Archief - Msn virus "hxxp://lmagehost.net/img/****"

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
C

Chalk

Legacy Member
Ik denk dat het opgelost is, maar je mag toch nog eens kijken naar de onderste HJT log.

Ik heb op een link geklikt via msn en het blijkt een virus te zijn.
Ondertussen verspreid ik het ook...
==> hxxp://lmagehost.net/img/********
==> hxxp://****.net/img/imgxa.jpg
==> hxxp://****.biz/img/picsiv.jpg
Zijn soorten...

het interessante aan deze links is dat ze de .jpg links als een script parsen of redirecten met .htaccess (of iets dergelijks) waardoor ze uitkomen bij een .pif bestand. .pif lijkt op .gif, de gebruiker ziet .jpg staan in de url, denkt dat het een foto is, patsboem virus yay! (op internet gevonden)

> Ik heb Microsoft Security Essentials.
Deze heeft al enkele malen een Worm gevonden en ik laat deze altijd verwijderen... Een snelle scan heeft niets uitgehaald.

> S&D + Malwarebytes hebben ook een log. Deze vind u hier ook onder.


HJT-log: Er staat nog een nieuwere in de onderste post.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 13:37:12, on 29/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ISP Monitor\isp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Documents and Settings\Administrator\Mijn documenten\Downloads\spybotsd162.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-55VBA.tmp\spybotsd162.tmp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D78A35FA-97CD-4788-A3D3-8595E34A6BE1}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 6854 bytes





Malware Bytes
Malwarebytes' Anti-Malware 1.42
Database versie: 3449
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29/12/2009 13:48:42
mbam-log-2009-12-29 (13-48-40).txt

Scan type: Snelle Scan
Objecten gescand: 110841
Verstreken tijd: 4 minute(s), 6 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 4
Registerwaarden geïnfecteerd: 1
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Astrocom (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NeoChronos (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.

Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (IM.Worm) -> No action taken.

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
C:\Documents and Settings\Administrator\Application Data\ufxw.exe (IM.Worm) -> No action taken.

------
Het onderste bestand kon niet verwijderd worden. Maar is in de map geplaatst om bij het opstarten van de pc te worden verwijderd.

2. PC herstart.
Microsoft scannen vindt meteen weer een worm. Weer laten verwijderen.
Ik wou hem print-screenen, maar pc liep vast
Er zit dus nog degelijk iets. Ik ga weer malwarebytes laten scannen.

3.
Ok hetzelfde virus is nog eens ontdekt door MSE. (Malwarebytes is nog aan het scannen)
Worm:Win32/Rimecud!inf
>> Details weergeven >>

Items:
file:G:\System Volume Information\_restore{DECBF5FB-CA57-4B82-B82C-F5758E9F7CEE}\rp80\A0013024.inf
file:G:\System Volume Information\_restore{DECBF5FB-CA57-4B82-B82C-F5758E9F7CEE}\rp81\A0013048.inf
filelocalcopy:C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{BCA91A36-A3CA-4657-9A9D-73612CF7A3A6}-A0013048.inf

"verwijderd" maarja... het komt altijd terug
4. Et voila
Het is al weer ontdekt voor MSE
Nu ipv file:G:\ ==> file:H:\

Malwarebytes heeft geen kwaadaardige dingen ontdekt. Scan succesvol afgerond (volledige scan) 0 geïnfecteerde dingen gevonden.

Alvast bedankt.
C

Chalk

Legacy Member
Spybot S&D log
===> alles succesvol kunnen verwijderen
Bovenste van de log:


--- Search result list ---
Win32.Agent.ieu: [SBI $625EE580] Uitvoerbaar (Bestand, nothing done)
C:\Documents and Settings\Administrator\Local Settings\Temp\b.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Smitfraud-C.: [SBI $9FB77BFE] Uitvoerbaar (Bestand, nothing done)
C:\Documents and Settings\Administrator\Local Settings\Temp\a.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

BlueStreak: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)


DoubleClick: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)
C

Chalk

Legacy Member
Combofix log als allerlaatste uitgevoerd.

ComboFix 09-12-28.05 - Administrator 29/12/2009 15:24:23.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2044.1225 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Administrator\Mijn documenten\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

(((((((((((((((((((( Bestanden Gemaakt van 2009-11-28 to 2009-12-29 ))))))))))))))))))))))))))))))
.

