Het is nu do jul 24, 2014 12:40 pm

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles




Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  [ 8 berichten ] 
Auteur Bericht
BerichtGeplaatst: do aug 02, 2007 12:11 am 
Offline
Lid

Geregistreerd: do aug 02, 2007 12:02 am
Berichten: 4
Hallo,

Mijn pc blokeert de laatste tijd nogal veel. Programma's lopen nogal vlug vast, vooral als ik er meerdere open. Hij start ook zeer traag op. Kun je me helpen?

Hier is alvast mijn logfile:

Logfile of HijackThis v1.99.1
Scan saved at 23:59:11, on 1/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\PROGRA~1\IZArc\IZArc.exe
C:\DOCUME~1\Eva\LOCALS~1\Temp\ztv7\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\RunServices: [Windows Workstation Service (32-bits)] wkssvc32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7308613046
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.be/NET/Import/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: TurkSpy For RootKit (GencTurK RootKit) - Unknown owner - c:\system.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: do aug 02, 2007 7:04 pm 
Offline
Site Admin
Avatar gebruiker

Geregistreerd: di mei 10, 2005 8:32 am
Berichten: 18408
Woonplaats: Arnhem
Hoi Eva,

Welkom op Hijackthis.nl :D

<b>1.</b> * Leeg de Cache and Cookies in IE:
  • Sluit Internet Explorer.
  • Ga naar Configuratiescherm > Internet Opties > tab Algemeen
  • Klik de Cookies verwijderen knop
  • Klik op de Bestanden verwijderen knop ernaast
  • Vink aan: Ook alle off line items verwijderen, klik OK
* Leeg de Cache and Cookies in Firefox (In geval Firefox geïnstalleerd is):
  • Ga naar Extra > Opties.
  • Klik Privacy in het menu.
  • Klik op de knop Wissen (Geschiedenis, Cookies, Cache).
  • Klik OK om het venster opnieuw te sluiten.
* Leeg andere Temporary files + Prullenbak
  • Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
  • Laat het je systeem scannen op bestanden die moeten verwijderd worden
  • Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
  • Klik daarna op OK.
<b>2.</b> Download Combofix naar je Bureaublad.
    Dubbelklik Combofix.exe
    Volg de instructies, aanvaard de disclaimer door y of Y te typen.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen. Bewaar dit logje.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

<b>3.</b> Download Dr.Web CureIt naar je bureaublad.
  • Dubbelklik drweb-cureit.exe en sta het toe om de express scan te starten.
  • Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
  • Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen.
  • Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
  • Klik daarna de groene pijl rechts om de scan te starten.
  • Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
  • Nadat de scan gedaan is, in het menu bovenaan, klik File en kies Save report List. Bewaar het op je bureaublad.
  • Sluit daarna Dr.Web Cureit.
  • Herstart je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.

<b>4.</b> Plaats de log van DrWeb in je volgende post samen met een nieuw HijackThis log en het logje van combofix. Vertel daarbij ook welke stappen je wel of niet uit hebt kunnen voeren en of je probleem is opgelost.

Veel succes

Marieke :)


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: vr aug 03, 2007 7:28 pm 
Offline
Lid

Geregistreerd: do aug 02, 2007 12:02 am
Berichten: 4
hallo,

vooraleerst bedankt voor je reply. Ik heb alle stappen uitgevoerd. Ik gebruik wel slimbrowser als mijn internetbrowser. Maakt dit verschil uit?
Ik heb nog niet direct een verschil gemerkt omdat het ook nog wat te vroeg is om dat te merken.

Hier zijn al je gevraagde logfiles:

[u]combofix*:

ComboFix 07-08-03.5 - "Eva" 2007-08-03 17:32:01.3 [GMT 2:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.Waar


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Eva\BUREAU~1.\internet explorer.lnk
C:\DOCUME~1\Eva\BUREAU~1\internet.lnk


((((((((((((((((((((((((( Files Created from 2007-07-03 to 2007-08-03 )))))))))))))))))))))))))))))))


