Verwijderen iexplore.exe virus / hijack log

**xalice15x** · #1 10 november 2008, 18:14

Hey guys,
Um. Elke keer als ik mijn computer opstart, de Iexplore.exe (In taak kribbe) komt allemaal vanzelf. Ik ben het niet altijd Internet Explorer gebruikt, ik gebruik Firefox. maar dit komt op zijn eigen. Het is ook met de meeste van mijn geheugen. Ik ben ook steeds een miljard popups die ik durf te wedden zijn van deze. wanneer ik einde van het proces het gaat back-up van 3 of 4 keer, dan is het meestal gaat weg na de 5e keer dat ik het einde. maar dit is slechts voor ongeveer 5min dan zijn weer terug. heeft iemand weet whats going on? Ik heb lopen scans met Ad-Aware, Norton, enz., maar ze hebben niets gevonden.
Extra Info:
Ik heb Window's XP
& & Ook zijn er stemmen fcoming van de advertenties. Ik probeerde alles. Thanks in advance ^ __ ^

Ik ben soort van nieuw op dit. Dus erm. Kan iemand mij vertellen hoe te verwijderen? In een eenvoudige manier-ish? = P

Logfile van HijackThis v1.99.1
Scan saved at 6:14:25 PM, op 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Draaiende processen:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ System32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ ehome \ ehtray.exe
C: \ windows \ system \ hpsysdrv.exe
C: \ Program Files \ HP \ Digital Imaging \ Unload \ hpqcmon.exe
C: \ WINDOWS \ System32 \ hphmon05.exe
C: \ HP \ KBD \ KBD.EXE
C: \ WINDOWS \ LTMSG.exe
C: \ Program Files \ Multimedia Card Reader \ shwicon2k.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ WINDOWS \ ALCXMNTR.EXE
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Program Files \ Updates van HP \ 137903 \ Program \ Backweb-137903.exe
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Photodex \ ProShowGold \ ScsiAccess.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ 0LFlxR4x.exe
C: \ Program Files \ Lavasoft \ Ad-Aware SE Professional \ Ad-Aware.exe
C: \ PROGRA ~ 1 \ WinZip \ winzip32.exe
C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ LOCALS ~ 1 \ Temp \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://srch-us10.hpwis.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = localhost
O2 - BHO: (geen naam) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (geen file)
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - (3615EE58-6F38-47BA-9DD9-C99BD611C6A6) - C: \ WINDOWS \ system32 \ efcdbxx.dll (file missing)
O2 - BHO: (geen naam) - (4715C8BC-0204-06D4-0A62-2E00BBB78BBD) - C: \ WINDOWS \ system32 \ izf.dll (bestand ontbreekt)
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ GRA8E1 ~ 1.dll
O2 - BHO: (geen naam) - (843B515A-BBC4-4AF2-916D-69E9F7DD8F9D) - C: \ WINDOWS \ system32 \ vtsqo.dll (bestand ontbreekt)
O2 - BHO: (684a8728-DD11-3ef9-b3e4-ea3410654e7c) - (c7e45601-43ae-4e3b-9fe3-11dd8278a486) - C: \ WINDOWS \ system32 \ ikwijhuy.dll (bestand ontbreekt)
O3 - Toolbar: HP View - (B2847E28-5D7D-4DEB-8B67-05D28BCF79F5) - c: \ Program Files \ HP \ Digital Imaging \ bin \ hpdtlk02.dll
O4 - HKLM \ .. \ Run: [ehTray] C: \ WINDOWS \ ehome \ ehtray.exe
O4 - HKLM \ .. \ Run: [hpsysdrv] c: \ windows \ system \ hpsysdrv.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ System32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [CamMonitor] C: \ Program Files \ HP \ Digital Imaging \ Unload \ hpqcmon.exe
O4 - HKLM \ .. \ Run: [HPHUPD05] C: \ Program Files \ HP \ (45B6180B-DCAB-4093-8EE8-6164457517F0) \ hphupd05.exe
O4 - HKLM \ .. \ Run: [HPHmon05] C: \ WINDOWS \ System32 \ hphmon05.exe
O4 - HKLM \ .. \ Run: [KBD] C: \ HP \ KBD \ KBD.EXE
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [AutoTKit] C: \ HP \ bin \ AUTOTKIT.EXE
O4 - HKLM \ .. \ Run: [Recguard] C: \ WINDOWS \ SMINST \ RECGUARD.EXE
O4 - HKLM \ .. \ Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM \ .. \ Run: [LTMSG] LTMSG.exe 7
O4 - HKLM \ .. \ Run: [PS2] C: \ WINDOWS \ system32 \ ps2.exe
O4 - HKLM \ .. \ Run: [Sunkist2k] C: \ Program Files \ Multimedia Card Reader \ shwicon2k.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
O4 - HKLM \ .. \ Run: [afstandsbediening] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [ATIPTA] C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
O4 - HKLM \ .. \ Run: [Index Washer] "C: \ Program Files \ Webroot \ Washer \ WashIdx.exe" Administrator "
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ Google \ GoogleToolbarNotifier \ 1.2.1128.5462 \ G oogleToolbarNotifier.exe
O4 - HKCU \ .. \ Run: [Window Washer] C: \ Program Files \ Webroot \ Washer \ wwDisp.exe
O4 - HKLM \ .. \ Run: [Index Washer] "C: \ Program Files \ Webroot \ Washer \ WashIdx.exe" Administrator "
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O4 - Global Startup: Quicken Geplande Updates.lnk = C: \ Program Files \ Quicken \ bagent.exe
O4 - Global Startup: Updates van HP.lnk = C: \ Program Files \ Updates van HP \ 137903 \ Program \ Backweb-137903.exe
O8 - Extra context menu item: E & xporteren naar Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' MENUITEM: S & einde aan OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ ONBttnIE.dll
O9 - Extra button: Onderzoek - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ REFIEBAR.DLL
O9 - Extra knop: MusicMatch MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (ontbreekt)
O9 - Extra button: (geen naam) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O11 - Options group: [INTERNATIONAL] International *
O16 - DPF: (67DABFBF-D0AB-41FA-9C46-CC0F21721616) -- http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ GR99D3 ~ 1.dll
O18 - Protocol: ms-help - (314111C7-A502-11D2-BBCA-00C04F8EC294) - C: \ Program Files \ Common Files \ Microsoft Shared \ Help \ hxds.dll
O18 - Filter hijack: text / xml - (807563E5-5146-11D5-A672-00B0D022E945) - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ MICROS ~ 1 \ Office12 \ MSOXMLMF.DL L
O20 - Winlogon Notify: dimsntfy -% SystemRoot% \ System32 \ dimsntfy.dll (bestand ontbreekt)
O20 - Winlogon Notify: efcdbxx - efcdbxx.dll (file missing)
O20 - Winlogon Notify: igfxcui - C: \ WINDOWS \ SYSTEM32 \ igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C: \ WINDOWS \ system32 \ NavLogon.dll
O23 - Service: Adobe LM Service - Onbekende eigenaar - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Onbekende eigenaar - C: \ WINDOWS \ System32 \ Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
O23 - Service: ScsiAccess - Onbekende eigenaar - C: \ Program Files \ Photodex \ ProShowGold \ ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe

**evilfantasy** · #2 10 november 2008, 20:23

Welkom bij CJ.

Gelieve print deze instructies als ze later nodig zullen zijn wanneer Internet toegang is niet beschikbaar.

Downloaden SDFix door AndyManchesta en sla het op uw bureaublad.

Bij gebruik van dit hulpprogramma, moet u gebruik maken van de Beheerder van de rekening of een rekening bij Administratieve rechten

Dubbelklik op SDFix.exe en het zal extract de bestanden naar% systemdrive%
(dit is het station met de Windows-directory, meestal C: \ SDFix).
Gebruik het niet alleen nog.

Herstart uw computer in Veilige modus met behulp van de F8 methode. Om dit te doen, start de computer opnieuw op en na de hoorzitting uw computer pieptoon eenmaal tijdens het opstarten (maar voor het Windows-pictogram), drukt u op de F8-toets herhaaldelijk. Een menu verschijnt met verschillende opties. Gebruik de pijltjestoetsen om te navigeren en selecteert u de optie om Windows in de Veilige modus'.

Open de SDFix map en dubbelklik RunThis.bat om te beginnen met het script.

Type Y om te beginnen met de schoonmaak proces.
Het verwijdert alle Trojan Services of Registry Entries gevonden u gevraagd om aan te dringen op een toets om opnieuw op te starten.
Press any key en het zal opnieuw opstarten van de pc.
Wanneer de pc opnieuw is opgestart, de Fixtool loopt weer en het verwijderen te voltooien vervolgens elkaar AfgewerktDruk op een willekeurige toets om het script en laadt uw bureaublad pictogrammen.
Zodra de bureaubladpictogrammen laadt de SDFix verslag zal openen op het scherm en ook opslaan in de SDFix map als Report.txt.
Kopieer en plak de inhoud van de resultaten bestand Report.txt in je volgende antwoord.