2009-12-29 12:41 . 2009-12-29 12:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-29 12:41 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-29 12:41 . 2009-12-29 12:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-29 12:41 . 2009-12-29 12:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-29 12:41 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-29 12:36 . 2009-12-29 12:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-29 12:36 . 2009-12-29 12:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-28 19:16 . 2009-12-28 19:16 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-28 19:16 . 2009-12-28 19:16 -------- d-----w- c:\program files\TrendMicro
2009-12-27 16:43 . 2009-12-28 18:12 -------- d-----w- c:\program files\Lame for Audacity
2009-12-22 19:19 . 2008-04-14 21:32 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-12-22 18:52 . 2009-12-24 10:02 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-12-22 18:52 . 2009-12-22 18:52 -------- d-----w- c:\windows\system32\LogFiles
2009-12-14 19:21 . 2009-12-14 19:21 -------- d-----w- c:\program files\YouTube Downloader
2009-12-12 11:15 . 2009-12-12 11:15 -------- d--h--w- c:\windows\PIF
2009-12-05 19:20 . 2009-12-05 19:20 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-04 17:13 . 2009-12-04 17:21 -------- d-----w- c:\program files\Ableton

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-29 13:15 . 2009-11-16 20:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-12-24 22:51 . 2009-11-24 20:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\FileZilla
2009-12-22 18:53 . 2009-11-13 01:40 -------- d-----w- c:\program files\Windows Media Connect 2
2009-12-20 13:18 . 2009-11-13 18:05 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-12 09:26 . 2009-11-13 18:19 260376 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-11 16:30 . 2009-11-13 05:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-11 12:33 . 2009-12-11 12:33 672 ----a-w- c:\windows\Fonts\SO______.PFM
2009-12-11 12:32 . 2009-12-11 12:32 670 ----a-w- c:\windows\Fonts\CR______.PFM
2009-12-10 16:47 . 2001-09-07 11:00 54668 ----a-w- c:\windows\system32\perfc013.dat
2009-12-10 16:47 . 2001-09-07 11:00 367616 ----a-w- c:\windows\system32\perfh013.dat
2009-12-10 07:34 . 2009-11-13 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-04 17:14 . 2009-11-21 14:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Ableton
2009-12-04 17:14 . 2009-11-21 14:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ableton
2009-11-23 21:06 . 2009-11-23 21:04 -------- d-----w- c:\program files\MP3Gain
2009-11-22 19:46 . 2009-11-22 19:44 -------- d-----w- c:\program files\VirtualDJ
2009-11-16 21:59 . 2009-11-16 21:59 -------- d-----w- c:\program files\komma.be
2009-11-16 21:59 . 2009-11-16 21:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-16 19:23 . 2009-11-16 19:23 -------- d-----w- c:\program files\VideoLAN
2009-11-15 20:49 . 2009-11-15 20:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\ISP Monitor
2009-11-15 20:11 . 2009-11-15 20:11 -------- d-----w- c:\program files\ISP Monitor
2009-11-15 20:11 . 2009-11-15 20:11 737280 ----a-w- c:\windows\iun6002.exe
2009-11-15 17:14 . 2009-11-15 12:15 -------- d-----w- c:\program files\FileZilla FTP Client
2009-11-15 11:23 . 2009-11-15 11:22 -------- d--h--w- c:\program files\Creative Installation Information
2009-11-15 11:23 . 2009-11-15 11:22 -------- d-----w- c:\program files\Creative
2009-11-15 11:22 . 2009-11-15 11:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-11-15 11:22 . 2009-11-15 11:22 -------- d-----w- c:\program files\Common Files\Creative
2009-11-14 14:19 . 2009-11-14 14:16 -------- d-----w- c:\program files\BitLord
2009-11-14 12:49 . 2009-11-14 12:49 92 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\uninst2.bat
2009-11-14 12:49 . 2009-11-14 12:49 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstWMP\unins000.exe
2009-11-14 12:49 . 2009-11-14 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Last.fm
2009-11-14 12:48 . 2009-11-14 12:48 -------- d-----w- c:\program files\Last.fm
2009-11-14 12:34 . 2009-11-14 12:34 0 ----a-w- c:\windows\nsreg.dat
2009-11-14 12:15 . 2009-11-14 12:14 -------- d-----w- c:\program files\Windows Live
2009-11-14 12:15 . 2009-11-14 12:15 -------- d-----w- c:\program files\Microsoft
2009-11-14 12:14 . 2009-11-14 12:14 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-14 12:12 . 2009-11-14 12:12 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-13 18:18 . 2009-11-13 18:18 -------- d-----w- c:\program files\Microsoft Security Essentials
2009-11-13 18:11 . 2009-11-13 18:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ahead
2009-11-13 18:10 . 2009-11-13 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-11-13 18:10 . 2009-11-13 18:10 -------- d-----w- c:\program files\Common Files\Ahead
2009-11-13 18:10 . 2009-11-13 18:10 -------- d-----w- c:\program files\Nero
2009-11-13 18:10 . 2009-11-13 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-11-13 18:08 . 2009-11-13 18:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\CyberLink
2009-11-13 18:06 . 2009-11-13 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-11-13 18:06 . 2009-11-13 18:06 -------- d-----w- c:\program files\CyberLink
2009-11-13 18:06 . 2009-11-13 18:06 505392 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-13 18:06 . 2009-11-13 18:06 353840 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-13 17:15 . 2009-11-13 17:15 -------- d-----w- c:\program files\Microsoft Works
2009-11-13 17:15 . 2009-11-13 17:15 -------- d-----w- c:\program files\MSBuild
2009-11-13 16:58 . 2009-11-13 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-11-13 16:58 . 2009-11-13 16:58 -------- d-----w- c:\program files\NVIDIA Corporation
2009-11-13 05:05 . 2009-11-13 05:05 -------- d-----w- c:\program files\Realtek
2009-11-13 05:05 . 2009-11-13 05:05 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-13 05:04 . 2009-11-13 05:04 -------- d-----w- c:\program files\Intel
2009-11-13 05:03 . 2009-11-13 05:03 -------- d-----w- c:\program files\MSXML 4.0
2009-11-13 04:51 . 2009-11-13 01:42 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-13 01:43 . 2009-11-13 01:43 -------- d-----w- c:\program files\microsoft frontpage
2009-11-13 01:41 . 2009-11-13 01:41 21748 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-02 19:42 . 2009-11-13 18:20 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:44 . 2006-08-11 15:07 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2004-08-03 23:03 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-03 23:03 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-10-16 08:56 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:38 . 2004-08-03 23:03 270848 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2004-08-03 23:03 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2004-08-03 23:03 150016 ----a-w- c:\windows\system32\rastls.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ISPMonitor"="c:\program files\ISP Monitor\isp.exe" [2009-11-05 423024]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-23 18077696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-02-21 91432]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 81920]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=

