Archief - Problemen met computer

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
w

woody600

Legacy Member
Ik krijg de laatste 3 dagen veel meldingen van mijn virusscanner (F-secure 2009). Dat er een programma genaamt xxx.exe wilt binnendringen (vanuit /temp folder) Met xxx een willekeurig getal.

Heb ook gemerkt dat ik op facebook virus heb liggen rond sturen. Weet echter niet of dit al opgelost is.

Wat ik al heb gedaan:

F-secure 2009 scan
ccleaner
spybot search &destroy

xxx.exe nog steeds niet opgelost dus post ik een log.
En een screen van de melding die F-secure geeft



Code: 
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 13:40:29, on 6/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\BYOND\bin\byond.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\explorer.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fatlan.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TBSB04703 - {A0899BF0-5F7F-4AD8-BB34-E7A7F8C02B63} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: (no name) - {A0899BF0-5F7F-4AD8-BB34-E7A7F8C02B63} - (no file)
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [Windows Printing] scvhost.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Norton Ghost 15.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\RunServices: [Windows Printing] scvhost.exe
O4 - HKCU\..\Run: [mconfig] C:\Windows\security\Database\mconfig.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [gbxny1o] C:\WINDOWS\system32\b2s5njef.exe
O4 - HKCU\..\Run: [mccydoz] C:\WINDOWS\system32\wmns81ep.exe
O4 - HKCU\..\Run: [qmrcnoj] C:\WINDOWS\system32\3c1t70a.exe
O4 - HKCU\..\Run: [pflgcc8] C:\WINDOWS\system32\1ghm86y.exe
O4 - HKCU\..\Run: [lhcdi81] C:\WINDOWS\system32\te0fvb66s.exe
O4 - HKCU\..\Run: [grccs] C:\WINDOWS\system32\60ntdzu.exe
O4 - HKCU\..\Run: [mhni0p] C:\WINDOWS\system32\66c86o8.exe
O4 - HKCU\..\Run: [wndo1] C:\WINDOWS\system32\fqbcxd60f.exe
O4 - HKCU\..\Run: [glwhidt] C:\WINDOWS\system32\0xdnjef.exe
O4 - HKCU\..\Run: [euavw] C:\WINDOWS\system32\z60bhrni.exe
O4 - HKCU\..\Run: [avlmhx] C:\WINDOWS\system32\efk86w81it.exe
O4 - HKCU\..\Run: [gwbmx] C:\WINDOWS\system32\pqlbcxyt.exe
O4 - HKCU\..\Run: [qvrmm] C:\WINDOWS\system32\f0lhcc6oo.exe
O4 - HKCU\..\Run: [gwsxnt] C:\WINDOWS\system32\kvwrx60zfp.exe
O4 - HKCU\..\Run: [bgcss81] C:\WINDOWS\system32\l60nijo8.exe
O4 - HKCU\..\Run: [yuzpv6] C:\WINDOWS\system32\t66k81wh.exe
O4 - HKCU\..\Run: [jzf60] C:\WINDOWS\system32\86a81mx.exe
O4 - HKCU\..\Run: [wcxydez] C:\WINDOWS\system32\970brc8.exe
O4 - HKCU\..\Run: [ypfq1] C:\WINDOWS\system32\o1f703m0.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barungo Bar - {A0899BF0-5F7F-4AD8-BB34-E7A7F8C02B63} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Barungo Bar - {A0899BF0-5F7F-4AD8-BB34-E7A7F8C02B63} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Dimitri\Menu Start\Programma's\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Dimitri\Menu Start\Programma's\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe
O23 - Service: GenericMount Helper Service - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - Unknown owner - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe (file missing)
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

--
End of file - 12404 bytes
H

Hooky

Legacy Member
Hooky heeft heden toestemming om te helpen met de logjes.
w

woody600

Legacy Member
Net gedaan wat bovenstaande post zei.
Nog even afwachten of ik terug xxx.exe krijg.
Heb wel gemerkt dat ik bij het heropstarten van pc ook met meldingen zit die me ook niet koosjer lijken.




MBAM-log
Malwarebytes' Anti-Malware 1.44
Database versie: 3838
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

8/03/2010 18:24:59
mbam-log-2010-03-08 (18-24-59).txt

Scan type: Snelle Scan
Objecten gescand: 114414
Verstreken tijd: 5 minute(s), 0 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 14
Registerdata bestanden geïnfecteerd: 1
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 51

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gwbmx (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mconfig (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\grccs (Trojan.Ddox) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mhni0p (Trojan.Ddox) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wndo1 (Trojan.Ddox) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\glwhidt (Trojan.Ddox) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\euavw (Trojan.Ddox) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\avlmhx (Trojan.Ddox) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qvrmm (Trojan.Ddox) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gwsxnt (Trojan.Ddox) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bgcss81 (Trojan.Ddox) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yuzpv6 (Trojan.Buzus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jzf60 (Trojan.Buzus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Registerdata bestanden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-8373626064-8613032553-232046680-3263\yv8g67.exe,C:\RECYCLER\S-1-5-21-0798181709-5677485366-456386036-9976\rundll32.exe,explorer.exe,C:\RECYCLER\S-1-5-21-8034931218-4615356393-872582351-6863\yv8g67.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
C:\WINDOWS\system32\pqlbcxyt.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\security\Database\mconfig.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\60ntdzu.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\66c86o8.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fqbcxd60f.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\0xdnjef.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\z60bhrni.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efk86w81it.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f0lhcc6oo.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kvwrx60zfp.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\l60nijo8.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\t66k81wh.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\86a81mx.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\repairsetup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0798181709-5677485366-456386036-9976\rundll32.exe (Worm.Autorun.B) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-8034931218-4615356393-872582351-6863\yv8g67.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-8373626064-8613032553-232046680-3263\yv8g67.exe (Worm.Autorun) -> Delete on reboot.
C:\WINDOWS\system32\chxd60flvr.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fgbrsndezp.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lccxooja.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\plbm1cdi86u.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ufgbrsndez.exe (BackDoor.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\avlmhxytjk.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bcxnojkf081.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lq86c81o.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\j66a86m8.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hid081kv.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hidtupql.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxxtjjfv.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\c86o81alm.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cxd60flv.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\o1f703m0.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xytz60bhrni.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zk1abg86.exe (BackDoor.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\primndd.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\k3mmhyytkkf.exe (BackDoor.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vrhs1ijo86a.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qodesnaq.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eyclcm.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5uuklq8.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6t5p0v6.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6u87081.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6w81top.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6y81vqr.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\81cnojp.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\86c81oz.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\970brc8.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\9s1okkf.exe (BackDoor.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\a0brx66o.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temp\622.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dimitri\Local Settings\Temporary Internet Files\Content.IE5\H11W0M0X\vreewr1[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.




Hijackthislog


Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 18:47:26, on 8/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\F-Secure Internet Security\FSGUI\scanwizard.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fatlan.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TBSB04703 - {A0899BF0-5F7F-4AD8-BB34-E7A7F8C02B63} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: (no name) - {A0899BF0-5F7F-4AD8-BB34-E7A7F8C02B63} - (no file)
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [Windows Printing] scvhost.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Norton Ghost 15.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\RunServices: [Windows Printing] scvhost.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [gbxny1o] C:\WINDOWS\system32\b2s5njef.exe
O4 - HKCU\..\Run: [mccydoz] C:\WINDOWS\system32\wmns81ep.exe
O4 - HKCU\..\Run: [qmrcnoj] C:\WINDOWS\system32\3c1t70a.exe
O4 - HKCU\..\Run: [pflgcc8] C:\WINDOWS\system32\1ghm86y.exe
O4 - HKCU\..\Run: [lhcdi81] C:\WINDOWS\system32\te0fvb66s.exe
O4 - HKCU\..\Run: [gwwsii] C:\WINDOWS\system32\fg70hdyy6k.exe
O4 - HKCU\..\Run: [mconfig] C:\Windows\security\Database\mconfig.exe
O4 - HKCU\..\Run: [grccs] C:\WINDOWS\system32\60ntdzu.exe
O4 - HKCU\..\Run: [mhni0p] C:\WINDOWS\system32\66c86o8.exe
O4 - HKCU\..\Run: [wndo1] C:\WINDOWS\system32\fqbcxd60f.exe
O4 - HKCU\..\Run: [glwhidt] C:\WINDOWS\system32\0xdnjef.exe
O4 - HKCU\..\Run: [euavw] C:\WINDOWS\system32\z60bhrni.exe
O4 - HKCU\..\Run: [avlmhx] C:\WINDOWS\system32\efk86w81it.exe
O4 - HKCU\..\Run: [gwbmx] C:\WINDOWS\system32\pqlbcxyt.exe
O4 - HKCU\..\Run: [qvrmm] C:\WINDOWS\system32\f0lhcc6oo.exe
O4 - HKCU\..\Run: [gwsxnt] C:\WINDOWS\system32\kvwrx60zfp.exe
O4 - HKCU\..\Run: [bgcss81] C:\WINDOWS\system32\l60nijo8.exe
O4 - HKCU\..\Run: [yuzpv6] C:\WINDOWS\system32\t66k81wh.exe
O4 - HKCU\..\Run: [jzf60] C:\WINDOWS\system32\86a81mx.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barungo Bar - {A0899BF0-5F7F-4AD8-BB34-E7A7F8C02B63} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Barungo Bar - {A0899BF0-5F7F-4AD8-BB34-E7A7F8C02B63} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Dimitri\Menu Start\Programma's\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Dimitri\Menu Start\Programma's\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe
O23 - Service: GenericMount Helper Service - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - Unknown owner - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe (file missing)
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