----------

Ook installeert de nieuwe versie van HijackThis en post een nieuwe log van het in de normale modus opstarten na SDFix is voltooid.

Downloaden TrendMicro HijackThis.exe (HJT) naar het bureaublad.

Dubbelklik op HJTInstall.
Klik op de Installeer knop.
Het zal automatisch plaats HJT in C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
Bij het installeren, HijackThis moet open voor je.
Klik op de Doe een systeem scannen en opslaan van een log-bestand knop
HijackThis scant en vervolgens een log zal openen in Kladblok.
Kopieer en plak de volledige inhoud van de log in je post.
Niet hebben HijackThis repareren alles nog. De meeste van wat hij vaststelt zal onschadelijk of zelfs vereist.

**xalice15x** · #3 11 november 2008, 08:55

SDFix Report

SDFix: Version 1.240
Geleid door Administrator op di 11/11/2008 om 08:39

Microsoft Windows XP [Version 5.1.2600]
Running Van: C: \ SDFix

Controle Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooten

Controle Files :

Trojan Files Gevonden:

C: \ Program Files \ nvcoi \ mst.stt - Deleted

Map C: \ Program Files \ nvcoi - Removed
Map C: \ Program Files \ Temporary - Removed
Map C: \ Temp \ sanR24 - Removed

Het verwijderen van tijdelijke bestanden

ADS Check :

Final Check :

CatchMe 0.3.1361.2 W2K/XP/Vista - rootkit / stealth malware detector, Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 08:47:19
Windows 5.1.2600 Service Pack 3 NTFS

het scannen van verborgen processen ...

scanning hidden services & systeemcomponent ...

scanning hidden registry entries ...

het scannen van verborgen bestanden ...

scannen is voltooid
verborgen processen: 0
verborgen diensten: 0
verborgen bestanden: 0

Overige diensten :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ SharedAccess \ Parameters \ firewallpolicy \ standaard profiel \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ systematische M32 \ \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
"C: \ \ Program Files \ \ Updates van HP \ \ 137903 \ \ Program \ \ BackWeb-137903.exe" = "C: \ \ Program Files \ \ Updates van HP \ \ 137903 \ \ Program \ \ BackWeb-137903 . exe: *: Disabled: BackWeb-137903 "
"C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ OUTLOOK.EXE" = "C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ OUTLOOK.EXE: *: Enabled: Microsoft Office Outlook"
"C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" = "C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE: *: Enabled: Microsoft Office Groove"
"C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ OneNote.exe" = "C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ OneNote.exe: *: Enabled: Microsoft Office OneNote"
"C: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "C: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe: *: Enabled : AOL Loader "
"C: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "C: \ \ Program Files \ \ AIM6 \ \ aim6.exe: *: Enabled: AIM"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ SharedAccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ systematische M32 \ \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"

Resterende bestanden :

File Backups: - C: \ SDFix \ backups \ backups.zip

Verborgen bestanden met attributen :

Wo 14 nov 2007 204 A. SHR --- "C: \ BOOT.BAK"
Vr 22 aug 2008 635.848 A.SH. --- "C: \ Program Files \ Internet Explorer \ iexplore.exe"
Don 15 juli 2004 0 A.SH. --- "C: \ WINDOWS \ SMINST \ HPCD.SYS"
Do 10 jan 2008 4.348 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Do 10 jan 2008 401 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv19.bak"
Wo 29 okt 2008 3.442 A.SH. --- "C: \ Documents and Settings \ All Users \ Documents \ Recorded TV \ TempRec \ TempSBE \ SBE3.tmp"

Klaar!