S2 ISPMonitorSrv;ISP Monitor;c:\program files\ISP Monitor\ISPMonitorSrv.exe [22/08/2007 23:55 36864]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - MBAMSwissArmy
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {D78A35FA-97CD-4788-A3D3-8595E34A6BE1} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5gkpke5h.default\
FF - prefs.js: browser.startup.homepage - google.be
.
- - - - ORPHANS VERWIJDERD - - - -

HKLM-Run-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe



**************************************************************************
scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-606747145-2049760794-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0e,49,43,a4,e4,6c,8f,49,a7,d6,1a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0e,49,43,a4,e4,6c,8f,49,a7,d6,1a,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(3268)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2009-12-29 15:27:07
ComboFix-quarantined-files.txt 2009-12-29 14:27

Pre-Run: 27.558.313.984 bytes beschikbaar
Post-Run: 28.419.633.152 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 89FAC06FBC24B9ACB95A0D3B64CA2D93
C

Chalk

Legacy Member
laatste HJT Na alles!
Is alles nu in orde? Ik zal het zeggen als ik nog eens een virusmelding doorkrijg.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 15:27:57, on 29/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ISP Monitor\isp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\ComboFix\CF18371.cfxxe
C:\ComboFix\mbr.cfxxe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D78A35FA-97CD-4788-A3D3-8595E34A6BE1}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 6747 bytes
J

Juisterr

Legacy Member
Download Combofix

naar je Bureaublad en gebruik het volgens deze handleiding.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
  • Dubbelklik op Combofix.exe om het te starten.
  • Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  • Klik op OK in het "NirCmd" venstertje.
  • Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
  • Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  • Klik na afloop terug op Ja om het scannen op malware te starten.
  • Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  • Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post dit logje in je volgende antwoord.
d

davidof90

Legacy Member
Juisterr zei:
Download Combofix

naar je Bureaublad en gebruik het volgens deze handleiding.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
  • Dubbelklik op Combofix.exe om het te starten.
  • Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  • Klik op OK in het "NirCmd" venstertje.
  • Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
  • Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  • Klik na afloop terug op Ja om het scannen op malware te starten.
  • Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  • Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post dit logje in je volgende antwoord.
Klik om te vergroten...

hey, ik heb even de post doorgelezen en gedaan wat gevraagd werd.
hier is de code:

ComboFix 10-01-04.01 - Davidof 04/01/2010 23:35:53.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.32.1043.18.3002.1689 [GMT 1:00]
Gestart vanuit: C:\Users\Davidof\Documents\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\$RECYCLE.BIN\S-1-5-21-2135842843-1020755630-1321821035-500
C:\$RECYCLE.BIN\S-1-5-21-384095605-3346121663-3357374051-500

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-12-04 to 2010-01-04 ))))))))))))))))))))))))))))))
.

