Trojaans paard Win32:TradBHO gevonden en verwijderd door Avast.
Ook had ik last van een antispywareprogram in zowel internetexplorer als firefox
Ik heb combofix van op bureaublad laaten draaien een een log gemaakt van deze als ook een log van hijackthis gemaakt
Kan je deze eens kontroleren A.U.B.
Log van hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 18:13:43, on 18/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [NetLimiter] "C:\Program Files\NetLimiter\NetLimiter.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Log van combofix:
ComboFix 08-02-18.1 - Stefke 2008-02-18 18:02:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.218 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Stefke\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ddayv.dll
C:\Documents and Settings\Stefke\Application Data\inst.exe
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\hfgdocui.dll
C:\WINDOWS\system32\hulqmytv.dll
C:\WINDOWS\system32\iucodgfh.ini
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vyadd.ini2
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))
.
2008-02-18 17:46 . 2008-02-18 17:46 <dir> d--hs---- C:\Documents and Settings\Stefke\Onlangs geopend
2008-02-17 11:15 . 2008-02-17 11:15 <dir> d-------- C:\Program Files\Ahead
2008-02-17 11:15 . 2004-07-20 17:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-02-17 11:15 . 2004-07-20 17:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-02-17 11:15 . 2004-07-20 17:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-02-17 11:15 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-02-17 11:15 . 2004-07-20 17:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-02-17 11:15 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-02-17 11:15 . 2004-03-03 21:30 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-02-17 11:15 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-02-17 11:15 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2008-02-17 11:15 . 2004-03-03 21:30 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-02-15 16:49 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2008-02-15 16:49 . 2007-10-01 16:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-02-06 20:09 . 2002-01-07 12:15 167,936 -ra------ C:\WINDOWS\A4.dll
2008-02-06 20:09 . 2001-10-18 11:01 45,056 -ra------ C:\WINDOWS\GetKey.dll
2008-02-06 20:09 . 2001-03-14 18:07 8,192 --------- C:\WINDOWS\system32\drivers\Artec48.usb
2008-02-06 20:09 . 2002-01-06 04:57 7,168 -ra------ C:\WINDOWS\system32\48UMicro.dll
2008-02-06 19:03 . 2008-02-06 19:09 <dir> d-------- C:\Documents and Settings\Stefke\dwhelper
2008-02-06 18:45 . 2008-02-06 18:45 <dir> d-------- C:\Program Files\Smart PC Solutions
2008-02-03 19:16 . 2008-02-03 19:16 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-03 18:26 . 2008-02-03 18:26 <dir> d-------- C:\Program Files\Java
2008-02-03 18:26 . 2008-02-03 18:26 <dir> d-------- C:\Program Files\Common Files\Java
2008-02-03 18:26 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-03 13:41 . 2008-02-03 13:41 <dir> d-------- C:\Program Files\Common Files\INCA Shared
2008-02-02 15:57 . 2008-02-02 15:57 <dir> d-------- C:\Program Files\Codemasters
2008-02-02 13:45 . 2008-02-02 13:45 <dir> d--h----- C:\WINDOWS\PIF
2008-01-31 19:12 . 2008-01-31 19:15 <dir> d-------- C:\Program Files\Datel
2008-01-31 19:12 . 2002-11-02 09:53 57,344 --a------ C:\WINDOWS\system32\WNASPINT.DLL
2008-01-31 19:11 . 2008-01-31 20:36 <dir> d-------- C:\Program Files\Max Media Creator
2008-01-31 12:13 . 2008-01-31 12:13 <dir> d-------- C:\Documents and Settings\Stefke\Application Data\Mirality Systems
2008-01-31 12:06 . 2008-01-31 12:06 <dir> d-------- C:\Program Files\MAX Codelist Manager
2008-01-29 11:58 . 2008-01-29 11:58 <dir> d-------- C:\Program Files\Microsoft Silverlight
2008-01-29 11:38 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-29 11:38 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-29 11:38 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-28 22:13 . 2008-01-28 22:14 <dir> d-------- C:\Program Files\Windows Live Toolbar
2008-01-28 22:13 . 2008-01-28 22:13 <dir> d-------- C:\Program Files\Windows Live Favorites
2008-01-28 22:08 . 2008-01-28 22:11 <dir> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-28 22:07 . 2008-01-28 22:07 <dir> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 10:15 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-15 15:07 --------- d-----w C:\Documents and Settings\Stefke\Application Data\Vso
2008-02-15 14:58 --------- d-----w C:\Program Files\XoftSpySE
2008-02-15 14:32 15,488 ----a-w C:\WINDOWS\system32\drivers\mpcsys.SYS
2008-02-13 16:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-10 14:34 --------- d-----w C:\Documents and Settings\Stefke\Application Data\CopyToDvd
2008-02-03 17:42 --------- d-----w C:\Program Files\InControl
2008-01-31 20:30 --------- d-----w C:\Program Files\SpeedFan
2008-01-31 18:48 --------- d-----w C:\Documents and Settings\Stefke\Application Data\U3
2008-01-30 19:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-30 19:26 --------- d-----w C:\Program Files\THQ
2008-01-28 21:08 --------- d-----w C:\Program Files\Windows Live
2008-01-28 20:56 --------- d-----w C:\Program Files\MSN Messenger
2008-01-18 08:31 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-11 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-01-10 17:38 --------- d-----w C:\Documents and Settings\Stefke\Application Data\GeoVid
2008-01-10 17:32 --------- d-----w C:\Program Files\VidMorph
2008-01-10 17:32 --------- d-----w C:\Program Files\Common Files\GeoVid
2008-01-09 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-05 16:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-30 11:14 --------- d-----w C:\Program Files\Webroot
2007-12-30 11:14 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot
2007-12-30 11:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2007-12-30 11:13 --------- d-----w C:\Documents and Settings\Stefke\Application Data\Webroot
2007-12-30 11:12 --------- d-----w C:\Program Files\Lavasoft
2007-12-30 11:12 --------- d-----w C:\Documents and Settings\Stefke\Application Data\Lavasoft
2007-12-26 13:24 --------- d-----w C:\Program Files\Common Files\DirectX
2007-12-26 13:16 --------- d-----w C:\Program Files\Enigma Software Productions
2007-12-20 20:47 --------- d-----w C:\Documents and Settings\Stefke\Application Data\Screenshot Sender
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:30 --------- d-----w C:\Documents and Settings\Stefke\Application Data\uTorrent
2007-09-05 16:00 47,360 ----a-w C:\Documents and Settings\Stefke\Application Data\pcouffin.sys
2006-03-14 10:47 30,738 ----a-w C:\WINDOWS\Media\Windows Vista Unofficial Sound Scheme.reg
.
------- Sigcheck -------
"C:\WINDOWS\system32\winlogon.exe"
----a-w 504,832 2006-11-14 16:55:49 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"Gadwin PrintScreen 3.1"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2005-09-27 01:18 1073152]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 11:01 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 13:00 33792 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 13:00 33792 C:\WINDOWS\system32\rundll32.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Telemeter 3.0"="C:\Program Files\Telemeter 3.0\telemeter3.exe" [2007-04-15 23:38 1441792]
"NetLimiter"="C:\Program Files\NetLimiter\NetLimiter.exe" [2007-09-12 20:36 823296]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-07-22 09:28:14 184320]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-20 22:57 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray.exe]
--a------ 2005-05-19 14:47 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleToolbarNotifier.exe]
--a------ 2007-07-29 11:01 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz.exe]
--a------ 2006-04-12 03:39 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\update.exe]
--a-s---- 2006-11-14 20:11 30208 C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe
R0 sojubus;sojubus;C:\WINDOWS\system32\DRIVERS\sojubus.sys [2003-10-05 09:41]
R0 sojuscsi;sojuscsi;C:\WINDOWS\system32\DRIVERS\sojuscsi.sys [2003-09-28 09:57]
R2 CX23880;MSI 8606 Video Capture;C:\WINDOWS\system32\drivers\CX88Vid.SYS [2003-08-28 08:14]
R2 CX88XBAR;MSI 8606 Crossbar;C:\WINDOWS\system32\drivers\CX88XBar.SYS [2003-03-19 06:50]
R2 CXTUNE;MSI 8606 Tuner;C:\WINDOWS\system32\drivers\CX88Tune.SYS [2003-08-21 08:35]
R2 DbgMsg;Debug Message;C:\WINDOWS\System32\Drivers\DbgMsg.sys [2004-07-21 10:38]
S2 nvcap;MSI8928 nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys []
S2 nvTUNEP;MSI8928 nVidia WDM TVTuner;C:\WINDOWS\system32\DRIVERS\nvtunep.sys []
S2 nvtvSND;MSI8928 nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys []
S2 NVXBAR;MSI8928 nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys []
S3 jfdcd;jfdcd;C:\DOCUME~1\Stefke\LOCALS~1\Temp\jfdcd.sys []
S3 MPCSYS;MPCSYS;C:\WINDOWS\System32\Drivers\mpcsys.SYS [2008-02-15 15:32]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c077c356-740e-11db-9672-00138faf94b5}]
\Shell\AutoRun\command - H:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c85cd05a-2d77-11dc-9b10-00138faf94b5}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{21551A31-41DA-E83C-0207-080407040603}]
C:\WINDOWS\system32\explore.exe
.
Inhoud van de 'Gedeelde Taken' map
"2008-02-18 16:38:22 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-18 17:07:11 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-02-09 04:27:33 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 18:07:49
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\NetLimiter\nl_lsp.dll
-> C:\WINDOWS\system32\nl_msgc.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Voltooingstijd: 2008-02-18 18:09:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-18 17:09:46
.
2008-02-13 16:36:27 --- E O F ---
<dir><dir><dir><dir><dir><dir><dir><dir><dir><dir><dir><dir><dir><dir><dir><dir><dir><dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir>
Ook had ik last van een antispywareprogram in zowel internetexplorer als firefox
Ik heb combofix van op bureaublad laaten draaien een een log gemaakt van deze als ook een log van hijackthis gemaakt
Kan je deze eens kontroleren A.U.B.
Log van hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 18:13:43, on 18/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [NetLimiter] "C:\Program Files\NetLimiter\NetLimiter.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Log van combofix:
ComboFix 08-02-18.1 - Stefke 2008-02-18 18:02:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.218 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Stefke\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ddayv.dll
C:\Documents and Settings\Stefke\Application Data\inst.exe
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\hfgdocui.dll
C:\WINDOWS\system32\hulqmytv.dll
C:\WINDOWS\system32\iucodgfh.ini
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vyadd.ini2
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))
.
2008-02-18 17:46 . 2008-02-18 17:46 <dir> d--hs---- C:\Documents and Settings\Stefke\Onlangs geopend
2008-02-17 11:15 . 2008-02-17 11:15 <dir> d-------- C:\Program Files\Ahead
2008-02-17 11:15 . 2004-07-20 17:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-02-17 11:15 . 2004-07-20 17:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-02-17 11:15 . 2004-07-20 17:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-02-17 11:15 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-02-17 11:15 . 2004-07-20 17:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-02-17 11:15 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-02-17 11:15 . 2004-03-03 21:30 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-02-17 11:15 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-02-17 11:15 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2008-02-17 11:15 . 2004-03-03 21:30 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-02-15 16:49 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2008-02-15 16:49 . 2007-10-01 16:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-02-06 20:09 . 2002-01-07 12:15 167,936 -ra------ C:\WINDOWS\A4.dll
2008-02-06 20:09 . 2001-10-18 11:01 45,056 -ra------ C:\WINDOWS\GetKey.dll
2008-02-06 20:09 . 2001-03-14 18:07 8,192 --------- C:\WINDOWS\system32\drivers\Artec48.usb
2008-02-06 20:09 . 2002-01-06 04:57 7,168 -ra------ C:\WINDOWS\system32\48UMicro.dll
2008-02-06 19:03 . 2008-02-06 19:09 <dir> d-------- C:\Documents and Settings\Stefke\dwhelper
2008-02-06 18:45 . 2008-02-06 18:45 <dir> d-------- C:\Program Files\Smart PC Solutions
2008-02-03 19:16 . 2008-02-03 19:16 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-03 18:26 . 2008-02-03 18:26 <dir> d-------- C:\Program Files\Java
2008-02-03 18:26 . 2008-02-03 18:26 <dir> d-------- C:\Program Files\Common Files\Java
2008-02-03 18:26 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-03 13:41 . 2008-02-03 13:41 <dir> d-------- C:\Program Files\Common Files\INCA Shared
2008-02-02 15:57 . 2008-02-02 15:57 <dir> d-------- C:\Program Files\Codemasters
2008-02-02 13:45 . 2008-02-02 13:45 <dir> d--h----- C:\WINDOWS\PIF
2008-01-31 19:12 . 2008-01-31 19:15 <dir> d-------- C:\Program Files\Datel
2008-01-31 19:12 . 2002-11-02 09:53 57,344 --a------ C:\WINDOWS\system32\WNASPINT.DLL
2008-01-31 19:11 . 2008-01-31 20:36 <dir> d-------- C:\Program Files\Max Media Creator
2008-01-31 12:13 . 2008-01-31 12:13 <dir> d-------- C:\Documents and Settings\Stefke\Application Data\Mirality Systems
2008-01-31 12:06 . 2008-01-31 12:06 <dir> d-------- C:\Program Files\MAX Codelist Manager
2008-01-29 11:58 . 2008-01-29 11:58 <dir> d-------- C:\Program Files\Microsoft Silverlight
2008-01-29 11:38 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-29 11:38 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-29 11:38 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-28 22:13 . 2008-01-28 22:14 <dir> d-------- C:\Program Files\Windows Live Toolbar
2008-01-28 22:13 . 2008-01-28 22:13 <dir> d-------- C:\Program Files\Windows Live Favorites
2008-01-28 22:08 . 2008-01-28 22:11 <dir> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-28 22:07 . 2008-01-28 22:07 <dir> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 10:15 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-15 15:07 --------- d-----w C:\Documents and Settings\Stefke\Application Data\Vso
2008-02-15 14:58 --------- d-----w C:\Program Files\XoftSpySE
2008-02-15 14:32 15,488 ----a-w C:\WINDOWS\system32\drivers\mpcsys.SYS
2008-02-13 16:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-10 14:34 --------- d-----w C:\Documents and Settings\Stefke\Application Data\CopyToDvd
2008-02-03 17:42 --------- d-----w C:\Program Files\InControl
2008-01-31 20:30 --------- d-----w C:\Program Files\SpeedFan
2008-01-31 18:48 --------- d-----w C:\Documents and Settings\Stefke\Application Data\U3
2008-01-30 19:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-30 19:26 --------- d-----w C:\Program Files\THQ
2008-01-28 21:08 --------- d-----w C:\Program Files\Windows Live
2008-01-28 20:56 --------- d-----w C:\Program Files\MSN Messenger
2008-01-18 08:31 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-11 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-01-10 17:38 --------- d-----w C:\Documents and Settings\Stefke\Application Data\GeoVid
2008-01-10 17:32 --------- d-----w C:\Program Files\VidMorph
2008-01-10 17:32 --------- d-----w C:\Program Files\Common Files\GeoVid
2008-01-09 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-05 16:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-30 11:14 --------- d-----w C:\Program Files\Webroot
2007-12-30 11:14 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot
2007-12-30 11:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2007-12-30 11:13 --------- d-----w C:\Documents and Settings\Stefke\Application Data\Webroot
2007-12-30 11:12 --------- d-----w C:\Program Files\Lavasoft
2007-12-30 11:12 --------- d-----w C:\Documents and Settings\Stefke\Application Data\Lavasoft
2007-12-26 13:24 --------- d-----w C:\Program Files\Common Files\DirectX
2007-12-26 13:16 --------- d-----w C:\Program Files\Enigma Software Productions
2007-12-20 20:47 --------- d-----w C:\Documents and Settings\Stefke\Application Data\Screenshot Sender
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:30 --------- d-----w C:\Documents and Settings\Stefke\Application Data\uTorrent
2007-09-05 16:00 47,360 ----a-w C:\Documents and Settings\Stefke\Application Data\pcouffin.sys
2006-03-14 10:47 30,738 ----a-w C:\WINDOWS\Media\Windows Vista Unofficial Sound Scheme.reg
.