2007-08-03 16:25 <DIR> d-------- C:\DOCUME~1\Eva\DoctorWeb
2007-08-03 16:20 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-03 16:15 <DIR> dr-h----- C:\DOCUME~1\Eva\Onlangs geopend
2007-08-02 21:54 <DIR> d-------- C:\DOCUME~1\Eva\APPLIC~1\Help
2007-07-23 03:48 <DIR> d-------- C:\DOCUME~1\Joris\APPLIC~1\MegauploadToolbar
2007-07-21 10:20 <DIR> d-------- C:\DOCUME~1\Joris\Incomplete
2007-07-20 11:06 <DIR> d-------- C:\WINDOWS\system32\AdCache
2007-07-11 08:30 <DIR> dr-h----- C:\DOCUME~1\Joris\Onlangs geopend


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-03 17:06 --------- d-------- C:\DOCUME~1\Eva\APPLIC~1\Skype
2007-08-03 16:08 --------- d-------- C:\DOCUME~1\Eva\APPLIC~1\SlimBrowser
2007-08-03 13:38 --------- d-------- C:\Program Files\LimeWire
2007-08-03 13:38 --------- d-------- C:\Program Files\Incomplete
2007-07-21 10:03 --------- d-------- C:\Program Files\Hitman Pro
2007-07-11 07:53 --------- d-------- C:\Program Files\Spyware Doctor
2007-07-11 07:23 --------- d-------- C:\Program Files\SpywareBlaster
2007-06-26 17:34 --------- d-------- C:\Program Files\SlimBrowser
2007-05-23 07:29 10 --a------ C:\WINDOWS\smdat32m.sys
2007-05-16 17:19 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 17:19 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 17:19 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 17:19 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 17:19 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 17:19 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-04 14:54 3079680 -----c--- C:\WINDOWS\system32\dllcache\mshtml.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-15 11:42]
"nwiz"="nwiz.exe" [2004-07-15 11:42 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-15 11:42]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-21 09:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-04-15 16:24]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2003-06-26 04:02]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-18 13:40]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-18 13:53]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 19:02]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-07-22 22:36]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-01-29 13:07]
"Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe" [2006-06-22 09:34]
"KAZAA"="C:\Program Files\Kazaa\kazaa.exe" [2007-01-24 16:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2005-11-28 14:43]
"ares"="C:\Program Files\Ares\Ares.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Workstation Service (32-bits)"=wkssvc32.exe

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\GencTurK RootKit]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\anvshell]
anvshell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveNote]
livenote.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
"C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]
C:\Program Files\VVSN\VVSN.exe

R0 sonyhcb;Sony Digital Imaging Base;C:\WINDOWS\system32\DRIVERS\sonyhcb.sys
R1 ANVIOCTL;ANVIOCTL;C:\WINDOWS\system32\DRIVERS\anvioctl.sys
R1 asuskbnt;asuskbnt;C:\WINDOWS\system32\DRIVERS\asuskbnt.sys
R1 IKFileFlt;File Filter Driver;C:\WINDOWS\system32\drivers\ikfileflt.sys
R1 IKFileSec;File Security Driver;C:\WINDOWS\system32\drivers\ikfilesec.sys
R1 IkSysFlt;System Filter Driver;C:\WINDOWS\system32\drivers\iksysflt.sys
R1 IKSysSec;System Security Driver;C:\WINDOWS\system32\drivers\iksyssec.sys
R2 CDRPDACC;Quinnware CDDA Driver (by InfinaDyne);\??\C:\Program Files\Quintessential Player\cdrpdacc.sys
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator;C:\WINDOWS\system32\drivers\nvax.sys
R3 NVENET;NVIDIA nForce Networking Controller Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio;C:\WINDOWS\system32\drivers\nvapu.sys
R3 P1110VID;Creative WebCam NX;C:\WINDOWS\system32\DRIVERS\P1110VID.sys
S2 GencTurK RootKit;TurkSpy For RootKit;c:\system.exe
S3 BrUsbScn;MFC-stuurprogramma van Brother voor USB-scanner;C:\WINDOWS\system32\Drivers\BrUsbScn.sys
S3 Memctl;Memctl;\??\C:\Program Files\ABIT\FlashMenu\Memctl.sys
S3 sonyhcs;Sony Digital Imaging Video;C:\WINDOWS\system32\DRIVERS\sonyhcs.sys
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys
S3 WINFLASH;WINFLASH;\??\C:\Program Files\ABIT\FlashMenu\WinFlash.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-03 17:34:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-03 17:35:13
C:\ComboFix-quarantined-files.txt ... 2007-08-03 17:34

--- E O F ---
_____________________________________________________________

Dr-web:

modem_common.js;C:\Program Files\Belgacom\agentcommon\inc;Probably SCRIPT.Virus;
sma_common.js;C:\Program Files\Belgacom\agentui\snapins\preferences;Probably SCRIPT.Virus;
sprtsync.dll;C:\Program Files\Belgacom\bin;Probably WIN.WORM.Virus;
sprtupdate.dll;C:\Program Files\Belgacom\bin;Probably DLOADER.Trojan;
Preview-T-316328-01 - de dagen van de week _192kbps_ [Special.Edition].wma;C:\Program Files\Incomplete;Trojan.Isbar.389;Deleted.
T-316328-01 - de dagen van de week _192kbps_ [Special.Edition].wma;C:\Program Files\Incomplete;Trojan.Isbar.389;Deleted.
TopSearch.dll;C:\Program Files\Kazaa;Adware.Altnet;
riched20.dll;C:\Program Files\MSN Messenger;Adware.Msearch;
N2PLUGIN.DLL;C:\Program Files\Need2Find\bar\1.bin;Adware.Msearch;
A0010861.DLL;C:\System Volume Information\_restore{59CB53A7-C5FD-4F7E-A379-393133E16E0F}\RP99;Adware.IESearch;
A0010876.dll;C:\System Volume Information\_restore{59CB53A7-C5FD-4F7E-A379-393133E16E0F}\RP99;Adware.Altnet;
A0010877.exe;C:\System Volume Information\_restore{59CB53A7-C5FD-4F7E-A379-393133E16E0F}\RP99;Adware.Altnet;
A0010879.dll;C:\System Volume Information\_restore{59CB53A7-C5FD-4F7E-A379-393133E16E0F}\RP99;Adware.Altnet;
A0010880.dll;C:\System Volume Information\_restore{59CB53A7-C5FD-4F7E-A379-393133E16E0F}\RP99;Adware.Altnet;
A0010881.dll;C:\System Volume Information\_restore{59CB53A7-C5FD-4F7E-A379-393133E16E0F}\RP99;Adware.Altnet;
A0010885.dll;C:\System Volume Information\_restore{59CB53A7-C5FD-4F7E-A379-393133E16E0F}\RP99;Adware.RXToolbar;

_____________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 19:13:24, on 3/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\IZArc\IZArc.exe
C:\DOCUME~1\Eva\LOCALS~1\Temp\ztv7\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\RunServices: [Windows Workstation Service (32-bits)] wkssvc32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7308613046
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.be/NET/Import/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: TurkSpy For RootKit (GencTurK RootKit) - Unknown owner - c:\system.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: za aug 04, 2007 8:38 am 
Offline
Site Admin
Avatar gebruiker

Geregistreerd: di mei 10, 2005 8:32 am
Berichten: 18408
Woonplaats: Arnhem
Hoi Eva,

<b>1.</b> Kun je eerst Hijackthis.exe in een eigen map zetten? Plaats hem bijvoorbeeld in C:\ Program Files\ HJT\
Op deze manier kunnen de backups niet verloren gaan.

<b>2.</b> Schakel NOD32 van Hitmanpro uit en verwijder hem vervolgens via configuratiescherm > software, omdat deze ruzie kan maken met AVG.

<b>3.</b> Verwijder via <i>start > instellingen > configuratiescherm > software</i>, hetvolgende eventueel aanwezige programma:

- <b>Need2Find </b>

<b>4.</b> Herstart de computer

<b>5.</b> Start nu alléén HijackThis op. Klik op <i>Scan</i> en vink ALLEEN de onderstaande, eventueel aanwezige, regels aan:

<b>O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\RunServices: [Windows Workstation Service (32-bits)] wkssvc32.exe
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - </b>

Sluit alle vensters! Klik vervolgens op <i>fix checked</i> en <i>ok</i>.

<b>6.</b> Open Kladblok, kopiëer en plak de volgende vetgedrukte tekst in een leeg venster:
    Driver::
    GencTurK RootKit

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices\Windows Workstation Service (32-bits)]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\GencTurK RootKit]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

Afbeelding

Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

Hoe is het met je problemen?

Marieke


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: di aug 07, 2007 1:10 pm 
Offline
Lid

Geregistreerd: do aug 02, 2007 12:02 am
Berichten: 4
Hallo,

Sorry voor het wat late antwoord. De computer werkt al vlugger en beter.
Ik heb alles kunnen uitvoeren, behalve bij het verwijderen van need2find gaf hij wel foutmelding. Voor de rest is alles gelukt

hier zijn de logfiles:

ComboFix 07-08-03.5 - "Eva" 2007-08-07 12:50:43.4 [GMT 2:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.Waar
Command switches used :: C:\Documents and Settings\Eva\Bureaublad\CFScript.txt
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_GENCTURK_ROOTKIT
-------\GencTurK RootKit


((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))


2007-08-07 12:32 <DIR> d-------- C:\Program Files\hjt
2007-08-03 16:25 <DIR> d-------- C:\DOCUME~1\Eva\DoctorWeb
2007-08-03 16:20 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-03 16:15 <DIR> dr-h----- C:\DOCUME~1\Eva\Onlangs geopend
2007-08-02 21:54 <DIR> d-------- C:\DOCUME~1\Eva\APPLIC~1\Help
2007-07-23 03:48 <DIR> d-------- C:\DOCUME~1\Joris\APPLIC~1\MegauploadToolbar
2007-07-21 10:20 <DIR> d-------- C:\DOCUME~1\Joris\Incomplete
2007-07-20 11:06 <DIR> d-------- C:\WINDOWS\system32\AdCache
2007-07-11 08:30 <DIR> dr-h----- C:\DOCUME~1\Joris\Onlangs geopend


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-07 12:53 --------- d-------- C:\DOCUME~1\Eva\APPLIC~1\SlimBrowser
2007-08-07 12:53 --------- d-------- C:\DOCUME~1\Eva\APPLIC~1\Skype
2007-08-04 22:26 --------- d-------- C:\Program Files\LimeWire
2007-08-04 22:26 --------- d-------- C:\Program Files\Incomplete
2007-07-21 10:03 --------- d-------- C:\Program Files\Hitman Pro
2007-07-11 07:53 --------- d-------- C:\Program Files\Spyware Doctor
2007-07-11 07:23 --------- d-------- C:\Program Files\SpywareBlaster
2007-06-26 17:34 --------- d-------- C:\Program Files\SlimBrowser
2007-05-23 07:29 10 --a------ C:\WINDOWS\smdat32m.sys
2007-05-16 17:19 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 17:19 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 17:19 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 17:19 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 17:19 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 17:19 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-15 11:42]
"nwiz"="nwiz.exe" [2004-07-15 11:42 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-15 11:42]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-21 09:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-04-15 16:24]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2003-06-26 04:02]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-18 13:40]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-18 13:53]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 19:02]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-07-22 22:36]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-01-29 13:07]
"Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe" [2006-06-22 09:34]
"KAZAA"="C:\Program Files\Kazaa\kazaa.exe" [2007-01-24 16:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2005-11-28 14:43]
"ares"="C:\Program Files\Ares\Ares.exe" []

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\anvshell]
anvshell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveNote]
livenote.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
"C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]
C:\Program Files\VVSN\VVSN.exe

R0 sonyhcb;Sony Digital Imaging Base;C:\WINDOWS\system32\DRIVERS\sonyhcb.sys
R1 ANVIOCTL;ANVIOCTL;C:\WINDOWS\system32\DRIVERS\anvioctl.sys
R1 asuskbnt;asuskbnt;C:\WINDOWS\system32\DRIVERS\asuskbnt.sys
R1 IKFileFlt;File Filter Driver;C:\WINDOWS\system32\drivers\ikfileflt.sys
R1 IKFileSec;File Security Driver;C:\WINDOWS\system32\drivers\ikfilesec.sys
R1 IkSysFlt;System Filter Driver;C:\WINDOWS\system32\drivers\iksysflt.sys
R1 IKSysSec;System Security Driver;C:\WINDOWS\system32\drivers\iksyssec.sys
R2 CDRPDACC;Quinnware CDDA Driver (by InfinaDyne);\??\C:\Program Files\Quintessential Player\cdrpdacc.sys
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator;C:\WINDOWS\system32\drivers\nvax.sys
R3 NVENET;NVIDIA nForce Networking Controller Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio;C:\WINDOWS\system32\drivers\nvapu.sys
R3 P1110VID;Creative WebCam NX;C:\WINDOWS\system32\DRIVERS\P1110VID.sys
S3 BrUsbScn;MFC-stuurprogramma van Brother voor USB-scanner;C:\WINDOWS\system32\Drivers\BrUsbScn.sys
S3 Memctl;Memctl;\??\C:\Program Files\ABIT\FlashMenu\Memctl.sys
S3 sonyhcs;Sony Digital Imaging Video;C:\WINDOWS\system32\DRIVERS\sonyhcs.sys
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys
S3 WINFLASH;WINFLASH;\??\C:\Program Files\ABIT\FlashMenu\WinFlash.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 12:55:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-07 12:56:57 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-07 12:56
C:\ComboFix2.txt ... 2007-08-03 17:35