------------------------------------------

HijackThis Log

Logbestand van Trend Micro HijackThis v2.0.2
Scan saved at 8:55:16 AM, op 11/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Draaiende processen:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ System32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Photodex \ ProShowGold \ ScsiAccess.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
C: \ WINDOWS \ ehome \ ehtray.exe
C: \ windows \ system \ hpsysdrv.exe
C: \ Program Files \ HP \ Digital Imaging \ Unload \ hpqcmon.exe
C: \ WINDOWS \ System32 \ hphmon05.exe
C: \ HP \ KBD \ KBD.EXE
C: \ WINDOWS \ LTMSG.exe
C: \ Program Files \ Multimedia Card Reader \ shwicon2k.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe
C: \ WINDOWS \ ALCXMNTR.EXE
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Webroot \ Washer \ wwDisp.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Program Files \ Updates van HP \ 137903 \ Program \ Backweb-137903.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ notepad.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://srch-us10.hpwis.com/
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = ongeveer: blank
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = localhost
O2 - BHO: (geen naam) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (geen file)
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (geen naam) - (4715C8BC-0204-06D4-0A62-2E00BBB78BBD) - C: \ WINDOWS \ system32 \ izf.dll (bestand ontbreekt)
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ GRA8E1 ~ 1.dll
O2 - BHO: (geen naam) - (843B515A-BBC4-4AF2-916D-69E9F7DD8F9D) - C: \ WINDOWS \ system32 \ vtsqo.dll (bestand ontbreekt)
O2 - BHO: (684a8728-DD11-3ef9-b3e4-ea3410654e7c) - (c7e45601-43ae-4e3b-9fe3-11dd8278a486) - C: \ WINDOWS \ system32 \ ikwijhuy.dll (bestand ontbreekt)
O3 - Toolbar: HP View - (B2847E28-5D7D-4DEB-8B67-05D28BCF79F5) - c: \ Program Files \ HP \ Digital Imaging \ bin \ hpdtlk02.dll
O4 - HKLM \ .. \ Run: [ehTray] C: \ WINDOWS \ ehome \ ehtray.exe
O4 - HKLM \ .. \ Run: [hpsysdrv] c: \ windows \ system \ hpsysdrv.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ System32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [CamMonitor] C: \ Program Files \ HP \ Digital Imaging \ Unload \ hpqcmon.exe
O4 - HKLM \ .. \ Run: [HPHUPD05] C: \ Program Files \ HP \ (45B6180B-DCAB-4093-8EE8-6164457517F0) \ hphupd05.exe
O4 - HKLM \ .. \ Run: [HPHmon05] C: \ WINDOWS \ System32 \ hphmon05.exe
O4 - HKLM \ .. \ Run: [KBD] C: \ HP \ KBD \ KBD.EXE
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [AutoTKit] C: \ HP \ bin \ AUTOTKIT.EXE
O4 - HKLM \ .. \ Run: [Recguard] C: \ WINDOWS \ SMINST \ RECGUARD.EXE
O4 - HKLM \ .. \ Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM \ .. \ Run: [LTMSG] LTMSG.exe 7
O4 - HKLM \ .. \ Run: [PS2] C: \ WINDOWS \ system32 \ ps2.exe
O4 - HKLM \ .. \ Run: [Sunkist2k] C: \ Program Files \ Multimedia Card Reader \ shwicon2k.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
O4 - HKLM \ .. \ Run: [afstandsbediening] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [ATIPTA] C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ Google \ GoogleToolbarNotifier \ 1.2.1128.5462 \ G oogleToolbarNotifier.exe
O4 - HKCU \ .. \ Run: [Window Washer] C: \ Program Files \ Webroot \ Washer \ wwDisp.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AdobeUpdater] C: \ Program Files \ Common Files \ Adobe \ Updater5 \ AdobeUpdater.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AdobeUpdater] C: \ Program Files \ Common Files \ Adobe \ Updater5 \ AdobeUpdater.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O4 - Global Startup: Quicken Geplande Updates.lnk = C: \ Program Files \ Quicken \ bagent.exe
O4 - Global Startup: Updates van HP.lnk = C: \ Program Files \ Updates van HP \ 137903 \ Program \ Backweb-137903.exe
O8 - Extra context menu item: E & xporteren naar Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' MENUITEM: S & einde aan OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ ONBttnIE.dll
O9 - Extra button: Onderzoek - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ REFIEBAR.DLL
O9 - Extra knop: MusicMatch MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (ontbreekt)
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (67DABFBF-D0AB-41FA-9C46-CC0F21721616) -- http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ GR99D3 ~ 1.dll
O23 - Service: Adobe LM Service - Onbekende eigenaar - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Onbekende eigenaar - C: \ WINDOWS \ System32 \ Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
O23 - Service: ScsiAccess - Onbekende eigenaar - C: \ Program Files \ Photodex \ ProShowGold \ ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe

--
End of file - 9268 bytes

**evilfantasy** · #4 11 november 2008, 11:07

Downloaden Uitschakelen / Remove Windows Messenger op het bureaublad te verwijderen Windows Messenger.