--
End of file - 12520 bytes
J

Juisterr

Legacy Member
Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: TBSB04703 - {A0899BF0-5F7F-4AD8-BB34-E7A7F8C02B63} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {A0899BF0-5F7F-4AD8-BB34-E7A7F8C02B63} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows Printing] scvhost.exe
O4 - HKLM\..\RunServices: [Windows Printing] scvhost.exe
O4 - HKCU\..\Run: [gbxny1o] C:\WINDOWS\system32\b2s5njef.exe
O4 - HKCU\..\Run: [mccydoz] C:\WINDOWS\system32\wmns81ep.exe
O4 - HKCU\..\Run: [qmrcnoj] C:\WINDOWS\system32\3c1t70a.exe
O4 - HKCU\..\Run: [pflgcc8] C:\WINDOWS\system32\1ghm86y.exe
O4 - HKCU\..\Run: [lhcdi81] C:\WINDOWS\system32\te0fvb66s.exe
O4 - HKCU\..\Run: [gwwsii] C:\WINDOWS\system32\fg70hdyy6k.exe
O4 - HKCU\..\Run: [mconfig] C:\Windows\security\Database\mconfig.exe
O4 - HKCU\..\Run: [grccs] C:\WINDOWS\system32\60ntdzu.exe
O4 - HKCU\..\Run: [mhni0p] C:\WINDOWS\system32\66c86o8.exe
O4 - HKCU\..\Run: [wndo1] C:\WINDOWS\system32\fqbcxd60f.exe
O4 - HKCU\..\Run: [glwhidt] C:\WINDOWS\system32\0xdnjef.exe
O4 - HKCU\..\Run: [euavw] C:\WINDOWS\system32\z60bhrni.exe
O4 - HKCU\..\Run: [avlmhx] C:\WINDOWS\system32\efk86w81it.exe
O4 - HKCU\..\Run: [gwbmx] C:\WINDOWS\system32\pqlbcxyt.exe
O4 - HKCU\..\Run: [qvrmm] C:\WINDOWS\system32\f0lhcc6oo.exe
O4 - HKCU\..\Run: [gwsxnt] C:\WINDOWS\system32\kvwrx60zfp.exe
O4 - HKCU\..\Run: [bgcss81] C:\WINDOWS\system32\l60nijo8.exe
O4 - HKCU\..\Run: [yuzpv6] C:\WINDOWS\system32\t66k81wh.exe
O4 - HKCU\..\Run: [jzf60] C:\WINDOWS\system32\86a81mx.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.


Download Combofix

naar je Bureaublad en gebruik het volgens deze handleiding.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
  • Dubbelklik op Combofix.exe om het te starten.
  • Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  • Klik op OK in het "NirCmd" venstertje.
  • Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
  • Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  • Klik na afloop terug op Ja om het scannen op malware te starten.
  • Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  • Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post dit logje in je volgende antwoord.


ps. negeer de posts van Hooky die geen toestemming heeft om een deze sectie op deze problemen te reageren.
w

woody600

Legacy Member
Combofix lijkt me gewerkt te hebben, geen meldingen meer bij opstarten.
Zal zodadelijk laten weten hoe het met de andere meldingen zit.

COMBOFIX

ComboFix 10-03-08.01 - Dimitri 08/03/2010 20:11:32.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.2047.1390 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Dimitri\Bureaublad\ComboFix.exe
AV: F-Secure Internet Security 2009 9.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Internet Security 2009 9.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
ADS - svchost.exe: deleted 68 bytes in 1 streams.
ADS - ntoskrnl.exe: deleted 68 bytes in 1 streams.
ADS - explorer.exe: deleted 132 bytes in 1 streams.
ADS - win32k.sys: deleted 68 bytes in 1 streams.
ADS - netcfgx.dll: deleted 100 bytes in 1 streams.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Dimitri\Application Data\Desktopicon
C:\Documents and Settings\Dimitri\Application Data\Desktopicon\eBayShortcuts.exe
C:\install.exe
C:\Program Files\Cheat Engine\dbk32.sys
C:\RECYCLER\S-1-5-21-0109975962-8138221255-288841779-6033
C:\RECYCLER\S-1-5-21-0798181709-5677485366-456386036-9976
C:\RECYCLER\S-1-5-21-0967310480-2678077823-192450158-5382
C:\RECYCLER\S-1-5-21-2368517532-8615731852-249287092-9798
C:\RECYCLER\S-1-5-21-4248767097-1278006751-251194159-1752
C:\RECYCLER\S-1-5-21-4466852040-0685625874-180587682-5673
C:\RECYCLER\S-1-5-21-4603791018-6943374029-120351856-1510
C:\RECYCLER\S-1-5-21-5210657462-2581801114-268129599-1571
C:\RECYCLER\S-1-5-21-6363453731-9552593407-406287296-4672
C:\RECYCLER\S-1-5-21-6893289194-6107916644-199232301-1992
C:\RECYCLER\S-1-5-21-7288313250-7183598839-283679651-0090
C:\RECYCLER\S-1-5-21-7423483370-9274591989-648711381-3676
C:\RECYCLER\S-1-5-21-7531250541-6387648095-301849158-2889
C:\RECYCLER\S-1-5-21-7904059382-7038344198-633312520-0138
C:\RECYCLER\S-1-5-21-8034931218-4615356393-872582351-6863
C:\RECYCLER\S-1-5-21-8210457028-4552690694-143981116-3119
C:\RECYCLER\S-1-5-21-8373626064-8613032553-232046680-3263
C:\RECYCLER\S-1-5-21-8374740197-8360019129-346570554-3961
C:\RECYCLER\S-1-5-21-8479579181-7630770201-902740878-3026
C:\RECYCLER\S-1-5-21-8625258705-0029482397-896671162-9390
C:\RECYCLER\S-1-5-21-9955641414-6490982759-901742117-8582
C:\WINDOWS\Config\mconfig.exe
C:\WINDOWS\system32\1ghm86y.exe
C:\WINDOWS\system32\3c1t70a.exe
C:\WINDOWS\system32\3mmhyyt.exe
C:\WINDOWS\system32\lsnccq.exe
C:\WINDOWS\system32\psiomcp.exe
C:\WINDOWS\system32\ssjitsys32.exe
C:\WINDOWS\system32\win.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DUMETERSVC
-------\Service_DUMeterSvc
-------\Service_NPF
-------\Legacy_DBKDRVR54
-------\Service_DBKDRVR54


(((((((((((((((((((( Bestanden Gemaakt van 2010-02-08 to 2010-03-08 ))))))))))))))))))))))))))))))
.