2010-01-04 22:45:24 . 2010-01-04 22:45:24 -------- d-----w- C:\Users\Default\AppData\Local\temp
2010-01-04 22:04:16 . 2010-01-04 22:04:16 658696 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-18 14:25:39 . 2009-12-18 14:25:31 225280 --sh--r- C:\Users\Davidof\AppData\Roaming\ufxw.exe
2009-12-15 13:14:29 . 2009-12-15 13:16:21 -------- d-----w- C:\Users\Davidof\AppData\Local\NFS Underground 2
2009-12-15 13:06:46 . 2009-12-15 13:06:46 -------- d-----w- C:\Program Files\EA GAMES
2009-12-14 22:10:18 . 2009-12-14 22:11:26 -------- d-----w- C:\ProgramData\PopCap Games
2009-12-11 00:31:31 . 2009-12-11 00:31:31 -------- d-----w- C:\Arquivos de Programas
2009-12-10 21:55:35 . 2009-12-10 21:55:35 -------- d-----w- C:\Users\Davidof\AppData\Local\RapidSolution
2009-12-10 21:17:24 . 2009-12-10 21:17:24 -------- d-----w- C:\Program Files\Common Files\NSV
2009-12-10 21:12:57 . 2009-12-10 21:12:58 -------- d-----w- C:\Program Files\Common Files\PX Storage Engine
2009-12-10 21:12:54 . 2009-12-13 20:12:42 -------- d-----w- C:\Program Files\Winamp
2009-12-10 02:03:50 . 2009-11-09 13:22:34 24064 ----a-w- C:\Windows\system32\nshhttp.dll
2009-12-10 02:03:43 . 2009-11-09 13:20:16 31232 ----a-w- C:\Windows\system32\httpapi.dll
2009-12-10 02:03:43 . 2009-11-09 11:04:30 411136 ----a-w- C:\Windows\system32\drivers\http.sys
2009-12-08 17:35:43 . 2009-12-09 02:14:25 -------- d-----w- C:\Users\Davidof\AppData\Roaming\BitTorrent
2009-12-08 17:35:37 . 2009-12-08 17:35:38 -------- d-----w- C:\Program Files\BitTorrent
2009-12-07 00:44:41 . 2009-12-07 00:44:42 -------- d-----w- C:\Program Files\Ventrilo
2009-12-07 00:43:56 . 2009-12-07 00:43:56 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-06 21:14:40 . 2009-12-06 21:14:41 -------- d-----w- C:\Users\Davidof\AppData\Roaming\teamspeak2
2009-12-06 21:13:32 . 2009-12-06 21:14:40 -------- d-----w- C:\Program Files\Teamspeak2_RC2