Niet te verwarren Windows Messenger met MSN Messenger want ze zijn niet hetzelfde. Windows Messenger is een veel voorkomende oorzaak van pop-ups.

Unzip het bestand op het bureaublad. Open de MessengerDisable.exe en kies de onderste vak -- Windows Messenger en klik op Aanvragen.

Afsluiten van MessengerDisable verwijder vervolgens de twee bestanden die zijn gelegd op het bureaublad.

----------

Open HijackThis en selecteer Doe een systeemscan alleen.

Plaats een vinkje naast de volgende items: (indien aanwezig)

- O2 - BHO: (geen naam) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (geen file)
- O2 - BHO: (no name) - (4715C8BC-0204-06D4-0A62-2E00BBB78BBD) - C: \ WINDOWS \ system32 \ izf.dll (file missing)
- O2 - BHO: (no name) - (843B515A-BBC4-4AF2-916D-69E9F7DD8F9D) - C: \ WINDOWS \ system32 \ vtsqo.dll (file missing)
- O2 - BHO: (684a8728-DD11-3ef9-b3e4-ea3410654e7c) - (c7e45601-43ae-4e3b-9fe3-11dd8278a486) - C: \ WINDOWS \ system32 \ ikwijhuy.dll (file missing)
- O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE

Belangrijk: Sluit alle vensters behalve HijackThis en klik op Fix gecontroleerd.

Afsluiten HijackThis.

----------

Opmerking: de onderstaande instructies zijn die speciaal voor deze gebruiker. Als u geen gebruiker, DO NOT Volg deze aanwijzingen als ze kunnen schade toebrengen aan de werking van uw systeem

Ga naar Start> Uitvoeren en type notepad.exe klik op OK

Kopieer en plak de onderstaande in Kladblok en sla op als fixme.reg om Uw Desktop

Code:

REGEDIT4 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Run] "AlcxMonitor" =-

Zoek fixme.reg op uw bureaublad en dubbelklik erop. Antwoord Ja toen gevraagd om te fuseren met de griffie.

Zorg ervoor dat u mij vertellen of u ontvangt een succes bericht over het toevoegen van het bovenstaande tot het register. Als je niet een succes bericht, het werkte niet.

Verwijder de fixme.reg vanaf het bureaublad.

----------

Download ComboFix door subs uit een van de onderstaande links. Wees er zeker boven op te slaan op de Desktop.

Link # 1
Link # 2

** Opmerking: Het is belangrijk dat het is opgeslagen rechtstreeks op uw bureaublad

Sluit alle open web browsers. (Firefox, Internet Explorer, enz.) voordat u begint ComboFix.

Tijdelijk uitschakelen je antivirus, En eventuele antispyware real-time bescherming voordat het uitvoeren van een scan. Klik op deze link om een lijst van programma's die de veiligheid moeten worden uitgeschakeld en het uitschakelen van hen.

Dubbelklik op combofix.exe en volg de instructies.

Voor Windows XP-systemen installeren van de herstelconsole:

- Als u Windows XP gebruikt en niet al de Recovery Console geïnstalleerd, zorg dan dat uw Internet-verbinding actief is (indien mogelijk) en klik op Ja.
- Indien om een of andere reden uw Internet niet werkt klik Nee.
-- Als u Windows XP niet gebruikt, zult u niet worden gevraagd.
- Wanneer u wordt gevraagd om de EULA klik OK.
- Accepteer Microsoft EULA (Klik Ja).
- Als u verteld dat de RC correct is geïnstalleerd klikt u op JA om verder te gaan scannen voor malware.

Wanneer u klaar bent ComboFix zal een log voor je.
Post de ComboFix log in je volgende antwoord.

Belangrijk: Niet muisklik ComboFix het venster terwijl het draait. Dat kan leiden tot stilstand.

Vergeet niet om opnieuw inschakelen van uw antivirus-en antispyware-bescherming wanneer ComboFix is voltooid.

Ook laat het me weten hoe de computer nu.

