ten einde raad

Status
Niet open voor verdere reacties.
G

gast99

al heel de dag aan het knoeien geweest om die verdomde reclame weg te krijgen,telkens als ik op google kom,mbam al laten scannen en dergelijke dus plaats ik hier een log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:06:18, on 1/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Conceptronic\Utility\WLANmon.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LevelOne\Common\RaUI.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\Pinnacle\Pinnacle PCTV\Vision\Vision.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Filter\server.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Filter\VBI_SE~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Conceptronic Conceptronic 300Mbps Wireless Utility] C:\Program Files\Conceptronic\Utility\WLANmon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [BOC-426] C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Pinnacle Systems - Studio Family.lnk = C:\Program Files\Pinnacle\Studio PCTV\ERegister\Remind32.exe
O4 - Global Startup: LevelOne Wireless Utility.lnk = C:\Program Files\LevelOne\Common\RaUI.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257098625375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257099485906
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Intelligente achtergrondsoverdrachtservice (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: NOD32 Kernel Service (nod32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Automatische updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 4868 bytes
ps alsook kan ik geen update's meer binnenhalen omdat windowsupdate een foutmelding geeft
 
heb Combofix uitgevoerd op eigen risico(dit is toch maar een test pc)

ComboFix 09-10-30.01 - rudy 01/11/2009 23:33.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.992.742 [GMT 1:00]
Gestart vanuit: c:\documents and settings\rudy\Bureaublad\ComboFix.exe
AV: ESET NOD32 antivirus systeem 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Aanwezig AV is actief

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-4209386863-4479522394-190403282-8457
c:\recycler\S-1-5-21-7383374838-2687312226-070271911-9995
c:\recycler\S-1-5-21-9718571608-4877239844-379364774-9898
c:\recycler\S-1-5-21-9844271677-6621224577-941291610-5446

Besmet exemplaar van c:\windows\System32\DRIVERS\atapi.sys werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - Kitty ate it :p
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-10-01 to 2009-11-01 ))))))))))))))))))))))))))))))
.

2009-11-01 19:39 . 2008-03-28 08:16 205560 ----a-w- c:\windows\UNBOC.EXE
2009-11-01 19:39 . 2008-03-28 08:17 212728 ----a-w- c:\windows\CMDLIC.DLL
2009-11-01 19:39 . 2009-11-01 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\BOC426
2009-11-01 19:38 . 2009-11-01 19:38 -------- d-----w- c:\program files\Comodo
2009-11-01 18:33 . 2009-11-01 18:45 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-11-01 17:55 . 2009-11-01 17:55 -------- d-----w- c:\program files\Trend Micro
2009-11-01 12:52 . 2009-11-01 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-01 12:52 . 2009-11-01 19:22 -------- d-----w- c:\documents and settings\rudy\Application Data\SUPERAntiSpyware.com
2009-11-01 12:52 . 2009-11-01 19:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-01 01:06 . 2009-11-01 01:06 -------- d-----w- c:\windows\system32\nl-nl
2009-11-01 00:54 . 2009-11-01 00:54 -------- d-----w- c:\documents and settings\rudy\Application Data\MiniDm
2009-11-01 00:45 . 2009-11-01 01:10 -------- d-----w- c:\documents and settings\rudy\Application Data\IEPro
2009-11-01 00:24 . 2006-08-21 12:28 16896 -c----w- c:\windows\system32\dllcache\fltlib.dll
2009-11-01 00:24 . 2006-08-21 09:14 23040 -c----w- c:\windows\system32\dllcache\fltmc.exe
2009-11-01 00:24 . 2006-08-21 09:14 128896 -c----w- c:\windows\system32\dllcache\fltmgr.sys
2009-10-30 22:15 . 2004-08-04 08:03 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-10-30 22:14 . 2002-01-05 12:40 487424 ------w- c:\windows\system32\MSVCP70.DLL
2009-10-30 22:13 . 2009-10-30 22:13 -------- d--h--r- c:\documents and settings\rudy\Onlangs geopend
2009-10-30 22:12 . 2009-10-30 22:12 -------- d-----w- c:\program files\CCleaner
2009-10-30 22:09 . 2009-11-01 12:48 -------- d-----w- c:\program files\RegVac Registry Cleaner
2009-10-30 21:36 . 2009-10-30 21:36 -------- d-----w- C:\Pinnacle
2009-10-30 20:20 . 2009-11-01 14:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-30 20:20 . 2009-10-30 20:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-30 19:40 . 2009-10-30 19:40 -------- d-----w- c:\documents and settings\rudy\Application Data\Malwarebytes
2009-10-30 19:40 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-30 19:40 . 2009-10-30 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-30 19:40 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-30 19:40 . 2009-10-30 19:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-30 19:08 . 2009-10-30 19:10 19456 ----a-w- C:\ecjew.exe
2009-10-30 18:41 . 2009-10-30 18:41 -------- d-----w- c:\documents and settings\rudy\Local Settings\Application Data\Identities
2009-10-30 18:24 . 2009-10-30 19:08 35840 ----a-w- C:\uipcafn.exe
2009-10-30 18:17 . 2009-10-30 18:17 298104 ----a-w- c:\windows\system32\imon.dll
2009-10-30 18:17 . 2009-10-30 18:17 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2009-10-30 18:17 . 2009-10-30 18:17 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2009-10-30 18:17 . 2009-10-30 19:48 -------- d-----w- c:\program files\ESET
2009-10-30 17:38 . 2009-10-30 17:38 -------- d-----w- c:\program files\SiS7012
2009-10-30 17:37 . 2004-11-03 13:14 267136 ----a-w- c:\windows\system32\drivers\sis7012.sys
2009-10-30 17:21 . 2009-10-30 17:21 -------- d-----w- c:\documents and settings\rudy\Local Settings\Application Data\AskToolbar
2009-10-30 17:06 . 2009-10-30 17:06 -------- d-----w- c:\windows\system32\LogFiles
2009-10-30 17:01 . 2009-10-30 17:01 -------- d-----w- c:\program files\ATI Technologies
2009-10-30 16:54 . 2009-10-30 16:54 34854 ----a-w- c:\windows\system32\uses32.dat
2009-10-30 15:32 . 2009-10-30 15:32 -------- d-----w- C:\hp
2009-10-30 15:31 . 2009-10-30 15:31 -------- d-----w- c:\windows\SiS
2009-10-30 15:31 . 2009-10-30 15:31 -------- d-----w- c:\program files\Intel Desktop Board
2009-10-30 15:31 . 2004-06-18 09:09 155648 ----a-w- c:\windows\system32\TVModeLib.dll
2009-10-30 15:26 . 2009-10-30 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-10-30 15:26 . 2009-10-30 15:26 -------- d-----w- c:\program files\Uniblue
2009-10-30 15:26 . 2009-10-30 15:26 -------- d-----w- c:\documents and settings\rudy\Application Data\Uniblue
2009-10-30 15:24 . 2009-10-30 15:26 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-10-30 15:19 . 2009-10-30 15:19 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-30 15:19 . 2009-10-30 15:19 -------- d-----w- c:\documents and settings\rudy\Application Data\Ashampoo
2009-10-30 15:18 . 2009-10-30 15:18 -------- d-----w- c:\documents and settings\rudy\Local Settings\Application Data\ashampoo
2009-10-30 15:18 . 2009-10-30 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2009-10-30 15:17 . 2009-10-30 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\page
2009-10-30 15:17 . 2009-10-30 15:17 -------- d-----w- c:\program files\Ashampoo
2009-10-30 15:13 . 2004-08-04 06:07 6400 -c--a-w- c:\windows\system32\dllcache\splitter.sys
2009-10-30 15:13 . 2004-08-04 06:07 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-10-30 14:55 . 2002-10-17 14:14 49024 ----a-w- c:\windows\system32\drivers\sisidex.sys
2009-10-30 14:55 . 2002-08-20 16:19 9472 ----a-w- c:\windows\system32\drivers\sisperf.sys
2009-10-30 14:55 . 2002-08-20 13:58 139264 ----a-w- c:\windows\system32\IDEproperty.dll
2009-10-30 14:43 . 2009-10-30 14:43 -------- d-----w- c:\documents and settings\rudy\Application Data\BSplayer PRO
2009-10-30 14:43 . 2009-10-30 14:43 -------- d-----w- c:\program files\Webteh
2009-10-30 14:38 . 2009-10-30 14:38 -------- d-----w- c:\documents and settings\rudy\Application Data\Blitware
2009-10-30 14:16 . 2009-10-30 14:16 -------- d-----w- c:\windows\SiSAGP
2009-10-30 14:16 . 1996-11-05 15:13 299008 ----a-w- c:\windows\uninst.exe
2009-10-30 13:39 . 2009-10-30 13:39 -------- d-----w- c:\documents and settings\LocalService\Menu Start
2009-10-30 13:39 . 2009-11-01 00:56 14648 ----a-w- c:\documents and settings\rudy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-30 13:38 . 2009-10-30 13:40 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-10-30 13:10 . 2009-10-30 13:10 -------- d-----w- c:\windows\peernet
2009-10-30 13:10 . 2009-10-30 13:10 -------- d-----w- c:\windows\provisioning
2009-10-30 13:08 . 2009-10-30 13:08 -------- d-----w- c:\windows\ServicePackFiles
2009-10-30 13:01 . 2009-10-30 13:10 -------- d-----w- c:\windows\EHome
2009-10-30 12:57 . 2004-08-04 00:03 11776 ------w- c:\windows\system32\spnpinst.exe
2009-10-30 12:57 . 2004-08-02 13:20 4569 ------w- c:\windows\system32\secupd.dat
2009-10-30 12:15 . 2006-09-06 16:43 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2009-10-30 12:15 . 2009-11-01 01:04 -------- d--h--w- c:\windows\$hf_mig$
2009-10-30 12:14 . 2009-10-30 12:14 -------- d-----w- c:\windows\system32\bits
2009-10-30 12:14 . 2004-08-04 08:03 351232 ----a-w- c:\windows\system32\winhttp.dll
2009-10-30 12:14 . 2004-08-04 08:03 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2009-10-30 12:14 . 2004-08-04 08:03 8192 ------w- c:\windows\system32\bitsprx2.dll
2009-10-30 12:14 . 2004-08-04 08:03 7168 ------w- c:\windows\system32\bitsprx3.dll
2009-10-30 12:12 . 2008-10-16 13:12 323608 ----a-w- c:\windows\system32\wucltui.dll
2009-10-30 12:12 . 2008-10-16 13:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-10-30 12:12 . 2008-10-16 13:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-10-30 12:12 . 2008-10-16 13:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-10-30 12:12 . 2009-10-30 12:49 -------- d-----w- c:\windows\SDTemp
2009-10-30 12:11 . 2009-10-30 12:11 -------- d-sh--w- c:\documents and settings\rudy\UserData
2009-10-30 12:09 . 2001-08-17 21:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2009-10-30 12:06 . 2004-08-04 07:54 57856 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-10-30 12:06 . 2004-08-04 06:08 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys
2009-10-30 12:06 . 2004-08-04 05:31 32768 ----a-w- c:\windows\system32\drivers\sisnic.sys
2009-10-30 12:06 . 2001-12-26 19:52 27136 -c--a-w- c:\windows\system32\dllcache\sisagp.sys
2009-10-30 12:06 . 2001-12-26 19:52 27136 ----a-w- c:\windows\system32\drivers\SISAGP.SYS
2009-10-30 12:06 . 2004-08-04 08:03 76288 ----a-w- c:\windows\system32\usbui.dll
2009-10-30 12:05 . 2009-10-30 11:19 1536 ----a-w- c:\windows\system32\TrueSoft.dat
2009-10-30 12:05 . 2009-10-30 11:19 456 ----a-w- c:\windows\system32\pthsp.dat
2009-10-30 12:05 . 2001-09-06 21:27 86016 ----a-w- c:\windows\system32\pctspk.exe
2009-10-30 12:05 . 2001-08-17 21:28 64605 ----a-w- c:\windows\system32\drivers\vvoice.sys
2009-10-30 12:05 . 2001-08-17 21:28 397502 ----a-w- c:\windows\system32\drivers\vpctcom.sys
2009-10-30 12:05 . 2001-08-17 21:28 604253 ----a-w- c:\windows\system32\drivers\vmodem.sys
2009-10-30 12:05 . 2001-08-17 21:28 112574 ----a-w- c:\windows\system32\drivers\ptserlp.sys
2009-10-30 12:03 . 2004-08-04 08:03 146944 ----a-w- c:\windows\system\winspool.drv
2009-10-30 12:00 . 2005-11-16 08:55 2048 ----a-w- c:\windows\system32\drivers\rt73.bin
2009-10-30 12:00 . 2005-09-30 15:36 242432 ----a-w- c:\windows\system32\drivers\rt2500usb.SYS
2009-10-30 12:00 . 2005-08-19 21:01 69632 ----a-w- c:\windows\system32\Install7x.dll
2009-10-30 12:00 . 2005-05-17 15:24 311296 ----a-w- c:\windows\system32\AegisI5.exe
2009-10-30 12:00 . 2009-10-30 12:00 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 22:15 . 2009-10-30 22:14 -------- d-----w- c:\program files\Pinnacle
2009-10-30 22:14 . 2009-10-30 11:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-30 15:03 . 2009-10-30 15:03 -------- d-----w- c:\program files\Realtek AC97
2009-10-30 13:41 . 2002-09-11 12:00 53652 ----a-w- c:\windows\system32\perfc013.dat
2009-10-30 13:41 . 2002-09-11 12:00 364644 ----a-w- c:\windows\system32\perfh013.dat
2009-10-30 11:59 . 2009-10-30 11:59 -------- d-----w- c:\program files\LevelOne
2009-10-30 11:59 . 2009-10-30 11:56 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-30 11:57 . 2009-10-30 11:56 -------- d-----w- c:\program files\ANI
2009-10-30 11:56 . 2009-10-30 11:56 -------- d-----w- c:\program files\Conceptronic
2009-10-30 11:46 . 2009-10-30 11:46 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-30 11:20 . 2009-10-30 11:20 -------- d-----w- c:\program files\microsoft frontpage
2009-10-30 11:16 . 2009-10-30 11:16 21748 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Conceptronic Conceptronic 300Mbps Wireless Utility"="c:\program files\Conceptronic\Utility\WLANmon.exe" [2008-02-04 1097728]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-10-30 949376]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"BOC-426"="c:\progra~1\Comodo\CBOClean\BOC426.exe" [2008-04-10 351480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
LevelOne Wireless Utility.lnk - c:\program files\LevelOne\Common\RaUI.exe [2009-10-30 585728]
Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2009-10-30 237568]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [30/10/2009 19:17 15424]
R2 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCore.exe [1/11/2009 20:39 73464]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [30/10/2009 23:15 6400]
R3 sis7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [30/10/2009 18:37 267136]
S1 538c38cd;538c38cd;c:\windows\system32\drivers\538c38cd.sys --> c:\windows\system32\drivers\538c38cd.sys [?]
S1 5543f24;5543f24;c:\windows\system32\drivers\5543f24.sys --> c:\windows\system32\drivers\5543f24.sys [?]
S3 TESTCAP;Studio PCTV (Audio);c:\windows\system32\DRIVERS\PCTVAud.sys --> c:\windows\system32\DRIVERS\PCTVAud.sys [?]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Inhoud van de 'Gedeelde Taken' map
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
LSP: c:\windows\system32\imon.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.
- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-11-01 23:41
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'lsass.exe'(724)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Voltooingstijd: 2009-11-01 23:44
ComboFix-quarantined-files.txt 2009-11-01 22:44

Pre-Run: 12.905.611.264 bytes beschikbaar
Post-Run: 13.319.188.480 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2 (Wat wil dit eigenlijk zeggen)
default=signature(b525b525)disk(1)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
signature(b525b525)disk(1)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

- - End Of File - - 63BF29C2EC04C884E52E45DB9505ED07
 
Laatst bewerkt door een moderator:
combofix heeft ze eruit gehaald,er zat een rootkit in en enkele trojans en dit is de laatste san
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58:57, on 2/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Conceptronic\Utility\WLANmon.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LevelOne\Common\RaUI.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Filter\server.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\20026b2903c08c0ac5bae919ef683ee9\update\update.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Conceptronic Conceptronic 300Mbps Wireless Utility] C:\Program Files\Conceptronic\Utility\WLANmon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Pinnacle Systems - Studio Family.lnk = C:\Program Files\Pinnacle\Studio PCTV\ERegister\Remind32.exe
O4 - Global Startup: LevelOne Wireless Utility.lnk = C:\Program Files\LevelOne\Common\RaUI.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257098625375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257099485906
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: NOD32 Kernel Service (nod32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 4642 bytes
 
Laatst bewerkt door een moderator:
Status
Niet open voor verdere reacties.
Terug
Bovenaan Onderaan