2010-03-08 17:16:21 . 2010-03-08 17:16:15 41472 --sh--r- C:\WINDOWS\system32\fg70hdyy6k.exe
2010-03-08 17:11:29 . 2010-03-08 17:11:29 -------- d-----w- C:\Documents and Settings\Dimitri\Application Data\Malwarebytes
2010-03-08 17:11:22 . 2010-01-07 15:07:14 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-03-08 17:11:20 . 2010-03-08 17:11:20 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-03-08 17:11:18 . 2010-03-08 17:11:27 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-08 17:11:18 . 2010-01-07 15:07:04 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-03-08 05:13:06 . 2010-03-08 05:13:00 41472 --sh--r- C:\WINDOWS\system32\bw0ni0zu0b.exe
2010-03-07 16:45:28 . 2010-03-07 16:23:45 41472 --sh--r- C:\WINDOWS\system32\dezpqlbcxn.exe
2010-03-06 21:56:47 . 2010-02-26 12:00:30 724992 ----a-w- C:\Documents and Settings\Dimitri\Application Data\Mozilla\Firefox\Profiles\fow95hof.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2010-03-06 21:56:47 . 2010-02-26 12:00:30 1291640 ----a-w- C:\Documents and Settings\Dimitri\Application Data\Mozilla\Firefox\Profiles\fow95hof.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2010-03-06 19:52:09 . 2010-03-06 19:52:09 -------- d-----w- C:\Program Files\Ubisoft
2010-03-06 19:37:22 . 2010-03-06 19:37:22 -------- d-----w- C:\Ubisoft
2010-03-06 19:32:30 . 2010-03-08 17:14:23 -------- d-----w- C:\Program Files\DAEMON Tools Lite
2010-03-06 11:37:36 . 2010-03-08 18:04:12 -------- d--h--r- C:\Documents and Settings\Dimitri\Onlangs geopend
2010-03-06 11:33:33 . 2010-03-06 11:33:33 388096 ----a-r- C:\Documents and Settings\Dimitri\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-06 11:33:31 . 2010-03-06 11:33:31 -------- d-----w- C:\Program Files\TrendMicro
2010-02-16 14:58:16 . 2010-03-08 18:50:17 -------- d-----w- C:\Program Files\Runes of Magic
2010-02-13 11:41:07 . 2010-02-13 11:49:02 69 ----a-w- C:\Documents and Settings\Dimitri\jagex_runescape_preferences2.dat
2010-02-13 11:40:14 . 2010-02-13 11:41:38 41 ----a-w- C:\Documents and Settings\Dimitri\jagex_runescape_preferences.dat
2010-02-13 11:40:02 . 2010-02-13 11:40:02 -------- d-----w- C:\WINDOWS\.jagex_cache_32
2010-02-12 10:00:49 . 2010-02-12 10:00:37 41472 --sh--r- C:\WINDOWS\system32\te0fvb66s.exe
2010-02-09 16:52:22 . 2010-02-09 16:52:22 -------- d-----w- C:\Program Files\Microsoft.NET
2010-02-09 16:44:47 . 2010-03-07 14:19:33 -------- d-----w- C:\Gevaarlijke stoffen
2010-02-09 16:44:15 . 2010-02-09 16:44:17 -------- d-----w- C:\Documents and Settings\Dimitri\Installatie DBGS 52
2010-02-07 17:10:44 . 2010-02-14 14:18:51 -------- d-----w- C:\Documents and Settings\Dimitri\Local Settings\Application Data\FullTiltPoker
2010-02-07 17:08:40 . 2010-03-07 16:53:54 -------- d-----w- C:\Program Files\Full Tilt Poker
2010-02-07 16:47:27 . 2010-02-07 16:47:27 -------- d-----w- C:\Documents and Settings\Dimitri\Local Settings\Application Data\Symantec_Corporation
2010-02-07 16:47:27 . 2010-02-07 16:47:27 -------- d-----w- C:\Documents and Settings\Dimitri\Application Data\Symantec
2010-02-07 16:36:15 . 2007-03-21 19:39:00 1060864 ----a-w- C:\WINDOWS\system32\MFC71.DLL
2010-02-07 16:35:52 . 2009-10-01 21:03:40 131000 ----a-w- C:\WINDOWS\system32\drivers\WimFltr.sys
2010-02-07 16:35:13 . 2009-09-21 19:20:42 138592 ----a-w- C:\WINDOWS\system32\drivers\symsnap.sys
2010-02-07 16:35:05 . 2009-09-21 19:40:14 15096 ----a-w- C:\WINDOWS\system32\drivers\vproeventmonitor.sys
2010-02-07 16:35:00 . 2008-11-07 17:55:30 16928 ------w- C:\WINDOWS\system32\spmsgXP_2k3.dll
2010-02-07 16:34:49 . 2009-05-18 13:17:00 26600 ----a-w- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2010-02-07 16:34:49 . 2008-04-17 12:12:54 107368 ----a-w- C:\WINDOWS\system32\GEARAspi.dll
2010-02-07 16:34:30 . 2010-02-07 16:36:14 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2010-02-07 16:34:15 . 2010-02-07 16:34:30 -------- d-----w- C:\Program Files\Norton Ghost
2010-02-07 16:25:00 . 2010-02-07 16:25:00 -------- d-----w- C:\Program Files\Microsoft XNA
2010-02-07 16:23:10 . 2009-09-04 16:44:40 515416 ----a-w- C:\WINDOWS\system32\XAudio2_5.dll
2010-02-07 16:23:10 . 2009-09-04 16:44:40 238936 ----a-w- C:\WINDOWS\system32\xactengine3_5.dll
2010-02-07 16:23:09 . 2009-09-04 16:29:32 1974616 ----a-w- C:\WINDOWS\system32\D3DCompiler_42.dll
2010-02-07 16:23:08 . 2009-09-04 16:29:32 5501792 ----a-w- C:\WINDOWS\system32\d3dcsx_42.dll
2010-02-07 16:23:07 . 2009-09-04 16:29:34 235344 ----a-w- C:\WINDOWS\system32\d3dx11_42.dll
2010-02-06 22:49:39 . 2010-02-06 22:49:39 -------- d-----w- C:\Documents and Settings\Dimitri\Application Data\com.raptr.Raptr.848BBC53270CAC248E8FA0F339176201CDEB525F.1
2010-02-06 22:49:39 . 2010-02-06 22:49:39 -------- d-----w- C:\Documents and Settings\Dimitri\Application Data\BitTorrent
2010-02-06 22:49:39 . 2010-02-06 22:49:39 -------- d-----w- C:\Documents and Settings\Dimitri\Application Data\AVS4YOU
2010-02-06 22:49:39 . 2010-02-06 22:49:39 -------- d-----w- C:\Documents and Settings\Dimitri\Application Data\AdobeUM
2010-02-06 22:49:39 . 2010-02-06 22:49:39 -------- d-----w- C:\Documents and Settings\Dimitri\Application Data\.tswebeditor
2010-02-06 22:49:38 . 2010-02-06 22:49:38 -------- d-----w- C:\Documents and Settings\Dimitri\Application Data\fretsonfire
2010-02-06 22:49:38 . 2010-02-06 22:49:38 -------- d-----w- C:\Documents and Settings\Dimitri\Application Data\DAEMON Tools
2010-02-06 22:49:38 . 2010-02-06 22:49:38 -------- d-----w- C:\Documents and Settings\Dimitri\Application Data\Command & Conquer 3 Tiberium Wars
2010-02-06 22:49:02 . 2010-02-06 22:49:13 -------- d--h--w- C:\Documents and Settings\Dimitri\Application Data\ijjigame
2010-02-06 22:30:22 . 2010-02-06 22:46:35 -------- d-----w- C:\Program Files\Common Files\Symantec Shared(2)
2010-02-06 22:03:10 . 2010-02-06 22:03:10 -------- d-----w- C:\WINDOWS\SxsCaPendDel
2010-02-06 20:41:06 . 2010-02-06 20:41:06 -------- d-----w- C:\Program Files\Symantec
2010-02-06 20:39:03 . 2010-02-07 17:13:49 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Symantec
2010-02-06 20:39:03 . 2010-02-07 16:34:21 -------- d-----w- C:\Documents and Settings\All Users\Application Data\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 19:13:37 . 2010-01-30 15:14:47 -------- d-----w- C:\Program Files\Cheat Engine
2010-03-08 18:51:03 . 2009-12-14 16:18:41 -------- d-----w- C:\Documents and Settings\Dimitri\Application Data\.purple
2010-03-08 17:47:55 . 2010-02-04 17:22:29 -------- d-----w- C:\Program Files\PokerStars
2010-03-06 22:18:06 . 2009-02-19 20:08:50 190160 ----a-w- C:\WINDOWS\system32\PnkBstrB.exe
2010-03-06 22:03:10 . 2009-02-19 20:09:33 139456 ----a-w- C:\WINDOWS\system32\drivers\PnkBstrK.sys
2010-03-06 21:58:54 . 2009-02-19 20:09:33 138056 ----a-w- C:\Documents and Settings\Dimitri\Application Data\PnkBstrK.sys
2010-03-06 21:58:54 . 2009-02-19 20:09:33 138056 ----a-w- C:\Documents and Settings\Dimitri\Application Data\PnkBstrK.sys
2010-03-06 21:58:28 . 2010-01-19 19:35:39 2407792 ----a-w- C:\WINDOWS\system32\pbsvc_heroes.exe
2010-03-06 19:53:16 . 2009-02-08 12:33:57 -------- d-----w- C:\Documents and Settings\Dimitri\Application Data\Orbit
2010-03-06 19:52:08 . 2008-12-21 14:25:13 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2010-03-06 19:34:22 . 2008-12-22 13:02:12 -------- d-----w- C:\Documents and Settings\Dimitri\Application Data\DAEMON Tools Lite
2010-03-06 11:44:48 . 2010-01-21 14:46:22 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-27 17:58:12 . 2009-12-14 16:24:37 -------- d-----w- C:\Documents and Settings\Dimitri\Application Data\gtk-2.0
2010-02-27 14:59:16 . 2008-12-21 14:52:48 50056 ----a-w- C:\Documents and Settings\Dimitri\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-07 16:23:43 . 2010-02-06 22:49:39 -------- d-----w- C:\Program Files\Electronic Arts
2010-02-07 16:14:50 . 2010-02-07 16:14:54 44032 --sh--r- C:\WINDOWS\system32\b2s5njef.exe
2010-02-07 16:12:47 . 2010-02-07 16:12:47 -------- d-----w- C:\Program Files\Microsoft
2010-02-07 16:12:41 . 2010-02-06 13:16:13 -------- d-----w- C:\Program Files\Windows Live
2010-02-07 16:12:28 . 2010-02-07 16:12:28 -------- d-----w- C:\Program Files\Windows Live SkyDrive
2010-02-06 23:19:55 . 2010-02-06 23:19:54 29959 ----a-w- C:\WINDOWS\system32\regsv32a.exe
2010-02-06 23:01:29 . 2010-02-06 23:01:29 -------- d-----w- C:\Program Files\microsoft frontpage
2010-02-06 22:48:18 . 2010-02-03 15:01:51 -------- d-----w- C:\Program Files\PokerStars.NET
2010-02-06 20:39:55 . 2010-02-06 20:39:55 0 ---ha-w- C:\WINDOWS\system32\drivers\Msft_Kernel_GenericMount_01009.Wdf
2010-02-06 20:39:54 . 2010-02-06 20:39:54 0 ---ha-w- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-02-02 18:17:44 . 2008-12-31 16:21:47 -------- d-----w- C:\Program Files\Java
2010-02-02 18:00:49 . 2010-02-02 18:00:48 3584 ----a-r- C:\Documents and Settings\Dimitri\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-02-02 18:00:48 . 2010-02-02 18:00:48 -------- d-----w- C:\Program Files\Windows Installer Clean Up
2010-02-02 18:00:29 . 2010-02-02 18:00:29 -------- d-----w- C:\Program Files\MSECACHE
2010-02-02 17:46:12 . 2009-03-18 20:35:58 -------- d-----w- C:\Program Files\Nero 9
2010-02-02 10:06:44 . 2010-02-02 10:06:44 0 ----a-w- C:\Documents and Settings\All Users\Application Data\xml1AD.tmp
2010-02-02 10:06:44 . 2010-02-02 10:06:42 0 ----a-w- C:\Documents and Settings\All Users\Application Data\xml1AC.tmp
2010-02-02 09:21:50 . 2010-02-02 09:21:50 0 ----a-w- C:\Documents and Settings\All Users\Application Data\xml15A.tmp
2010-02-02 09:21:49 . 2010-02-02 09:21:47 0 ----a-w- C:\Documents and Settings\All Users\Application Data\xml159.tmp
2010-02-01 14:59:41 . 2010-02-01 14:59:41 -------- d-----w- C:\Documents and Settings\Dimitri\Application Data\Auslogics
2010-02-01 14:59:34 . 2010-02-01 14:59:34 -------- d-----w- C:\Program Files\Auslogics
2010-02-01 14:45:18 . 2009-11-02 16:20:16 -------- d-----w- C:\Program Files\NVIDIA Corporation
2010-02-01 14:10:01 . 2006-03-02 12:00:00 94120 ----a-w- C:\WINDOWS\system32\perfc013.dat
2010-02-01 14:10:01 . 2006-03-02 12:00:00 516012 ----a-w- C:\WINDOWS\system32\perfh013.dat
2010-02-01 13:50:22 . 2010-02-01 13:50:22 2316 ----a-w- C:\Documents and Settings\All Users\Application Data\xml1B0.tmp
2010-02-01 13:50:21 . 2010-02-01 13:50:21 0 ----a-w- C:\Documents and Settings\All Users\Application Data\xml1AF.tmp
2010-02-01 13:50:21 . 2010-02-01 13:50:19 7734 ----a-w- C:\Documents and Settings\All Users\Application Data\xml1AE.tmp
2010-02-01 11:52:26 . 2009-11-24 16:22:18 79488 ----a-w- C:\Documents and Settings\Dimitri\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-01 11:46:01 . 2008-12-21 14:43:02 19039 ----a-w- C:\WINDOWS\system32\drivers\GVTDrv.sys
2010-01-26 15:34:11 . 2009-05-07 16:59:22 -------- d-----w- C:\Program Files\Common Files\Real
2010-01-26 15:30:15 . 2008-12-22 13:00:27 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-21 14:46:31 . 2010-01-21 14:46:22 -------- d-----w- C:\Program Files\Spybot - Search & Destroy
2010-01-19 18:59:12 . 2009-10-01 16:34:00 -------- d-----w- C:\Program Files\Unlocker
2010-01-19 18:58:07 . 2010-01-19 18:58:05 -------- d-----w- C:\Program Files\CCleaner
2010-01-18 18:36:53 . 2009-11-01 18:52:57 -------- d-----w- C:\Program Files\BYOND
2010-01-11 21:17:44 . 2010-01-11 21:17:44 278120 ----a-w- C:\WINDOWS\system32\nvmccs.dll
2009-12-27 18:24:03 . 2009-12-27 18:24:03 41472 --sh--r- C:\WINDOWS\system32\ikddmch.exe
2009-12-22 15:48:59 . 2009-12-22 15:48:59 2145 ----a-w- C:\Documents and Settings\Dimitri\Application Data\.purple\certificates\x509\tls_peers\ows.messenger.msn.com
2009-12-14 19:28:35 . 2009-12-14 19:28:35 6656 ----a-w- C:\WINDOWS\system32\haspvdd.dll
2009-12-14 19:28:35 . 2009-12-14 19:28:35 47616 ----a-w- C:\WINDOWS\system32\drivers\Haspnt.sys
2009-12-14 19:28:35 . 2009-12-14 19:28:35 383 ----a-w- C:\WINDOWS\system32\haspdos.sys
2009-12-14 16:26:23 . 2009-12-14 16:26:23 2165 ----a-w- C:\Documents and Settings\Dimitri\Application Data\.purple\certificates\x509\tls_peers\rsi.hotmail.com
2009-12-14 16:26:18 . 2009-12-14 16:26:18 2157 ----a-w- C:\Documents and Settings\Dimitri\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2009-12-14 16:26:16 . 2009-12-14 16:26:16 2095 ----a-w- C:\Documents and Settings\Dimitri\Application Data\.purple\certificates\x509\tls_peers\login.live.com
2009-12-12 13:26:28 . 2008-12-22 13:02:15 691696 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys
.