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 21:55:35 . 2009-09-11 16:12:36 -------- d-----w- C:\Program Files\Steam
2010-01-02 16:02:57 . 2009-09-11 23:02:34 -------- d-----w- C:\Program Files\Google
2009-12-19 02:03:39 . 2009-09-11 22:20:13 -------- d-----w- C:\Users\Davidof\AppData\Roaming\vlc
2009-12-18 22:23:44 . 2008-11-21 13:19:08 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2009-12-18 22:11:36 . 2008-11-21 14:16:32 -------- d-----w- C:\Program Files\CyberLink
2009-12-18 22:09:45 . 2008-11-21 14:16:38 53319 ----a-w- C:\ProgramData\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
2009-12-18 22:08:15 . 2009-09-13 20:12:19 -------- d-----w- C:\ProgramData\Skype
2009-12-18 22:02:55 . 2008-11-21 21:18:46 667352 ----a-w- C:\Windows\system32\perfh013.dat
2009-12-18 22:02:55 . 2008-11-21 21:18:46 126854 ----a-w- C:\Windows\system32\perfc013.dat
2009-12-18 22:02:55 . 2008-11-21 21:13:04 659180 ----a-w- C:\Windows\system32\perfh00C.dat
2009-12-18 22:02:55 . 2008-11-21 21:13:04 122976 ----a-w- C:\Windows\system32\perfc00C.dat
2009-12-14 17:16:28 . 2009-09-11 16:12:37 -------- d-----w- C:\Program Files\Common Files\Steam
2009-12-13 20:11:17 . 2009-09-24 17:53:46 -------- d-----w- C:\Program Files\Fotoservice
2009-12-10 02:52:58 . 2006-11-02 11:18:33 -------- d-----w- C:\Program Files\Windows Mail
2009-12-10 02:07:07 . 2009-09-11 14:25:56 -------- d-----w- C:\ProgramData\Microsoft Help
2009-12-09 20:12:17 . 2009-09-11 22:29:26 -------- d-----w- C:\Users\Davidof\AppData\Roaming\LimeWire
2009-12-02 20:31:43 . 2009-12-02 20:31:13 -------- d-----w- C:\ProgramData\NCH Swift Sound
2009-12-02 20:31:13 . 2009-12-02 20:27:23 -------- d-----w- C:\Program Files\NCH Swift Sound
2009-12-01 20:31:03 . 2009-12-01 20:16:33 -------- d-----w- C:\Program Files\Graphmatica
2009-12-01 09:55:52 . 2009-11-18 17:08:03 5972 ----a-w- C:\Users\Davidof\AppData\Local\d3d9caps.dat
2009-11-25 18:11:21 . 2009-11-25 18:11:18 -------- d-----w- C:\ProgramData\sPlan70
2009-11-11 20:14:42 . 2009-11-11 20:14:42 -------- d-----w- C:\Program Files\Elaborate Bytes
2009-11-11 19:52:35 . 2009-11-11 19:52:35 -------- d-----w- C:\Program Files\Rockstar Games
2009-11-09 19:30:05 . 2009-11-09 19:29:08 -------- d-----w- C:\Program Files\iTunes
2009-11-09 19:29:11 . 2009-11-09 19:29:11 -------- d-----w- C:\Program Files\iPod
2009-11-09 19:29:10 . 2009-09-12 12:44:43 -------- d-----w- C:\Program Files\Common Files\Apple
2009-11-09 19:23:43 . 2009-11-09 19:23:43 79144 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-03 14:33:04 . 2009-09-11 14:39:00 138912 ----a-w- C:\Users\Davidof\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-02 19:42:06 . 2009-10-04 19:52:24 195456 ------w- C:\Windows\system32\MpSigStub.exe
2009-10-29 09:41:23 . 2009-11-26 02:01:41 2048 ----a-w- C:\Windows\system32\tzres.dll
2009-10-27 13:20:19 . 2009-12-09 09:57:58 833024 ----a-w- C:\Windows\system32\wininet.dll
2009-10-27 13:16:28 . 2009-12-09 09:57:43 78336 ----a-w- C:\Windows\system32\ieencode.dll
2009-10-27 10:55:39 . 2009-12-09 09:57:43 26624 ----a-w- C:\Windows\system32\ieUnatt.exe
2009-10-22 21:05:36 . 2009-10-22 21:05:36 249856 ------w- C:\Windows\Setup1.exe
2009-10-22 21:05:34 . 2009-10-22 21:05:34 73216 ----a-w- C:\Windows\ST6UNST.EXE
2009-10-07 12:41:32 . 2009-12-09 09:57:29 244224 ----a-w- C:\Windows\system32\rastls.dll
2009-10-07 12:41:31 . 2009-12-09 09:57:28 281600 ----a-w- C:\Windows\system32\raschap.dll
2008-11-21 21:39:57 . 2008-11-21 21:20:35 8192 --sha-w- C:\Windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 14:44:30 3883856]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 08:16:32 2363392]
"Google Update"="C:\Users\Davidof\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-09-11 15:02:45 133104]
"Steam"="C:\Program Files\Steam\Steam.exe" [2009-10-25 16:23:50 1217808]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:25:11 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 18:05:10 1049896]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-07-10 22:27:58 150040]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-07-10 22:27:40 170520]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-07-10 22:27:52 145944]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2008-09-23 15:21:52 468264]
"UpdatePSTShortCut"="C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-06 19:42:38 210216]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 13:55:34 222504]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-21 02:23:32 1008184]
"QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 15:14:02 202032]
"UpdateP2GoShortCut"="C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 17:11:32 210216]
"UpdatePDIRShortCut"="C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 17:11:32 210216]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-09-24 17:53:52 149280]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 06:58:56 75008]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 13:51:00 488752]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 00:38:00 34672]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 16:07:23 81000]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-09-04 23:54:42 417792]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 10:44:34 31072]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 13:50:04 54576]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-10-28 19:21:26 141600]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 22:31:29 85160]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
VPN Client.lnk - C:\Windows\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico [2009-9-15 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 aswSP;avast! Self Protection;C:\Windows\System32\drivers\aswSP.sys [11/09/2009 16:48:22 114768]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [11/09/2009 16:48:22 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [11/09/2009 16:47:50 53328]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [21/01/2008 3:23:43 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files\SMINST\BLService.exe [21/11/2008 16:08:17 365952]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [21/11/2008 14:34:56 193840]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [29/06/2008 15:52:26 112128]
S2 gupdate;Google Updateservice (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [12/09/2009 0:03:05 133104]
S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;C:\Windows\System32\drivers\WSDPrint.sys [21/01/2008 3:23:21 16896]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14:42 451872 ----a-w- C:\Program Files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map

2010-01-04 C:\Windows\Tasks\Google Software Updater.job
- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-11 23:02:34 . 2009-09-11 23:02:35]

2010-01-04 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-11 23:03:05 . 2009-09-11 23:02:54]

2010-01-04 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-11 23:03:05 . 2009-09-11 23:02:54]

2009-12-16 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-384095605-3346121663-3357374051-1000Core.job
- C:\Users\Davidof\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-11 15:02:53 . 2009-09-11 15:02:45]

