graag eens nazien

Status
Niet open voor verdere reacties.
ciriel

ciriel

ik heb met een virus gezeten en heb deze manueel moeten verwijderen wil je eens nazien of er nog iets moet gefixt worden
o13 gopher prefix ziet er mij verdacht uit
ik heb intussen eens gescand met cwshredder en deze vond dit CWS. msconfig

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:02, on 16/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\xpicleanup.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Eset\nod32kui.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\mdres.exe
C:\Program Files\Eset\nod32.exe
C:\OudeHDD\OudeC\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [mozilla_cleanup] C:\Program Files\Mozilla Firefox\xpicleanup.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 5408 bytes
 
Laatst bewerkt:
Download Combofix naar je Bureaublad.
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!


  • Dubbelklik op Combofix.exe
    Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis log.
 
mijn pc heeft na de scan niet afgesloten
mag of moet ik dit zelf doen

ComboFix 08-01-16.4 - Gebruiker 2008-01-16 20:36:15.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.227 [GMT 1:00]
Gestart vanuit: C:\Users\Gebruiker\Desktop\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Gebruiker\AppData\Roaming\inst.exe
C:\Windows\system32\x64

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-12-16 to 2008-01-16 ))))))))))))))))))))))))))))))
.

2008-01-16 20:34 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-16 19:50 . 2008-01-16 19:50 <dir> d-------- C:\Program Files\Trend Micro
2008-01-14 14:59 . 2008-01-14 14:59 <dir> d-------- C:\Users\Gebruiker\AppData\Roaming\URSoft
2008-01-14 14:59 . 2008-01-14 15:01 <dir> d-------- C:\Program Files\Your Uninstaller 2008
2008-01-09 11:17 . 2008-01-09 11:17 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-09 11:17 . 2008-01-09 11:17 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-09 11:17 . 2008-01-09 11:17 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-09 11:17 . 2008-01-09 11:17 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-09 11:17 . 2008-01-09 11:17 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-09 11:16 . 2008-01-09 11:16 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-09 11:16 . 2008-01-09 11:16 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-09 11:16 . 2008-01-09 11:16 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-09 11:16 . 2008-01-09 11:16 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-09 11:16 . 2008-01-09 11:16 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-09 11:16 . 2008-01-09 11:16 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-09 11:16 . 2008-01-09 11:16 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-09 11:16 . 2008-01-09 11:16 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-09 11:16 . 2008-01-09 11:16 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-01-09 11:15 . 2008-01-09 11:15 11,776 --a------ C:\Windows\System32\sbunattend.exe
2007-12-30 16:04 . 2008-01-06 18:02 <dir> d-------- C:\Users\Gebruiker\deceuninck werkuren
2007-12-28 12:08 . 2007-12-28 12:09 <dir> d-------- C:\Users\Gebruiker\AppData\Roaming\Movienizer
2007-12-25 08:54 . 2007-12-25 08:54 <dir> d-------- C:\Users\Gebruiker\AppData\Roaming\TeamViewer
2007-12-24 11:23 . 2007-12-24 11:24 <dir> d-------- C:\Program Files\SCREEN2EXE

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 09:52 --------- d---a-w C:\ProgramData\TEMP
2008-01-15 13:07 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-01-09 11:35 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 11:35 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 10:16 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-09 10:16 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-09 10:16 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-09 10:16 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-07 20:45 --------- d-----w C:\Program Files\Recuva
2007-12-15 09:31 --------- d-----w C:\Program Files\CCleaner
2007-12-15 08:13 47,360 ----a-w C:\Users\Gebruiker\AppData\Roaming\pcouffin.sys
2007-12-15 08:13 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Vso
2007-12-15 08:13 --------- d-----w C:\Program Files\vso
2007-12-13 14:32 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys
2007-12-12 23:31 --------- d-----w C:\Program Files\Gabest
2007-12-12 09:59 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 09:59 --------- d-----w C:\ProgramData\Microsoft Help
2007-12-12 09:58 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 09:58 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-12 09:58 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 09:57 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 09:57 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 09:57 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-12 09:52 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-12 09:52 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-12 09:52 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-12 09:52 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-12 09:52 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-12 09:52 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-11 10:35 --------- d-----w C:\Users\Gebruiker\AppData\Roaming\Intelore
2007-11-17 07:01 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-14 21:29 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-14 21:29 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-14 21:29 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-14 21:29 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-14 21:29 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-14 21:29 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-14 21:29 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-14 21:29 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-14 21:29 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-14 21:29 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-10-18 08:19 920,088 ----a-w C:\Windows\System32\igxpun.exe
2007-10-18 08:19 170,520 ----a-w C:\Windows\System32\igfxzoom.exe
2007-10-18 08:19 141,848 ----a-w C:\Windows\System32\igfxtray.exe
2007-10-18 08:18 530,968 ----a-w C:\Windows\System32\igfxcfg.exe
2007-10-18 08:18 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe
2007-10-18 08:18 170,520 ----a-w C:\Windows\System32\igfxext.exe
2007-10-18 08:18 166,424 ----a-w C:\Windows\System32\hkcmd.exe
2007-10-18 08:18 133,656 ----a-w C:\Windows\System32\igfxpers.exe
2007-10-18 08:12 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1350.dll
2007-10-18 08:05 2,572,288 ----a-w C:\Windows\System32\igdumd32.dll
2007-10-18 07:59 2,416,640 ----a-w C:\Windows\System32\ig4icd32.dll
2007-10-18 07:59 1,654,784 ----a-w C:\Windows\System32\ig4dev32.dll
2007-10-18 07:52 69,632 ----a-w C:\Windows\System32\oemdspif.dll
2007-10-18 07:52 241,664 ----a-w C:\Windows\System32\igfxTMM.dll
2007-10-18 07:52 204,800 ----a-w C:\Windows\System32\igfxpph.dll
2007-10-18 07:51 48,128 ----a-w C:\Windows\System32\igfxsrvc.dll
2007-10-18 07:51 3,293,184 ----a-w C:\Windows\System32\igfxress.dll
2007-10-18 07:51 24,576 ----a-w C:\Windows\System32\igfxexps.dll
2007-10-18 07:51 200,704 ----a-w C:\Windows\System32\igfxdev.dll
2007-10-18 07:51 135,168 ----a-w C:\Windows\System32\igfxdo.dll
2007-10-18 07:51 102,400 ----a-w C:\Windows\System32\hccutils.dll
2007-08-29 08:43 174 --sha-w C:\Program Files\desktop.ini
2007-05-22 07:36 81,920 ----a-w C:\Users\Gebruiker\AppData\Roaming\ezpinst.exe
2007-09-26 13:14 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-09-26 13:14 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-09-26 13:14 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-09-11 10:40 168 --sh--r C:\Windows\System32\A5000453EA.sys
2007-09-11 10:41 5,018 --sha-w C:\Windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 11:15 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"DLD.EXE"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"mozilla_cleanup"="C:\Program Files\Mozilla Firefox\xpicleanup.exe" [2007-02-21 23:35 73336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-11 09:33 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 18:04 4423680 C:\Windows\RtHDVCpl.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Skytel"="Skytel.exe" [2007-03-16 14:06 1822720 C:\Windows\SkyTel.exe]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45 222208]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-05-19 18:43 949376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-10-18 09:19 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-10-18 09:18 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-10-18 09:18 133656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
C:\Program Files\TrojanHunter 4.7\THGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2001-10-02 00:42 10752 C:\Program Files\Winamp\Winampa.exe

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-09-05 14:43]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\Windows\system32\DRIVERS\atl01_xp.sys [2006-07-28 05:28]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-10-18 09:05]
S3 wrssweep;Webroots Volume Access Driver;C:\Program Files\Webroot\Washer\wrssweep.sys [2007-09-05 14:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecd9c44f-1be3-11dc-a5f4-0017317cfadb}]
\shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 20:39:18
Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-16 20:40:06
ComboFix-quarantined-files.txt 2008-01-16 19:40:04
.
2008-01-16 08:15:53 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42:45, on 16/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\xpicleanup.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Eset\nod32kui.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\mdres.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\xpicleanup.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\System32\rundll32.exe
C:\OudeHDD\OudeC\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 5244 bytes</dir></dir></dir></dir></dir></dir></dir>
 
Laatst bewerkt:
Status
Niet open voor verdere reacties.
Terug
Bovenaan Onderaan