antivirus.startpagina.nl

Logjes

  • Anonymous avatar

    sunshine

    Beste mensen,

    Op deze zonnige zaterdag heb ik maar eens besloten om iets te doen aan mijn computer. Zo verschijnen er tijdens het browsen (in Firefox) continue pop-ups, verstuur ik blijkbaar via MSN (wat ik tijden geleden al van mijn computer af heb gegooid) de welbekende spam berichtjes, en ook via mijn hotmail is er al een spam-mail naar mijn hele adreslijst gestuurd.

    Kortom, tijd om er iets aan te doen. Ik heb de 11 stappen ondernomen die beschreven staan op deze website en hierbij dan mijn logjes. Kan iemand mij verder helpen, of is dat wellicht niet meer nodig?(ik heb er niet zoveel verstand van…)

    Mijn dank is groot!

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 11:00:48, on 30-5-2009

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16735)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\ESET\ESET Smart Security\ekrn.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\VistaDrive\VistaDrive.exe

    C:\Program Files\Analog Devices\SoundMAX\smax4.exe

    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    C:\Program Files\ESET\ESET Smart Security\egui.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Winamp\winampa.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Program Files\Picasa2\PicasaMediaDetector.exe

    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O2 - BHO: (no name) - {03846DF8-1D85-4B6C-8180-01AC6D367904} - (no file)

    O2 - BHO: (no name) - {07EBEC2A-7230-419C-BA45-19B96D6B55AD} - (no file)

    O2 - BHO: (no name) - {0FCF22E1-E6D5-4726-A518-38FB4CDB71F0} - C:\WINDOWS\system32\nnnlmMgf.dll (file missing)

    O2 - BHO: (no name) - {1B7D0A67-890F-4431-9EC3-1F80EAF3674D} - (no file)

    O2 - BHO: (no name) - {4426BF2F-35E8-41F1-A7A2-0C6AE6D24455} - (no file)

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O2 - BHO: (no name) - {7E18FB6B-057E-4BB5-BC90-1AC2A71083FE} - (no file)

    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: (no name) - {90637898-4422-4048-AA2A-00422D01C7FF} - C:\WINDOWS\system32\geBttSij.dll (file missing)

    O2 - BHO: (no name) - {A71483CC-C8E6-41C6-AFE3-E24356F8C715} - (no file)

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

    O2 - BHO: (no name) - {CDB6F941-003D-42BC-BF5D-C28E63E69FFB} - (no file)

    O2 - BHO: (no name) - {ea9e7ccd-67be-45d1-8278-93dd5ad78ef1} - (no file)

    O2 - BHO: (no name) - {FBFD382A-AC6E-4EB7-8944-F97D358B378D} - (no file)

    O2 - BHO: (no name) - {FC598582-8386-4ABB-9F87-DC3DD7AAFAFB} - C:\WINDOWS\system32\yayvUOij.dll (file missing)

    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

    O4 - HKLM\..\Run: C:\WINDOWS\VistaDrive\VistaDrive.exe

    O4 - HKLM\..\Run: “C:\Program Files\Analog Devices\SoundMAX\smax4.exe” /tray

    O4 - HKLM\..\Run: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

    O4 - HKLM\..\Run: “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup

    O4 - HKLM\..\Run: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

    O4 - HKLM\..\Run: “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: nwiz.exe /install

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

    O4 - HKLM\..\Run: “C:\Program Files\ESET\ESET Smart Security\egui.exe” /hide /waitservice

    O4 - HKLM\..\Run: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    O4 - HKLM\..\Run: “C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe” -atboottime

    O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Winamp\winampa.exe”

    O4 - HKLM\..\Run: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

    O4 - HKCU\..\Run: “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background

    O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    O4 - HKCU\..\Run: C:\Program Files\Picasa2\PicasaMediaDetector.exe

    O4 - HKCU\..\Run: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKUS\S-1-5-19\..\RunOnce: rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-20\..\RunOnce: rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘NETWORK SERVICE’)

    O4 - HKUS\S-1-5-18\..\RunOnce: rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘SYSTEM’)

    O4 - HKUS\.DEFAULT\..\RunOnce: rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘Default user’)

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

    O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab

    O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab

    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://hema.nl/xupload/XUpload.ocx

    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

    O20 - AppInit_DLLs: prio.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL tgrepk.dll cqioye.dll baampi.dll pumcoo.dll mhffdl.dll

    O20 - Winlogon Notify: qoMeFuvW - C:\WINDOWS\

    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

    O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe

    O23 - Service: RMWPService - Apache Software Foundation - C:\Program Files\Reference Manager 12 Demo\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    End of file - 11846 bytes

    Malwarebytes' Anti-Malware 1.37

    Database versie: 2195

    Windows 5.1.2600 Service Pack 2

    30-5-2009 10:47:30

    mbam-log-2009-05-30 (10-47-30).txt

    Scan type: Snelle Scan

    Objecten gescand: 81419

    Verstreken tijd: 4 minute(s), 10 second(s)

    Geheugenprocessen geïnfecteerd: 0

    Geheugenmodulen geïnfecteerd: 3

    Registersleutels geïnfecteerd: 13

    Registerwaarden geïnfecteerd: 4

    Registerdata bestanden geïnfecteerd: 6

    Mappen geïnfecteerd: 0

    Bestanden geïnfecteerd: 85

    Geheugenprocessen geïnfecteerd:

    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:

    C:\WINDOWS\system32\pwiibd.dll (Trojan.Vundo.H) -> Delete on reboot.

    C:\WINDOWS\system32\qoMeFuvW.dll (Trojan.Vundo.H) -> Delete on reboot.

    C:\WINDOWS\system32\tuvWmJda.dll (Trojan.Vundo) -> Delete on reboot.

    Registersleutels geïnfecteerd:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63a94501-30e6-4095-adec-ee6e4b480284} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{63a94501-30e6-4095-adec-ee6e4b480284} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbfd382a-ac6e-4eb7-8944-f97d358b378d} (Trojan.Vundo.H) -> Delete on reboot.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomefuvw (Trojan.Vundo.H) -> Delete on reboot.

    HKEY_CLASSES_ROOT\CLSID\{fbfd382a-ac6e-4eb7-8944-f97d358b378d} (Trojan.Vundo.H) -> Delete on reboot.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4426bf2f-35e8-41f1-a7a2-0c6ae6d24455} (Trojan.BHO.H) -> Delete on reboot.

    HKEY_CLASSES_ROOT\CLSID\{4426bf2f-35e8-41f1-a7a2-0c6ae6d24455} (Trojan.BHO.H) -> Delete on reboot.

    HKEY_CLASSES_ROOT\CLSID\{61a8d553-a08f-4224-817a-c2b875d0aaa0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63a94501-30e6-4095-adec-ee6e4b480284} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fbfd382a-ac6e-4eb7-8944-f97d358b378d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4426bf2f-35e8-41f1-a7a2-0c6ae6d24455} (Trojan.Vundo) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{61a8d553-a08f-4224-817a-c2b875d0aaa0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{61a8d553-a08f-4224-817a-c2b875d0aaa0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{fbfd382a-ac6e-4eb7-8944-f97d358b378d} (Trojan.Vundo.H) -> Delete on reboot.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

    Registerdata bestanden geïnfecteerd:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvwmjda -> Delete on reboot.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Mappen geïnfecteerd:

    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:

    C:\WINDOWS\system32\pwiibd.dll (Trojan.Vundo.H) -> Delete on reboot.

    C:\WINDOWS\system32\qoMeFuvW.dll (Trojan.Vundo.H) -> Delete on reboot.

    C:\WINDOWS\system32\tuvWmJda.dll (Trojan.BHO.H) -> Delete on reboot.

    c:\WINDOWS\system32\couwdtnf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\aquwngwh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\djkcpisk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\djwrhe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\fvijjt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\gcmbhewj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\lolwcykk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\lsyrnupm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\nyiahimk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\ocewkg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\vnvcim.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\vrvbdjbs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\baxxxcpa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\beovhjex.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\dnqggh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\dvdofz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\gvqofi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\gywxwp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\hlqgji.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\kgvccq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\kuydmgrp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\lbpbbwvx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\ldvwgdjx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\pxnhfqbr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\qnmcxhki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\rursqqnc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\rypcielx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\shhrtu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\skuqvr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\sppmzr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\suqddq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\tlfqkwes.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\wlsabowf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\jevtmndv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\onhynkor.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\orobxsck.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\otpedx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\owloakir.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\oyjvdf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\worypemq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\acsqpm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\amtcqz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\bnowlqfa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\cammrtrc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\dyhbuo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\ecajfe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\inldoh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\nfxlvh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\nmkrkwna.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\noekag.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\webkxl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\hswuyatk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\jkffqykp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\jkgpfu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\jostlt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\imjwpssf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\mvnwix.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\mvxinaui.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\qqcjsn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\qxjtfvim.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\xdbgdgag.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\diilbnyb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\rklimz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\pqoxfsgd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\xspeea.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\xttwod.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\xvfnuawa.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\yabdhv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\ylmjsvbf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\zqapmi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\zrcuff.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\frsvedwa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\jtcqtjxy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\jyggrlys.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\sxkveh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\tojkxujs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\trdiss.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\serauth1.dll (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\serauth2.dll (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\hktage.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\dumckmox.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

  • Anonymous avatar

    Huib

    Hoi Sunshine,

    Het is pinkster weekend dus het kan zijn dat je vandaag geen antwoord krijgt, ook mede omdat ik zo moet werken en vanavond nog een feestje heb:)-D

    De stappen die je hebt uitgevoed hebben al veel goeds gedaan en dat zal je ook al wel hebben gemerkt.

    Wel mag je alvast Combofix laten draaien:

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Download Combofix naar je Bureaublad.

    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    Dubbelklik op Combofix.exe

    Volg de instructies, aanvaard de disclaimer.

    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

    Plaats deze log in je volgende post samen met een nieuw HijackThis log.

    Succes,

    Huib:)

  • Anonymous avatar

    sunshine

    Hoi Huib,

    Dank voor je super snelle reactie. Hierbij de combofix en hijack logjes.

    Maaike

    ComboFix 09-05-29.01 - Administrator 30-05-2009 13:45.2 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.469

    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

    * Resident AV is active

    .

    ((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-30 )))))))))))))))))))))))))))))))

    .

    2009-05-30 11:20 . 2009-05-30 11:20 ——– d—–w c:\windows\system32\xircom

    2009-05-30 11:20 . 2009-05-30 11:20 ——– d—–w c:\windows\system32\restore

    2009-05-30 11:20 . 2009-05-30 11:20 ——– d—–w c:\windows\system32\oobe

    2009-05-30 11:20 . 2009-05-30 11:20 ——– d—–w c:\windows\srchasst

    2009-05-30 11:20 . 2009-05-30 11:20 ——– d—–w c:\program files\microsoft frontpage

    2009-05-30 10:34 . 2009-05-30 12:40 117760 —-a-w c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

    2009-05-30 10:33 . 2009-05-30 10:33 ——– d—–w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

    2009-05-30 10:32 . 2009-05-30 10:32 ——– d—–w c:\program files\SUPERAntiSpyware

    2009-05-30 10:32 . 2009-05-30 10:32 ——– d—–w c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

    2009-05-30 09:38 . 2009-05-30 09:38 ——– d—–w c:\documents and settings\Administrator\Application Data\Malwarebytes

    2009-05-30 09:38 . 2009-05-26 12:20 40160 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys

    2009-05-30 09:37 . 2009-05-30 09:37 ——– d—–w c:\documents and settings\All Users\Application Data\Malwarebytes

    2009-05-30 09:37 . 2009-05-30 09:38 ——– d—–w c:\program files\Malwarebytes' Anti-Malware

    2009-05-30 09:37 . 2009-05-26 12:19 19096 —-a-w c:\windows\system32\drivers\mbam.sys

    2009-05-30 09:31 . 2009-05-30 09:32 ——– d—–w c:\program files\CleanUp!

    2009-05-30 09:18 . 2009-05-30 09:18 ——– dc-h–w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}

    2009-05-30 09:18 . 2009-01-18 21:43 2892112 -c–a-w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe

    2009-05-12 09:23 . 2009-05-12 09:23 1878984 —-a-w c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-05-30 11:35 . 2007-07-30 22:33 ——– d—–w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

    2009-05-30 10:36 . 2007-09-21 08:53 ——– d—–w c:\documents and settings\All Users\Application Data\Google Updater

    2009-05-30 10:32 . 2008-10-06 08:49 ——– d—–w c:\program files\Common Files\Wise Installation Wizard

    2009-05-30 10:30 . 2008-11-02 09:59 ——– d—–w c:\program files\CCleaner

    2009-05-30 09:17 . 2007-07-30 22:32 ——– d—–w c:\program files\Lavasoft

    2009-05-30 08:20 . 2007-07-30 22:33 ——– d—–w c:\program files\Spybot - Search & Destroy

    2009-05-29 07:03 . 2007-07-30 21:48 ——– d—–w c:\documents and settings\Administrator\Application Data\uTorrent

    2009-05-28 22:32 . 2008-10-06 09:11 ——– d—–w c:\documents and settings\Administrator\Application Data\EndNote

    2009-05-10 18:03 . 2008-11-29 16:11 ——– d—–w c:\documents and settings\Administrator\Application Data\Winamp

    2009-04-30 21:50 . 2007-08-28 12:24 ——– d—–w c:\documents and settings\Administrator\Application Data\Skype

    2008-09-22 10:11 . 2007-08-05 10:36 122880 —-a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

    .

    ((((((((((((((((((((((((((((( SnapShot@2009-05-30_11.21.25 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2007-07-30 18:19 . 2008-10-16 13:09 43544 c:\windows\system32\wups2.dll

    + 2007-07-30 21:06 . 2008-10-16 13:08 34328 c:\windows\system32\wups.dll

    + 2007-07-30 21:06 . 2008-10-16 13:09 51224 c:\windows\system32\wuauclt.exe

    + 2009-05-30 11:25 . 2008-10-16 13:09 43544 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll

    + 2009-05-30 11:24 . 2008-10-16 13:08 34328 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll

    + 2007-07-30 21:06 . 2008-10-16 13:08 34328 c:\windows\system32\dllcache\wups.dll

    + 2007-07-30 21:06 . 2008-10-16 13:09 51224 c:\windows\system32\dllcache\wuauclt.exe

    + 2007-06-08 12:00 . 2008-10-16 13:09 92696 c:\windows\system32\dllcache\cdm.dll

    + 2007-06-08 12:00 . 2008-10-16 13:09 92696 c:\windows\system32\cdm.dll

    - 2008-10-15 09:48 . 2007-03-06 01:22 22752 c:\windows\SoftwareDistribution\Download\abcfbcf3d9d76a35839e0526ed748b7b\update\spcustom.dll

    - 2008-10-15 09:48 . 2007-03-06 01:22 14048 c:\windows\SoftwareDistribution\Download\abcfbcf3d9d76a35839e0526ed748b7b\spmsg.dll

    + 2009-05-30 10:32 . 2009-05-30 11:48 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

    - 2009-05-30 10:32 . 2009-05-30 10:32 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

    + 2009-05-30 10:32 . 2009-05-30 11:48 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

    - 2009-05-30 10:32 . 2009-05-30 10:32 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

    + 2007-07-30 21:06 . 2008-10-16 13:13 202776 c:\windows\system32\wuweb.dll

    + 2007-07-30 21:06 . 2008-10-16 13:12 323608 c:\windows\system32\wucltui.dll

    + 2007-07-30 21:06 . 2008-10-16 13:12 561688 c:\windows\system32\wuapi.dll

    + 2008-07-14 16:29 . 2008-10-16 13:06 208744 c:\windows\system32\muweb.dll

    + 2008-07-14 16:29 . 2008-10-16 13:06 268648 c:\windows\system32\mucltui.dll

    + 2007-07-30 21:53 . 2009-05-30 12:39 259048 c:\windows\system32\FNTCACHE.DAT

    + 2007-07-30 21:06 . 2008-10-16 13:13 202776 c:\windows\system32\dllcache\wuweb.dll

    + 2007-07-30 21:06 . 2008-10-16 13:12 323608 c:\windows\system32\dllcache\wucltui.dll

    + 2007-07-30 21:06 . 2008-10-16 13:12 561688 c:\windows\system32\dllcache\wuapi.dll

    - 2008-10-15 09:48 . 2007-03-06 01:23 371424 c:\windows\SoftwareDistribution\Download\abcfbcf3d9d76a35839e0526ed748b7b\update\updspapi.dll

    - 2008-10-15 09:48 . 2007-03-06 01:22 716000 c:\windows\SoftwareDistribution\Download\abcfbcf3d9d76a35839e0526ed748b7b\update\update.exe

    - 2008-10-15 09:48 . 2007-03-06 01:22 213216 c:\windows\SoftwareDistribution\Download\abcfbcf3d9d76a35839e0526ed748b7b\spuninst.exe

    + 2007-07-30 21:06 . 2008-10-16 13:13 1809944 c:\windows\system32\wuaueng.dll

    + 2007-07-30 21:06 . 2008-10-16 13:13 1809944 c:\windows\system32\dllcache\wuaueng.dll

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    “ctfmon.exe”=“c:\windows\system32\ctfmon.exe”

    “swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”

    “Picasa Media Detector”=“c:\program files\Picasa2\PicasaMediaDetector.exe”

    “SpybotSD TeaTimer”=“c:\program files\Spybot - Search & Destroy\TeaTimer.exe”

    “SUPERAntiSpyware”=“c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe”

    “VistaDrive”=“c:\windows\VistaDrive\VistaDrive.exe”

    “HPDJ Taskbar Utility”=“c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe”

    “Google Desktop Search”=“c:\program files\Google\Google Desktop Search\GoogleDesktop.exe”

    “SoundMAXPnP”=“c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe”

    “SunJavaUpdateSched”=“c:\program files\Java\jre1.6.0_05\bin\jusched.exe”

    “NvCplDaemon”=“c:\windows\system32\NvCpl.dll”

    “NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”

    “GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe”

    “Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

    “egui”=“c:\program files\ESET\ESET Smart Security\egui.exe”

    “AppleSyncNotifier”=“c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe”

    “QuickTime Task”=“c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe”

    “iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe”

    “WinampAgent”=“c:\program files\Winamp\winampa.exe”

    “nwiz”=“nwiz.exe” - c:\windows\system32\nwiz.exe

    “nltide_3”=“advpack.dll” - c:\windows\system32\advpack.dll

    “MemCheckBoxInRunDlg”= 1 (0x1)

    “StartMenuFavorites”= 0 (0x0)

    “Start_ShowHelp”= 0 (0x0)

    “Start_ShowMyComputer”= 1 (0x1)

    “Start_ShowMyDocs”= 1 (0x1)

    “Start_ShowMyMusic”= 0 (0x0)

    “Start_ShowRun”= 1 (0x1)

    “Start_ShowSearch”= 0 (0x0)

    “NoResolveTrack”= 1 (0x1)

    “NoSMMyPictures”= 1 (0x1)

    “NoSMConfigurePrograms”= 1 (0x1)

    “MemCheckBoxInRunDlg”= 1 (0x1)

    “NoSMHelp”= 1 (0x1)

    “ForceClassicControlPanel”= 1 (0x1)

    “NoResolveTrack”= 1 (0x1)

    “NoSMMyPictures”= 1 (0x1)

    “NoSMConfigurePrograms”= 1 (0x1)

    “MemCheckBoxInRunDlg”= 1 (0x1)

    “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\program files\SUPERAntiSpyware\SASSEH.DLL”

    2008-12-22 11:05 356352 —-a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

    2005-12-20 21:57 176128 —-a-w c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

    @=“”

    @=“Service”

    @=“Service”

    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk

    backup=c:\windows\pss\Google Updater.lnkCommon Startup

    “EnableFirewall”= 0 (0x0)

    “%windir%\\Network Diagnostic\\xpnetdiag.exe”=

    “%windir%\\system32\\sessmgr.exe”=

    “c:\\Program Files\\uTorrent\\utorrent.exe”=

    “c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE”=

    “c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE”=

    “c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE”=

    “c:\\Program Files\\Bonjour\\mDNSResponder.exe”=

    “c:\\Program Files\\iTunes\\iTunes.exe”=

    “c:\\Program Files\\Reference Manager 12 Demo\\WebPublisher\\thirdparty\\Apache2\\bin\\RMWP_Apache_Admin.exe”=

    “c:\\Program Files\\Reference Manager 12 Demo\\WebPublisher\\thirdparty\\Apache2\\bin\\RMWP_Apache.exe”=

    “c:\\Program Files\\LimeWire\\LimeWire.exe”=

    “c:\\Program Files\\Skype\\Phone\\Skype.exe”=

    “123:UDP”= 123:UDP:SNTP

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys

    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys

    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS

    R2 ekrn;Eset Service;c:\program files\Eset\ESET Smart Security\ekrn.exe

    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe

    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS

    S2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe

    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    S3 RMWPService;RMWPService;c:\program files\Reference Manager 12 Demo\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe

    NETSVCS REQUIRES REPAIRS - current entries shown

    6to4

    AppMgmt

    AudioSrv

    Browser

    CryptSvc

    DMServer

    DHCP

    EventSystem

    FastUserSwitchingCompatibility

    HidServ

    Ias

    Iprip

    Irmon

    LanmanServer

    LanmanWorkstation

    Netman

    Nla

    Ntmssvc

    NWCWorkstation

    Nwsapagent

    Rasauto

    Rasman

    Remoteaccess

    Schedule

    Seclogon

    SENS

    Sharedaccess

    Tapisrv

    Themes

    TrkWks

    W32Time

    WZCSVC

    Wmi

    WmdmPmSp

    winmgmt

    xmlprov

    BITS

    wuauserv

    ShellHWDetection

    WmdmPmSN

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

    .

    Contents of the ‘Scheduled Tasks’ folder

    2009-05-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job

    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe

    2009-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job

    - c:\program files\Apple Software Update\SoftwareUpdate.exe

    2009-05-30 c:\windows\Tasks\Google Software Updater.job

    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe

    .

    - - - - ORPHANS REMOVED - - - -

    BHO-{03846DF8-1D85-4B6C-8180-01AC6D367904} - (no file)

    BHO-{07EBEC2A-7230-419C-BA45-19B96D6B55AD} - (no file)

    BHO-{0FCF22E1-E6D5-4726-A518-38FB4CDB71F0} - (no file)

    BHO-{1B7D0A67-890F-4431-9EC3-1F80EAF3674D} - (no file)

    BHO-{4426BF2F-35E8-41F1-A7A2-0C6AE6D24455} - (no file)

    BHO-{7E18FB6B-057E-4BB5-BC90-1AC2A71083FE} - (no file)

    BHO-{90637898-4422-4048-AA2A-00422D01C7FF} - (no file)

    BHO-{A71483CC-C8E6-41C6-AFE3-E24356F8C715} - (no file)

    BHO-{CDB6F941-003D-42BC-BF5D-C28E63E69FFB} - (no file)

    BHO-{ea9e7ccd-67be-45d1-8278-93dd5ad78ef1} - (no file)

    BHO-{FC598582-8386-4ABB-9F87-DC3DD7AAFAFB} - (no file)

    .

    ——- Supplementary Scan ——-

    .

    uStart Page = www.google.com

    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

    mStart Page = hxxp://www.google.com

    uInternet Settings,ProxyOverride = *.local

    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

    Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

    DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7n3su5vs.default\

    FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

    FF - plugin: c:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll

    FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll

    FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll

    FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll

    FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll

    FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll

    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

    FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

    FF - plugin: c:\program files\Picasa2\npPicasa2.dll

    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-05-30 13:48

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    ——————— DLLs Loaded Under Running Processes ———————

    - - - - - - - > ‘winlogon.exe’(1180)

    c:\program files\SUPERAntiSpyware\SASWINLO.dll

    c:\windows\system32\WRLogonNTF.dll

    c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

    .

    Completion time: 2009-05-30 13:50

    ComboFix-quarantined-files.txt 2009-05-30 12:50

    ComboFix2.txt 2009-05-30 11:26

    Pre-Run: 2.618.675.200 bytes free

    Post-Run: 2.611.703.808 bytes free

    277 — E O F — 2008-10-16 20:00

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 13:55:40, on 30-5-2009

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16735)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\ESET\ESET Smart Security\ekrn.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    C:\WINDOWS\VistaDrive\VistaDrive.exe

    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\ESET\ESET Smart Security\egui.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

    C:\Program Files\Winamp\winampa.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Program Files\Picasa2\PicasaMediaDetector.exe

    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe

    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    C:\WINDOWS\explorer.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O2 - BHO: (no name) - {03846DF8-1D85-4B6C-8180-01AC6D367904} - (no file)

    O2 - BHO: (no name) - {07EBEC2A-7230-419C-BA45-19B96D6B55AD} - (no file)

    O2 - BHO: (no name) - {0FCF22E1-E6D5-4726-A518-38FB4CDB71F0} - (no file)

    O2 - BHO: (no name) - {1B7D0A67-890F-4431-9EC3-1F80EAF3674D} - (no file)

    O2 - BHO: (no name) - {4426BF2F-35E8-41F1-A7A2-0C6AE6D24455} - (no file)

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O2 - BHO: (no name) - {7E18FB6B-057E-4BB5-BC90-1AC2A71083FE} - (no file)

    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: (no name) - {90637898-4422-4048-AA2A-00422D01C7FF} - (no file)

    O2 - BHO: (no name) - {A71483CC-C8E6-41C6-AFE3-E24356F8C715} - (no file)

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

    O2 - BHO: (no name) - {CDB6F941-003D-42BC-BF5D-C28E63E69FFB} - (no file)

    O2 - BHO: (no name) - {ea9e7ccd-67be-45d1-8278-93dd5ad78ef1} - (no file)

    O2 - BHO: (no name) - {FC598582-8386-4ABB-9F87-DC3DD7AAFAFB} - (no file)

    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

    O4 - HKLM\..\Run: C:\WINDOWS\VistaDrive\VistaDrive.exe

    O4 - HKLM\..\Run: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

    O4 - HKLM\..\Run: “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup

    O4 - HKLM\..\Run: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

    O4 - HKLM\..\Run: “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: nwiz.exe /install

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

    O4 - HKLM\..\Run: “C:\Program Files\ESET\ESET Smart Security\egui.exe” /hide /waitservice

    O4 - HKLM\..\Run: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    O4 - HKLM\..\Run: “C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe” -atboottime

    O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Winamp\winampa.exe”

    O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    O4 - HKCU\..\Run: C:\Program Files\Picasa2\PicasaMediaDetector.exe

    O4 - HKCU\..\Run: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKCU\..\Run: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    O4 - HKUS\S-1-5-18\..\RunOnce: rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘SYSTEM’)

    O4 - HKUS\.DEFAULT\..\RunOnce: rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘Default user’)

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

    O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab

    O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab

    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://hema.nl/xupload/XUpload.ocx

    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    O20 - Winlogon Notify: qoMeFuvW - C:\WINDOWS\

    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

    O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe

    O23 - Service: RMWPService - Apache Software Foundation - C:\Program Files\Reference Manager 12 Demo\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    End of file - 11358 bytes