2010-01-04 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-384095605-3346121663-3357374051-1000UA.job
- C:\Users\Davidof\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-11 15:02:53 . 2009-09-11 15:02:45]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.noxa.net/davidof
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=91&bd=Presario&pf=cnnb
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {B8B31B6C-2DB5-4C8F-B9E4-BB93E03D9B21} = 193.190.126.26,193.191.155.1
.
- - - - ORPHANS VERWIJDERD - - - -

HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe
C

Chalk

Legacy Member
David, verkeerde thread? :D
Nog een aandachtspunt.
Ik dacht dat alles voorbij was, maar niet dus. Gisteren & eergisteren & vandaag is mijn pc al een keer uitgevallen. Nog nooit meegemaakt.
Ik krijg geen error of dergelijke. Gewoon even "trrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr" (geluid) en dan 'uit' en herstart.

Na het heropstarten stuurt windows "de ernstige fout door"
En krijg ik ook nog deze pagina te zien: http://users.telenet.be/coRCup/tekoop/pc valt uit. Na opstarten dit.JPG

Mijn combofix:




ComboFix 10-01-04.01 - Administrator 06/01/2010 20:10:51.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2044.1362 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Administrator\Mijn documenten\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

(((((((((((((((((((( Bestanden Gemaakt van 2009-12-06 to 2010-01-06 ))))))))))))))))))))))))))))))
.

2010-01-05 15:24 . 2010-01-05 15:24 -------- d-----r- c:\documents and settings\LocalService\Favorieten
2010-01-05 11:26 . 2010-01-05 11:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Locktime
2010-01-05 11:25 . 2010-01-05 11:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Locktime
2010-01-04 14:50 . 2010-01-04 14:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Cooliris
2010-01-04 14:50 . 2009-10-20 12:33 545280 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5gkpke5h.default\extensions\[email protected]\libs\PicLensHelper.exe
2010-01-04 14:50 . 2009-10-20 12:33 103424 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5gkpke5h.default\extensions\[email protected]\libs\pixomatic.dll
2010-01-04 14:50 . 2009-10-20 12:33 4716544 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5gkpke5h.default\extensions\[email protected]\components\cooliris.dll
2010-01-04 14:50 . 2009-10-20 12:33 344064 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5gkpke5h.default\extensions\[email protected]\libs\LaunchCooliris.exe
2010-01-04 14:50 . 2009-10-20 12:33 153600 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5gkpke5h.default\extensions\[email protected]\plugins\npcoolirisplugin.dll
2010-01-03 19:15 . 2010-01-06 18:40 -------- d-----w- c:\program files\Steam
2010-01-01 18:56 . 2010-01-01 18:56 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-29 15:32 . 2009-12-29 15:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Thunderbird
2009-12-29 15:32 . 2009-12-29 15:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Thunderbird
2009-12-29 15:32 . 2010-01-06 18:27 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-12-29 12:41 . 2009-12-29 12:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-29 12:41 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-29 12:41 . 2009-12-29 12:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-29 12:41 . 2009-12-29 12:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-29 12:41 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-29 12:36 . 2009-12-29 12:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-29 12:36 . 2009-12-29 12:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-28 19:16 . 2009-12-28 19:16 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-28 19:16 . 2009-12-28 19:16 -------- d-----w- c:\program files\TrendMicro
2009-12-27 16:43 . 2009-12-28 18:12 -------- d-----w- c:\program files\Lame for Audacity
2009-12-22 19:19 . 2008-04-14 21:32 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-12-22 18:52 . 2009-12-24 10:02 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-12-22 18:52 . 2009-12-22 18:52 -------- d-----w- c:\windows\system32\LogFiles
2009-12-14 19:21 . 2009-12-14 19:21 -------- d-----w- c:\program files\YouTube Downloader
2009-12-12 11:15 . 2009-12-12 11:15 -------- d--h--w- c:\windows\PIF