--- E O F ---
_____________________________________________________________


Logfile of HijackThis v1.99.1
Scan saved at 12:58:27, on 7/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\PROGRA~1\IZArc\IZArc.exe
C:\DOCUME~1\Eva\LOCALS~1\Temp\ztv5\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7308613046
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.be/NET/Import/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: wo aug 08, 2007 9:33 pm 
Offline
Site Admin
Avatar gebruiker

Geregistreerd: di mei 10, 2005 8:32 am
Berichten: 18408
Woonplaats: Arnhem
Hoi Eva,

Probeer de volgende mogelijke manieren om de restjjes van New.net te verwijderen, in deze volgorde:

a) Ga naar Configuratiescherm > Software. Kijk of New.net Domains of New.net Application in de softwarelijst staat en, zo ja, deïnstalleer dit.
Staat het niet in de softwarelijst of lukt het deïnstalleren niet, ga dan naar b).

b) Kijk in de map C:\Program Files\NewDotNet of daarin een uninstaller staat. Die uninstaller heet uninstallX_XX.exe (waarbij de X'en staan voor cijfers). Zo ja, dubbelklik daarop om New.net te verwijderen.
Lukt het op deze manier niet, ga dan naar c).

c) Kijk in de map C:\Windows of daarin een uninstaller staat. Die uninstaller heet NDNuninstallx_xx.exe (waarbij de X'en staan voor cijfers). Zo ja, dubbelklik daarop om New.net te verwijderen.
Lukt het op deze manier niet, ga dan naar d).

d) Download deze uninstaller, plaats het op je bureaublad. Dubbelklik op NNuninstall.exe, dat nu op je bureaublad staat, om New.net te verwijderen.

Herstart je computer.

Hoe is het met je problemen?

Marieke


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: vr aug 10, 2007 2:11 pm 
Offline
Lid

Geregistreerd: do aug 02, 2007 12:02 am
Berichten: 4
hallo,

bedankt voor je reply. Ik heb stap d) moeten gebruiken. De vorige lukten niet. Het lijkt er op dat mijn probleem is opgelost. Als je denkt dat er nog enkele dingen uitgevoerd moeten worden, laat het me weten.

Je bent erg bedankt !!!!


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: vr aug 10, 2007 8:24 pm 
Offline
Site Admin
Avatar gebruiker

Geregistreerd: di mei 10, 2005 8:32 am
Berichten: 18408
Woonplaats: Arnhem
Graag gedaan Eva ;)

De gebruikte tooltjes kun je nu verwijderen.

Lees om herhaling te voorkomen deze beveiligingstips nog eens door.

Groetjes Marieke :D


Aangezien dit topic is opgelost, gaat er een slotje op dit topic en wordt het over een paar dagen verplaatst naar de opgelostelogs-sectie.
Mocht je het heropend willen hebben, dan kan je één van de moderators een pbtje sturen met het verzoek hiertoe.


Omhoog
 Profiel  
 
Geef de vorige berichten weer:  Sorteer op  
Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  [ 8 berichten ] 

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles


Wie is er online

Gebruikers op dit forum: Geen geregistreerde gebruikers. en 3 gasten


Je mag geen nieuwe onderwerpen in dit forum plaatsen
Je mag niet antwoorden op een onderwerp in dit forum
Je mag je berichten in dit forum niet wijzigen
Je mag je berichten niet uit dit forum verwijderen
Je mag geen bijlagen toevoegen in dit forum

Ga naar:  
Powered by phpBB® Forum Software © phpBB Group
phpBB.nl Vertaling