------- Sigcheck -------

[7] 2006-03-02 12:00:00 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\dllcache\tcpip.sys
[-] 2006-03-02 12:00:00 . 6A603809F598332DBEDD535BDBCE313E . 359040 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 15:44:30 3883856]
"gbxny1o"="C:\WINDOWS\system32\b2s5njef.exe" [2010-02-07 16:14:50 44032]
"lhcdi81"="C:\WINDOWS\system32\te0fvb66s.exe" [2010-02-12 10:00:37 41472]
"gwwsii"="C:\WINDOWS\system32\fg70hdyy6k.exe" [2010-03-08 17:16:15 41472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 12:00:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 08:56:38 16261632]
"SkyTel"="SkyTel.EXE" [2006-05-16 10:04:26 2879488]
"DeathAdder"="C:\Program Files\Razer\DeathAdder\razerhid.exe" [2007-09-07 14:54:54 159744]
"UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" [2006-10-12 20:27:20 304640]
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" [2008-06-25 13:42:48 182936]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2010-01-11 21:17:44 13666408]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2010-01-11 21:17:44 110696]
"Norton Ghost 15.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [2009-10-01 20:32:04 2596712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 12:00:00 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2006-03-02 12:00:00 15360 ------w- C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
2008-06-25 13:42:36 957024 ----a-w- C:\Program Files\F-Secure Internet Security\FSGUI\tnbutil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBB36X Configure]
2006-07-12 09:58:58 356352 ------r- C:\WINDOWS\system32\JMRaidTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-01-11 21:17:44 110696 ----a-w- C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\prodcmmp]
2009-12-27 18:24:03 41472 --sh--r- C:\WINDOWS\system32\ikddmch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 14:31:16 2144088 --sha-r- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 03:19:17 148888 ----a-w- C:\Program Files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"C:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"C:\\Ubisoft\\Silent Hunter 5\\sh5.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [22/12/2008 14:58:48 79904]
R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [22/12/2008 14:02:15 691696]
R1 eusk2par;EUTRON SmartKey Parallel Driver;C:\WINDOWS\system32\drivers\eusk2par.sys [23/12/2009 17:42:31 25634]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files\F-Secure Internet Security\HIPS\drivers\fshs.sys [22/12/2008 14:58:20 66720]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [24/09/2006 21:22:52 11776]
R3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys [21/12/2008 15:48:59 22784]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [22/12/2008 14:57:52 72288]
R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe [22/12/2008 14:58:21 55904]
R3 GenericMount;Generic Mount Driver;C:\WINDOWS\system32\drivers\GenericMount.sys [21/09/2009 20:26:10 46192]
R3 SymSnapService;SymSnapService;C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [21/09/2009 20:19:20 1964528]
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\drivers\UltraMonMirror.sys [24/09/2006 21:23:14 3584]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.sys [21/12/2008 17:37:20 17149]
S3 GarenaPEngine;GarenaPEngine;\??\C:\DOCUME~1\Dimitri\LOCALS~1\Temp\SAWE4.tmp --> C:\DOCUME~1\Dimitri\LOCALS~1\Temp\SAWE4.tmp [?]
S3 GenericMount Helper Service;GenericMount Helper Service;C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [21/09/2009 20:25:34 1571336]
S3 npggsvc;nProtect GameGuard Service;C:\WINDOWS\system32\GameMon.des -service --> C:\WINDOWS\system32\GameMon.des -service [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe --> C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [?]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\WINDOWS\system32\dllhost.exe [2/03/2006 13:00:00 5120]
S3 USBTINSP;TI-Nspire(TM) Handheld Device Driver;C:\WINDOWS\system32\drivers\tinspusb.sys [21/09/2009 19:36:48 123392]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys --> C:\WINDOWS\system32\DRIVERS\WPN111.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys [22/12/2008 14:57:52 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys [22/12/2008 14:57:52 25184]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.fatlan.be/
IE: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/202
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{A0899BF0-5F7F-4AD8-BB34-E7A7F8C02B63} - {A0899BF0-5F7F-4AD8-BB34-E7A7F8C02B63} -
LSP: C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL
FF - ProfilePath - C:\Documents and Settings\Dimitri\Application Data\Mozilla\Firefox\Profiles\fow95hof.default\
FF - prefs.js: browser.search.selectedEngine - GoogIe
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://www.theast.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=FTngxkan&q=
FF - plugin: C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
FF - plugin: C:\Documents and Settings\Dimitri\Application Data\Mozilla\Firefox\Profiles\fow95hof.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: C:\Documents and Settings\Dimitri\Application Data\Mozilla\Firefox\Profiles\fow95hof.default\extensions\[email protected]\plugins\npiaplayer.dll
FF - plugin: C:\Program Files\BYOND\bin\npbyond.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - GoogIe
FF - user.js: keyword.URL - hxxp://www.theast.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=FTngxkan&q=
.
- - - - ORPHANS VERWIJDERD - - - -

BHO-{A0899BF0-5F7F-4AD8-BB34-E7A7F8C02B63} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-mccydoz - C:\WINDOWS\system32\wmns81ep.exe
HKCU-Run-qmrcnoj - C:\WINDOWS\system32\3c1t70a.exe
HKCU-Run-pflgcc8 - C:\WINDOWS\system32\1ghm86y.exe
HKCU-Run-grccs - C:\WINDOWS\system32\60ntdzu.exe
HKCU-Run-mhni0p - C:\WINDOWS\system32\66c86o8.exe
HKCU-Run-wndo1 - C:\WINDOWS\system32\fqbcxd60f.exe
HKCU-Run-glwhidt - C:\WINDOWS\system32\0xdnjef.exe
HKCU-Run-euavw - C:\WINDOWS\system32\z60bhrni.exe
HKCU-Run-avlmhx - C:\WINDOWS\system32\efk86w81it.exe
HKCU-Run-gwbmx - C:\WINDOWS\system32\pqlbcxyt.exe
HKCU-Run-qvrmm - C:\WINDOWS\system32\f0lhcc6oo.exe
HKCU-Run-gwsxnt - C:\WINDOWS\system32\kvwrx60zfp.exe
HKCU-Run-bgcss81 - C:\WINDOWS\system32\l60nijo8.exe
HKCU-Run-yuzpv6 - C:\WINDOWS\system32\t66k81wh.exe
HKCU-Run-jzf60 - C:\WINDOWS\system32\86a81mx.exe
HKLM-Run-nwiz - nwiz.exe
MSConfigStartUp-jncontmon - C:\WINDOWS\system32\ssjitsys32.exe
MSConfigStartUp-mndpro32 - C:\WINDOWS\system32\primndd.exe
MSConfigStartUp-ncstatsc - C:\WINDOWS\system32\lsnccq.exe
MSConfigStartUp-pqezlr32 - C:\WINDOWS\system32\eyclcm.exe
MSConfigStartUp-qisdrmss - C:\WINDOWS\system32\qodesnaq.exe
MSConfigStartUp-udccndw2 - C:\WINDOWS\system32\psiomcp.exe
MSConfigStartUp-VGAUtil - C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
J

Juisterr

Legacy Member
Logje van combo is niet compleet, heeft u het onderste deel ook aub.