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 18:12 . 2009-11-16 20:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-01-05 18:07 . 2009-11-24 20:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\FileZilla
2009-12-22 18:53 . 2009-11-13 01:40 -------- d-----w- c:\program files\Windows Media Connect 2
2009-12-20 13:18 . 2009-11-13 18:05 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-12 09:26 . 2009-11-13 18:19 260376 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-11 16:30 . 2009-11-13 05:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-11 12:33 . 2009-12-11 12:33 672 ----a-w- c:\windows\Fonts\SO______.PFM
2009-12-11 12:32 . 2009-12-11 12:32 670 ----a-w- c:\windows\Fonts\CR______.PFM
2009-12-10 16:47 . 2001-09-07 11:00 54668 ----a-w- c:\windows\system32\perfc013.dat
2009-12-10 16:47 . 2001-09-07 11:00 367616 ----a-w- c:\windows\system32\perfh013.dat
2009-12-10 07:34 . 2009-11-13 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-05 19:20 . 2009-12-05 19:20 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-04 17:21 . 2009-12-04 17:13 -------- d-----w- c:\program files\Ableton
2009-12-04 17:14 . 2009-11-21 14:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Ableton
2009-12-04 17:14 . 2009-11-21 14:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ableton
2009-11-23 21:06 . 2009-11-23 21:04 -------- d-----w- c:\program files\MP3Gain
2009-11-22 19:46 . 2009-11-22 19:44 -------- d-----w- c:\program files\VirtualDJ
2009-11-16 21:59 . 2009-11-16 21:59 -------- d-----w- c:\program files\komma.be
2009-11-16 21:59 . 2009-11-16 21:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-16 19:23 . 2009-11-16 19:23 -------- d-----w- c:\program files\VideoLAN
2009-11-15 20:49 . 2009-11-15 20:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\ISP Monitor
2009-11-15 20:11 . 2009-11-15 20:11 -------- d-----w- c:\program files\ISP Monitor
2009-11-15 20:11 . 2009-11-15 20:11 737280 ----a-w- c:\windows\iun6002.exe
2009-11-15 17:14 . 2009-11-15 12:15 -------- d-----w- c:\program files\FileZilla FTP Client
2009-11-15 11:23 . 2009-11-15 11:22 -------- d--h--w- c:\program files\Creative Installation Information
2009-11-15 11:23 . 2009-11-15 11:22 -------- d-----w- c:\program files\Creative
2009-11-15 11:22 . 2009-11-15 11:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-11-15 11:22 . 2009-11-15 11:22 -------- d-----w- c:\program files\Common Files\Creative
2009-11-14 14:19 . 2009-11-14 14:16 -------- d-----w- c:\program files\BitLord
2009-11-14 12:49 . 2009-11-14 12:49 92 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\uninst2.bat
2009-11-14 12:49 . 2009-11-14 12:49 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstWMP\unins000.exe
2009-11-14 12:49 . 2009-11-14 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Last.fm
2009-11-14 12:48 . 2009-11-14 12:48 -------- d-----w- c:\program files\Last.fm
2009-11-14 12:34 . 2009-11-14 12:34 0 ----a-w- c:\windows\nsreg.dat
2009-11-14 12:15 . 2009-11-14 12:14 -------- d-----w- c:\program files\Windows Live
2009-11-14 12:15 . 2009-11-14 12:15 -------- d-----w- c:\program files\Microsoft
2009-11-14 12:14 . 2009-11-14 12:14 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-14 12:12 . 2009-11-14 12:12 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-13 18:18 . 2009-11-13 18:18 -------- d-----w- c:\program files\Microsoft Security Essentials
2009-11-13 18:11 . 2009-11-13 18:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ahead
2009-11-13 18:10 . 2009-11-13 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-11-13 18:10 . 2009-11-13 18:10 -------- d-----w- c:\program files\Common Files\Ahead
2009-11-13 18:10 . 2009-11-13 18:10 -------- d-----w- c:\program files\Nero
2009-11-13 18:10 . 2009-11-13 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-11-13 18:08 . 2009-11-13 18:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\CyberLink
2009-11-13 18:06 . 2009-11-13 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-11-13 18:06 . 2009-11-13 18:06 -------- d-----w- c:\program files\CyberLink
2009-11-13 18:06 . 2009-11-13 18:06 505392 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-13 18:06 . 2009-11-13 18:06 353840 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-13 17:15 . 2009-11-13 17:15 -------- d-----w- c:\program files\Microsoft Works
2009-11-13 17:15 . 2009-11-13 17:15 -------- d-----w- c:\program files\MSBuild
2009-11-13 16:58 . 2009-11-13 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-11-13 16:58 . 2009-11-13 16:58 -------- d-----w- c:\program files\NVIDIA Corporation
2009-11-13 05:05 . 2009-11-13 05:05 -------- d-----w- c:\program files\Realtek
2009-11-13 05:05 . 2009-11-13 05:05 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-13 05:04 . 2009-11-13 05:04 -------- d-----w- c:\program files\Intel
2009-11-13 05:03 . 2009-11-13 05:03 -------- d-----w- c:\program files\MSXML 4.0
2009-11-13 04:51 . 2009-11-13 01:42 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-13 01:43 . 2009-11-13 01:43 -------- d-----w- c:\program files\microsoft frontpage
2009-11-13 01:41 . 2009-11-13 01:41 21748 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-02 19:42 . 2009-11-13 18:20 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:44 . 2006-08-11 15:07 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2004-08-03 23:03 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-03 23:03 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-10-16 08:56 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:38 . 2004-08-03 23:03 270848 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2004-08-03 23:03 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2004-08-03 23:03 150016 ----a-w- c:\windows\system32\rastls.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-29_14.26.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-01 18:55 . 2010-01-01 18:55 49664 c:\windows\Installer\3adbc.msi
+ 2010-01-03 19:15 . 2010-01-03 19:15 27648 c:\windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
+ 2004-08-03 23:03 . 2008-04-14 21:32 125952 c:\windows\system32\dllcache\apphelp.dll
+ 2010-01-03 19:15 . 2010-01-03 19:15 1094144 c:\windows\Installer\f4d774.msi
+ 2010-01-01 18:56 . 2010-01-01 18:56 15709696 c:\windows\Installer\3adc4.msp
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ISPMonitor"="c:\program files\ISP Monitor\isp.exe" [2009-11-05 423024]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Steam"="c:\program files\steam\steam.exe" [2010-01-03 1217808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-23 18077696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-02-21 91432]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 81920]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=

