01 147,729 --a------ C:\WINDOWS\system32\libssl32.dll 2007-09-17 12:01 123,904 --a------ C:\WINDOWS\system32\hqfezmcm.dll 2007-09-17 12:01 103,936 --a------ C:\WINDOWS\system32\guicatft.dll 2007-09-16 13:23 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-16 12:22 <DIR> d-------- C:\Program Files\Trend Micro 2007-09-13 16:11 <DIR> d-------- C:\WINDOWS\system32\AppCert 2007-09-13 16:10 82,432 --a------ C:\WINDOWS\system32\cmpbk32a.dll 2007-09-11 23:25 <DIR> d-------- C:\DOCUME~1\Ellen\APPLIC~1\Magic Academy 2007-08-24 21:46 <DIR> d-------- C:\DOCUME~1\Piet\APPLIC~1\dvdcss 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\Shared 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\Incomplete 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\APPLIC~1\LimeWire 2007-08-22 11:58 <DIR> d-------- C:\Program Files\LimeWire . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-16 17:21 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-09-11 23:25 --------- d-------- C:\Program Files\Zylom Games 2007-09-11 23:25 --------- d-------- C:\DOCUME~1\Ellen\APPLIC~1\Zylom 2007-09-09 12:19 --------- d-a------ C:\DOCUME~1\Piet\APPLIC~1\SopCast 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\vlc 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Syntrillium 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Symantec 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Real 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\ppStream 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\PPLive 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\MSN6 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Microsoft Web Folders 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Lavasoft 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Kazaa Lite 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\InterTrust 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Help 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Google 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Creative 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Azureus 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Apple Computer 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\.ABC 2007-08-12 23:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games 2007-08-12 20:23 --------- d-------- C:\Program Files\iTunes 2007-08-02 15:41 --------- d-------- C:\Program Files\PokerStars . ((((((((((((((((((((((((((((( snapshot_2007-09-16_142320.92 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 78,786 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc009.dat ----a-w 96,318 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc013.dat ----a-w 454,114 2007-09-16 13:03:16 C:\WINDOWS\system32\perfh009.dat ----a-w 514,440 2007-09-16 13:03:17 C:\WINDOWS\system32\perfh013.dat ----a-w 266,240 2007-09-17 10:19:13 C:\WINDOWS\system32\config\systemprofile\ntuser.dat ----a-w 32,768 2007-09-17 10:27:37 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat ----a-w 16,384 2007-09-17 10:27:37 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat ----a-w 32,768 2007-09-17 10:27:37 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat ----a-w 208,016 2007-09-17 10:28:00 C:\WINDOWS\system32\inetsrv\MetaBase.bin ----atw 16,384 2007-09-17 10:27:59 C:\WINDOWS\Temp\Perflib_Perfdata_198.dat ----a-w 57,856 2007-09-17 10:28:31 C:\WINDOWS\Temp\zquwyxdt.dll . ----a-w 78,786 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc009.dat ----a-w 96,318 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc013.dat ----a-w 454,114 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh009.dat ----a-w 514,440 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh013.dat ----a-w 266,240 2007-09-16 11:24:08 C:\WINDOWS\system32\config\systemprofile\ntuser.dat ----a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat ----a-w 16,384 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat ----a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat ----a-w 208,012 2007-09-16 11:41:19 C:\WINDOWS\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB357EC-9647-464A-98DD-321A5EE1EF89}] 2007-09-17 12:24 82432 --a------ c:\windows\system32\cmpbk32a.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{579E3DB8-CFB3-455E-B058-CF1260A923ED}] 2007-09-17 12:01 68608 --a------ c:\windows\system32\mmqliqvj.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTStartup"="C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.exe" [2001-06-04 01:00] "CTHelper"="CTHELPER.EXE" [2003-10-06 15:57 C:\WINDOWS\system32\CTHELPER.EXE] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-24 10:04] "nwiz"="nwiz.exe" [2004-03-24 10:04 C:\WINDOWS\system32\nwiz.exe] "TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2003-09-14 16:26] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-24 10:04] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 12:38] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-25 19:07] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-08 19:16] "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 17:32] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14] "NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 11:50] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-18 00:20] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-21 17:22] "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-08 12:23] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-22 22:28] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 14:00] "NOMAD Detector"="C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" [] "TaskTray"="C:\Program Files\Creative\TaskBar\CTLTray.exe" [2001-06-29 01:00] "TaskBar"="C:\Program Files\Creative\TaskBar\CTLTask.exe" [2003-05-30 01:00] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 19:30] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54] C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\ Adapter Utility.lnk - C:\WINDOWS\Installer\{13515E3B-B512-45FF-BA78-0F677794AC99}\Launcher.exe [2004-10-22 15:54:37] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-05 17:25:55] Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 07:25:38] KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-01-06 17:00:20] Microsoft Office.lnk - C:\Program Files\Microsoft Office2\Office\OSA9.EXE [1999-02-17 15:05:56] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] @= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\suxoukao] cmpbk32a.dll 2007-09-17 12:24 82432 C:\WINDOWS\system32\cmpbk32a.dll R0 PrecSim;PrecSim;C:\WINDOWS\System32\DRIVERS\precsim.sys R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\System32\DRIVERS\DcCam.sys R2 A4SII300;A4SII300;C:\WINDOWS\System32\drivers\A4SII300.SYS R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\System32\drivers\dcfs2k.sys R2 rvymvtzo;Creative SoundFont Management Device Support;C:\WINDOWS\System32\svchost.exe -k netsvcs R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\System32\inetsrv\inetinfo.exe R2 XWPCApplicationLoaderService;Digital Media Adapter Application Loader Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe R2 XWPCHostService;Digital Media Adapter Host Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\System32\DRIVERS\itchfltr.sys R3 MTD80X;100/10M Ethernet PCI Adapter;C:\WINDOWS\System32\DRIVERS\feand5.SYS S0 ElbyVCD;ElbyVCD;C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys S1 Exportit;Exportit;C:\WINDOWS\System32\DRIVERS\exportit.sys S2 DATEING;Routing Protect Access;C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\PIJFEQ22.DLL,Export 1087 S2 G11AV;Trust 610 LCD POWERC@M ZOOM, Webcam mode;C:\WINDOWS\System32\Drivers\G11av.sys S3 DcFpoint;DcFpoint;C:\WINDOWS\System32\DRIVERS\DcFpoint.sys S3 DcLps;Legacy Polling Service;C:\WINDOWS\System32\DRIVERS\DcLps.sys S3 DcPTP;dcptp;C:\WINDOWS\System32\DRIVERS\DcPTP.sys S3 SNCT511;PC Camera (6005 CIF);C:\WINDOWS\System32\DRIVERS\snct511.sys S3 USBCamera;Digital Still Image Capture;C:\WINDOWS\System32\Drivers\Bulk533.sys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs rvymvtzo License . Inhoud van de 'Gedeelde Taken' map "2007-09-13 22:00:01 C:\WINDOWS\Tasks\At1.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 07:00:00 C:\WINDOWS\Tasks\At10.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 08:00:00 C:\WINDOWS\Tasks\At11.job" "2007-09-17 09:00:03 C:\WINDOWS\Tasks\At12.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 10:00:00 C:\WINDOWS\Tasks\At13.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 11:00:00 C:\WINDOWS\Tasks\At14.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 12:00:00 C:\WINDOWS\Tasks\At15.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 13:00:00 C:\WINDOWS\Tasks\At16.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 14:00:01 C:\WINDOWS\Tasks\At17.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 15:00:00 C:\WINDOWS\Tasks\At18.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 16:00:00 C:\WINDOWS\Tasks\At19.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-13 23:00:01 C:\WINDOWS\Tasks\At2.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 17:00:00 C:\WINDOWS\Tasks\At20.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 18:00:00 C:\WINDOWS\Tasks\At21.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 19:00:00 C:\WINDOWS\Tasks\At22.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 20:00:00 C:\WINDOWS\Tasks\At23.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 21:00:00 C:\WINDOWS\Tasks\At24.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-13 22:00:01 C:\WINDOWS\Tasks\At25.job" "2007-09-13 23:00:01 C:\WINDOWS\Tasks\At26.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 00:00:00 C:\WINDOWS\Tasks\At27.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 01:00:00 C:\WINDOWS\Tasks\At28.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 02:00:00 C:\WINDOWS\Tasks\At29.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 00:00:00 C:\WINDOWS\Tasks\At3.job" "2007-09-14 03:00:00 C:\WINDOWS\Tasks\At30.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 04:00:00 C:\WINDOWS\Tasks\At31.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 05:00:00 C:\WINDOWS\Tasks\At32.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At33.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 07:00:00 C:\WINDOWS\Tasks\At34.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 08:00:00 C:\WINDOWS\Tasks\At35.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 09:00:03 C:\WINDOWS\Tasks\At36.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 10:00:00 C:\WINDOWS\Tasks\At37.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 11:00:00 C:\WINDOWS\Tasks\At38.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 12:00:00 C:\WINDOWS\Tasks\At39.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 01:00:00 C:\WINDOWS\Tasks\At4.job" "2007-09-16 13:00:00 C:\WINDOWS\Tasks\At40.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 14:00:01 C:\WINDOWS\Tasks\At41.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 15:00:00 C:\WINDOWS\Tasks\At42.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 16:00:00 C:\WINDOWS\Tasks\At43.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 17:00:00 C:\WINDOWS\Tasks\At44.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 18:00:00 C:\WINDOWS\Tasks\At45.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 19:00:00 C:\WINDOWS\Tasks\At46.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 20:00:00 C:\WINDOWS\Tasks\At47.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 21:00:00 C:\WINDOWS\Tasks\At48.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 02:00:00 C:\WINDOWS\Tasks\At5.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 03:00:00 C:\WINDOWS\Tasks\At6.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 04:00:00 C:\WINDOWS\Tasks\At7.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 05:00:00 C:\WINDOWS\Tasks\At8.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At9.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-07 18:01:08 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - Piet.job" - C:\PROGRA~1\NORTON~1\Navw32.exe . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-17 12:31:04 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run???w????\???????w^?s$????>?wH ?w???????w*??w4???U??w4???????D8?s4???????|92?????\???\????????H?s????-A?w?????_?wc_?w\???\?????????`????? Z?w\???\??????s????\??????s\???`92?d??s`92? Z?w???????s??? HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background?g scanning hidden files ... ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\MySql] "ImagePath"="C:/mysql/bin/mysqld-nt.exe" . Completion time: 2007-09-17 12:33:36 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-17 12:33 C:\ComboFix2.txt ... 2007-09-16 22:55 C:\ComboFix3.txt ... 2007-09-16 17:49 . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:38:58, on 17-9-2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Creative\TaskBar\CTLTray.exe C:\Program Files\Creative\TaskBar\CTLTask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCLauncher.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\Program Files\Norton AntiVirus\OPScan.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1FB357EC-9647-464A-98DD-321A5EE1EF89} - c:\windows\system32\cmpbk32a.dll O2 - BHO: (no name) - {579E3DB8-CFB3-455E-B058-CF1260A923ED} - c:\windows\system32\mmqliqvj.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe" O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adapter Utility.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office\OSA9.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) - http://www.zugmap.ch/richtplan3d/pages/plugin/gvista30161.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0 O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab O16 - DPF: {AE4CEC9D-C836-4579-829B-4C345101B3B9} (GVista Terrain Renderer) - http://www.dilas.ch/plugin/gvista/gvista2709.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68 O17 - HKLM\System\CS1\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68 O20 - Winlogon Notify: suxoukao - C:\WINDOWS\SYSTEM32\cmpbk32a.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Routing Protect Access (DATEING) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing) O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Digital Media Adapter Application Loader Service (XWPCApplicationLoaderService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe O23 - Service: Digital Media Adapter Host Service (XWPCHostService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe -- End of file - 13259 bytes Quote Link naar reactie
0 anoniem Geplaatst: 17 september 2007 Auteur Delen Geplaatst: 17 september 2007 Hallo, Ik ga even overleggen, het lijkt me steeds terug te komen en ik zie niet hoe dat komt. Ik kom terug bij je. Quote Link naar reactie
0 anoniem Geplaatst: 17 september 2007 Auteur Delen Geplaatst: 17 september 2007 Ik hoop dat het nu wel lukt. Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:c720950b8c]O2 - BHO: (no name) - {1FB357EC-9647-464A-98DD-321A5EE1EF89} - c:\windows\system32\cmpbk32a.dll O2 - BHO: (no name) - {579E3DB8-CFB3-455E-B058-CF1260A923ED} - c:\windows\system32\mmqliqvj.dll O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll O20 - Winlogon Notify: suxoukao - C:\WINDOWS\SYSTEM32\cmpbk32a.dll [/b:c720950b8c] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:c720950b8c][b:c720950b8c][color=blue:c720950b8c] Collect::11 C:\WINDOWS\Tasks\At1.job C:\WINDOWS\System32\LFo1KT4L.exe C:\WINDOWS\system32\hhlsmrhk.dll C:\WINDOWS\system32\mmqliqvj.dll C:\WINDOWS\system32\tnzmdbzz.dll C:\WINDOWS\system32\atmdcpyk.dll C:\WINDOWS\system32\hqfezmcm.dll C:\WINDOWS\system32\guicatft.dll C:\WINDOWS\Temp\zquwyxdt.dll c:\windows\system32\cmpbk32a.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB357EC-9647-464A-98DD-321A5EE1EF89}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{579E3DB8-CFB3-455E-B058-CF1260A923ED}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\suxoukao] [/color:c720950b8c][/b:c720950b8c] [/list:u:c720950b8c]Sla dit op op je Bureaublad als [b:c720950b8c]CFScript.txt[/b:c720950b8c]. Sleep [b:c720950b8c]CFScript.txt[/b:c720950b8c] in [b:c720950b8c]ComboFix.exe[/b:c720950b8c] zoals getoond in onderstaand voorbeeld : [img:c720950b8c]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:c720950b8c] Dit zal [b:c720950b8c]ComboFix[/b:c720950b8c] doen herstarten. Aanvullend zal ComboFix een gezipt bestand op je Bureaublad plaatsen, met de naam [12]-Submit_2007-08-21...zip Na afloop van de scan zal een venstertje verschijnen met de titel "Submit files for further analysis", klik op OK om de upload-pagina te openen. kopieër de vetgedrukte padbeschrijving van de pagina en plak het in het invulvenster. Klik op Send File. Voorbeeld: [url=http://img.photobucket.com/albums/v666/sUBs/CF-Submit.gif]http://img.photobucket.com/albums/v666/sUBs/CF-Submit.gif[/url] Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van [b:c720950b8c]Combofix.txt[/b:c720950b8c] in je volgende antwoord. Post ter controle ook nog een nieuw log van hijackthis. Quote Link naar reactie
0 anoniem Geplaatst: 17 september 2007 Auteur Delen Geplaatst: 17 september 2007 Aangezien er meldingen waren tijdens de batch van Combofix en bij het herstarten van widows, heb ik Combofix twee maal uitgevoerd. De meldingen zijn lastig te lezen, omdat ze snel verdwenen waren maar het zag er ongeveer zo uit In het Combifix-venster: C:\Combofix\DirRoot geen toegang of toegang geweigerd Een windowsmelding bij afsluiten Nir.cmd.cefex kan DLL niet initialiseren Heeft het zin om te proberen via een oude opstartdiskette toegang te krijgen tot mijn C:-schijf en de bestanden te verwijderen, zonder dat Windows opstart? Hier het eerste en tweede Combofix-log en Hijackthis ComboFix 07-09-13.3 - "Piet" 2007-09-17 19:26:13.7 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.0.1252.31.1043.18.148 [GMT 2:00] Command switches used :: C:\Documents and Settings\Piet\Bureaublad\CFScript.txt * Created a new restore point . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\atmdcpyk.dll c:\windows\system32\cmpbk32a.dll C:\WINDOWS\system32\guicatft.dll C:\WINDOWS\system32\hhlsmrhk.dll C:\WINDOWS\system32\hqfezmcm.dll C:\WINDOWS\system32\mmqliqvj.dll C:\WINDOWS\system32\tnzmdbzz.dll C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Temp\zquwyxdt.dll . (((((((((((((((((((( Bestanden Gemaakt van 2007-08-17 to 2007-09-17 )))))))))))))))))))))))))))))) . 2007-09-17 12:01 684,567 --a------ C:\WINDOWS\system32\libeay32.dll 2007-09-17 12:01 147,729 --a------ C:\WINDOWS\system32\libssl32.dll 2007-09-16 13:23 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-16 12:22 <DIR> d-------- C:\Program Files\Trend Micro 2007-09-13 16:11 <DIR> d-------- C:\WINDOWS\system32\AppCert 2007-09-13 16:10 82,432 --a------ C:\WINDOWS\system32\cmpbk32a.dll 2007-09-11 23:25 <DIR> d-------- C:\DOCUME~1\Ellen\APPLIC~1\Magic Academy 2007-08-24 21:46 <DIR> d-------- C:\DOCUME~1\Piet\APPLIC~1\dvdcss 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\Shared 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\Incomplete 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\APPLIC~1\LimeWire 2007-08-22 11:58 <DIR> d-------- C:\Program Files\LimeWire . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-16 17:21 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-09-11 23:25 --------- d-------- C:\Program Files\Zylom Games 2007-09-11 23:25 --------- d-------- C:\DOCUME~1\Ellen\APPLIC~1\Zylom 2007-09-09 12:19 --------- d-a------ C:\DOCUME~1\Piet\APPLIC~1\SopCast 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\vlc 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Syntrillium 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Symantec 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Real 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\ppStream 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\PPLive 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\MSN6 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Microsoft Web Folders 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Lavasoft 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Kazaa Lite 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\InterTrust 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Help 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Google 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Creative 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Azureus 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Apple Computer 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\.ABC 2007-08-12 23:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games 2007-08-12 20:23 --------- d-------- C:\Program Files\iTunes 2007-08-02 15:41 --------- d-------- C:\Program Files\PokerStars . ((((((((((((((((((((((((((((( snapshot_2007-09-16_142320.92 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 78,786 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc009.dat ----a-w 96,318 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc013.dat ----a-w 454,114 2007-09-16 13:03:16 C:\WINDOWS\system32\perfh009.dat ----a-w 514,440 2007-09-16 13:03:17 C:\WINDOWS\system32\perfh013.dat ----a-w 266,240 2007-09-17 10:19:13 C:\WINDOWS\system32\config\systemprofile\ntuser.dat ----a-w 32,768 2007-09-17 17:33:30 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat ----a-w 16,384 2007-09-17 17:33:30 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat ----a-w 32,768 2007-09-17 17:33:30 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat ----a-w 208,017 2007-09-17 17:37:54 C:\WINDOWS\system32\inetsrv\MetaBase.bin ----atw 16,384 2007-09-17 17:34:07 C:\WINDOWS\Temp\Perflib_Perfdata_7b8.dat . ----a-w 78,786 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc009.dat ----a-w 96,318 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc013.dat ----a-w 454,114 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh009.dat ----a-w 514,440 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh013.dat ----a-w 266,240 2007-09-16 11:24:08 C:\WINDOWS\system32\config\systemprofile\ntuser.dat ----a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat ----a-w 16,384 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat ----a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat ----a-w 208,012 2007-09-16 11:41:19 C:\WINDOWS\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB357EC-9647-464A-98DD-321A5EE1EF89}] 2007-09-17 19:31 82432 --a------ c:\windows\system32\cmpbk32a.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTStartup"="C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.exe" [2001-06-04 01:00] "CTHelper"="CTHELPER.EXE" [2003-10-06 15:57 C:\WINDOWS\system32\CTHELPER.EXE] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-24 10:04] "nwiz"="nwiz.exe" [2004-03-24 10:04 C:\WINDOWS\system32\nwiz.exe] "TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2003-09-14 16:26] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-24 10:04] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 12:38] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-25 19:07] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-08 19:16] "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 17:32] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14] "NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 11:50] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-18 00:20] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-21 17:22] "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-08 12:23] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-22 22:28] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 14:00] "NOMAD Detector"="C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" [] "TaskTray"="C:\Program Files\Creative\TaskBar\CTLTray.exe" [2001-06-29 01:00] "TaskBar"="C:\Program Files\Creative\TaskBar\CTLTask.exe" [2003-05-30 01:00] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 19:30] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54] C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\ Adapter Utility.lnk - C:\WINDOWS\Installer\{13515E3B-B512-45FF-BA78-0F677794AC99}\Launcher.exe [2004-10-22 15:54:37] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-05 17:25:55] Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 07:25:38] KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-01-06 17:00:20] Microsoft Office.lnk - C:\Program Files\Microsoft Office2\Office\OSA9.EXE [1999-02-17 15:05:56] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] @= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\suxoukao] cmpbk32a.dll 2007-09-17 19:31 82432 C:\WINDOWS\system32\cmpbk32a.dll R0 PrecSim;PrecSim;C:\WINDOWS\System32\DRIVERS\precsim.sys R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\System32\DRIVERS\DcCam.sys R2 A4SII300;A4SII300;C:\WINDOWS\System32\drivers\A4SII300.SYS R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\System32\drivers\dcfs2k.sys R2 rvymvtzo;Creative SoundFont Management Device Support;C:\WINDOWS\System32\svchost.exe -k netsvcs R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\System32\inetsrv\inetinfo.exe R2 XWPCApplicationLoaderService;Digital Media Adapter Application Loader Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe R2 XWPCHostService;Digital Media Adapter Host Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\System32\DRIVERS\itchfltr.sys R3 MTD80X;100/10M Ethernet PCI Adapter;C:\WINDOWS\System32\DRIVERS\feand5.SYS S0 ElbyVCD;ElbyVCD;C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys S1 Exportit;Exportit;C:\WINDOWS\System32\DRIVERS\exportit.sys S2 DATEING;Routing Protect Access;C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\PIJFEQ22.DLL,Export 1087 S2 G11AV;Trust 610 LCD POWERC@M ZOOM, Webcam mode;C:\WINDOWS\System32\Drivers\G11av.sys S3 DcFpoint;DcFpoint;C:\WINDOWS\System32\DRIVERS\DcFpoint.sys S3 DcLps;Legacy Polling Service;C:\WINDOWS\System32\DRIVERS\DcLps.sys S3 DcPTP;dcptp;C:\WINDOWS\System32\DRIVERS\DcPTP.sys S3 SNCT511;PC Camera (6005 CIF);C:\WINDOWS\System32\DRIVERS\snct511.sys S3 USBCamera;Digital Still Image Capture;C:\WINDOWS\System32\Drivers\Bulk533.sys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs rvymvtzo License . Inhoud van de 'Gedeelde Taken' map "2007-09-14 07:00:00 C:\WINDOWS\Tasks\At10.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 08:00:00 C:\WINDOWS\Tasks\At11.job" "2007-09-17 09:00:03 C:\WINDOWS\Tasks\At12.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 10:00:00 C:\WINDOWS\Tasks\At13.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 11:00:00 C:\WINDOWS\Tasks\At14.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 12:00:00 C:\WINDOWS\Tasks\At15.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 13:00:00 C:\WINDOWS\Tasks\At16.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 14:00:00 C:\WINDOWS\Tasks\At17.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 15:00:00 C:\WINDOWS\Tasks\At18.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 16:00:00 C:\WINDOWS\Tasks\At19.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-13 23:00:01 C:\WINDOWS\Tasks\At2.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 17:00:00 C:\WINDOWS\Tasks\At20.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 18:00:00 C:\WINDOWS\Tasks\At21.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 19:00:00 C:\WINDOWS\Tasks\At22.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 20:00:00 C:\WINDOWS\Tasks\At23.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 21:00:00 C:\WINDOWS\Tasks\At24.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-13 22:00:01 C:\WINDOWS\Tasks\At25.job" "2007-09-13 23:00:01 C:\WINDOWS\Tasks\At26.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 00:00:00 C:\WINDOWS\Tasks\At27.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 01:00:00 C:\WINDOWS\Tasks\At28.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 02:00:00 C:\WINDOWS\Tasks\At29.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 00:00:00 C:\WINDOWS\Tasks\At3.job" "2007-09-14 03:00:00 C:\WINDOWS\Tasks\At30.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 04:00:00 C:\WINDOWS\Tasks\At31.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 05:00:00 C:\WINDOWS\Tasks\At32.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At33.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 07:00:00 C:\WINDOWS\Tasks\At34.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 08:00:00 C:\WINDOWS\Tasks\At35.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 09:00:03 C:\WINDOWS\Tasks\At36.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 10:00:00 C:\WINDOWS\Tasks\At37.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 11:00:00 C:\WINDOWS\Tasks\At38.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 12:00:00 C:\WINDOWS\Tasks\At39.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 01:00:00 C:\WINDOWS\Tasks\At4.job" "2007-09-17 13:00:00 C:\WINDOWS\Tasks\At40.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 14:00:00 C:\WINDOWS\Tasks\At41.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 15:00:00 C:\WINDOWS\Tasks\At42.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 16:00:00 C:\WINDOWS\Tasks\At43.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 17:00:00 C:\WINDOWS\Tasks\At44.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 18:00:00 C:\WINDOWS\Tasks\At45.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 19:00:00 C:\WINDOWS\Tasks\At46.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 20:00:00 C:\WINDOWS\Tasks\At47.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 21:00:00 C:\WINDOWS\Tasks\At48.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 02:00:00 C:\WINDOWS\Tasks\At5.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 03:00:00 C:\WINDOWS\Tasks\At6.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 04:00:00 C:\WINDOWS\Tasks\At7.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 05:00:00 C:\WINDOWS\Tasks\At8.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At9.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-07 18:01:08 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - Piet.job" - C:\PROGRA~1\NORTON~1\Navw32.exe . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-17 19:37:40 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run???w????\???????w^?s$????>?wH ?w???????w*??w4???U??w4???????D8?s4???????|92?????\???\????????H?s????-A?w?????_?wc_?w\???\???B?1???_????? Z?w\???\??????s????\??????s\???`92?d??s`92? Z?w???????s??? HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background?g scanning hidden files ... ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\MySql] "ImagePath"="C:/mysql/bin/mysqld-nt.exe" . Completion time: 2007-09-17 19:41:00 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-17 19:40 C:\ComboFix2.txt ... 2007-09-17 12:33 C:\ComboFix3.txt ... 2007-09-16 22:55 . --- E O F --- [b:d2f3bac182] De tweede keer[/b:d2f3bac182] ComboFix 07-09-13.3 - "Piet" 2007-09-17 19:51:09.8 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.0.1252.31.1043.18.109 [GMT 2:00] Command switches used :: C:\Documents and Settings\Piet\Bureaublad\CFScript.txt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\cmpbk32a.dll . (((((((((((((((((((( Bestanden Gemaakt van 2007-08-17 to 2007-09-17 )))))))))))))))))))))))))))))) . 2007-09-17 12:01 684,567 --a------ C:\WINDOWS\system32\libeay32.dll 2007-09-17 12:01 147,729 --a------ C:\WINDOWS\system32\libssl32.dll 2007-09-16 13:23 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-16 12:22 <DIR> d-------- C:\Program Files\Trend Micro 2007-09-13 16:11 <DIR> d-------- C:\WINDOWS\system32\AppCert 2007-09-13 16:10 82,432 --a------ C:\WINDOWS\system32\cmpbk32a.dll 2007-09-11 23:25 <DIR> d-------- C:\DOCUME~1\Ellen\APPLIC~1\Magic Academy 2007-08-24 21:46 <DIR> d-------- C:\DOCUME~1\Piet\APPLIC~1\dvdcss 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\Shared 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\Incomplete 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\APPLIC~1\LimeWire 2007-08-22 11:58 <DIR> d-------- C:\Program Files\LimeWire . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-16 17:21 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-09-11 23:25 --------- d-------- C:\Program Files\Zylom Games 2007-09-11 23:25 --------- d-------- C:\DOCUME~1\Ellen\APPLIC~1\Zylom 2007-09-09 12:19 --------- d-a------ C:\DOCUME~1\Piet\APPLIC~1\SopCast 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\vlc 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Syntrillium 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Symantec 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Real 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\ppStream 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\PPLive 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\MSN6 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Microsoft Web Folders 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Lavasoft 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Kazaa Lite 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\InterTrust 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Help 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Google 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Creative 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Azureus 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Apple Computer 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\.ABC 2007-08-12 23:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games 2007-08-12 20:23 --------- d-------- C:\Program Files\iTunes 2007-08-02 15:41 --------- d-------- C:\Program Files\PokerStars . ((((((((((((((((((((((((((((( snapshot_2007-09-16_142320.92 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 78,786 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc009.dat ----a-w 96,318 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc013.dat ----a-w 454,114 2007-09-16 13:03:16 C:\WINDOWS\system32\perfh009.dat ----a-w 514,440 2007-09-16 13:03:17 C:\WINDOWS\system32\perfh013.dat ----a-w 266,240 2007-09-17 10:19:13 C:\WINDOWS\system32\config\systemprofile\ntuser.dat ----a-w 32,768 2007-09-17 17:57:43 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat ----a-w 16,384 2007-09-17 17:57:43 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat ----a-w 32,768 2007-09-17 17:57:43 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat ----a-w 208,012 2007-09-17 18:02:12 C:\WINDOWS\system32\inetsrv\MetaBase.bin ----atw 16,384 2007-09-17 17:58:23 C:\WINDOWS\Temp\Perflib_Perfdata_2a0.dat . ----a-w 78,786 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc009.dat ----a-w 96,318 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc013.dat ----a-w 454,114 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh009.dat ----a-w 514,440 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh013.dat ----a-w 266,240 2007-09-16 11:24:08 C:\WINDOWS\system32\config\systemprofile\ntuser.dat ----a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat ----a-w 16,384 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat ----a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat ----a-w 208,012 2007-09-16 11:41:19 C:\WINDOWS\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB357EC-9647-464A-98DD-321A5EE1EF89}] 2007-09-17 19:55 82432 --a------ c:\windows\system32\cmpbk32a.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTStartup"="C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.exe" [2001-06-04 01:00] "CTHelper"="CTHELPER.EXE" [2003-10-06 15:57 C:\WINDOWS\system32\CTHELPER.EXE] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-24 10:04] "nwiz"="nwiz.exe" [2004-03-24 10:04 C:\WINDOWS\system32\nwiz.exe] "TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2003-09-14 16:26] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-24 10:04] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 12:38] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-25 19:07] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-08 19:16] "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 17:32] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14] "NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 11:50] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-18 00:20] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-21 17:22] "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-08 12:23] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-22 22:28] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 14:00] "NOMAD Detector"="C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" [] "TaskTray"="C:\Program Files\Creative\TaskBar\CTLTray.exe" [2001-06-29 01:00] "TaskBar"="C:\Program Files\Creative\TaskBar\CTLTask.exe" [2003-05-30 01:00] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 19:30] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54] C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\ Adapter Utility.lnk - C:\WINDOWS\Installer\{13515E3B-B512-45FF-BA78-0F677794AC99}\Launcher.exe [2004-10-22 15:54:37] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-05 17:25:55] Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 07:25:38] KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-01-06 17:00:20] Microsoft Office.lnk - C:\Program Files\Microsoft Office2\Office\OSA9.EXE [1999-02-17 15:05:56] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] @= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\suxoukao] cmpbk32a.dll 2007-09-17 19:55 82432 C:\WINDOWS\system32\cmpbk32a.dll R0 PrecSim;PrecSim;C:\WINDOWS\System32\DRIVERS\precsim.sys R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\System32\DRIVERS\DcCam.sys R2 A4SII300;A4SII300;C:\WINDOWS\System32\drivers\A4SII300.SYS R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\System32\drivers\dcfs2k.sys R2 rvymvtzo;Creative SoundFont Management Device Support;C:\WINDOWS\System32\svchost.exe -k netsvcs R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\System32\inetsrv\inetinfo.exe R2 XWPCApplicationLoaderService;Digital Media Adapter Application Loader Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe R2 XWPCHostService;Digital Media Adapter Host Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\System32\DRIVERS\itchfltr.sys R3 MTD80X;100/10M Ethernet PCI Adapter;C:\WINDOWS\System32\DRIVERS\feand5.SYS S0 ElbyVCD;ElbyVCD;C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys S1 Exportit;Exportit;C:\WINDOWS\System32\DRIVERS\exportit.sys S2 DATEING;Routing Protect Access;C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\PIJFEQ22.DLL,Export 1087 S2 G11AV;Trust 610 LCD POWERC@M ZOOM, Webcam mode;C:\WINDOWS\System32\Drivers\G11av.sys S3 DcFpoint;DcFpoint;C:\WINDOWS\System32\DRIVERS\DcFpoint.sys S3 DcLps;Legacy Polling Service;C:\WINDOWS\System32\DRIVERS\DcLps.sys S3 DcPTP;dcptp;C:\WINDOWS\System32\DRIVERS\DcPTP.sys S3 SNCT511;PC Camera (6005 CIF);C:\WINDOWS\System32\DRIVERS\snct511.sys S3 USBCamera;Digital Still Image Capture;C:\WINDOWS\System32\Drivers\Bulk533.sys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs rvymvtzo License . Inhoud van de 'Gedeelde Taken' map "2007-09-14 07:00:00 C:\WINDOWS\Tasks\At10.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 08:00:00 C:\WINDOWS\Tasks\At11.job" "2007-09-17 09:00:03 C:\WINDOWS\Tasks\At12.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 10:00:00 C:\WINDOWS\Tasks\At13.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 11:00:00 C:\WINDOWS\Tasks\At14.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 12:00:00 C:\WINDOWS\Tasks\At15.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 13:00:00 C:\WINDOWS\Tasks\At16.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 14:00:00 C:\WINDOWS\Tasks\At17.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 15:00:00 C:\WINDOWS\Tasks\At18.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 16:00:00 C:\WINDOWS\Tasks\At19.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-13 23:00:01 C:\WINDOWS\Tasks\At2.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 17:00:00 C:\WINDOWS\Tasks\At20.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 18:00:00 C:\WINDOWS\Tasks\At21.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 19:00:00 C:\WINDOWS\Tasks\At22.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 20:00:00 C:\WINDOWS\Tasks\At23.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-16 21:00:00 C:\WINDOWS\Tasks\At24.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-13 22:00:01 C:\WINDOWS\Tasks\At25.job" "2007-09-13 23:00:01 C:\WINDOWS\Tasks\At26.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 00:00:00 C:\WINDOWS\Tasks\At27.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 01:00:00 C:\WINDOWS\Tasks\At28.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 02:00:00 C:\WINDOWS\Tasks\At29.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 00:00:00 C:\WINDOWS\Tasks\At3.job" "2007-09-14 03:00:00 C:\WINDOWS\Tasks\At30.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 04:00:00 C:\WINDOWS\Tasks\At31.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 05:00:00 C:\WINDOWS\Tasks\At32.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At33.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 07:00:00 C:\WINDOWS\Tasks\At34.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 08:00:00 C:\WINDOWS\Tasks\At35.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 09:00:03 C:\WINDOWS\Tasks\At36.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 10:00:00 C:\WINDOWS\Tasks\At37.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 11:00:00 C:\WINDOWS\Tasks\At38.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 12:00:00 C:\WINDOWS\Tasks\At39.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 01:00:00 C:\WINDOWS\Tasks\At4.job" "2007-09-17 13:00:00 C:\WINDOWS\Tasks\At40.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 14:00:00 C:\WINDOWS\Tasks\At41.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 15:00:00 C:\WINDOWS\Tasks\At42.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 16:00:00 C:\WINDOWS\Tasks\At43.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 17:00:00 C:\WINDOWS\Tasks\At44.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 18:00:00 C:\WINDOWS\Tasks\At45.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 19:00:00 C:\WINDOWS\Tasks\At46.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 20:00:00 C:\WINDOWS\Tasks\At47.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-16 21:00:00 C:\WINDOWS\Tasks\At48.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 02:00:00 C:\WINDOWS\Tasks\At5.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 03:00:00 C:\WINDOWS\Tasks\At6.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 04:00:00 C:\WINDOWS\Tasks\At7.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 05:00:00 C:\WINDOWS\Tasks\At8.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At9.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-07 18:01:08 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - Piet.job" - C:\PROGRA~1\NORTON~1\Navw32.exe . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-17 20:00:56 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run???w????\???????w^?s$????>?wH ?w???????w*??w4???U??w4???????D8?s4???????|92?????\???\????????H?s????-A?w?????_?wc_?w\???\???????p3`????? Z?w\???\??????s????\??????s\???`92?d??s`92? Z?w???????s??? HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background?g scanning hidden files ... ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\MySql] "ImagePath"="C:/mysql/bin/mysqld-nt.exe" . Completion time: 2007-09-17 20:04:48 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-17 20:04 C:\ComboFix2.txt ... 2007-09-17 19:41 C:\ComboFix3.txt ... 2007-09-17 12:33 . --- E O F --- [b:d2f3bac182] Hijackthis[/b:d2f3bac182] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:09:54, on 17-9-2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Creative\TaskBar\CTLTray.exe C:\Program Files\Creative\TaskBar\CTLTask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCLauncher.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1FB357EC-9647-464A-98DD-321A5EE1EF89} - c:\windows\system32\cmpbk32a.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe" O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adapter Utility.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office\OSA9.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) - http://www.zugmap.ch/richtplan3d/pages/plugin/gvista30161.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0 O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab O16 - DPF: {AE4CEC9D-C836-4579-829B-4C345101B3B9} (GVista Terrain Renderer) - http://www.dilas.ch/plugin/gvista/gvista2709.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68 O17 - HKLM\System\CS1\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68 O20 - Winlogon Notify: suxoukao - C:\WINDOWS\SYSTEM32\cmpbk32a.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Routing Protect Access (DATEING) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing) O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Digital Media Adapter Application Loader Service (XWPCApplicationLoaderService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe O23 - Service: Digital Media Adapter Host Service (XWPCHostService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe -- End of file - 13357 bytes Quote Link naar reactie
0 anoniem Geplaatst: 18 september 2007 Auteur Delen Geplaatst: 18 september 2007 Hallo, gedeeltelijk gelukt, de upload is aangekomen en de tool is aangepast. Gooi de huidige combofix weg en start opnieuw op. Download de nieuwste aangepaste versie aub. Download Combofix http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe naar je Bureaublad. Dubbelklik [b:70ffe20dbe]Combofix.exe[/b:70ffe20dbe] Volg de instructies, aanvaard de disclaimer door [b:70ffe20dbe]1[/b:70ffe20dbe] (continue) te typen gevolgd door [b:70ffe20dbe]ENTER[/b:70ffe20dbe].Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen. Plaats dit log in je volgende post aan het einde van de fix. <<<< Plaats ook een nieuw HijackThis logje aub. NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren. Quote Link naar reactie
0 anoniem Geplaatst: 18 september 2007 Auteur Delen Geplaatst: 18 september 2007 Ik zag weer het bericht, tijdens combofix, dat C:\Combofix\DirRoot geen toegang kreeg tot een bestand. Bovendien starte de PC niet geheel opnieuw op, maar alleen een reset van windows. Ook kreeg ik geen melding van de virusscanner. Het probleem is helaas nog niet verholpen. Moet ik de laatste batch met de bestanden niet uitvoeren? ComboFix 07-09-18.4 - "Piet" 2007-09-18 15:16:45.9 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.0.1252.1.1043.18.156 [GMT 2:00] . (((((((((((((((((((( Bestanden Gemaakt van 2007-08-18 to 2007-09-18 )))))))))))))))))))))))))))))) . 2007-09-18 14:38 68,608 --a------ C:\WINDOWS\system32\mmqliqvj.dll 2007-09-18 14:38 48,640 --a------ C:\WINDOWS\system32\tnzmdbzz.dll 2007-09-18 14:37 756,224 --a------ C:\WINDOWS\system32\hhlsmrhk.dll 2007-09-18 14:37 46,592 --a------ C:\WINDOWS\system32\atmdcpyk.dll 2007-09-18 14:37 124,928 --a------ C:\WINDOWS\system32\hqfezmcm.dll 2007-09-18 14:37 103,936 --a------ C:\WINDOWS\system32\guicatft.dll 2007-09-17 12:01 684,567 --a------ C:\WINDOWS\system32\libeay32.dll 2007-09-17 12:01 147,729 --a------ C:\WINDOWS\system32\libssl32.dll 2007-09-16 13:23 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-16 12:22 <DIR> d-------- C:\Program Files\Trend Micro 2007-09-13 16:11 <DIR> d-------- C:\WINDOWS\system32\AppCert 2007-09-13 16:10 82,432 --a------ C:\WINDOWS\system32\cmpbk32a.dll 2007-09-11 23:25 <DIR> d-------- C:\DOCUME~1\Ellen\APPLIC~1\Magic Academy 2007-08-24 21:46 <DIR> d-------- C:\DOCUME~1\Piet\APPLIC~1\dvdcss 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\Shared 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\Incomplete 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\APPLIC~1\LimeWire 2007-08-22 11:58 <DIR> d-------- C:\Program Files\LimeWire . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-18 14:39 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-09-11 23:25 --------- d-------- C:\Program Files\Zylom Games 2007-09-11 23:25 --------- d-------- C:\DOCUME~1\Ellen\APPLIC~1\Zylom 2007-09-09 12:19 --------- d-a------ C:\DOCUME~1\Piet\APPLIC~1\SopCast 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\vlc 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Syntrillium 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Symantec 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Real 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\ppStream 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\PPLive 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\MSN6 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Microsoft Web Folders 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Lavasoft 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Kazaa Lite 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\InterTrust 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Help 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Google 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Creative 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Azureus 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Apple Computer 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\.ABC 2007-08-12 23:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games 2007-08-12 20:23 --------- d-------- C:\Program Files\iTunes 2007-08-02 15:41 --------- d-------- C:\Program Files\PokerStars 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll . ((((((((((((((((((((((((((((( snapshot_2007-09-16_142320.92 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 78,786 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc009.dat ----a-w 96,318 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc013.dat ----a-w 454,114 2007-09-16 13:03:16 C:\WINDOWS\system32\perfh009.dat ----a-w 514,440 2007-09-16 13:03:17 C:\WINDOWS\system32\perfh013.dat ----a-w 266,240 2007-09-18 13:01:56 C:\WINDOWS\system32\config\systemprofile\ntuser.dat ----a-w 32,768 2007-09-18 12:31:24 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat ----a-w 16,384 2007-09-18 12:31:24 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat ----a-w 32,768 2007-09-18 12:31:24 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat ----a-w 208,017 2007-09-18 12:35:30 C:\WINDOWS\system32\inetsrv\MetaBase.bin ----atw 16,384 2007-09-18 12:31:44 C:\WINDOWS\Temp\Perflib_Perfdata_274.dat ----a-w 57,856 2007-09-18 12:37:47 C:\WINDOWS\Temp\zquwyxdt.dll . ----a-w 78,786 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc009.dat ----a-w 96,318 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc013.dat ----a-w 454,114 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh009.dat ----a-w 514,440 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh013.dat ----a-w 266,240 2007-09-16 11:24:08 C:\WINDOWS\system32\config\systemprofile\ntuser.dat ----a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat ----a-w 16,384 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat ----a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat ----a-w 208,012 2007-09-16 11:41:19 C:\WINDOWS\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB357EC-9647-464A-98DD-321A5EE1EF89}] 2007-09-18 14:38 82432 --a------ c:\windows\system32\cmpbk32a.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{579E3DB8-CFB3-455E-B058-CF1260A923ED}] 2007-09-18 14:38 68608 --a------ c:\windows\system32\mmqliqvj.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTStartup"="C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.exe" [2001-06-04 01:00] "CTHelper"="CTHELPER.EXE" [2003-10-06 15:57 C:\WINDOWS\system32\CTHELPER.EXE] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-24 10:04] "nwiz"="nwiz.exe" [2004-03-24 10:04 C:\WINDOWS\system32\nwiz.exe] "TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2003-09-14 16:26] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-24 10:04] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 12:38] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-25 19:07] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-08 19:16] "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 17:32] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14] "NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 11:50] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-18 00:20] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-21 17:22] "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-08 12:23] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-22 22:28] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 14:00] "NOMAD Detector"="C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" [] "TaskTray"="C:\Program Files\Creative\TaskBar\CTLTray.exe" [2001-06-29 01:00] "TaskBar"="C:\Program Files\Creative\TaskBar\CTLTask.exe" [2003-05-30 01:00] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 19:30] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54] C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\ Adapter Utility.lnk - C:\WINDOWS\Installer\{13515E3B-B512-45FF-BA78-0F677794AC99}\Launcher.exe [2004-10-22 15:54:37] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-05 17:25:55] Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 07:25:38] KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-01-06 17:00:20] Microsoft Office.lnk - C:\Program Files\Microsoft Office2\Office\OSA9.EXE [1999-02-17 15:05:56] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] @= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\suxoukao] cmpbk32a.dll 2007-09-18 14:38 82432 C:\WINDOWS\system32\cmpbk32a.dll R0 PrecSim;PrecSim;C:\WINDOWS\System32\DRIVERS\precsim.sys R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\System32\DRIVERS\DcCam.sys R2 A4SII300;A4SII300;C:\WINDOWS\System32\drivers\A4SII300.SYS R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\System32\drivers\dcfs2k.sys R2 rvymvtzo;Creative SoundFont Management Device Support;C:\WINDOWS\System32\svchost.exe -k netsvcs R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\System32\inetsrv\inetinfo.exe R2 XWPCApplicationLoaderService;Digital Media Adapter Application Loader Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe R2 XWPCHostService;Digital Media Adapter Host Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\System32\DRIVERS\itchfltr.sys R3 MTD80X;100/10M Ethernet PCI Adapter;C:\WINDOWS\System32\DRIVERS\feand5.SYS S0 ElbyVCD;ElbyVCD;C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys S1 Exportit;Exportit;C:\WINDOWS\System32\DRIVERS\exportit.sys S2 DATEING;Routing Protect Access;C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\PIJFEQ22.DLL,Export 1087 S2 G11AV;Trust 610 LCD POWERC@M ZOOM, Webcam mode;C:\WINDOWS\System32\Drivers\G11av.sys S3 DcFpoint;DcFpoint;C:\WINDOWS\System32\DRIVERS\DcFpoint.sys S3 DcLps;Legacy Polling Service;C:\WINDOWS\System32\DRIVERS\DcLps.sys S3 DcPTP;dcptp;C:\WINDOWS\System32\DRIVERS\DcPTP.sys S3 SNCT511;PC Camera (6005 CIF);C:\WINDOWS\System32\DRIVERS\snct511.sys S3 USBCamera;Digital Still Image Capture;C:\WINDOWS\System32\Drivers\Bulk533.sys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs rvymvtzo License . Inhoud van de 'Gedeelde Taken' map "2007-09-14 07:00:00 C:\WINDOWS\Tasks\At10.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 08:00:00 C:\WINDOWS\Tasks\At11.job" "2007-09-17 09:00:03 C:\WINDOWS\Tasks\At12.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 10:00:00 C:\WINDOWS\Tasks\At13.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 11:00:00 C:\WINDOWS\Tasks\At14.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 12:00:00 C:\WINDOWS\Tasks\At15.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-18 13:00:00 C:\WINDOWS\Tasks\At16.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 14:00:00 C:\WINDOWS\Tasks\At17.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 15:00:00 C:\WINDOWS\Tasks\At18.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 16:00:00 C:\WINDOWS\Tasks\At19.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-13 23:00:01 C:\WINDOWS\Tasks\At2.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 17:00:00 C:\WINDOWS\Tasks\At20.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 18:00:00 C:\WINDOWS\Tasks\At21.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 19:00:00 C:\WINDOWS\Tasks\At22.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 20:00:00 C:\WINDOWS\Tasks\At23.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 21:00:00 C:\WINDOWS\Tasks\At24.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-17 22:00:00 C:\WINDOWS\Tasks\At25.job" "2007-09-13 23:00:01 C:\WINDOWS\Tasks\At26.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 00:00:00 C:\WINDOWS\Tasks\At27.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 01:00:00 C:\WINDOWS\Tasks\At28.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 02:00:00 C:\WINDOWS\Tasks\At29.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 00:00:00 C:\WINDOWS\Tasks\At3.job" "2007-09-14 03:00:00 C:\WINDOWS\Tasks\At30.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 04:00:00 C:\WINDOWS\Tasks\At31.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 05:00:00 C:\WINDOWS\Tasks\At32.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At33.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 07:00:00 C:\WINDOWS\Tasks\At34.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 08:00:00 C:\WINDOWS\Tasks\At35.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 09:00:03 C:\WINDOWS\Tasks\At36.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 10:00:00 C:\WINDOWS\Tasks\At37.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 11:00:00 C:\WINDOWS\Tasks\At38.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 12:00:00 C:\WINDOWS\Tasks\At39.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 01:00:00 C:\WINDOWS\Tasks\At4.job" "2007-09-18 13:00:00 C:\WINDOWS\Tasks\At40.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 14:00:00 C:\WINDOWS\Tasks\At41.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 15:00:00 C:\WINDOWS\Tasks\At42.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 16:00:00 C:\WINDOWS\Tasks\At43.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 17:00:00 C:\WINDOWS\Tasks\At44.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 18:00:00 C:\WINDOWS\Tasks\At45.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 19:00:00 C:\WINDOWS\Tasks\At46.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 20:00:00 C:\WINDOWS\Tasks\At47.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-17 21:00:00 C:\WINDOWS\Tasks\At48.job" - C:\WINDOWS\System32\oSbkpg71.exe "2007-09-14 02:00:00 C:\WINDOWS\Tasks\At5.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 03:00:00 C:\WINDOWS\Tasks\At6.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 04:00:00 C:\WINDOWS\Tasks\At7.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 05:00:00 C:\WINDOWS\Tasks\At8.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At9.job" - C:\WINDOWS\System32\LFo1KT4L.exe "2007-09-07 18:01:08 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - Piet.job" - C:\PROGRA~1\NORTON~1\Navw32.exe . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-18 15:22:10 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run???w????\???????w^?s$????>?wH ?w???????w*??w4???U??w4???????D8?s4???????|92?????\???\????????H?s????-A?w?????_?wc_?w\???\?????????_????? Z?w\???\??????s????\??????s\???`92?d??s`92? Z?w???????s??? HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background?g scanning hidden files ... ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\MySql] "ImagePath"="C:/mysql/bin/mysqld-nt.exe" . Completion time: 2007-09-18 15:24:17 C:\ComboFix-quarantined-files.txt ... 2007-09-18 15:23 C:\ComboFix2.txt ... 2007-09-17 20:04 C:\ComboFix3.txt ... 2007-09-17 19:41 . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:29:41, on 18-9-2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Creative\TaskBar\CTLTray.exe C:\Program Files\Creative\TaskBar\CTLTask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCLauncher.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Norton AntiVirus\OPScan.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1FB357EC-9647-464A-98DD-321A5EE1EF89} - c:\windows\system32\cmpbk32a.dll O2 - BHO: (no name) - {579E3DB8-CFB3-455E-B058-CF1260A923ED} - c:\windows\system32\mmqliqvj.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe" O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adapter Utility.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office\OSA9.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) - http://www.zugmap.ch/richtplan3d/pages/plugin/gvista30161.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0 O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab O16 - DPF: {AE4CEC9D-C836-4579-829B-4C345101B3B9} (GVista Terrain Renderer) - http://www.dilas.ch/plugin/gvista/gvista2709.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68 O17 - HKLM\System\CS1\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68 O20 - Winlogon Notify: suxoukao - C:\WINDOWS\SYSTEM32\cmpbk32a.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Routing Protect Access (DATEING) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing) O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Digital Media Adapter Application Loader Service (XWPCApplicationLoaderService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe O23 - Service: Digital Media Adapter Host Service (XWPCHostService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe -- End of file - 13220 bytes Quote Link naar reactie
0 anoniem Geplaatst: 18 september 2007 Auteur Delen Geplaatst: 18 september 2007 Mag ik eerst vragen waarom je xp geen SP1 en SP2 bezit??? want het bestand word gelijk weer teruggezet lijkt het wel? Quote Link naar reactie
0 anoniem Geplaatst: 18 september 2007 Auteur Delen Geplaatst: 18 september 2007 Ik dacht, dat ik SP1 had? Quote Link naar reactie
0 anoniem Geplaatst: 19 september 2007 Auteur Delen Geplaatst: 19 september 2007 Nee ik zie geen SP1 hoor?? [b:4118512ec3][color=green:4118512ec3] Ik neem aan dat je de nieuwste versie van Combofix nu gedownload hebt?? Zo nee doe dat dat alsnog. (zie vorige fix)[/b:4118512ec3][/color:4118512ec3] Voer dan onderstaande uit aub en plaats aan het einde de nieuwe logjes aub. Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:4118512ec3][b:4118512ec3][color=blue:4118512ec3] File:: C:\WINDOWS\Tasks\At10.job C:\WINDOWS\System32\LFo1KT4L.exe C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At25.job C:\WINDOWS\Tasks\At26.job C:\WINDOWS\System32\oSbkpg71.exe C:\WINDOWS\Tasks\At27.job C:\WINDOWS\Tasks\At28.job C:\WINDOWS\Tasks\At29.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At30.job C:\WINDOWS\Tasks\At31.job C:\WINDOWS\Tasks\At32.job C:\WINDOWS\Tasks\At33.job C:\WINDOWS\Tasks\At34.job C:\WINDOWS\Tasks\At35.job C:\WINDOWS\Tasks\At36.job C:\WINDOWS\Tasks\At37.job C:\WINDOWS\Tasks\At38.job C:\WINDOWS\Tasks\At39.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At40.job C:\WINDOWS\Tasks\At41.job C:\WINDOWS\Tasks\At42.job C:\WINDOWS\Tasks\At43.job C:\WINDOWS\Tasks\At44.job C:\WINDOWS\Tasks\At45.job C:\WINDOWS\Tasks\At46.job C:\WINDOWS\Tasks\At47.job C:\WINDOWS\Tasks\At48.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job C:\WINDOWS\system32\mmqliqvj.dll C:\WINDOWS\system32\tnzmdbzz.dll C:\WINDOWS\system32\hhlsmrhk.dll C:\WINDOWS\system32\atmdcpyk.dll C:\WINDOWS\system32\hqfezmcm.dll C:\WINDOWS\system32\guicatft.dll C:\WINDOWS\system32\cmpbk32a.dll C:\WINDOWS\Temp\zquwyxdt.dll c:\windows\system32\cmpbk32a.dll c:\windows\system32\mmqliqvj.dll C:\WINDOWS\system32\cmpbk32a.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB357EC-9647-464A-98DD-321A5EE1EF89}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{579E3DB8-CFB3-455E-B058-CF1260A923ED}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\suxoukao] [/color:4118512ec3][/b:4118512ec3] [/list:u:4118512ec3]Sla dit op op je Bureaublad als [b:4118512ec3]CFScript.txt[/b:4118512ec3]. Sleep [b:4118512ec3]CFScript.txt[/b:4118512ec3] in [b:4118512ec3]ComboFix.exe[/b:4118512ec3] zoals getoond in onderstaand voorbeeld : [img:4118512ec3]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:4118512ec3] Dit zal [b:4118512ec3]ComboFix[/b:4118512ec3] doen herstarten. Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van [b:4118512ec3]Combofix.txt[/b:4118512ec3] in je volgende antwoord Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:4118512ec3] O2 - BHO: (no name) - {1FB357EC-9647-464A-98DD-321A5EE1EF89} - c:\windows\system32\cmpbk32a.dll O2 - BHO: (no name) - {579E3DB8-CFB3-455E-B058-CF1260A923ED} - c:\windows\system32\mmqliqvj.dll O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll O20 - Winlogon Notify: suxoukao - C:\WINDOWS\SYSTEM32\cmpbk32a.dll O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing) [/b:4118512ec3] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. Open de verkenner ("Mijn Computer") en kies [b:4118512ec3]Extra[/b:4118512ec3] -> [b:4118512ec3]Mapopties...[/b:4118512ec3] Controleer onder [b:4118512ec3]Weergave[/b:4118512ec3] de volgende instellingen: Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen) Uitzetten: Extensies voor bekende bestandstypen verbergen Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP) Selecteer: Verborgen bestanden en mappen weergeven Verwijder de volgende bestanden: (indien nog aanwezig) c:\windows\system32\[b:4118512ec3]cmpbk32a.dll[/b:4118512ec3] c:\windows\system32\[b:4118512ec3]mmqliqvj.dll[/b:4118512ec3] C:\WINDOWS\SYSTEM32\[b:4118512ec3]cmpbk32a.dll[/b:4118512ec3] veel succes. Quote Link naar reactie
0 anoniem Geplaatst: 20 september 2007 Auteur Delen Geplaatst: 20 september 2007 Is U daar nog??? Quote Link naar reactie
0 anoniem Geplaatst: 20 september 2007 Auteur Delen Geplaatst: 20 september 2007 Jazeker, ik was alleen eventjes afwezig. Het bestand cmpbk32a.dll ( volgens mij komt die 2x hierboven voor om te verwijderen) kan ik nog steeds niet deleten. Het valt me op, dat als ik zelf IE beëindig er de standaard mededeling volgt, dat IE afgesloten moet worden en of ik het rapport wil opsturen. ComboFix 07-09-18.4 - "Piet" 2007-09-20 13:13:51.10 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.0.1252.31.1043.18.201 [GMT 2:00] FILE:: C:\WINDOWS\Tasks\At10.job C:\WINDOWS\System32\LFo1KT4L.exe C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At25.job C:\WINDOWS\Tasks\At26.job C:\WINDOWS\System32\oSbkpg71.exe C:\WINDOWS\Tasks\At27.job C:\WINDOWS\Tasks\At28.job C:\WINDOWS\Tasks\At29.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At30.job C:\WINDOWS\Tasks\At31.job C:\WINDOWS\Tasks\At32.job C:\WINDOWS\Tasks\At33.job C:\WINDOWS\Tasks\At34.job C:\WINDOWS\Tasks\At35.job C:\WINDOWS\Tasks\At36.job C:\WINDOWS\Tasks\At37.job C:\WINDOWS\Tasks\At38.job C:\WINDOWS\Tasks\At39.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At40.job C:\WINDOWS\Tasks\At41.job C:\WINDOWS\Tasks\At42.job C:\WINDOWS\Tasks\At43.job C:\WINDOWS\Tasks\At44.job C:\WINDOWS\Tasks\At45.job C:\WINDOWS\Tasks\At46.job C:\WINDOWS\Tasks\At47.job C:\WINDOWS\Tasks\At48.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job C:\WINDOWS\system32\mmqliqvj.dll C:\WINDOWS\system32\tnzmdbzz.dll C:\WINDOWS\system32\hhlsmrhk.dll C:\WINDOWS\system32\atmdcpyk.dll C:\WINDOWS\system32\hqfezmcm.dll C:\WINDOWS\system32\guicatft.dll C:\WINDOWS\system32\cmpbk32a.dll C:\WINDOWS\Temp\zquwyxdt.dll c:\windows\system32\cmpbk32a.dll c:\windows\system32\mmqliqvj.dll . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\atmdcpyk.dll C:\WINDOWS\system32\cmpbk32a.dll c:\windows\system32\cmpbk32a.dll C:\WINDOWS\system32\guicatft.dll C:\WINDOWS\system32\hhlsmrhk.dll C:\WINDOWS\system32\hqfezmcm.dll c:\windows\system32\mmqliqvj.dll C:\WINDOWS\system32\mmqliqvj.dll C:\WINDOWS\system32\tnzmdbzz.dll C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At25.job C:\WINDOWS\Tasks\At26.job C:\WINDOWS\Tasks\At27.job C:\WINDOWS\Tasks\At28.job C:\WINDOWS\Tasks\At29.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At30.job C:\WINDOWS\Tasks\At31.job C:\WINDOWS\Tasks\At32.job C:\WINDOWS\Tasks\At33.job C:\WINDOWS\Tasks\At34.job C:\WINDOWS\Tasks\At35.job C:\WINDOWS\Tasks\At36.job C:\WINDOWS\Tasks\At37.job C:\WINDOWS\Tasks\At38.job C:\WINDOWS\Tasks\At39.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At40.job C:\WINDOWS\Tasks\At41.job C:\WINDOWS\Tasks\At42.job C:\WINDOWS\Tasks\At43.job C:\WINDOWS\Tasks\At44.job C:\WINDOWS\Tasks\At45.job C:\WINDOWS\Tasks\At46.job C:\WINDOWS\Tasks\At47.job C:\WINDOWS\Tasks\At48.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job C:\WINDOWS\Temp\zquwyxdt.dll . (((((((((((((((((((( Bestanden Gemaakt van 2007-08-20 to 2007-09-20 )))))))))))))))))))))))))))))) . 2007-09-17 12:01 684,567 --a------ C:\WINDOWS\system32\libeay32.dll 2007-09-17 12:01 147,729 --a------ C:\WINDOWS\system32\libssl32.dll 2007-09-16 13:23 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-16 12:22 <DIR> d-------- C:\Program Files\Trend Micro 2007-09-13 16:11 <DIR> d-------- C:\WINDOWS\system32\AppCert 2007-09-13 16:10 82,432 --a------ C:\WINDOWS\system32\cmpbk32a.dll 2007-09-11 23:25 <DIR> d-------- C:\DOCUME~1\Ellen\APPLIC~1\Magic Academy 2007-08-24 21:46 <DIR> d-------- C:\DOCUME~1\Piet\APPLIC~1\dvdcss 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\Shared 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\Incomplete 2007-08-22 12:00 <DIR> d-------- C:\DOCUME~1\Piet\APPLIC~1\LimeWire 2007-08-22 11:58 <DIR> d-------- C:\Program Files\LimeWire . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-18 14:39 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-09-11 23:25 --------- d-------- C:\Program Files\Zylom Games 2007-09-11 23:25 --------- d-------- C:\DOCUME~1\Ellen\APPLIC~1\Zylom 2007-09-09 12:19 --------- d-a------ C:\DOCUME~1\Piet\APPLIC~1\SopCast 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\vlc 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Syntrillium 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Symantec 2007-09-09 12:19 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Real 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\ppStream 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\PPLive 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\MSN6 2007-09-09 12:18 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Microsoft Web Folders 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Lavasoft 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Kazaa Lite 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\InterTrust 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Help 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Google 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Creative 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Azureus 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\Apple Computer 2007-09-09 12:17 --------- d-------- C:\DOCUME~1\Piet\APPLIC~1\.ABC 2007-08-12 23:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games 2007-08-12 20:23 --------- d-------- C:\Program Files\iTunes 2007-08-02 15:41 --------- d-------- C:\Program Files\PokerStars . ((((((((((((((((((((((((((((( snapshot_2007-09-16_142320.92 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 221,184 2007-09-20 08:21:54 C:\WINDOWS\system32\LVCOMSX.EXE ----a-w 155,648 2007-09-20 08:21:56 C:\WINDOWS\system32\NeroCheck.exe ----a-w 78,786 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc009.dat ----a-w 96,318 2007-09-16 13:03:16 C:\WINDOWS\system32\perfc013.dat ----a-w 454,114 2007-09-16 13:03:16 C:\WINDOWS\system32\perfh009.dat ----a-w 514,440 2007-09-16 13:03:17 C:\WINDOWS\system32\perfh013.dat ----a-w 266,240 2007-09-20 11:13:36 C:\WINDOWS\system32\config\systemprofile\ntuser.dat ----a-w 32,768 2007-09-20 11:21:32 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat ----a-w 16,384 2007-09-20 11:21:32 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat ----a-w 32,768 2007-09-20 11:21:32 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat ----a-w 208,011 2007-09-20 11:26:03 C:\WINDOWS\system32\inetsrv\MetaBase.bin ----atw 16,384 2007-09-20 11:22:19 C:\WINDOWS\Temp\Perflib_Perfdata_194.dat . ----a-w 229,376 2005-07-19 15:32:18 C:\WINDOWS\system32\LVCOMSX.EXE ----a-w 163,840 2001-07-09 09:50:42 C:\WINDOWS\system32\NeroCheck.exe ----a-w 78,786 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc009.dat ----a-w 96,318 2007-09-16 11:38:57 C:\WINDOWS\system32\perfc013.dat ----a-w 454,114 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh009.dat ----a-w 514,440 2007-09-16 11:38:57 C:\WINDOWS\system32\perfh013.dat ----a-w 266,240 2007-09-16 11:24:08 C:\WINDOWS\system32\config\systemprofile\ntuser.dat ----a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat ----a-w 16,384 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat ----a-w 32,768 2007-09-16 11:37:14 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat ----a-w 208,012 2007-09-16 11:41:19 C:\WINDOWS\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB357EC-9647-464A-98DD-321A5EE1EF89}] 2007-09-20 13:19 82432 --a------ c:\windows\system32\cmpbk32a.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "@"="" [] "CTStartup"="C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.exe" [2001-06-04 01:00] "CTHelper"="CTHELPER.EXE" [2003-10-06 15:57 C:\WINDOWS\system32\CTHELPER.EXE] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-24 10:04] "nwiz"="nwiz.exe" [2004-03-24 10:04 C:\WINDOWS\system32\nwiz.exe] "TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2003-09-14 16:26] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-24 10:04] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2007-09-20 10:21] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-25 19:07] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-08 19:16] "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2007-09-20 10:21] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2007-09-20 10:21] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2007-09-20 10:21] "NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2007-09-20 10:21] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-20 10:21] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-21 17:22] "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2007-09-20 10:21] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-22 22:28] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 14:00] "NOMAD Detector"="C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" [] "TaskTray"="C:\Program Files\Creative\TaskBar\CTLTray.exe" [2001-06-29 01:00] "TaskBar"="C:\Program Files\Creative\TaskBar\CTLTask.exe" [2003-05-30 01:00] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 19:30] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54] C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\ Adapter Utility.lnk - C:\WINDOWS\Installer\{13515E3B-B512-45FF-BA78-0F677794AC99}\Launcher.exe [2004-10-22 15:54:37] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-05 17:25:55] Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 07:25:38] KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-01-06 17:00:20] Microsoft Office.lnk - C:\Program Files\Microsoft Office2\Office\OSA9.EXE [1999-02-17 15:05:56] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] @= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\suxoukao] cmpbk32a.dll 2007-09-20 13:19 82432 C:\WINDOWS\system32\cmpbk32a.dll R0 PrecSim;PrecSim;C:\WINDOWS\System32\DRIVERS\precsim.sys R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\System32\DRIVERS\DcCam.sys R2 A4SII300;A4SII300;C:\WINDOWS\System32\drivers\A4SII300.SYS R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\System32\drivers\dcfs2k.sys R2 rvymvtzo;Creative SoundFont Management Device Support;C:\WINDOWS\System32\svchost.exe -k netsvcs R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\System32\inetsrv\inetinfo.exe R2 XWPCApplicationLoaderService;Digital Media Adapter Application Loader Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe R2 XWPCHostService;Digital Media Adapter Host Service;C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\System32\DRIVERS\itchfltr.sys R3 MTD80X;100/10M Ethernet PCI Adapter;C:\WINDOWS\System32\DRIVERS\feand5.SYS S0 ElbyVCD;ElbyVCD;C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys S1 Exportit;Exportit;C:\WINDOWS\System32\DRIVERS\exportit.sys S2 DATEING;Routing Protect Access;C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\PIJFEQ22.DLL,Export 1087 S2 G11AV;Trust 610 LCD POWERC@M ZOOM, Webcam mode;C:\WINDOWS\System32\Drivers\G11av.sys S3 DcFpoint;DcFpoint;C:\WINDOWS\System32\DRIVERS\DcFpoint.sys S3 DcLps;Legacy Polling Service;C:\WINDOWS\System32\DRIVERS\DcLps.sys S3 DcPTP;dcptp;C:\WINDOWS\System32\DRIVERS\DcPTP.sys S3 SNCT511;PC Camera (6005 CIF);C:\WINDOWS\System32\DRIVERS\snct511.sys S3 USBCamera;Digital Still Image Capture;C:\WINDOWS\System32\Drivers\Bulk533.sys HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs rvymvtzo License . Inhoud van de 'Gedeelde Taken' map "2007-09-07 18:01:08 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - Piet.job" - C:\PROGRA~1\NORTON~1\Navw32.exe . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-20 13:25:10 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run???w????\???????w^?s$????>?wH ?w???????w*??w4???U??w4???????D8?s4???????|92?????\???\????????H?s????-A?w?????_?wc_?w\???\?????????`????? Z?w\???\??????s????\??????s\???`92?d??s`92? Z?w???????s??? HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background?g scanning hidden files ... ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\MySql] "ImagePath"="C:/mysql/bin/mysqld-nt.exe" . Completion time: 2007-09-20 13:28:59 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-20 13:28 C:\ComboFix2.txt ... 2007-09-18 15:24 C:\ComboFix3.txt ... 2007-09-17 20:04 . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:28:28, on 20-9-2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Creative\TaskBar\CTLTray.exe C:\Program Files\Creative\TaskBar\CTLTask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCLauncher.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1FB357EC-9647-464A-98DD-321A5EE1EF89} - c:\windows\system32\cmpbk32a.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe" O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe" O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Default user') O4 - Global Startup: Adapter Utility.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office\OSA9.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) - http://www.zugmap.ch/richtplan3d/pages/plugin/gvista30161.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0 O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab O16 - DPF: {AE4CEC9D-C836-4579-829B-4C345101B3B9} (GVista Terrain Renderer) - http://www.dilas.ch/plugin/gvista/gvista2709.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68 O17 - HKLM\System\CS1\Services\Tcpip\..\{19BF5DB9-1774-415A-9F9E-CBAD99D3FB20}: NameServer = 62.108.1.67,212.142.26.68 O20 - Winlogon Notify: suxoukao - C:\WINDOWS\SYSTEM32\cmpbk32a.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Routing Protect Access (DATEING) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing) O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Digital Media Adapter Application Loader Service (XWPCApplicationLoaderService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe O23 - Service: Digital Media Adapter Host Service (XWPCHostService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe -- End of file - 13034 bytes Quote Link naar reactie
Vraag
anoniem
Link naar reactie
Beste reacties voor deze vraag
69
Populaire dagen
21 sep
12
20 sep
9
23 sep
8
22 sep
7
Beste reacties voor deze vraag
anoniem 69 berichten
Populaire dagen
21 sep 2007
12 berichten
20 sep 2007
9 berichten
23 sep 2007
8 berichten
22 sep 2007
7 berichten
68 antwoorden op deze vraag
Aanbevolen berichten
Om een reactie te plaatsen, moet je eerst inloggen