Plaats ook een nieuw HijackThis logje aub.
w

woody600

Legacy Member
Combofix log is toch het hele logje hoor dat ik van c/combofix/combofix.txt heb gehaald
Heb wel al geen meldingen meer.
HijackThislog:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 20:30:39, on 9/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure Internet Security\FSGUI\scanwizard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fatlan.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A0899BF0-5F7F-4AD8-BB34-E7A7F8C02B63} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Norton Ghost 15.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [gbxny1o] C:\WINDOWS\system32\b2s5njef.exe
O4 - HKCU\..\Run: [mccydoz] C:\WINDOWS\system32\wmns81ep.exe
O4 - HKCU\..\Run: [qmrcnoj] C:\WINDOWS\system32\3c1t70a.exe
O4 - HKCU\..\Run: [pflgcc8] C:\WINDOWS\system32\1ghm86y.exe
O4 - HKCU\..\Run: [lhcdi81] C:\WINDOWS\system32\te0fvb66s.exe
O4 - HKCU\..\Run: [gwwsii] C:\WINDOWS\system32\fg70hdyy6k.exe
O4 - HKCU\..\Run: [grccs] C:\WINDOWS\system32\60ntdzu.exe
O4 - HKCU\..\Run: [mhni0p] C:\WINDOWS\system32\66c86o8.exe
O4 - HKCU\..\Run: [wndo1] C:\WINDOWS\system32\fqbcxd60f.exe
O4 - HKCU\..\Run: [glwhidt] C:\WINDOWS\system32\0xdnjef.exe
O4 - HKCU\..\Run: [euavw] C:\WINDOWS\system32\z60bhrni.exe
O4 - HKCU\..\Run: [avlmhx] C:\WINDOWS\system32\efk86w81it.exe
O4 - HKCU\..\Run: [gwbmx] C:\WINDOWS\system32\pqlbcxyt.exe
O4 - HKCU\..\Run: [qvrmm] C:\WINDOWS\system32\f0lhcc6oo.exe
O4 - HKCU\..\Run: [gwsxnt] C:\WINDOWS\system32\kvwrx60zfp.exe
O4 - HKCU\..\Run: [bgcss81] C:\WINDOWS\system32\l60nijo8.exe
O4 - HKCU\..\Run: [yuzpv6] C:\WINDOWS\system32\t66k81wh.exe
O4 - HKCU\..\Run: [jzf60] C:\WINDOWS\system32\86a81mx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barungo Bar - {A0899BF0-5F7F-4AD8-BB34-E7A7F8C02B63} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Barungo Bar - {A0899BF0-5F7F-4AD8-BB34-E7A7F8C02B63} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Dimitri\Menu Start\Programma's\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Dimitri\Menu Start\Programma's\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe
O23 - Service: GenericMount Helper Service - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - Unknown owner - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe (file missing)
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

--
End of file - 11171 bytes
J

Juisterr

Legacy Member
Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {A0899BF0-5F7F-4AD8-BB34-E7A7F8C02B63} - (no file)
O4 - HKCU\..\Run: [gbxny1o] C:\WINDOWS\system32\b2s5njef.exe
O4 - HKCU\..\Run: [mccydoz] C:\WINDOWS\system32\wmns81ep.exe
O4 - HKCU\..\Run: [qmrcnoj] C:\WINDOWS\system32\3c1t70a.exe
O4 - HKCU\..\Run: [pflgcc8] C:\WINDOWS\system32\1ghm86y.exe
O4 - HKCU\..\Run: [lhcdi81] C:\WINDOWS\system32\te0fvb66s.exe
O4 - HKCU\..\Run: [gwwsii] C:\WINDOWS\system32\fg70hdyy6k.exe
O4 - HKCU\..\Run: [grccs] C:\WINDOWS\system32\60ntdzu.exe
O4 - HKCU\..\Run: [mhni0p] C:\WINDOWS\system32\66c86o8.exe
O4 - HKCU\..\Run: [wndo1] C:\WINDOWS\system32\fqbcxd60f.exe
O4 - HKCU\..\Run: [glwhidt] C:\WINDOWS\system32\0xdnjef.exe
O4 - HKCU\..\Run: [euavw] C:\WINDOWS\system32\z60bhrni.exe
O4 - HKCU\..\Run: [avlmhx] C:\WINDOWS\system32\efk86w81it.exe
O4 - HKCU\..\Run: [gwbmx] C:\WINDOWS\system32\pqlbcxyt.exe
O4 - HKCU\..\Run: [qvrmm] C:\WINDOWS\system32\f0lhcc6oo.exe
O4 - HKCU\..\Run: [gwsxnt] C:\WINDOWS\system32\kvwrx60zfp.exe
O4 - HKCU\..\Run: [bgcss81] C:\WINDOWS\system32\l60nijo8.exe
O4 - HKCU\..\Run: [yuzpv6] C:\WINDOWS\system32\t66k81wh.exe
O4 - HKCU\..\Run: [jzf60] C:\WINDOWS\system32\86a81mx.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Dimitri\Menu Start\Programma's\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Dimitri\Menu Start\Programma's\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - Unknown owner - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe (file missing)

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.
J

Juisterr

Legacy Member
Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\WINDOWS\system32\b2s5njef.exe
C:\WINDOWS\system32\wmns81ep.exe
C:\WINDOWS\system32\3c1t70a.exe
C:\WINDOWS\system32\1ghm86y.exe
C:\WINDOWS\system32\te0fvb66s.exe
C:\WINDOWS\system32\fg70hdyy6k.exe
C:\WINDOWS\system32\60ntdzu.exe
C:\WINDOWS\system32\66c86o8.exe
C:\WINDOWS\system32\fqbcxd60f.exe
C:\WINDOWS\system32\0xdnjef.exe
C:\WINDOWS\system32\z60bhrni.exe
C:\WINDOWS\system32\efk86w81it.exe
C:\WINDOWS\system32\pqlbcxyt.exe
C:\WINDOWS\system32\f0lhcc6oo.exe
C:\WINDOWS\system32\kvwrx60zfp.exe
C:\WINDOWS\system32\l60nijo8.exe
C:\WINDOWS\system32\t66k81wh.exe
C:\WINDOWS\system32\86a81mx.exe) DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted successfully>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt
DEL %0


Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.
w

woody600

Legacy Member
del.bat log

Deleting files
C:\WINDOWS\system32\b2s5njef.exe deleted successfully
C:\WINDOWS\system32\wmns81ep.exe not found
C:\WINDOWS\system32\3c1t70a.exe not found
C:\WINDOWS\system32\1ghm86y.exe not found
C:\WINDOWS\system32\te0fvb66s.exe deleted successfully
C:\WINDOWS\system32\fg70hdyy6k.exe deleted successfully
C:\WINDOWS\system32\60ntdzu.exe not found
C:\WINDOWS\system32\66c86o8.exe not found
C:\WINDOWS\system32\fqbcxd60f.exe not found
C:\WINDOWS\system32\0xdnjef.exe not found
C:\WINDOWS\system32\z60bhrni.exe not found
C:\WINDOWS\system32\efk86w81it.exe not found
C:\WINDOWS\system32\pqlbcxyt.exe not found
C:\WINDOWS\system32\f0lhcc6oo.exe not found
C:\WINDOWS\system32\kvwrx60zfp.exe not found
C:\WINDOWS\system32\l60nijo8.exe not found
C:\WINDOWS\system32\t66k81wh.exe not found
C:\WINDOWS\system32\86a81mx.exe not found
w

woody600

Legacy Member
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 16:34:19, on 11/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\F-Secure Internet Security\FSGUI\scanwizard.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fatlan.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A0899BF0-5F7F-4AD8-BB34-E7A7F8C02B63} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Norton Ghost 15.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [gbxny1o] C:\WINDOWS\system32\b2s5njef.exe
O4 - HKCU\..\Run: [mccydoz] C:\WINDOWS\system32\wmns81ep.exe
O4 - HKCU\..\Run: [qmrcnoj] C:\WINDOWS\system32\3c1t70a.exe
O4 - HKCU\..\Run: [pflgcc8] C:\WINDOWS\system32\1ghm86y.exe
O4 - HKCU\..\Run: [lhcdi81] C:\WINDOWS\system32\te0fvb66s.exe
O4 - HKCU\..\Run: [gwwsii] C:\WINDOWS\system32\fg70hdyy6k.exe
O4 - HKCU\..\Run: [grccs] C:\WINDOWS\system32\60ntdzu.exe
O4 - HKCU\..\Run: [mhni0p] C:\WINDOWS\system32\66c86o8.exe
O4 - HKCU\..\Run: [wndo1] C:\WINDOWS\system32\fqbcxd60f.exe
O4 - HKCU\..\Run: [glwhidt] C:\WINDOWS\system32\0xdnjef.exe
O4 - HKCU\..\Run: [euavw] C:\WINDOWS\system32\z60bhrni.exe
O4 - HKCU\..\Run: [avlmhx] C:\WINDOWS\system32\efk86w81it.exe
O4 - HKCU\..\Run: [gwbmx] C:\WINDOWS\system32\pqlbcxyt.exe
O4 - HKCU\..\Run: [qvrmm] C:\WINDOWS\system32\f0lhcc6oo.exe
O4 - HKCU\..\Run: [gwsxnt] C:\WINDOWS\system32\kvwrx60zfp.exe
O4 - HKCU\..\Run: [bgcss81] C:\WINDOWS\system32\l60nijo8.exe
O4 - HKCU\..\Run: [yuzpv6] C:\WINDOWS\system32\t66k81wh.exe
O4 - HKCU\..\Run: [jzf60] C:\WINDOWS\system32\86a81mx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barungo Bar - {A0899BF0-5F7F-4AD8-BB34-E7A7F8C02B63} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Barungo Bar - {A0899BF0-5F7F-4AD8-BB34-E7A7F8C02B63} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Dimitri\Menu Start\Programma's\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Dimitri\Menu Start\Programma's\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe
O23 - Service: GenericMount Helper Service - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - Unknown owner - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe (file missing)
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