------- Sigcheck -------
"C:\WINDOWS\system32\winlogon.exe"
----a-w 504,832 2006-11-14 16:55:49 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"Gadwin PrintScreen 3.1"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2005-09-27 01:18 1073152]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 11:01 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 13:00 33792 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 13:00 33792 C:\WINDOWS\system32\rundll32.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Telemeter 3.0"="C:\Program Files\Telemeter 3.0\telemeter3.exe" [2007-04-15 23:38 1441792]
"NetLimiter"="C:\Program Files\NetLimiter\NetLimiter.exe" [2007-09-12 20:36 823296]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-07-22 09:28:14 184320]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-20 22:57 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray.exe]
--a------ 2005-05-19 14:47 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleToolbarNotifier.exe]
--a------ 2007-07-29 11:01 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz.exe]
--a------ 2006-04-12 03:39 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\update.exe]
--a-s---- 2006-11-14 20:11 30208 C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe
R0 sojubus;sojubus;C:\WINDOWS\system32\DRIVERS\sojubus.sys [2003-10-05 09:41]
R0 sojuscsi;sojuscsi;C:\WINDOWS\system32\DRIVERS\sojuscsi.sys [2003-09-28 09:57]
R2 CX23880;MSI 8606 Video Capture;C:\WINDOWS\system32\drivers\CX88Vid.SYS [2003-08-28 08:14]
R2 CX88XBAR;MSI 8606 Crossbar;C:\WINDOWS\system32\drivers\CX88XBar.SYS [2003-03-19 06:50]
R2 CXTUNE;MSI 8606 Tuner;C:\WINDOWS\system32\drivers\CX88Tune.SYS [2003-08-21 08:35]
R2 DbgMsg;Debug Message;C:\WINDOWS\System32\Drivers\DbgMsg.sys [2004-07-21 10:38]
S2 nvcap;MSI8928 nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys []
S2 nvTUNEP;MSI8928 nVidia WDM TVTuner;C:\WINDOWS\system32\DRIVERS\nvtunep.sys []
S2 nvtvSND;MSI8928 nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys []
S2 NVXBAR;MSI8928 nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys []
S3 jfdcd;jfdcd;C:\DOCUME~1\Stefke\LOCALS~1\Temp\jfdcd.sys []
S3 MPCSYS;MPCSYS;C:\WINDOWS\System32\Drivers\mpcsys.SYS [2008-02-15 15:32]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c077c356-740e-11db-9672-00138faf94b5}]
\Shell\AutoRun\command - H:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c85cd05a-2d77-11dc-9b10-00138faf94b5}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{21551A31-41DA-E83C-0207-080407040603}]
C:\WINDOWS\system32\explore.exe
.
Inhoud van de 'Gedeelde Taken' map
"2008-02-18 16:38:22 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-18 17:07:11 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-02-09 04:27:33 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 18:07:49
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\NetLimiter\nl_lsp.dll
-> C:\WINDOWS\system32\nl_msgc.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Voltooingstijd: 2008-02-18 18:09:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-18 17:09:46
.
2008-02-13 16:36:27 --- E O F ---
<dir><dir><dir><dir><dir><dir><dir><dir><dir><dir><dir><dir><dir><dir><dir><dir><dir><dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir></dir>
OK bedankt om even te kijken he