Hoi Pas,
Zit je nu op een andere computer, of heb je zelf een andere startpagina gekozen:S:S
In jou 1e logje, zie datum 30-09, zie ik: jungbluteu
En het logje, datum 03-10: ventair.nl
Wat hebben de scans verwijderd, voordat je hier geplaatst hebt:S
In het laatste logje zie ik wel dingen waarvan ik denk van dit hoort niet.
Heb je het schoonmaakplan al uitgevoerd:
http://www.virushelp.nl/onderhoud.htm
Graag antwoorden op deze vragen voordat we verder kunnen gaan;)
Groetjes Huib:)
Hoi Pas,
Zit je nu op een andere computer, of heb je zelf een andere startpagina gekozen:S:S
In jou 1e logje, zie datum 30-09, zie ik: jungbluteu
En het logje, datum 03-10: ventair.nl
Wat hebben de scans verwijderd, voordat je hier geplaatst hebt:S
In het laatste logje zie ik wel dingen waarvan ik denk van dit hoort niet.
Heb je het schoonmaakplan al uitgevoerd:
http://www.virushelp.nl/onderhoud.htm
Graag antwoorden op deze vragen voordat we verder kunnen gaan;)
Groetjes Huib:)
startpagina heb ik zelf veranderd en de scanners hebben ircbot en PWSLdPinch verwijderd voor de rest eigenlijk niks.
schoonmaak plan uitgevoerd.
temp van cpu is normaal heb vorige week koelpasta laten vernieuwen en hij loopt niet hoog enkel wanneer ik deze meerdere taken laat uitvoeren maar dat is normaal.
Hoi Pas,
Als je gewoon registreert, heb je niets met codes te maken;)
Sorry voor de vele (de zelfde) reacties, maar er was een probleem op de diverse prikborden.
Jou computer,
Download Combofix naar je Bureaublad.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link,
want Combofix wordt dagelijks geupdate.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis log.
Succes,
Huib:)
gedaan bij deze:
ComboFix 09-10-06.03 - Algemeen 07-10-2009 8:41.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3582.2971
Gestart vanuit: c:\documents and settings\Algemeen\Bureaublad\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Algemeen\Application Data\EurekaLog
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Installer\191db83.msi
C:\xcrashdump.dat
D:\install.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
——-\Legacy_NPF
(((((((((((((((((((( Bestanden Gemaakt van 2009-09-07 to 2009-10-07 ))))))))))))))))))))))))))))))
.
2009-10-05 17:17 . 2009-10-06 16:55 ——– d–h–r- c:\documents and settings\Algemeen\Onlangs geopend
2009-10-04 14:25 . 2009-10-04 14:25 ——– d—–w- C:\WHERE_EAGLES_DARE
2009-10-03 07:15 . 2009-10-03 07:15 ——– d—–w- c:\program files\CleanUp!
2009-10-03 07:13 . 2009-10-03 10:16 ——– d—–w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-03 07:13 . 2009-10-03 07:17 ——– d—–w- c:\program files\Spybot - Search & Destroy
2009-10-01 19:05 . 2009-10-01 20:55 ——– d—–w- c:\documents and settings\Algemeen\Shared
2009-10-01 19:04 . 2009-10-01 19:34 ——– d—–w- c:\documents and settings\Algemeen\Application Data\LimeWire Music
2009-10-01 19:04 . 2009-10-01 19:04 ——– d—–w- c:\documents and settings\All Users\Application Data\LimeWire Music
2009-09-30 17:20 . 2009-09-30 17:22 ——– dc-h–w- c:\windows\ie8
2009-09-29 21:56 . 2009-09-29 18:11 15688 —-a-w- c:\windows\system32\lsdelete.exe
2009-09-29 18:11 . 2009-07-03 14:49 64160 —-a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-29 18:09 . 2009-09-29 18:09 ——– dc-h–w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-29 18:09 . 2009-09-29 18:11 ——– d—–w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-29 18:09 . 2009-09-29 18:09 ——– d—–w- c:\program files\Lavasoft
2009-09-29 05:56 . 2009-09-29 05:56 ——– d—–w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-29 05:56 . 2009-10-03 10:17 ——– d—–w- c:\program files\SUPERAntiSpyware
2009-09-29 05:56 . 2009-10-03 10:17 ——– d—–w- c:\documents and settings\Algemeen\Application Data\SUPERAntiSpyware.com
2009-09-28 19:40 . 2009-09-28 19:40 ——– d—–w- c:\documents and settings\Algemeen\DoctorWeb
2009-09-28 19:21 . 2009-09-28 19:21 ——– d—–r- c:\documents and settings\NetworkService\Mijn documenten
2009-09-28 18:43 . 2009-09-28 18:43 ——– d–h–r- c:\documents and settings\NetworkService\Onlangs geopend
2009-09-27 18:52 . 2009-09-27 18:52 219387 —-a-w- c:\windows\VoidRO v2 Uninstaller.exe
2009-09-27 16:31 . 2004-08-03 20:31 20992 -c–a-w- c:\windows\system32\dllcache\rtl8139.sys
2009-09-27 16:31 . 2004-08-03 20:31 20992 —-a-w- c:\windows\system32\drivers\RTL8139.sys
2009-09-25 06:15 . 2009-10-03 08:34 ——– d—–w- c:\program files\Spyware Doctor
2009-09-20 19:26 . 2009-09-20 19:26 ——– d—–w- c:\program files\Windows Live
2009-09-20 17:27 . 2009-09-20 17:27 ——– d—–w- c:\program files\Alcohol Soft
2009-09-20 17:08 . 2009-10-03 07:50 ——– d—–w- c:\documents and settings\All Users\Application Data\Daemon Tools Pro
2009-09-20 17:08 . 2009-09-20 17:16 ——– d—–w- c:\documents and settings\Algemeen\Application Data\Daemon Tools Pro
2009-09-20 17:07 . 2009-09-20 17:25 721904 —-a-w- c:\windows\system32\drivers\sptd.sys
2009-09-20 15:06 . 2009-09-20 15:06 107888 —-a-w- c:\windows\system32\CmdLineExt.dll
2009-09-20 14:53 . 2009-09-20 14:53 ——– d—–w- c:\program files\Sierra Entertainment
2009-09-19 12:09 . 2009-10-06 16:07 ——– d—–w- c:\documents and settings\Algemeen\Application Data\vlc
2009-09-18 21:40 . 2009-09-18 21:40 133720 —-a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-16 14:25 . 2009-09-20 13:33 ——– d—–w- c:\documents and settings\Algemeen\Application Data\ImgBurn
2009-09-16 14:23 . 2009-09-16 14:23 ——– d—–w- c:\program files\ImgBurn
2009-09-15 19:55 . 2009-09-15 19:55 604140 –sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-09-15 19:49 . 2009-09-22 11:47 107547 —-a-w- c:\windows\system32\drivers\klin.dat
2009-09-15 19:49 . 2009-09-22 11:47 95259 —-a-w- c:\windows\system32\drivers\klick.dat
2009-09-15 19:48 . 2009-10-07 06:49 ——– d—–w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-09-15 19:48 . 2009-09-15 19:48 ——– d—–w- c:\program files\Kaspersky Lab
2009-09-15 19:47 . 2009-09-15 19:47 ——– d—–w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-09-13 15:13 . 2009-09-27 15:51 ——– d—–w- c:\program files\AGEIA Technologies
2009-09-13 15:13 . 2009-09-13 15:13 ——– d—–w- c:\windows\system32\AGEIA
2009-09-13 15:11 . 2009-09-13 15:11 ——– d—–w- c:\windows\Logs
2009-09-13 12:47 . 2009-09-13 12:47 ——– d—–w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-09-13 12:47 . 2009-09-13 12:47 ——– d—–w- c:\documents and settings\Algemeen\Application Data\Office Genuine Advantage
2009-09-13 12:26 . 2009-09-13 12:26 ——– d—–w- c:\documents and settings\Algemeen\Local Settings\Application Data\ratDVD
2009-09-13 12:25 . 2009-09-13 12:26 ——– d—–w- c:\program files\ratDVD
2009-09-11 10:20 . 2009-09-11 10:20 ——– d—–w- c:\program files\Common Files\Windows Live
2009-09-10 21:49 . 2009-09-10 21:49 ——– d—–w- c:\documents and settings\Algemeen\Application Data\acccore
2009-09-10 21:49 . 2009-09-10 21:49 ——– d—–w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-09-10 21:49 . 2009-09-11 15:34 ——– d—–w- c:\documents and settings\All Users\Application Data\AOL
2009-09-10 21:49 . 2009-09-10 21:49 ——– d—–w- c:\documents and settings\Algemeen\Local Settings\Application Data\AOL OCP
2009-09-10 21:48 . 2009-09-10 21:48 ——– d—–w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-09-10 21:48 . 2009-09-10 21:48 ——– d—–w- c:\program files\Viewpoint
2009-09-10 11:41 . 2009-09-10 11:41 ——– d—–w- c:\windows\Cache
2009-09-09 06:24 . 2009-06-21 21:49 153088 -c—-w- c:\windows\system32\dllcache\triedit.dll
2009-09-07 14:54 . 2009-09-07 14:54 ——– d—–w- c:\windows\system32\wbem\Repository
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-05 16:43 . 2008-10-05 15:45 ——– d—–w- c:\program files\DYMO Label
2009-10-03 16:40 . 2007-08-26 10:42 ——– d—–w- c:\documents and settings\Algemeen\Application Data\dvdcss
2009-10-03 10:17 . 2009-09-13 15:12 ——– d—–w- c:\program files\Common Files\Wise Installation Wizard
2009-10-03 08:58 . 2007-03-02 16:46 56728 —-a-w- c:\documents and settings\Algemeen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-03 07:04 . 2008-04-17 15:08 ——– d—a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-01 19:55 . 2009-08-18 19:02 ——– d—–w- c:\documents and settings\Algemeen\Application Data\Thinstall
2009-09-30 15:31 . 2007-03-21 13:07 65536 —-a-w- c:\windows\IFinst27.exe
2009-09-29 06:06 . 2008-01-14 15:35 ——– d—–w- c:\documents and settings\Algemeen\Application Data\MySQL
2009-09-27 11:47 . 2007-10-31 16:34 ——– d—–w- c:\program files\WinTV
2009-09-27 11:09 . 2007-05-18 06:33 ——– d—–w- c:\documents and settings\Algemeen\Application Data\NCH Swift Sound
2009-09-27 11:09 . 2007-05-18 06:33 ——– d—–w- c:\program files\NCH Swift Sound
2009-09-27 11:08 . 2007-03-12 18:36 ——– d—–w- c:\program files\ESET
2009-09-27 11:06 . 2009-05-01 05:03 ——– d—–w- c:\program files\AAC to MP3 Converter
2009-09-20 17:24 . 2009-06-12 18:15 ——– d—–w- c:\program files\AVS4YOU
2009-09-20 14:52 . 2007-03-02 09:33 ——– d–h–w- c:\program files\InstallShield Installation Information
2009-09-12 18:16 . 2004-09-13 19:02 555278 —-a-w- c:\windows\system32\perfh013.dat
2009-09-12 18:16 . 2004-09-13 19:01 108524 —-a-w- c:\windows\system32\perfc013.dat
2009-09-10 12:54 . 2008-08-23 07:35 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2008-08-23 07:35 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 08:41 . 2009-03-15 15:42 ——– d—–w- c:\program files\Microsoft Silverlight
2009-09-04 21:05 . 2009-09-04 21:05 ——– d—–w- c:\program files\NDAS
2009-08-31 14:44 . 2007-06-16 23:17 ——– d—–w- c:\documents and settings\Algemeen\Application Data\teamspeak2
2009-08-27 17:05 . 2009-08-27 17:05 ——– d—–w- c:\program files\Passware
2009-08-25 17:20 . 2009-08-25 17:20 ——– d—–w- c:\program files\Smallvideosoft
2009-08-05 09:01 . 2004-09-13 19:00 205312 —-a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 13:07 . 2009-08-03 13:07 403816 —-a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 13:07 . 2009-08-03 13:07 322928 —-a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 13:07 . 2009-08-03 13:07 230768 —-a-w- c:\windows\system32\OGAEXEC.exe
2009-07-17 19:04 . 2004-09-13 18:51 58880 —-a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-09-13 19:10 286208 —-a-w- c:\windows\system32\wmpdxm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
“AutoSizer”=“c:\program files\AutoSizer\AutoSizer.exe”
“SoundMAXPnP”=“c:\program files\Analog Devices\Core\smax4pnp.exe”
“ATIPTA”=“c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe”
“AVP”=“c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe”
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
@=“Driver”
@=“Driver”
@=“Driver”
@=“Driver”
@=“Driver”
@=“Driver”
@=“Service”
path=c:\documents and settings\Algemeen\Menu Start\Programma's\Opstarten\MRU-Blaster Scheduler.lnk
backup=c:\windows\pss\MRU-Blaster Scheduler.lnkStartup
path=c:\documents and settings\Algemeen\Menu Start\Programma's\Opstarten\MRU-Blaster Silent Clean.lnk
backup=c:\windows\pss\MRU-Blaster Silent Clean.lnkStartup
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Snelstart HP Image Zone.lnk
backup=c:\windows\pss\Snelstart HP Image Zone.lnkCommon Startup
“FirewallOverride”=dword:00000001
“DisableMonitoring”=dword:00000001
“%windir%\\system32\\sessmgr.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“d:\\Program Files\\LimeWire\\LimeWire.exe”=
“d:\\Program Files\\The All-Seeing Eye\\eye.exe”=
“d:\\Program Files\\EA GAMES\\MOHAA\\moh_spearhead.exe”=
“c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe”=
“d:\\Program Files\\GrabIt\\GrabIt.exe”=
“8975:TCP”= 8975:TCP:BitComet 8975 TCP
“8975:UDP”= 8975:UDP:BitComet 8975 UDP
“6900:TCP”= 6900:TCP:login-server.exe
“6121:TCP”= 6121:TCP:char-server.exe
“5121:TCP”= 5121:TCP:map-server.exe
“8000:TCP”= 8000:TCP:login-server.exe
“27587:TCP”= 27587:TCP:BitComet 27587 TCP
“27587:UDP”= 27587:UDP:BitComet 27587 UDP
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys
R0 lfsfilt;Lean File Sharing;c:\windows\system32\drivers\lfsfilt.sys
R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys
R1 ndasfat;NDAS FAT;c:\windows\system32\drivers\ndasfat.sys
R2 BCMNTIO;BCMNTIO;d:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys
R2 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe
R2 MAPMEM;MAPMEM;d:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys
R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers\ndasbus.sys
S0 ati0fqxx;ati0fqxx;c:\windows\system32\Drivers\ati0fqxx.sys –> c:\windows\system32\Drivers\ati0fqxx.sys
S0 ati4rvxx;ati4rvxx;c:\windows\system32\Drivers\ati4rvxx.sys –> c:\windows\system32\Drivers\ati4rvxx.sys
S0 ati6imxx;ati6imxx;c:\windows\system32\Drivers\ati6imxx.sys –> c:\windows\system32\Drivers\ati6imxx.sys
S0 ati6lyxx;ati6lyxx;c:\windows\system32\Drivers\ati6lyxx.sys –> c:\windows\system32\Drivers\ati6lyxx.sys
S0 ati7nixx;ati7nixx;c:\windows\system32\Drivers\ati7nixx.sys –> c:\windows\system32\Drivers\ati7nixx.sys
S0 ati8vwxx;ati8vwxx;c:\windows\system32\Drivers\ati8vwxx.sys –> c:\windows\system32\Drivers\ati8vwxx.sys
S3 HCW713x;Hauppauge 713x VU PCI TV Card;c:\windows\system32\drivers\HCW713x.sys
S3 JHKEFKOPLJV;JHKEFKOPLJV;c:\docume~1\Algemeen\LOCALS~1\Temp\JHKEFKOPLJV.exe –> c:\docume~1\Algemeen\LOCALS~1\Temp\JHKEFKOPLJV.exe
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
S3 npkycryp;npkycryp;\??\d:\program files\Gravity\RO\npkycryp.sys –> d:\program files\Gravity\RO\npkycryp.sys
S3 VVNEBXH;VVNEBXH;c:\docume~1\Algemeen\LOCALS~1\Temp\VVNEBXH.exe –> c:\docume~1\Algemeen\LOCALS~1\Temp\VVNEBXH.exe
S3 ZBXG;ZBXG;c:\docume~1\Algemeen\LOCALS~1\Temp\ZBXG.exe –> c:\docume~1\Algemeen\LOCALS~1\Temp\ZBXG.exe
“c:\windows\system32\rundll32.exe” “c:\windows\system32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP
.
Inhoud van de ‘Gedeelde Taken’ map
2009-10-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
2009-10-07 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://ventair.nl/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab
DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} - hxxps://gto.postbank.nl/GTO/PBGNX.cab
FF - ProfilePath - c:\documents and settings\Algemeen\Application Data\Mozilla\Firefox\Profiles\ctpqv5jd.default\
FF - prefs.js: browser.startup.homepage - ventair.nl
FF - component: c:\documents and settings\Algemeen\Application Data\Mozilla\Firefox\Profiles\ctpqv5jd.default\extensions\{2bae58c2-79f9-45d1-a286-81f911301c3a}\components\FFExternalAlert.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{46735dee-f862-49d1-876d-6382794dc625}\components\FFExternalAlert.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS VERWIJDERD - - - -
HKU-Default-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
SafeBoot-ati1asxx.sys
SafeBoot-ati4ojxx.sys
SafeBoot-ati4ytxx.sys
SafeBoot-ati6dexx.sys
SafeBoot-ati6sxxx.sys
SafeBoot-ati6thxx.sys
SafeBoot-ati7joxx.sys
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-07 08:48
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > ‘explorer.exe’(3296)
c:\program files\AutoSizer\AutoSizer.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
———————— Andere Aktieve Processen ————————
.
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NDAS\System\ndassvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Voltooingstijd: 2009-10-07 8:58 - machine werd herstart
ComboFix-quarantined-files.txt 2009-10-07 06:58
Pre-Run: 20.416.868.352 bytes beschikbaar
Post-Run: 20.432.060.416 bytes beschikbaar
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect
282 — E O F — 2009-10-06 17:00
————————————————————————————–
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:03, on 7-10-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AutoSizer\AutoSizer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ventair.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe”
O4 - HKCU\..\Run: “C:\Program Files\AutoSizer\AutoSizer.exe”
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: &Virtueel toetsenbord - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internetadressen c&ontrole - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172870682625
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0) - http://activex.microsoft.com/controls/vb5/comdlg32.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: JHKEFKOPLJV - Unknown owner - C:\DOCUME~1\Algemeen\LOCALS~1\Temp\JHKEFKOPLJV.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VVNEBXH - Unknown owner - C:\DOCUME~1\Algemeen\LOCALS~1\Temp\VVNEBXH.exe (file missing)
O23 - Service: ZBXG - Unknown owner - C:\DOCUME~1\Algemeen\LOCALS~1\Temp\ZBXG.exe (file missing)
–
End of file - 7596 bytes
Bestandsgrootte: 65536 bytes
Bestandstype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: 9c17bca3ef837bacded7e4299508e71d
SHA1: 253c7e956ad6cb66e0e47e5d9a6a19d78e9c96e0
Packer (Avast): UPX
Packer (Drweb): UPX
Packer (Kaspersky): UPX
Bestandsnaam: IFinst27.exe
Status: Scan voltooid. 0 uit 21 scanners vonden malware.
Scan genomen op: ma 20 jul 2009 21:28:12 (CET) Permalink
http://virusscan.jotti.org/nl/scanresult/e3a1577f37fd2a33503bc93872bfdd3e2b498a4a/ea7724dbf4eafc251ad9a0a82b42043fb2ba61c5
Het ziet er naar uit dat plaatjes gewoon weergeven worden maar nu is het internet wel langzamer geworden maar voor de rest alles normaal (bij site met plaatjes gaat me cpu nu ineens hoger lopen heb hier nooit last van gehad.)
Pas.
Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's