--
End of file - 11440 bytes
w

woody600

Legacy Member
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 16:34:19, on 11/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\F-Secure Internet Security\FSGUI\scanwizard.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fatlan.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A0899BF0-5F7F-4AD8-BB34-E7A7F8C02B63} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Norton Ghost 15.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [gbxny1o] C:\WINDOWS\system32\b2s5njef.exe
O4 - HKCU\..\Run: [mccydoz] C:\WINDOWS\system32\wmns81ep.exe
O4 - HKCU\..\Run: [qmrcnoj] C:\WINDOWS\system32\3c1t70a.exe
O4 - HKCU\..\Run: [pflgcc8] C:\WINDOWS\system32\1ghm86y.exe
O4 - HKCU\..\Run: [lhcdi81] C:\WINDOWS\system32\te0fvb66s.exe
O4 - HKCU\..\Run: [gwwsii] C:\WINDOWS\system32\fg70hdyy6k.exe
O4 - HKCU\..\Run: [grccs] C:\WINDOWS\system32\60ntdzu.exe
O4 - HKCU\..\Run: [mhni0p] C:\WINDOWS\system32\66c86o8.exe
O4 - HKCU\..\Run: [wndo1] C:\WINDOWS\system32\fqbcxd60f.exe
O4 - HKCU\..\Run: [glwhidt] C:\WINDOWS\system32\0xdnjef.exe
O4 - HKCU\..\Run: [euavw] C:\WINDOWS\system32\z60bhrni.exe
O4 - HKCU\..\Run: [avlmhx] C:\WINDOWS\system32\efk86w81it.exe
O4 - HKCU\..\Run: [gwbmx] C:\WINDOWS\system32\pqlbcxyt.exe
O4 - HKCU\..\Run: [qvrmm] C:\WINDOWS\system32\f0lhcc6oo.exe
O4 - HKCU\..\Run: [gwsxnt] C:\WINDOWS\system32\kvwrx60zfp.exe
O4 - HKCU\..\Run: [bgcss81] C:\WINDOWS\system32\l60nijo8.exe
O4 - HKCU\..\Run: [yuzpv6] C:\WINDOWS\system32\t66k81wh.exe
O4 - HKCU\..\Run: [jzf60] C:\WINDOWS\system32\86a81mx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barungo Bar - {A0899BF0-5F7F-4AD8-BB34-E7A7F8C02B63} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Barungo Bar - {A0899BF0-5F7F-4AD8-BB34-E7A7F8C02B63} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Dimitri\Menu Start\Programma's\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Dimitri\Menu Start\Programma's\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe
O23 - Service: GenericMount Helper Service - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - Unknown owner - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe (file missing)
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

--
End of file - 11440 bytes
J

Juisterr

Legacy Member
Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

File::
C:\WINDOWS\system32\b2s5njef.exe
C:\WINDOWS\system32\wmns81ep.exe
C:\WINDOWS\system32\3c1t70a.exe
C:\WINDOWS\system32\1ghm86y.exe
C:\WINDOWS\system32\te0fvb66s.exe
C:\WINDOWS\system32\fg70hdyy6k.exe
C:\WINDOWS\system32\60ntdzu.exe
C:\WINDOWS\system32\66c86o8.exe
C:\WINDOWS\system32\fqbcxd60f.exe
C:\WINDOWS\system32\0xdnjef.exe
C:\WINDOWS\system32\z60bhrni.exe
C:\WINDOWS\system32\efk86w81it.exe
C:\WINDOWS\system32\pqlbcxyt.exe
C:\WINDOWS\system32\f0lhcc6oo.exe
C:\WINDOWS\system32\kvwrx60zfp.exe
C:\WINDOWS\system32\l60nijo8.exe
C:\WINDOWS\system32\t66k81wh.exe
C:\WINDOWS\system32\86a81mx.exe
C:\WINDOWS\system32\bw0ni0zu0b.exe
C:\WINDOWS\system32\dezpqlbcxn.exe
C:\WINDOWS\system32\fg70hdyy6k.exe

Driver::
GarenaPEngine

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gbxny1o"=-
"lhcdi81"=-
"gwwsii"=-


Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
CFScript.gif



CFScript.gif



Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van log.txt in je volgende antwoord.
w

woody600

Legacy Member
COMBOFIX

ComboFix 10-03-11.05 - Dimitri 12/03/2010 13:01:17.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.2047.1543 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Dimitri\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Dimitri\Bureaublad\CFScript.txt
AV: F-Secure Internet Security 2009 9.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Internet Security 2009 9.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}

FILE ::
"c:\windows\system32\0xdnjef.exe"
"c:\windows\system32\1ghm86y.exe"
"c:\windows\system32\3c1t70a.exe"
"c:\windows\system32\60ntdzu.exe"
"c:\windows\system32\66c86o8.exe"
"c:\windows\system32\86a81mx.exe"
"c:\windows\system32\b2s5njef.exe"
"c:\windows\system32\bw0ni0zu0b.exe"
"c:\windows\system32\dezpqlbcxn.exe"
"c:\windows\system32\efk86w81it.exe"
"c:\windows\system32\f0lhcc6oo.exe"
"c:\windows\system32\fg70hdyy6k.exe"
"c:\windows\system32\fqbcxd60f.exe"
"c:\windows\system32\kvwrx60zfp.exe"
"c:\windows\system32\l60nijo8.exe"
"c:\windows\system32\pqlbcxyt.exe"
"c:\windows\system32\t66k81wh.exe"
"c:\windows\system32\te0fvb66s.exe"
"c:\windows\system32\wmns81ep.exe"
"c:\windows\system32\z60bhrni.exe"
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bw0ni0zu0b.exe
c:\windows\system32\dezpqlbcxn.exe
.
---- Voorgaande Run -------
.
c:\documents and settings\Dimitri\Application Data\Desktopicon\eBayShortcuts.exe
C:\install.exe
c:\program files\Cheat Engine\dbk32.sys
c:\windows\Config\mconfig.exe
c:\windows\system32\1ghm86y.exe
c:\windows\system32\3c1t70a.exe
c:\windows\system32\3mmhyyt.exe
c:\windows\system32\lsnccq.exe
c:\windows\system32\psiomcp.exe
c:\windows\system32\ssjitsys32.exe
c:\windows\system32\win.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DUMETERSVC
-------\Service_DUMeterSvc
-------\Service_NPF
-------\Legacy_DBKDRVR54
-------\Service_DBKDRVR54
-------\Legacy_GARENAPENGINE
-------\Service_GarenaPEngine


(((((((((((((((((((( Bestanden Gemaakt van 2010-02-12 to 2010-03-12 ))))))))))))))))))))))))))))))
.

2010-03-09 19:32 . 2010-03-09 19:35 -------- d-----w- c:\program files\PartyGaming
2010-03-08 17:11 . 2010-03-08 17:11 -------- d-----w- c:\documents and settings\Dimitri\Application Data\Malwarebytes
2010-03-08 17:11 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-08 17:11 . 2010-03-08 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-08 17:11 . 2010-03-08 17:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-08 17:11 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-06 21:56 . 2010-02-26 12:00 724992 ----a-w- c:\documents and settings\Dimitri\Application Data\Mozilla\Firefox\Profiles\fow95hof.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2010-03-06 21:56 . 2010-02-26 12:00 1291640 ----a-w- c:\documents and settings\Dimitri\Application Data\Mozilla\Firefox\Profiles\fow95hof.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2010-03-06 19:52 . 2010-03-06 19:52 -------- d-----w- c:\program files\Ubisoft
2010-03-06 19:37 . 2010-03-06 19:37 -------- d-----w- C:\Ubisoft
2010-03-06 19:32 . 2010-03-08 17:14 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-03-06 11:37 . 2010-03-11 19:07 -------- d--h--r- c:\documents and settings\Dimitri\Onlangs geopend
2010-03-06 11:33 . 2010-03-06 11:33 388096 ----a-r- c:\documents and settings\Dimitri\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-06 11:33 . 2010-03-06 11:33 -------- d-----w- c:\program files\TrendMicro
2010-02-16 14:58 . 2010-03-11 16:24 -------- d-----w- c:\program files\Runes of Magic
2010-02-13 11:41 . 2010-02-13 11:49 69 ----a-w- c:\documents and settings\Dimitri\jagex_runescape_preferences2.dat
2010-02-13 11:40 . 2010-02-13 11:41 41 ----a-w- c:\documents and settings\Dimitri\jagex_runescape_preferences.dat
2010-02-13 11:40 . 2010-02-13 11:40 -------- d-----w- c:\windows\.jagex_cache_32