**xalice15x** · #5 11 november 2008, 11:55

ComboFix log

ComboFix 08-11-10.01 - Administrator 2008-11-11 11:39:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.176 [GMT -7:00]
Running from: C: \ Documents and Settings \ Administrator \ Desktop \ ComboFix.exe
* Gemaakt van een nieuw herstelpunt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

c: \ Documents and Settings \ Administrator \ Mijn documenten \ TSKS ~ 1
c: \ program files \ common files \ racle ~ 1
c: \ program files \ stem32 ~ 1
c: \ program files \ wnsxs ~ 1
c: \ windows \ BMf3ec611b.txt
c: \ windows \ system32 \0LFlxR4x.exe.a_a
c: \ windows \ system32 \ epljwqgq.ini
c: \ windows \ system32 \ fj8wNOvc.exe.a_a
c: \ windows \ system32 \ icidbcft.ini
c: \ windows \ system32 \ iDlo01
c: \ windows \ system32 \ jrjvfibu.ini
c: \ windows \ system32 \ jryeuaqx.ini
c: \ windows \ system32 \ mcrh.tmp
c: \ windows \ system32 \ MSINET.oca
c: \ windows \ system32 \ mvmqocpc.ini
c: \ windows \ system32 \ oqstv.ini
c: \ windows \ system32 \ oqstv.ini2
D: \ Autorun.inf

.
((((((((((((((((((((((((( Bestanden Gemaakt van 2008-10-11 tot 2008-11-11 ))))))))))) ))))))))))))))))))))
.