S2 ISPMonitorSrv;ISP Monitor;c:\program files\ISP Monitor\ISPMonitorSrv.exe [22/08/2007 23:55 36864]
.
Inhoud van de 'Gedeelde Taken' map

2010-01-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 16:36]

2010-01-06 c:\windows\Tasks\User_Feed_Synchronization-{35B80A99-91AC-40FA-A710-A56D3A1B3D12}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {D78A35FA-97CD-4788-A3D3-8595E34A6BE1} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5gkpke5h.default\
FF - prefs.js: browser.startup.homepage - google.be
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5gkpke5h.default\extensions\[email protected]\components\cooliris.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5gkpke5h.default\extensions\[email protected]\plugins\npcoolirisplugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-01-06 20:13
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-606747145-2049760794-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0e,49,43,a4,e4,6c,8f,49,a7,d6,1a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0e,49,43,a4,e4,6c,8f,49,a7,d6,1a,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(1120)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\wmp.dll
c:\windows\system32\wmploc.dll
c:\windows\system32\wmpps.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2010-01-06 20:14:03
ComboFix-quarantined-files.txt 2010-01-06 19:14
ComboFix2.txt 2009-12-29 14:27

Pre-Run: 29.491.355.648 bytes beschikbaar
Post-Run: 29.461.524.480 bytes beschikbaar

- - End Of File - - C304E3697DE87B93B9575BDE1FEB736D
D

Duffman-

Legacy Member
is op de site komen al genoeg of moet je de file echt openen op je PC?
C

Chalk

Legacy Member
Duffman-, ik denk dat je het bestand wel moet geopend hebben op je pc.
Het zat raar in elkaar, het bestand. Het bestand linkte me meteen door naar rapidshare, hier downloade ik iets en hier zaten heel wat codes in verwerkt. Veel begrijp ik er niet van. Maar ik heb het gelezen op andere fora.

Toch eens scannen als je bang bent;) !
C

Chalk

Legacy Member
Dacht ik al wel.
Dat de pc uitvalt is een hardware probleem :p

Bedank! Ik heb het zelf beetje opgelost om wat minder last te hebben dezer voorbije feestdagen :D
Zelfstudie is altijd fijn!

Zet er maar een groen vinkje bij, das toffer om te zien.
C

Chalk

Legacy Member
Om de mensen wat te helpen zal ik eens zeggen wat ik gedaan heb. (ik heb al een mail gehad met de vraag :D Dus ... why not.)

Dit is wat ik gedaan heb/wat ik gebruik:

Om te beginnen is mijn anti-virus, tevens ook een anti-spyware, Microsoft Security Essentials.
Een zeer lichte scanner die ook goed zijn werk doet. Maar deze alleen gaat het probleem niet wegkrijgen.

1. Download Spybot S&D
Spybot - Search & Destroy - Free software downloads and software reviews - CNET Download.com
Installeer deze en laat deze updaten (hij vraagt er automatisch naar) en voer nadien een scan uit.

2. Download Malwarebytes
Malwarebytes.org
Installeer deze en laat deze ook updaten. En voer nadien ook een scan uit.
Deze zal het probleem oplossen. Het kan zijn dat deze zegt dat de pc opnieuw moet opgestart worden om het probleem voorgoed te verwijderen.
Doe dit dan ook. En laat nadien nog eens malwarebytes scannen.

3. Download Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Installeer het en laat het updaten. En laat deze een scan uitvoeren.
Hiervoor moeten andere scanners uitgeschakeld worden. Dus géén scans met deze gelijktijdig laten lopen.
Laat je pc staan, kom er niet aan. Normaal duren deze scans max 10 minuten, maar bij mij heeft deze zelfs 30 minuten geduurd.

4. Hopelijk is nu alles opgelost.
Als het toch nog niet opgelost is nu, laat Malwarebytes nog eens scannen en nadien nog eens combofix.
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan