Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
sherry
hallo
wie kan mij helpen met dit probleem.
als ik internet gebruik krijg ik alleen maar
CId reclame
hoe kan ik dit verhelpen?
en wie kan mij helpen.
ik heb mijn logfile gedaan :
Logfile of HijackThis v1.99.1
Scan saved at 18:38:56, on 7-8-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
c:\temp\wintemp\Rar$EX00.633\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”
O4 - HKLM\..\Run: rundll32.exe “C:\WINDOWS\system32\wouatchb.dll”,realset
O4 - HKLM\..\Run: C:\Documents and Settings\All Users\Application Data\title 64 default software\bind roam.exe
O4 - HKLM\..\Run: C:\Documents and Settings\All Users\Application Data\jugs sign team title\Title Proc Meow.exe
O4 - HKCU\..\Run: ~“C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU\..\Run: “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: C:\Program Files\Error Repair Professional\autostart.exe
O4 - HKCU\..\Run: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: C:\DOCUME~1\FREDEN~1\APPLIC~1\DOESFA~1\Hide itch ford.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O11 - Options group: International*
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\rjequpdq.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Hoi Sherry,
* Clean de Cache and Cookies in IE:
Sluit Internet Explorer.
Ga naar Configuratiescherm > Internet Opties > tab Algemeen
Klik de Cookies verwijderen knop
Klik op de Bestanden verwijderen knop ernaast
Vink aan: Ook alle off line items verwijderen, klik OK
* Clean de Cache and Cookies in Firefox (In geval Firefox geïnstalleerd is):
Go to Extra > Opties.
Klik Privacy in het menu.
Klik op de knop wissen (Geschiedenis, Cookies, Cache).
Klik OK om het venster opnieuw te sluiten.
* Clean andere Temporary files + Prullenbak
Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
Laat het je systeem scannen op bestanden die moeten verwijderd worden
Zorg er wel voor dat je daar alleen ‘tijdelijke bestanden’, ‘tijdelijke internetbestanden’ en ‘prullenbak’ hebt aangevinkt.
Klik daarna op OK.
* Download target="_blank">Dr.Web CureIt naar je bureaublad.
Dubbelklik drweb-cureit.exe en sta het toe om de express scan te starten.
Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag ‘cure it?’. Dit is een korte scan.
Als eenmaal de korte scan is beeïndigd, Klik Options > Change Settings
Kies de “Scan”-tab en verwijder het vinkje bij “Heuristic analyse”
Terug in het hoofdvenster kun je de drives selecteren die je wilt laten scannen.
Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
Klik daarna de groene pijl rechts om de scan te starten.
Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
Wanneer de scan beëindigd is, kijk je of je op het icoontje naast de gevonden bestanden kunt klikken.
Indien er bestanden zijn gevonden klik vervolgens op het icoontje er juist onder en selecteer Move incurable.
Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik file en kies save report list. Bewaar de log op je bureaublad.
Sluit daarna Dr.Web Cureit.
Herstart je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
NB Negeer popups over Buy of 50% korting !!
Na de computer herstart plaats je de inhoud van Dr. Web Curelt (zie bureaublad)
Download Combofix naar je Bureaublad.download alternatief
Dubbelklik Combofix.exe
Volg de instructies, accepteer de disclaimer door “y” of “Y” te typen.
Tijdens het runnen van de fix, NIET in het venster klikken, want dan zal je pc gaan “hangen”.
NB Indien je virusscanner reageert met een melding van een scriptuitvoering, kun je dit negeren.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis log even hier.
Lucas 
de volgende log : hijackthis voor behandeling
Logfile of HijackThis v1.99.1
Scan saved at 18:38:56, on 7-8-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
c:\temp\wintemp\Rar$EX00.633\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”
O4 - HKLM\..\Run: rundll32.exe “C:\WINDOWS\system32\wouatchb.dll”,realset
O4 - HKLM\..\Run: C:\Documents and Settings\All Users\Application Data\title 64 default software\bind roam.exe
O4 - HKLM\..\Run: C:\Documents and Settings\All Users\Application Data\jugs sign team title\Title Proc Meow.exe
O4 - HKCU\..\Run: ~“C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU\..\Run: “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: C:\Program Files\Error Repair Professional\autostart.exe
O4 - HKCU\..\Run: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: C:\DOCUME~1\FREDEN~1\APPLIC~1\DOESFA~1\Hide itch ford.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O11 - Options group: International*
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\rjequpdq.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
hijackthis na behandeling
Logfile of HijackThis v1.99.1
Scan saved at 22:32:59, on 7-8-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\WinRAR\WinRAR.exe
c:\temp\wintemp\Rar$EX00.233\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”
O4 - HKLM\..\Run: C:\Documents and Settings\All Users\Application Data\jugs sign team title\Title Proc Meow.exe
O4 - HKCU\..\Run: ~“C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU\..\Run: “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: C:\Program Files\Error Repair Professional\autostart.exe
O4 - HKCU\..\Run: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: C:\DOCUME~1\FREDEN~1\APPLIC~1\DOESFA~1\Hide itch ford.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O11 - Options group: International*
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
de log van combofix :
ComboFix 07-08-04.3 - “Fred en Sharon” 2007-08-07 22:16:47.1 - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.Waar
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\FREDEN~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\VRMUCXDP\iforex.com
C:\DOCUME~1\FREDEN~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\VRMUCXDP\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\DOCUME~1\FREDEN~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\DOCUME~1\FREDEN~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\WINDOWS\system32\feggh.ini
C:\WINDOWS\system32\hggef.dll
C:\WINDOWS\system32\rutss.ini
C:\WINDOWS\system32\sstur.dll
C:\WINDOWS\system32\uttss.bak1
C:\WINDOWS\system32\uttss.bak2
C:\WINDOWS\system32\uttss.ini2
C:\WINDOWS\system32\uttss.tmp
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
——-\LEGACY_DOMAINSERVICE
——-\DomainService
((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))
2007-08-07 22:15 51,200 –a—— C:\WINDOWS\nircmd.exe
2007-08-07 21:10 d——– C:\DOCUME~1\FREDEN~1\DoctorWeb
2007-08-02 12:02 d——– C:\Program Files\Soulseek
2007-08-02 07:49 d——– C:\Program Files\Does fast bait
2007-07-31 15:29 d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\Does fast bait
2007-07-31 15:29 d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\title 64 default software
2007-07-31 15:29 d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\jugs sign team title
2007-07-28 09:43 d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\My Games
2007-07-26 07:15 d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-07-25 20:44 d——– C:\Program Files\Windows Live
2007-07-25 20:44 d——– C:\Program Files\Messenger Plus! Live
2007-07-23 22:03 d——– C:\Program Files\Wedding Dash
2007-07-23 16:19 d——– C:\DOCUME~1\FREDEN~1\Saved Games
2007-07-23 16:18 d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\iWin
2007-07-18 10:19 d——– C:\Program Files\NokiaFREE Unlock Codes Calculator
2007-07-15 16:28 d——– C:\Program Files\-tropix
2007-07-14 19:48 d——– C:\Program Files\StandOFood
2007-07-14 13:33 d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\Gaijin Ent
2007-07-10 17:16 d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\Jasc Software Inc
2007-07-10 17:14 d——– C:\Program Files\Jasc Software Inc
2007-07-09 12:09 d——– C:\Program Files\Delicious 2 Deluxe
2007-07-09 08:30 d——– C:\Program Files\dinerdash2
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-06 12:44 ——— d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\OpenOffice.org2
2007-08-04 08:14 ——— d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\Zylom
2007-08-04 08:13 ——— d——– C:\Program Files\Zylom Games
2007-08-04 00:12 ——— d——– C:\Program Files\-tropix
2007-08-02 10:27 ——— d——– C:\Program Files\SUPERAntiSpyware
2007-07-26 21:32 ——— d——– C:\Program Files\PokerStars.NET
2007-07-25 20:44 ——— d——– C:\Program Files\MSN Messenger
2007-07-23 22:04 ——— d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\PlayFirst
2007-07-11 19:38 35280 –a—— C:\WINDOWS\system32\perfc013.dat
2007-07-11 19:38 125858 –a—— C:\WINDOWS\system32\perfh013.dat
2007-07-06 21:49 ——— d——– C:\Program Files\Google
2007-07-06 21:48 ——— d——– C:\Program Files\Common Files\Wise Installation Wizard
2007-07-06 21:47 ——— d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\Lavasoft
2007-07-06 21:39 ——— d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-05 15:11 ——— d——– C:\Program Files\Little Shop of Treasures
2007-07-05 15:10 ——— d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\WinRAR
2007-07-05 14:05 ——— d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\Temporary
2007-07-05 13:59 ——— d——– C:\Program Files\Common Files\Real
2007-07-05 13:50 ——— d——– C:\Program Files\Hitman Pro
2007-07-05 13:49 ——— d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\PC Tools
2007-07-05 13:39 ——— d——– C:\Program Files\Error Repair Professional
2007-07-03 14:35 ——— d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\Eyeblaster
2007-06-27 14:41 164 –a—— C:\install.dat
2007-06-26 17:10 ——— d——– C:\Program Files\InterMute
2007-06-21 20:56 ——— d——– C:\Program Files\Chami
2007-06-19 20:38 ——— d——– C:\Program Files\Windows Live Toolbar
2007-06-15 19:00 ——— d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\Leadertech
2007-06-11 16:55 ——— d——– C:\Program Files\Common Files\CA Shared
2007-05-16 17:31 86528 –a–c— C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 17:31 85504 –a–c— C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 17:31 683520 –a–c— C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 17:31 683520 –a—— C:\WINDOWS\system32\inetcomm.dll
2007-05-16 17:31 510976 –a–c— C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 17:31 1314816 –a–c— C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-13 16:53 40 –a—— C:\WINDOWS\RSoftInfo.dat
2007-05-12 22:49 774144 –a—— C:\Program Files\RngInterstitial.dll
2007-05-08 11:01 3583488 –a–c— C:\WINDOWS\system32\dllcache\mshtml.dll
2007-02-15 19:27 359112 –a—— C:\Program Files\LimeWireWin.exe
2007-02-15 12:04 6863699 –a—— C:\Program Files\PlanetPokerInstall.exe
2007-02-14 16:10 22456888 –a—— C:\Program Files\AdbeRdr80_nl_NL.exe
2007-02-14 16:08 7221384 –a—— C:\Program Files\psa30se_nl_nl.exe
2007-02-14 12:58 19170000 –a—— C:\Program Files\avg75free_441a944.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”
“Adobe Photo Downloader”=“C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”
“Balm Ante Ping Team”=“C:\Documents and Settings\All Users\Application Data\jugs sign team title\Title Proc Meow.exe”
“MsnMsgr”=“~C:\Program Files\MSN Messenger\MsnMsgr.exe”
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe”
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe”
“ErrorRepairPro”=“C:\Program Files\Error Repair Professional\autostart.exe”
“SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe”
“Four Coal”=“C:\DOCUME~1\FREDEN~1\APPLIC~1\DOESFA~1\Hide itch ford.exe”
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
“C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”
“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
rundll32.exe “C:\WINDOWS\system32\lcbkotyo.dll”,realset
C:\Program Files\Picasa2\PicasaMediaDetector.exe
“sdCoreService”=3 (0x3)
“sdAuxService”=3 (0x3)
“WebrootSpySweeperService”=2 (0x2)
“gusvc”=3 (0x3)
R1 SASDIFSV;SASDIFSV;\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
R1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
R1 StarOpen;StarOpen;C:\WINDOWS\system32\drivers\StarOpen.sys
R3 ms_mpu401;Microsoft MPU-401 MIDI UART-stuurprogramma;C:\WINDOWS\system32\drivers\msmpu401.sys
R3 SASENUM;SASENUM;\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
S3 NtApm;NT Apm/Legacy-interfacestuurprogramma;C:\WINDOWS\system32\DRIVERS\NtApm.sys
S3 rtl8029;NT-stuurprogramma voor Realtek RTL8029(AS)-based PCI Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\RTL8029.SYS
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
S3 trid3d;trid3d;C:\WINDOWS\system32\DRIVERS\trid3dm.sys
Contents of the ‘Scheduled Tasks’ folder
2007-08-07 20:00:20 C:\WINDOWS\Tasks\8BF5C89AB13A7B06.job - c:\docume~1\freden~1\applic~1\doesfa~1\WipeMetaAbout.exe
2007-08-07 19:47:18 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 22:27:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
scanning hidden registry entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-07 22:30:12 - machine was rebooted
C:\ComboFix-quarantined-files.txt … 2007-08-07 22:29
— E O F —
als laatste de log van DR web
mirc.exe;C:\A&C IrC-v-2;Program.mIRC.612;Verplaatst.;
moo.dll;C:\A&C IrC-v-2;Program.MotherboardMonitor;Verplaatst.;
moo.dll;C:\A&C IrC-v-2\Data;Program.MotherboardMonitor;Verplaatst.;
bizswgry.exe;C:\Documents and Settings\Fred en Sharon\Application Data\Does fast bait;Trojan.Packed.149;Niet repareerbaar.Verplaatst.;
udqsxppr.exe;C:\Documents and Settings\Fred en Sharon\Application Data\Does fast bait;Trojan.Packed.149;Niet repareerbaar.Verplaatst.;
WipeOptionDebug.exe;C:\Documents and Settings\Fred en Sharon\Application Data\Does fast bait;Trojan.Swizzor;Verwijderd.;
Hoi sherry.
Er zit nog wel het 1 en ander in je log.
Maar wat ik het ergste vind ??????
Geen virusscanner.
Dus ga eerst even dit doen.
http://www.jawwi.nl/tips/beveiligen.html en kies hier één van de 3 maar uit.
Ga daar even mee scannen en graag in veilige modus.
Kom daarna terug hier met een combolog
Logfile of HijackThis v1.99.1
Scan saved at 9:34:11, on 10-8-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\WinRAR\WinRAR.exe
c:\temp\wintemp\Rar$EX01.502\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”
O4 - HKLM\..\Run: C:\Documents and Settings\All Users\Application Data\jugs sign team title\Title Proc Meow.exe
O4 - HKLM\..\Run: “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup
O4 - HKLM\..\Run: C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: “C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKCU\..\Run: ~“C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU\..\Run: “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: C:\Program Files\Error Repair Professional\autostart.exe
O4 - HKCU\..\Run: C:\DOCUME~1\FREDEN~1\APPLIC~1\DOESFA~1\Hide itch ford.exe
O4 - HKCU\..\Run: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O11 - Options group: International*
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
killerbee schreef:
>
> Hoi sherry.
> Er zit nog wel het 1 en ander in je log.
> Maar wat ik het ergste vind ??????
> Geen virusscanner.
> Dus ga eerst even dit doen.
> http://www.jawwi.nl/tips/beveiligen.html en kies hier één
> van de 3 maar uit.
> Ga daar even mee scannen en graag in veilige modus.
> Kom daarna terug hier met een combolog
mijn combolog
ComboFix 07-08-04.3 - “Fred en Sharon” 2007-08-10 15:30:56.2 - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.Waar
((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))
2007-08-10 15:00 d——– C:\Program Files\Common Files\Symantec Shared
2007-08-09 21:13 d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-08-09 15:30 d——– C:\Program Files\Norton Security Scan
2007-08-09 15:28 d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-08-07 22:31 d——– C:\Temp\wintemp
2007-08-07 22:15 51,200 –a—— C:\WINDOWS\nircmd.exe
2007-08-07 21:10 d——– C:\DOCUME~1\FREDEN~1\DoctorWeb
2007-08-02 12:02 d——– C:\Program Files\Soulseek
2007-08-02 07:49 d——– C:\Program Files\Does fast bait
2007-07-31 15:29 d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\Does fast bait
2007-07-31 15:29 d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\title 64 default software
2007-07-31 15:29 d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\jugs sign team title
2007-07-28 09:43 d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\My Games
2007-07-26 07:15 d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-07-25 20:44 d——– C:\Program Files\Windows Live
2007-07-25 20:44 d——– C:\Program Files\Messenger Plus! Live
2007-07-23 22:03 d——– C:\Program Files\Wedding Dash
2007-07-23 16:19 d——– C:\DOCUME~1\FREDEN~1\Saved Games
2007-07-23 16:18 d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\iWin
2007-07-18 10:19 d——– C:\Program Files\NokiaFREE Unlock Codes Calculator
2007-07-15 16:28 d——– C:\Program Files\-tropix
2007-07-14 19:48 d——– C:\Program Files\StandOFood
2007-07-14 13:33 d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\Gaijin Ent
2007-07-10 17:16 d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\Jasc Software Inc
2007-07-10 17:14 d——– C:\Program Files\Jasc Software Inc
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-09 16:39 ——— d——– C:\Program Files\Picasa2
2007-08-09 15:29 ——— d——– C:\Program Files\Google
2007-08-09 14:58 ——— d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\OpenOffice.org2
2007-08-04 08:14 ——— d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\Zylom
2007-08-04 08:13 ——— d——– C:\Program Files\Zylom Games
2007-08-04 00:12 ——— d——– C:\Program Files\-tropix
2007-08-02 10:27 ——— d——– C:\Program Files\SUPERAntiSpyware
2007-07-26 21:32 ——— d——– C:\Program Files\PokerStars.NET
2007-07-25 20:44 ——— d——– C:\Program Files\MSN Messenger
2007-07-23 22:04 ——— d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\PlayFirst
2007-07-11 19:38 35280 –a—— C:\WINDOWS\system32\perfc013.dat
2007-07-11 19:38 125858 –a—— C:\WINDOWS\system32\perfh013.dat
2007-07-09 12:09 ——— d——– C:\Program Files\Delicious 2 Deluxe
2007-07-09 08:30 ——— d——– C:\Program Files\dinerdash2
2007-07-06 21:48 ——— d——– C:\Program Files\Common Files\Wise Installation Wizard
2007-07-06 21:47 ——— d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\Lavasoft
2007-07-06 21:39 ——— d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-05 15:11 ——— d——– C:\Program Files\Little Shop of Treasures
2007-07-05 15:10 ——— d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\WinRAR
2007-07-05 14:05 ——— d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\Temporary
2007-07-05 13:59 ——— d——– C:\Program Files\Common Files\Real
2007-07-05 13:50 ——— d——– C:\Program Files\Hitman Pro
2007-07-05 13:49 ——— d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\PC Tools
2007-07-05 13:39 ——— d——– C:\Program Files\Error Repair Professional
2007-07-03 14:35 ——— d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\Eyeblaster
2007-06-27 14:41 164 –a—— C:\install.dat
2007-06-26 17:10 ——— d——– C:\Program Files\InterMute
2007-06-21 20:56 ——— d——– C:\Program Files\Chami
2007-06-19 20:38 ——— d——– C:\Program Files\Windows Live Toolbar
2007-06-15 19:00 ——— d——– C:\DOCUME~1\FREDEN~1\APPLIC~1\Leadertech
2007-06-11 16:55 ——— d——– C:\Program Files\Common Files\CA Shared
2007-05-16 17:31 86528 –a–c— C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 17:31 85504 –a–c— C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 17:31 683520 –a–c— C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 17:31 683520 –a—— C:\WINDOWS\system32\inetcomm.dll
2007-05-16 17:31 510976 –a–c— C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 17:31 1314816 –a–c— C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-13 16:53 40 –a—— C:\WINDOWS\RSoftInfo.dat
2007-05-12 22:49 774144 –a—— C:\Program Files\RngInterstitial.dll
2007-02-15 19:27 359112 –a—— C:\Program Files\LimeWireWin.exe
2007-02-15 12:04 6863699 –a—— C:\Program Files\PlanetPokerInstall.exe
2007-02-14 16:10 22456888 –a—— C:\Program Files\AdbeRdr80_nl_NL.exe
2007-02-14 16:08 7221384 –a—— C:\Program Files\psa30se_nl_nl.exe
2007-02-14 12:58 19170000 –a—— C:\Program Files\avg75free_441a944.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”
“Adobe Photo Downloader”=“C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”
“Balm Ante Ping Team”=“C:\Documents and Settings\All Users\Application Data\jugs sign team title\Title Proc Meow.exe”
“Google Desktop Search”=“C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe”
“Picasa Media Detector”=“C:\Program Files\Picasa2\PicasaMediaDetector.exe”
“avgnt”=“C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe”
“MsnMsgr”=“~C:\Program Files\MSN Messenger\MsnMsgr.exe”
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe”
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe”
“ErrorRepairPro”=“C:\Program Files\Error Repair Professional\autostart.exe”
“Four Coal”=“C:\DOCUME~1\FREDEN~1\APPLIC~1\DOESFA~1\Hide itch ford.exe”
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
“appinit_dlls”=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
“C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”
“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
rundll32.exe “C:\WINDOWS\system32\lcbkotyo.dll”,realset
C:\Program Files\Picasa2\PicasaMediaDetector.exe
“sdCoreService”=3 (0x3)
“sdAuxService”=3 (0x3)
“WebrootSpySweeperService”=2 (0x2)
“gusvc”=3 (0x3)
R1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys
R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys
R1 SASDIFSV;SASDIFSV;\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
R1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
R1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
R1 StarOpen;StarOpen;C:\WINDOWS\system32\drivers\StarOpen.sys
R3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys
R3 ms_mpu401;Microsoft MPU-401 MIDI UART-stuurprogramma;C:\WINDOWS\system32\drivers\msmpu401.sys
S3 NtApm;NT Apm/Legacy-interfacestuurprogramma;C:\WINDOWS\system32\DRIVERS\NtApm.sys
S3 rtl8029;NT-stuurprogramma voor Realtek RTL8029(AS)-based PCI Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\RTL8029.SYS
S3 SASENUM;SASENUM;\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
S3 trid3d;trid3d;C:\WINDOWS\system32\DRIVERS\trid3dm.sys
*Newly Created Service* - EECTRL
*Newly Created Service* - ERASERUTILDRVI2
Contents of the ‘Scheduled Tasks’ folder
2007-08-10 13:00:00 C:\WINDOWS\Tasks\8BF5C89AB13A7B06.job - c:\docume~1\freden~1\applic~1\doesfa~1\WipeMetaAbout.exe
2007-08-10 12:47:01 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job
2007-08-10 13:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-10 15:41:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
scanning hidden registry entries …
scanning hidden files …
**************************************************************************
Completion time: 2007-08-10 15:44:02
C:\ComboFix-quarantined-files.txt … 2007-08-10 15:43
C:\ComboFix2.txt … 2007-08-07 22:30
— E O F —