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-12 11:56 . 2009-12-14 16:18 -------- d-----w- c:\documents and settings\Dimitri\Application Data\.purple
2010-03-11 16:22 . 2010-02-04 17:22 -------- d-----w- c:\program files\PokerStars
2010-03-08 19:13 . 2010-01-30 15:14 -------- d-----w- c:\program files\Cheat Engine
2010-03-07 16:53 . 2010-02-07 17:08 -------- d-----w- c:\program files\Full Tilt Poker
2010-03-06 22:18 . 2009-02-19 20:08 190160 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-06 22:03 . 2009-02-19 20:09 139456 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-06 21:58 . 2009-02-19 20:09 138056 ----a-w- c:\documents and settings\Dimitri\Application Data\PnkBstrK.sys
2010-03-06 21:58 . 2009-02-19 20:09 138056 ----a-w- c:\documents and settings\Dimitri\Application Data\PnkBstrK.sys
2010-03-06 21:58 . 2010-01-19 19:35 2407792 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-03-06 19:53 . 2009-02-08 12:33 -------- d-----w- c:\documents and settings\Dimitri\Application Data\Orbit
2010-03-06 19:52 . 2008-12-21 14:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-06 19:34 . 2008-12-22 13:02 -------- d-----w- c:\documents and settings\Dimitri\Application Data\DAEMON Tools Lite
2010-03-06 11:44 . 2010-01-21 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-27 17:58 . 2009-12-14 16:24 -------- d-----w- c:\documents and settings\Dimitri\Application Data\gtk-2.0
2010-02-27 14:59 . 2008-12-21 14:52 50056 ----a-w- c:\documents and settings\Dimitri\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-09 16:52 . 2010-02-09 16:52 -------- d-----w- c:\program files\Microsoft.NET
2010-02-07 17:13 . 2010-02-06 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-02-07 16:47 . 2010-02-07 16:47 -------- d-----w- c:\documents and settings\Dimitri\Application Data\Symantec
2010-02-07 16:36 . 2010-02-07 16:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-07 16:34 . 2010-02-07 16:34 -------- d-----w- c:\program files\Norton Ghost
2010-02-07 16:34 . 2010-02-06 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2010-02-07 16:25 . 2010-02-07 16:25 -------- d-----w- c:\program files\Microsoft XNA
2010-02-07 16:23 . 2010-02-06 22:49 -------- d-----w- c:\program files\Electronic Arts
2010-02-07 16:12 . 2010-02-07 16:12 -------- d-----w- c:\program files\Microsoft
2010-02-07 16:12 . 2010-02-06 13:16 -------- d-----w- c:\program files\Windows Live
2010-02-07 16:12 . 2010-02-07 16:12 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-02-06 23:19 . 2010-02-06 23:19 29959 ----a-w- c:\windows\system32\regsv32a.exe
2010-02-06 23:01 . 2010-02-06 23:01 -------- d-----w- c:\program files\microsoft frontpage
2010-02-06 22:49 . 2010-02-06 22:49 -------- d-----w- c:\documents and settings\Dimitri\Application Data\com.raptr.Raptr.848BBC53270CAC248E8FA0F339176201CDEB525F.1
2010-02-06 22:49 . 2010-02-06 22:49 -------- d-----w- c:\documents and settings\Dimitri\Application Data\BitTorrent
2010-02-06 22:49 . 2010-02-06 22:49 -------- d-----w- c:\documents and settings\Dimitri\Application Data\AVS4YOU
2010-02-06 22:49 . 2010-02-06 22:49 -------- d-----w- c:\documents and settings\Dimitri\Application Data\AdobeUM
2010-02-06 22:49 . 2010-02-06 22:49 -------- d-----w- c:\documents and settings\Dimitri\Application Data\.tswebeditor
2010-02-06 22:49 . 2010-02-06 22:49 -------- d-----w- c:\documents and settings\Dimitri\Application Data\fretsonfire
2010-02-06 22:49 . 2010-02-06 22:49 -------- d-----w- c:\documents and settings\Dimitri\Application Data\DAEMON Tools
2010-02-06 22:49 . 2010-02-06 22:49 -------- d-----w- c:\documents and settings\Dimitri\Application Data\Command & Conquer 3 Tiberium Wars
2010-02-06 22:49 . 2010-02-06 22:49 -------- d--h--w- c:\documents and settings\Dimitri\Application Data\ijjigame
2010-02-06 22:48 . 2010-02-03 15:01 -------- d-----w- c:\program files\PokerStars.NET
2010-02-06 22:46 . 2010-02-06 22:30 -------- d-----w- c:\program files\Common Files\Symantec Shared(2)
2010-02-06 20:41 . 2010-02-06 20:41 -------- d-----w- c:\program files\Symantec
2010-02-06 20:39 . 2010-02-06 20:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_GenericMount_01009.Wdf
2010-02-06 20:39 . 2010-02-06 20:39 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-02-02 18:17 . 2008-12-31 16:21 -------- d-----w- c:\program files\Java
2010-02-02 18:00 . 2010-02-02 18:00 3584 ----a-r- c:\documents and settings\Dimitri\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-02-02 18:00 . 2010-02-02 18:00 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-02-02 18:00 . 2010-02-02 18:00 -------- d-----w- c:\program files\MSECACHE
2010-02-02 17:46 . 2009-03-18 20:35 -------- d-----w- c:\program files\Nero 9
2010-02-02 10:06 . 2010-02-02 10:06 0 ----a-w- c:\documents and settings\All Users\Application Data\xml1AD.tmp
2010-02-02 10:06 . 2010-02-02 10:06 0 ----a-w- c:\documents and settings\All Users\Application Data\xml1AC.tmp
2010-02-02 09:21 . 2010-02-02 09:21 0 ----a-w- c:\documents and settings\All Users\Application Data\xml15A.tmp
2010-02-02 09:21 . 2010-02-02 09:21 0 ----a-w- c:\documents and settings\All Users\Application Data\xml159.tmp
2010-02-01 14:59 . 2010-02-01 14:59 -------- d-----w- c:\documents and settings\Dimitri\Application Data\Auslogics
2010-02-01 14:59 . 2010-02-01 14:59 -------- d-----w- c:\program files\Auslogics
2010-02-01 14:45 . 2009-11-02 16:20 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-01 14:10 . 2006-03-02 12:00 94120 ----a-w- c:\windows\system32\perfc013.dat
2010-02-01 14:10 . 2006-03-02 12:00 516012 ----a-w- c:\windows\system32\perfh013.dat
2010-02-01 13:50 . 2010-02-01 13:50 2316 ----a-w- c:\documents and settings\All Users\Application Data\xml1B0.tmp
2010-02-01 13:50 . 2010-02-01 13:50 0 ----a-w- c:\documents and settings\All Users\Application Data\xml1AF.tmp
2010-02-01 13:50 . 2010-02-01 13:50 7734 ----a-w- c:\documents and settings\All Users\Application Data\xml1AE.tmp
2010-02-01 11:52 . 2009-11-24 16:22 79488 ----a-w- c:\documents and settings\Dimitri\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-01 11:46 . 2008-12-21 14:43 19039 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2010-01-26 15:34 . 2009-05-07 16:59 -------- d-----w- c:\program files\Common Files\Real
2010-01-26 15:30 . 2008-12-22 13:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-21 14:46 . 2010-01-21 14:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-19 18:59 . 2009-10-01 16:34 -------- d-----w- c:\program files\Unlocker
2010-01-19 18:58 . 2010-01-19 18:58 -------- d-----w- c:\program files\CCleaner
2010-01-18 18:36 . 2009-11-01 18:52 -------- d-----w- c:\program files\BYOND
2010-01-11 21:17 . 2010-01-11 21:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2009-12-27 18:24 . 2009-12-27 18:24 41472 --sh--r- c:\windows\system32\ikddmch.exe
2009-12-22 15:48 . 2009-12-22 15:48 2145 ----a-w- c:\documents and settings\Dimitri\Application Data\.purple\certificates\x509\tls_peers\ows.messenger.msn.com
2009-12-14 19:28 . 2009-12-14 19:28 6656 ----a-w- c:\windows\system32\haspvdd.dll
2009-12-14 19:28 . 2009-12-14 19:28 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys
2009-12-14 19:28 . 2009-12-14 19:28 383 ----a-w- c:\windows\system32\haspdos.sys
2009-12-14 16:26 . 2009-12-14 16:26 2165 ----a-w- c:\documents and settings\Dimitri\Application Data\.purple\certificates\x509\tls_peers\rsi.hotmail.com
2009-12-14 16:26 . 2009-12-14 16:26 2157 ----a-w- c:\documents and settings\Dimitri\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2009-12-14 16:26 . 2009-12-14 16:26 2095 ----a-w- c:\documents and settings\Dimitri\Application Data\.purple\certificates\x509\tls_peers\login.live.com
2009-12-12 13:26 . 2008-12-22 13:02 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
.

------- Sigcheck -------

[7] 2006-03-02 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2006-03-02 . 6A603809F598332DBEDD535BDBCE313E . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-03-08_19.16.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-12 11:59 . 2010-03-12 11:59 16384 c:\windows\Temp\Perflib_Perfdata_c48.dat
+ 2010-03-12 12:08 . 2010-03-12 12:08 16384 c:\windows\Temp\Perflib_Perfdata_9b0.dat
+ 2010-03-12 12:07 . 2010-03-12 12:07 16384 c:\windows\Temp\Perflib_Perfdata_98.dat
+ 2010-03-12 12:06 . 2010-03-12 12:06 16384 c:\windows\Temp\Perflib_Perfdata_7c8.dat
+ 2010-03-12 11:58 . 2010-03-12 11:58 16384 c:\windows\Temp\Perflib_Perfdata_4f4.dat
+ 2010-03-12 12:07 . 2010-03-12 12:07 16384 c:\windows\Temp\Perflib_Perfdata_4e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"mccydoz"="c:\windows\system32\wmns81ep.exe" [BU]
"qmrcnoj"="c:\windows\system32\3c1t70a.exe" [BU]
"pflgcc8"="c:\windows\system32\1ghm86y.exe" [BU]
"grccs"="c:\windows\system32\60ntdzu.exe" [BU]
"mhni0p"="c:\windows\system32\66c86o8.exe" [BU]
"wndo1"="c:\windows\system32\fqbcxd60f.exe" [BU]
"glwhidt"="c:\windows\system32\0xdnjef.exe" [BU]
"euavw"="c:\windows\system32\z60bhrni.exe" [BU]
"avlmhx"="c:\windows\system32\efk86w81it.exe" [BU]
"gwbmx"="c:\windows\system32\pqlbcxyt.exe" [BU]
"qvrmm"="c:\windows\system32\f0lhcc6oo.exe" [BU]
"gwsxnt"="c:\windows\system32\kvwrx60zfp.exe" [BU]
"bgcss81"="c:\windows\system32\l60nijo8.exe" [BU]
"yuzpv6"="c:\windows\system32\t66k81wh.exe" [BU]
"jzf60"="c:\windows\system32\86a81mx.exe" [BU]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]
"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-12 304640]
"F-Secure Manager"="c:\program files\F-Secure Internet Security\Common\FSM32.EXE" [2008-06-25 182936]
"nwiz"="nwiz.exe" [BU]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"Norton Ghost 15.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2009-10-01 2596712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2006-03-02 12:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
2008-06-25 13:42 957024 ----a-w- c:\program files\F-Secure Internet Security\FSGUI\tnbutil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBB36X Configure]
2006-07-12 09:58 356352 ------r- c:\windows\system32\JMRaidTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jncontmon]
c:\windows\system32\ssjitsys32.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mndpro32]
c:\windows\system32\primndd.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ncstatsc]
c:\windows\system32\lsnccq.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pqezlr32]
c:\windows\system32\eyclcm.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\prodcmmp]
2009-12-27 18:24 41472 --sh--r- c:\windows\system32\ikddmch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qisdrmss]
c:\windows\system32\qodesnaq.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 14:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 03:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\udccndw2]
c:\windows\system32\psiomcp.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VGAUtil]
c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe [BU]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Ubisoft\\Silent Hunter 5\\sh5.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [22/12/2008 14:58 79904]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22/12/2008 14:02 691696]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [23/12/2009 17:42 25634]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure Internet Security\HIPS\drivers\fshs.sys [22/12/2008 14:58 66720]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [24/09/2006 21:22 11776]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [21/12/2008 15:48 22784]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [22/12/2008 14:57 72288]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure Internet Security\ORSP Client\fsorsp.exe [22/12/2008 14:58 55904]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [21/09/2009 20:26 46192]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [21/09/2009 20:19 1964528]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [24/09/2006 21:23 3584]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [21/12/2008 17:37 17149]
S3 GenericMount Helper Service;GenericMount Helper Service;c:\program files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [21/09/2009 20:25 1571336]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe --> c:\program files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [?]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2/03/2006 13:00 5120]
S3 USBTINSP;TI-Nspire(TM) Handheld Device Driver;c:\windows\system32\drivers\tinspusb.sys [21/09/2009 19:36 123392]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys [22/12/2008 14:57 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys [22/12/2008 14:57 25184]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.fatlan.be/
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{A0899BF0-5F7F-4AD8-BB34-E7A7F8C02B63} - {A0899BF0-5F7F-4AD8-BB34-E7A7F8C02B63} -
LSP: c:\program files\F-Secure Internet Security\FSPS\program\FSLSP.DLL
FF - ProfilePath - c:\documents and settings\Dimitri\Application Data\Mozilla\Firefox\Profiles\fow95hof.default\
FF - prefs.js: browser.search.selectedEngine - GoogIe
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://www.theast.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=FTngxkan&q=
FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\documents and settings\Dimitri\Application Data\Mozilla\Firefox\Profiles\fow95hof.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\Dimitri\Application Data\Mozilla\Firefox\Profiles\fow95hof.default\extensions\[email protected]\plugins\npiaplayer.dll
FF - plugin: c:\program files\BYOND\bin\npbyond.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - GoogIe
FF - user.js: keyword.URL - hxxp://www.theast.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=FTngxkan&q=
.
- - - - ORPHANS VERWIJDERD - - - -

BHO-{A0899BF0-5F7F-4AD8-BB34-E7A7F8C02B63} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-gbxny1o - c:\windows\system32\b2s5njef.exe
HKCU-Run-lhcdi81 - c:\windows\system32\te0fvb66s.exe
HKCU-Run-gwwsii - c:\windows\system32\fg70hdyy6k.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-03-12 13:07
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...


c:\windows\TEMP\AVP9.tmp 0 bytes
c:\windows\TEMP\AVPA.tmp 0 bytes

Scan succesvol afgerond
verborgen bestanden: 2

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89DE51F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80fcfc3
\Driver\ACPI -> ACPI.sys @ 0xb7e73cb8
\Driver\atapi -> 0x89de51f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
NDIS: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.SYS @ 0xb7d05ba0
PacketIndicateHandler -> NDIS.SYS @ 0xb7d12b21
SendHandler -> NDIS.SYS @ 0xb7cf087b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1177238915-1682526488-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:e5,1b,a5,cd,d4,2c,37,7d,5d,78,3d,78,99,02,3f,d4,41,4f,08,02,d9,
22,1f,cf,91,a3,18,7b,9c,1e,5b,f1,3d,68,a1,c2,cb,c8,f4,79,ca,04,f5,77,f1,43,\
"rkeysecu"=hex:cc,07,32,4e,98,8d,22,37,eb,a2,f6,c4,70,d9,43,3e
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\CLBCATQ.DLL
c:\program files\F-Secure Internet Security\FWES\Program\fsdc32.dll

- - - - - - - > 'lsass.exe'(820)
c:\program files\F-Secure Internet Security\FSPS\program\FSLSP.DLL
c:\program files\F-Secure Internet Security\FWES\Program\fsdc32.dll

- - - - - - - > 'explorer.exe'(476)
c:\program files\F-Secure Internet Security\Spam Control\fsscoepl.dll
c:\program files\UltraMon\RTSUltraMonHook.dll
c:\windows\system32\msi.dll
c:\program files\UltraMon\Resources\en\RTSUltraMonHookRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'csrss.exe'(740)
c:\program files\F-Secure Internet Security\FWES\Program\fsdc32.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
c:\program files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
c:\program files\F-Secure Internet Security\Common\FSMA32.EXE
c:\program files\F-Secure Internet Security\Common\FSMB32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\F-Secure Internet Security\Common\FCH32.EXE
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\program files\F-Secure Internet Security\Anti-Virus\fsqh.exe
c:\program files\F-Secure Internet Security\Common\FAMEH32.EXE
c:\program files\F-Secure Internet Security\FSPC\fspc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\System32\snmp.exe
c:\program files\F-Secure Internet Security\FSAUA\program\fsaua.exe
c:\program files\F-Secure Internet Security\Anti-Virus\fssm32.exe
c:\program files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
c:\program files\F-Secure Internet Security\FSAUA\program\fsus.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\F-Secure Internet Security\FSGUI\fsguidll.exe
c:\program files\Razer\DeathAdder\razertra.exe
c:\program files\Razer\DeathAdder\razerofa.exe
c:\program files\F-Secure Internet Security\Anti-Virus\fsav32.exe
c:\program files\UltraMon\UltraMonTaskbar.exe
.
**************************************************************************
.
Voltooingstijd: 2010-03-12 13:13:21 - machine werd herstart
ComboFix-quarantined-files.txt 2010-03-12 12:13

Pre-Run: 191.077.003.264 bytes beschikbaar
Post-Run: 191.091.200.000 bytes beschikbaar

- - End Of File - - B225D44A9250E24B276E0B14795A42EA
w

woody600

Legacy Member
HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 13:18:10, on 12/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fatlan.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Norton Ghost 15.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [mccydoz] C:\WINDOWS\system32\wmns81ep.exe
O4 - HKCU\..\Run: [qmrcnoj] C:\WINDOWS\system32\3c1t70a.exe
O4 - HKCU\..\Run: [pflgcc8] C:\WINDOWS\system32\1ghm86y.exe
O4 - HKCU\..\Run: [grccs] C:\WINDOWS\system32\60ntdzu.exe
O4 - HKCU\..\Run: [mhni0p] C:\WINDOWS\system32\66c86o8.exe
O4 - HKCU\..\Run: [wndo1] C:\WINDOWS\system32\fqbcxd60f.exe
O4 - HKCU\..\Run: [glwhidt] C:\WINDOWS\system32\0xdnjef.exe
O4 - HKCU\..\Run: [euavw] C:\WINDOWS\system32\z60bhrni.exe
O4 - HKCU\..\Run: [avlmhx] C:\WINDOWS\system32\efk86w81it.exe
O4 - HKCU\..\Run: [gwbmx] C:\WINDOWS\system32\pqlbcxyt.exe
O4 - HKCU\..\Run: [qvrmm] C:\WINDOWS\system32\f0lhcc6oo.exe
O4 - HKCU\..\Run: [gwsxnt] C:\WINDOWS\system32\kvwrx60zfp.exe
O4 - HKCU\..\Run: [bgcss81] C:\WINDOWS\system32\l60nijo8.exe
O4 - HKCU\..\Run: [yuzpv6] C:\WINDOWS\system32\t66k81wh.exe
O4 - HKCU\..\Run: [jzf60] C:\WINDOWS\system32\86a81mx.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Dimitri\Menu Start\Programma's\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Dimitri\Menu Start\Programma's\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe
O23 - Service: GenericMount Helper Service - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - Unknown owner - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe (file missing)
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

--
End of file - 10737 bytes
J

Juisterr

Legacy Member
Hij wil niet.

Verwiider spybot S&D samen met Teatimer!!

Doe dan dit.

Download OTC.exe (by OldTimer)
  • Plaats het bestand op je bureaublad.
  • Zorg dat er een internetverbinding is.
  • Klik vervolgens met je rechtermuisknop op OTCleanIt.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.
  • Klik nu op de knop "CleanUp!"
  • Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil, mag je dit toestaan, het programma heeft die connectie nodig.
  • OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.

Nota: Het gebruik van OTC.exe zal alle gebruikte tools(inclusief bijbehorende logs en backupmappen) van je computer doen verwijderen.


Download TDSSKiller naar je bureaublad en pak het bestand vervolgens uit

  • Dubbelklik op TDSSKiller.exe om het programma te starten.
  • Wanneer het programma klaar is, zal er een log op de C:\ schijf worden aangemaakt. De bestandsnaam van dat logje begint met TDSSKiller.
  • Post de inhoud van het logje in je volgende bericht.


Download combofix nu opnieuw en doe een nieuwe scan aub.

plaats ook dat logje.
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan