autorun en system op al mn schijven? pc 2

anoniem · 23 januari 2009

Hallo, Hierbij het zelfde verhaaltje als de vorige keer, nu met een andere computer en ik ga gelijk van start met een Hijackthis logje. :wink: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:26:27, on 23-1-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NDAS\System\ndassvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\NWTRAY.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\UltraMon\UltraMon.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Program Files\WinTV\Ir.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\NDAS\System\ndasmgmt.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwproxy.xs4all.nl:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\system32\mstask.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.100.53.122/activex/AxisCamControl.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: bw+0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Windows_system - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\SYSTEM.exe (file missing) -- End of file - 23025 bytes

anoniem · 24 januari 2009

Start hijackthis en kies voor 'do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:b43cd52e5c] O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)[/b:b43cd52e5c] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. Ga nu naar Start -> Uitvoeren Typ hier dit commando in: [b:b43cd52e5c]sc stop Windows_system[/b:b43cd52e5c] en druk op OK. Herhaal dit met dit commando:[b:b43cd52e5c]sc delete Windows_system[/b:b43cd52e5c]. Download combofix.exe van deze site: http://download.bleepingcomputer.com/sUBs/ComboFix.exe ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe. Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen. Wanneer ComboFix klaar is, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt). Post de inhoud van dit bestandje in je volgende bericht.

anoniem · 24 januari 2009

hierbij het logje van ComboFix: ComboFix 09-01-21.04 - Marc 2009-01-24 21:59:55.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.511.188 [GMT 1:00] Gestart vanuit: c:\documents and settings\Marc\Bureaublad\virussesscanss\installs\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\INSTALL.LOG c:\program files\Mozilla Firefox\plugins\NPNd2fn.dll c:\program files\Need2Find c:\program files\Need2Find\bar\History\search c:\windows\smdat32m.sys c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe . (((((((((((((((((((( Bestanden Gemaakt van 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))) . Geen nieuwe bestanden aangemaakt in deze periode . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-23 13:37 --------- d-----w c:\program files\Google 2009-01-23 11:05 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-01-23 11:03 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-23 11:01 --------- d-----w c:\program files\RTVSoftwareNL 2009-01-23 11:01 --------- d-----w c:\program files\iPod 2008-12-16 20:12 --------- d-----w c:\documents and settings\Marc\Application Data\Nokia Multimedia Player 2008-12-13 13:49 --------- d-----w c:\program files\Java 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2006-10-17 21:50 81,920 ----a-w c:\documents and settings\Marc\Application Data\ezpinst.exe 2006-10-17 21:50 47,360 -c--a-w c:\documents and settings\Marc\Application Data\pcouffin.sys 2006-06-02 19:18 7,856 -c--a-w c:\program files\hijackthis.log 2005-02-16 10:06 218,112 -c--a-w c:\program files\HijackThis.exe 2006-05-06 16:42 7,260,160 -c--a-w c:\program files\mozilla firefox\plugins\libvlc.dll 2007-10-11 19:56 548,443 --sh--w c:\windows\system32\_SYSTEM.exe 2008-08-24 01:12 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008082420080825\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-09-27 190024] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-06-13 36864] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 68856] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288] "Google Update"="c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-18 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 335872] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600] "QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-04-27 282624] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-05 185896] "UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-12 304640] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 223232] "CTHelper"="CTHELPER.EXE" [2003-08-28 c:\windows\system32\CTHELPER.EXE] "NWTRAY"="NWTRAY.EXE" [2002-03-12 c:\windows\system32\nwtray.exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 c:\windows\KHALMNPR.Exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2007-05-26 102455] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-06-13 196608] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-05-05 581632] NDAS Device Management.lnk - c:\program files\NDAS\System\ndasmgmt.exe [2005-02-10 178688] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "CompatibleRUPSecurity"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ctmp3"= c:\windows\System32\ctmp3.acm "VIDC.3iv2"= 3ivxVfWCodec.dll "VIDC.VP31"= vp31vfw.dll "msacm.l3fhg"= mp3fhg.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0 [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "10264:TCP"= 10264:TCP:BitComet 10264 TCP "10264:UDP"= 10264:UDP:BitComet 10264 UDP "24842:TCP"= 24842:TCP:BitComet 24842 TCP "24842:UDP"= 24842:UDP:BitComet 24842 UDP "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [2005-02-09 109184] R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [2003-10-05 123520] R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [2003-09-28 5504] R1 lfsfilt;Lean File Sharing;c:\windows\system32\drivers\lfsfilt.sys [2007-06-18 120704] R3 cmudaxp;C-Media Oxygen HD Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2007-05-26 1393600] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?] R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers\ndasbus.sys [2005-02-09 38656] R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2006-09-24 3584] R4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?] R4 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [2007-03-24 3712] R4 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 11776] S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers\ndasscsi.sys [2005-02-09 90752] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C] \Shell\Auto\command - C:\SYSTEM.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SYSTEM.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12376d43-90d0-11db-bb62-00105ac03c6d}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe \Shell\Open(&0)\command - Recycled\ctfmon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fbd60b9-d51e-11dd-be9e-0009dd506f77}] \Shell\Auto\command - I:\SYSTEM.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SYSTEM.exe . Inhoud van de 'Gedeelde Taken' map 2008-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] 2009-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-688789844-682003330-1003.job - c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-18 00:18] . - - - - ORPHANS VERWIJDERD - - - - HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe HKLM-Run-NWEReboot - (no file) HKLM-Run-Cmaudio8788 - cmicnfgp.cpl HKLM-RunServices-SchedulingAgent - c:\windows\system32\mstask.exe . ------- Bijkomende Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = localhost;*.local uInternet Settings,ProxyServer = wwwproxy.xs4all.nl:8080 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: hyves.nl Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\Marc\Application Data\Mozilla\Firefox\Profiles\gnrqcpyd.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:blank FF - plugin: c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-24 22:08:39 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(756) c:\windows\system32\Ati2evxx.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTSVCCDA.EXE c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\NDAS\System\ndassvc.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\MsPMSPSv.exe c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe c:\windows\system32\rundll32.exe c:\program files\UltraMon\UltraMonTaskbar.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\progra~1\MICROS~4\rapimgr.exe c:\program files\Logitech\SetPoint\KHALMNPR.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************** . Voltooingstijd: 2009-01-24 22:18:52 - machine werd herstart ComboFix-quarantined-files.txt 2009-01-24 21:18:45 Pre-Run: 13.058.347.008 bytes beschikbaar Post-Run: 17,524,895,744 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=AlwaysOff 216 --- E O F --- 2009-01-13 20:50:37

anoniem · 25 januari 2009

Ga naar Virustotal.com Upload het volgende bestand door het volgende te kopiëren/plakken (dus niet via "Bladeren..." opzoeken!): [b:168bfa5171]c:\windows\system32\_SYSTEM.exe [/b:168bfa5171] Wacht totdat het resultaat verschijnt. Post dit mee in je volgende reactie. Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn. Dubbelklik op Flash_Disinfector.exe om de tool te starten. Als de tool klaar is, zal de computer opnieuw starten. Open een kladblokbestand. Kopieer de onderstaande code, en plak deze in het kladblokbestand. [color=blue:168bfa5171][b:168bfa5171]Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12376d43-90d0-11db-bb62-00105ac03c6d}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fbd60b9-d51e-11dd-be9e-0009dd506f77}] [/b:168bfa5171][/color:168bfa5171] Sla het kladblokbestand op als CFScript.txt Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe, zoals hier onder: [img:168bfa5171]http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif[/img:168bfa5171] ComboFix zal opnieuw starten. Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.

anoniem · 25 januari 2009

hier het logje van virustotal.com: Dit bestand is reeds gescanned: MD5: e582f4b243f81b1af5db7f7ba434f6dc First received: 2008.03.25 22:11:03 (CET) Datum: 2008.11.08 11:05:50 (CET) [>77D] Resultaat: 31/36 Permalink: analisis/616ba0781c522aa3fe8d1a3d033510d3 Bestand _SYSTEM.exe ontvangen op 2008.11.08 11:05:50 (CET) Huidig status: Einde Resultaat: 31/36 (86.11%) Geformatteerd Resultaten afdrukken Antivirus Versie Laatst geüpdatet Resultaat AhnLab-V3 - - Win-Trojan/Hupigon.548443 AntiVir - - BDS/Backdoor.Gen Authentium - - W32/Hupigon.C.gen!Eldorado Avast - - Win32:Trojan-gen {Other} AVG - - BackDoor.Hupigon4.SHV BitDefender - - Backdoor.Hupigon.AXRD CAT-QuickHeal - - Backdoor.Hupigon.aaxv ClamAV - - - DrWeb - - BackDoor.Pigeon.7031 eSafe - - Suspicious File eTrust-Vet - - Win32/Dowque.GA Ewido - - - F-Prot - - W32/Hupigon.C.gen!Eldorado F-Secure - - Backdoor.Win32.Hupigon.aaxv Fortinet - - - GData - - Backdoor.Hupigon.AXRD Ikarus - - Backdoor.Hupigon K7AntiVirus - - Backdoor.Win32.Hupigon.aoir Kaspersky - - Backdoor.Win32.Hupigon.aaxv McAfee - - BackDoor-AWQ Microsoft - - Backdoor:Win32/Hupigon NOD32 - - probably a variant of Win32/Hupigon Norman - - W32/Hupigon.BGYS Panda - - W32/Nuwar.C.worm PCTools - - Trojan.Pakes.TO Prevx1 - - - Rising - - Backdoor.Win32.ShangXing.kd SecureWeb-Gateway - - Trojan.Backdoor.Backdoor.Gen Sophos - - Mal/Emogen-N Sunbelt - - Trojan-Downloader.Win32.VB.ji Symantec - - Trojan Horse TheHacker - - Backdoor/Hupigon.aaxv TrendMicro - - BKDR_HUPIGON.PSB VBA32 - - - ViRobot - - Backdoor.Win32.Hupigon.548443 VirusBuster - - Trojan.Pakes.TO Extra informatie MD5: e582f4b243f81b1af5db7f7ba434f6dc SHA1: fa00d39cf963cbff371aca179d98bd59417ca1b1 SHA256: d5367cd02c4b4750fe84498196d442f29fca61b1cb75653550169af9bc8fd53e SHA512: ba36d5d86c1ad26d4bae313bfd4b7274e38df768612c853e48e29fcc0920ed887de0ab3f0c3f1e064746e8d31a1991f1e778ef290ac72061ac4c8676cd3f7dd9 en het logje van combofix: ComboFix 09-01-21.04 - Marc 2009-01-25 11:22:52.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.511.155 [GMT 1:00] Gestart vanuit: c:\documents and settings\Marc\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Marc\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2008-12-25 to 2009-01-25 )))))))))))))))))))))))))))))) . Geen nieuwe bestanden aangemaakt in deze periode . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-23 13:37 --------- d-----w c:\program files\Google 2009-01-23 11:05 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-01-23 11:03 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-23 11:01 --------- d-----w c:\program files\RTVSoftwareNL 2009-01-23 11:01 --------- d-----w c:\program files\iPod 2008-12-16 20:12 --------- d-----w c:\documents and settings\Marc\Application Data\Nokia Multimedia Player 2008-12-13 13:49 --------- d-----w c:\program files\Java 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2006-10-17 21:50 81,920 ----a-w c:\documents and settings\Marc\Application Data\ezpinst.exe 2006-10-17 21:50 47,360 -c--a-w c:\documents and settings\Marc\Application Data\pcouffin.sys 2006-06-02 19:18 7,856 -c--a-w c:\program files\hijackthis.log 2005-02-16 10:06 218,112 -c--a-w c:\program files\HijackThis.exe 2006-05-06 16:42 7,260,160 -c--a-w c:\program files\mozilla firefox\plugins\libvlc.dll 2007-10-11 19:56 548,443 --sh--w c:\windows\system32\_SYSTEM.exe 2008-08-24 01:12 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008082420080825\index.dat . ((((((((((((((((((((((((((((( snapshot@2009-01-24_22.15.42.71 ))))))))))))))))))))))))))))))))))))))))) . + 2009-01-25 10:33:55 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_230.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-09-27 190024] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-06-13 36864] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 68856] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288] "Google Update"="c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-18 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 335872] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600] "QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-04-27 282624] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-05 185896] "UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-12 304640] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 223232] "CTHelper"="CTHELPER.EXE" [2003-08-28 c:\windows\system32\CTHELPER.EXE] "NWTRAY"="NWTRAY.EXE" [2002-03-12 c:\windows\system32\nwtray.exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 c:\windows\KHALMNPR.Exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2007-05-26 102455] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-06-13 196608] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-05-05 581632] NDAS Device Management.lnk - c:\program files\NDAS\System\ndasmgmt.exe [2005-02-10 178688] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "CompatibleRUPSecurity"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ctmp3"= c:\windows\System32\ctmp3.acm "VIDC.3iv2"= 3ivxVfWCodec.dll "VIDC.VP31"= vp31vfw.dll "msacm.l3fhg"= mp3fhg.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0 [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "10264:TCP"= 10264:TCP:BitComet 10264 TCP "10264:UDP"= 10264:UDP:BitComet 10264 UDP "24842:TCP"= 24842:TCP:BitComet 24842 TCP "24842:UDP"= 24842:UDP:BitComet 24842 UDP "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [2005-02-09 109184] R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [2003-10-05 123520] R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [2003-09-28 5504] R1 lfsfilt;Lean File Sharing;c:\windows\system32\drivers\lfsfilt.sys [2007-06-18 120704] R3 cmudaxp;C-Media Oxygen HD Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2007-05-26 1393600] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?] R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers\ndasbus.sys [2005-02-09 38656] R3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers\ndasscsi.sys [2005-02-09 90752] R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2006-09-24 3584] R4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?] R4 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [2007-03-24 3712] R4 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 11776] . Inhoud van de 'Gedeelde Taken' map 2008-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] 2009-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-688789844-682003330-1003.job - c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-18 00:18] . . ------- Bijkomende Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = localhost;*.local uInternet Settings,ProxyServer = wwwproxy.xs4all.nl:8080 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: hyves.nl Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\Marc\Application Data\Mozilla\Firefox\Profiles\gnrqcpyd.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:blank FF - plugin: c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-25 11:34:30 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(760) c:\windows\system32\Ati2evxx.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTSVCCDA.EXE c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\NDAS\System\ndassvc.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\MsPMSPSv.exe c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe c:\windows\system32\rundll32.exe c:\program files\UltraMon\UltraMonTaskbar.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\progra~1\MICROS~4\rapimgr.exe c:\program files\Logitech\SetPoint\KHALMNPR.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************** . Voltooingstijd: 2009-01-25 11:44:53 - machine werd herstart ComboFix-quarantined-files.txt 2009-01-25 10:44:48 ComboFix2.txt 2009-01-24 21:18:56 Pre-Run: 16.966.332.416 bytes beschikbaar Post-Run: 16,951,689,216 bytes beschikbaar 191 --- E O F --- 2009-01-13 20:50:37 thnx 4 sofar :)

anoniem · 25 januari 2009

Open een kladblokbestand. Kopieer de onderstaande code, en plak deze in het kladblokbestand. [color=blue:5ae62e514d][b:5ae62e514d]File:: c:\windows\system32\_SYSTEM.exe [/b:5ae62e514d][/color:5ae62e514d] Sla het kladblokbestand op als CFScript.txt Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe, zoals hier onder: [img:5ae62e514d]http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif[/img:5ae62e514d] ComboFix zal opnieuw starten. Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.

anoniem · 25 januari 2009

het combofix logje: ComboFix 09-01-21.04 - Marc 2009-01-25 13:45:51.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.511.139 [GMT 1:00] Gestart vanuit: c:\documents and settings\Marc\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Marc\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt FILE :: c:\windows\system32\_SYSTEM.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\_SYSTEM.exe . (((((((((((((((((((( Bestanden Gemaakt van 2008-12-25 to 2009-01-25 )))))))))))))))))))))))))))))) . Geen nieuwe bestanden aangemaakt in deze periode . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-23 13:37 --------- d-----w c:\program files\Google 2009-01-23 11:05 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-01-23 11:03 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-23 11:01 --------- d-----w c:\program files\RTVSoftwareNL 2009-01-23 11:01 --------- d-----w c:\program files\iPod 2008-12-16 20:12 --------- d-----w c:\documents and settings\Marc\Application Data\Nokia Multimedia Player 2008-12-13 13:49 --------- d-----w c:\program files\Java 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2006-10-17 21:50 81,920 ----a-w c:\documents and settings\Marc\Application Data\ezpinst.exe 2006-10-17 21:50 47,360 -c--a-w c:\documents and settings\Marc\Application Data\pcouffin.sys 2006-06-02 19:18 7,856 -c--a-w c:\program files\hijackthis.log 2005-02-16 10:06 218,112 -c--a-w c:\program files\HijackThis.exe 2006-05-06 16:42 7,260,160 -c--a-w c:\program files\mozilla firefox\plugins\libvlc.dll 2008-08-24 01:12 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008082420080825\index.dat . ((((((((((((((((((((((((((((( snapshot@2009-01-24_22.15.42.71 ))))))))))))))))))))))))))))))))))))))))) . + 2009-01-25 12:54:50 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_224.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-09-27 190024] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-06-13 36864] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 68856] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288] "Google Update"="c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-18 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 335872] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600] "QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-04-27 282624] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-05 185896] "UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-12 304640] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 223232] "CTHelper"="CTHELPER.EXE" [2003-08-28 c:\windows\system32\CTHELPER.EXE] "NWTRAY"="NWTRAY.EXE" [2002-03-12 c:\windows\system32\nwtray.exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 c:\windows\KHALMNPR.Exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2007-05-26 102455] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-06-13 196608] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-05-05 581632] NDAS Device Management.lnk - c:\program files\NDAS\System\ndasmgmt.exe [2005-02-10 178688] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "CompatibleRUPSecurity"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ctmp3"= c:\windows\System32\ctmp3.acm "VIDC.3iv2"= 3ivxVfWCodec.dll "VIDC.VP31"= vp31vfw.dll "msacm.l3fhg"= mp3fhg.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0 [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "10264:TCP"= 10264:TCP:BitComet 10264 TCP "10264:UDP"= 10264:UDP:BitComet 10264 UDP "24842:TCP"= 24842:TCP:BitComet 24842 TCP "24842:UDP"= 24842:UDP:BitComet 24842 UDP "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [2005-02-09 109184] R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [2003-10-05 123520] R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [2003-09-28 5504] R1 lfsfilt;Lean File Sharing;c:\windows\system32\drivers\lfsfilt.sys [2007-06-18 120704] R3 cmudaxp;C-Media Oxygen HD Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2007-05-26 1393600] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?] R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers\ndasbus.sys [2005-02-09 38656] R3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers\ndasscsi.sys [2005-02-09 90752] R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2006-09-24 3584] R4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?] R4 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [2007-03-24 3712] R4 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 11776] . Inhoud van de 'Gedeelde Taken' map 2008-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] 2009-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-688789844-682003330-1003.job - c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-18 00:18] . . ------- Bijkomende Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = localhost;*.local uInternet Settings,ProxyServer = wwwproxy.xs4all.nl:8080 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: hyves.nl Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\Marc\Application Data\Mozilla\Firefox\Profiles\gnrqcpyd.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:blank FF - plugin: c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-25 13:55:33 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(760) c:\windows\system32\Ati2evxx.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTSVCCDA.EXE c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\NDAS\System\ndassvc.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\MsPMSPSv.exe c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe c:\windows\system32\rundll32.exe c:\program files\UltraMon\UltraMonTaskbar.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\progra~1\MICROS~4\rapimgr.exe c:\program files\Logitech\SetPoint\KHALMNPR.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************** . Voltooingstijd: 2009-01-25 14:05:47 - machine werd herstart ComboFix-quarantined-files.txt 2009-01-25 13:05:42 ComboFix2.txt 2009-01-25 10:44:57 ComboFix3.txt 2009-01-24 21:18:56 Pre-Run: 16.935.452.672 bytes beschikbaar Post-Run: 16,910,675,968 bytes beschikbaar 197 --- E O F --- 2009-01-13 20:50:37

anoniem · 25 januari 2009

Hoe staat het met de problemen?

anoniem · 25 januari 2009

me schijven zien er weer goed uit, op deze pc heb ik trouwens wel al enige tijd last dat CCC.exe niet afsluit wanneer ik de computer wil uitzetten, dan zie je in een fractie van een seconde een venster met zo'n balkje wat oploopt om hem af te sluiten ik heb verder ook geen enkel idee wat voor iets het is

anoniem · 26 januari 2009

Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF cleaner[/url] [url=http://www.majorgeeks.com/ATF_Cleaner_d4949.html](mirror)[/url](gemaakt door Atribune) Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken. Dubbelklik op ATF cleaner om het programma te starten. Op het tabblad Main, plaats je een vinkje bij Select All. Klik op de knop Empty Selected. Het volgende doen als je ook FireFox als browser hebt: Klik op tabblad Firefox, plaats een vinkje bij Select All. Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No. (dit haalt het vinkje weer weg bij Firefox saved passwords) Klik op de knop Empty Selected. Het volgende doen als je ook Opera als browser hebt: Klik op tabblad Opera, plaats een vinkje bij Select All. Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No. Klik op de knop Empty Selected. Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.[/list]3. Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.(Denk eraan Combofix verwijderen doormiddel van start->uitvoeren ComboFix /U typen en op enter drukken!!) - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel. - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel". - Zet een vinkje voor "Systeemherstel uitschakelen". - Klik "Toepassen". - Windows vraagt of je dat zeker weet. - Klik "Ja". - Klik "OK". - Start de pc opnieuw op. - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel. - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?" - Klik "Ja". - Verwijder het vinkje voor "Systeemherstel uitschakelen". - Klik "Toepassen". - Klik "OK". - Start de pc opnieuw op - Er is nu een nieuw schoon herstel punt aangemaakt Download de drivers van jouw videokaart is opnieuw.

autorun en system op al mn schijven? pc 2

Vraag

Link naar reactie

9 antwoorden op deze vraag

Aanbevolen berichten

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Om een reactie te plaatsen, moet je eerst inloggen

Populaire leden

Leden

Recente topics