2008-11-11 08:54. 2008-11-11 08:54 <DIR> d -------- c: \ program files \ Trend Micro
2008-11-11 08:38. 2008-11-11 08:38 578.560 - a - c --- c: \ windows \ system32 \ dllcache \ user32.dll
2008-11-11 08:29. 2008-11-11 08:29 <DIR> d -------- c: \ windows \ ERUNT
2008-11-11 08:23. 2008-11-11 08:51 <DIR> d -------- C: \ SDFix
2008-11-02 09:12. 2008-11-10 14:10 41.474 - a ------ c: \ windows \ system32 \0LFlxR4x.exe_
2008-11-02 09:12. 2008-11-11 09:12 40.450 - a ------ c: \ windows \ system32 \0LFlxR4x.exe
2008-10-31 18:00. 2008-10-31 18:00 <DIR> d -------- C: \ Documents and Settings \ NetworkService \ Application Data \ Yahoo!
2008-10-31 16:40. 2008-10-31 16:40 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Yahoo!
2008-10-31 16:39. 2008-11-10 17:27 <DIR> d -------- c: \ program files \ Yahoo!
2008-10-29 17:23. 2008-10-29 17:23 <DIR> d -------- c: \ windows \ system32 \ CatRoot_bak
2008-10-29 17:23. 2008-09-08 03:41 333.824 ----- c --- c: \ windows \ system32 \ dllcache \ Srv.sys
2008-10-29 17:23. 2008-06-13 04:05 272.128 ----- c --- c: \ windows \ system32 \ dllcache \ Bthport.sys
2008-10-29 17:23. 2008-08-14 03:04 138.496 ----- c --- c: \ windows \ system32 \ dllcache \ Afd.sys
2008-10-29 17:22. 2008-08-14 03:11 2.189.184 ----- c --- c: \ windows \ system32 \ dllcache \ ntoskrnl.exe
2008-10-29 17:22. 2008-08-14 03:09 2.145.280 ----- c --- c: \ windows \ system32 \ dllcache \ Ntkrnlmp.exe
2008-10-29 17:22. 2008-08-14 02:33 2.066.048 ----- c --- c: \ windows \ system32 \ dllcache \ ntkrnlpa.exe
2008-10-29 17:22. 2008-08-14 02:33 2.023.936 ----- c --- c: \ windows \ system32 \ dllcache \ Ntkrpamp.exe
2008-10-29 17:22. 2008-09-15 05:12 1.846.400 ----- c --- c: \ windows \ system32 \ dllcache \ win32k.sys
2008-10-29 17:22. 2008-04-11 12:04 691.712 ----- c --- c: \ windows \ system32 \ dllcache \ inetcomm.dll
2008-10-29 17:22. 2008-05-08 07:02 203.136 ----- c --- c: \ windows \ system32 \ dllcache \ Rmcast.sys
2008-10-28 18:39. 2008-10-28 18:39 10 - a ------ c: \ windows \ Wininit.ini
2008-10-23 14:45. 2008-10-15 09:34 337.408 ----- c --- c: \ windows \ system32 \ dllcache \ Netapi32.dll
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- c: \ windows \ system32 \ scripting
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- c: \ windows \ system32 \ nl
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- c: \ windows \ system32 \ bits
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- c: \ windows \ l2schemas
2008-10-15 18:23. 2007-06-13 03:23 1.033.216 - a ------ c: \ windows \ SET25A.tmp
2008-10-15 18:22. 2008-08-14 03:09 2.145.280 - a ------ c: \ windows \ system32 \ ntoskrnl.exe
2008-10-15 16:09. 2008-10-15 16:09 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Motive
2008-10-12 17:26. 2008-10-12 17:25 30.272 - a ------ c: \ windows \ system32 \ fj8wNOvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 18:38 --------- d ----- wc: \ program files \ Symantec AntiVirus
2008-11-10 22:05 --------- d ----- wc: \ program files \ DivX
2008-11-10 22:03 --------- d ----- wc: \ Program Files \ Java
2008-11-10 01:37 --------- d ----- wc: \ program files \ Microsoft Plus! Digital Media Edition
2008-11-10 01:35 --------- d ----- wc: \ Program Files \ Microsoft Works
2008-11-08 02:37 90.112 ---- aw c: \ windows \ DUMP3a98.tmp
2008-11-08 01:26 30 ---- aw C: \ Documents and Settings \ Administrator \ jagex_runescape_preferences. DAT
2008-10-29 22:21 77.824 ---- aw c: \ windows \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ FDIWrapper.dll
2008-10-29 22:21 69.632 ---- aw c: \ windows \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ msxmlwrapper.dll
2008-10-29 22:21 5.632 ---- aw c: \ windows \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ GUI.dll
2008-10-29 22:21 49.152 ---- aw c: \ windows \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ PCHI18N.dll
2008-10-29 22:21 32.768 ---- aw c: \ windows \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ pchapi.dll
2008-10-29 22:21 26.572 ---- aw c: \ windows \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ INV16.dll
2008-10-29 22:21 213.089 ---- aw c: \ windows \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ motive.zip
2008-10-29 22:21 139.264 ---- aw c: \ windows \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ ContentUpdater.exe
2008-10-29 22:21 114.688 ---- aw c: \ windows \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ ZipLib.dll
2008-10-29 22:21 114.688 ---- aw c: \ windows \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ asst_ui.dll
2008-10-29 22:11 --------- d - h - wc: \ program files \ InstallShield Installation Information
2008-10-29 22:11 --------- d ----- wc: \ program files \ ATI Technologies
2008-10-25 01:16 --------- d ----- wc: \ Documents and Settings \ Administrator \ Application Data \ Move Networks
2008-10-16 22:05 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ Viewpoint
2008-10-16 01:06 --------- d ----- wc: \ program files \ Google
2008-09-28 22:59 --------- d ----- wc: \ program files \ common files \ AOL
2008-09-22 21:29 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ AOL OCP
2008-09-22 21:29 --------- ----- wc: \ documents and settings d \ Administrator \ Application Data \ acccore
2008-09-22 21:27 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ AOL
2008-09-17 01:24 --------- d ----- wc: \ Documents and Settings \ Administrator \ Application Data \ Vso
2008-09-15 12:12 1,846,400 ---- aw c: \ windows \ system32 \ Win32k.sys
2008-08-26 07:24 826.368 ---- aw c: \ windows \ system32 \ wininet.dll
2008-08-14 09:33 2.023.936 ---- aw c: \ windows \ system32 \ ntkrnlpa.exe
2007-12-28 00:53 79.738 ---- aw C: \ Documents and Settings \ Fonts \ broken_ghost.zip
2007-11-23 01:25 81.920 ---- aw C: \ Documents and Settings \ Administrator \ Application Data \ ezpinst.exe
2007-11-23 01:25 47.360 ---- aw C: \ Documents and Settings \ Administrator \ Application Data \ pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries worden niet weergegeven
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "c: \ windows \ system32 \ Ctfmon.exe" [2008-04-13 15360]
"Window Washer" = "c: \ program files \ Webroot \ Washer \ wwDisp.exe" [2005-03-08 910336]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"IgfxTray" = "c: \ windows \ htpatch.exe" [2004-08-04 50176]
"NvCplDaemon" = "c: \ windows \ system \ hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds" = "C: \ WINDOWS \ System32 \ hkcmd.exe" [2003-10-02 118784]
"CamMonitor" = "c: \ program files \ HP \ Digital Imaging \ Unload \ hpqcmon.exe" [2002-10-07 90112]
"HPHmon05" = "c: \ windows \ system32 \ hphmon05.exe" [2003-05-23 483328]
"KBD" = "c: \ hp \ KBD \ KBD.EXE" [2003-02-11 61440]
"NvMediaCenter" = "C: \ Program Files \ Common Files \ \ jusched.exe" [2003-12-17 151597]
"OsCheck" = "c: \ windows \ SMINST \ NvStartup" [2002-09-13 212992]
"PS2" = "c: \ windows \ system32 \ ps2.exe" [2002-10-16 81920]
"Sunkist2k" = "c: \ program files \ Multimedia Card Reader \ shwicon2k.exe" [2003-08-14 139264]
"ccApp" = "c: \ program files \ common files \ Symantec Shared \ ccApp.exe" [2005-06-02 48752]
"vptray" = "C: \ PROGRA ~ 1 \ SYMNET ~ 1 \ SNDMon.exe / Consumer" [2005-06-23 85696]
"SunJavaUpdateSched" = "c: \ program files \ CyberLink \ TeaTimer.exe" [2004-11-02 32768]
"NeroFilterCheck" = "c: \ windows \ system32 \ NeroCheck.e xe" [2001-07-09 155648]
"GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2007-10-10 39792]
"ATIModeChange" = "Ati2mdxx.exe" [2001-09-05 c: \ windows \ system32 \ Ati2mdxx.exe]
"LTMSG" = "nwiz.exe / install" [2003-07-14 c: \ windows \ nwiz.exe / install]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AdobeUpdater" = "C: \ Program Files \ Common Files \ Adobe \ Updater5 \ AdobeUpdater.exe" [2007-03-01 2321600]

c: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Adobe Gamma Loader.lnk - C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe [2007-11-22 113664]
HP Digital Imaging Monitor.lnk - c: \ program files \ HP \ Digital Imaging \ bin \ hpqtra08.exe [2003-09-16 237568]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"c: \ \ Program Files \ \ Updates van HP \ \ 137903 \ \ Program Files \ \ BackWeb-137903.exe" =
"c: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ Outlook.exe" =
"c: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" =
"c: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ ONENOTE.EXE" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =

R2 CX88XBAR; Conexant 2388x Crossbar Dual Input; c: \ windows \ system32 \ drivers \ CX88XBARDUAL.sys [2003-12-10 7040]

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ explorer \ mountpoints2 \ D]
\ Shell \ AutoRun \ command - D: \ Info.exe Folder.htt 480 480

* Newly Created Service * - PROCEXP90
.
Inhoud van de 'Geplande taken' map

2008-10-30 c: \ windows \ Tasks \ At1.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-11-11 c: \ windows \ Tasks \ At10.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-11-02 c: \ windows \ Tasks \ At100.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-02 c: \ windows \ Tasks \ At101.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-02 c: \ windows \ Tasks \ At102.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-02 c: \ windows \ Tasks \ At103.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-02 c: \ windows \ Tasks \ At104.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-02 c: \ windows \ Tasks \ At105.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-11 c: \ windows \ Tasks \ At106.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-11 c: \ windows \ Tasks \ At107.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-09 c: \ windows \ Tasks \ At108.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-09 c: \ windows \ Tasks \ At109.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-11 c: \ windows \ Tasks \ At11.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-11-09 c: \ windows \ Tasks \ At110.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-10 c: \ windows \ Tasks \ At111.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-10 c: \ windows \ Tasks \ At112.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-06 c: \ windows \ Tasks \ At113.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-09 c: \ windows \ Tasks \ At114.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-11 c: \ windows \ Tasks \ At115.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-11 c: \ windows \ Tasks \ At116.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-09 c: \ windows \ Tasks \ At117.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-02 c: \ windows \ Tasks \ At118.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-02 c: \ windows \ Tasks \ At119.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-09 c: \ windows \ Tasks \ At12.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-11-02 c: \ windows \ Tasks \ At120.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-09 c: \ windows \ Tasks \ At13.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-11-09 c: \ windows \ Tasks \ At14.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-11-10 c: \ windows \ Tasks \ At15.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-11-10 c: \ windows \ Tasks \ At16.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-11-06 c: \ windows \ Tasks \ At17.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-11-09 c: \ windows \ Tasks \ At18.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-11-11 c: \ windows \ Tasks \ At19.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-10-30 c: \ windows \ Tasks \ At2.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-11-11 c: \ windows \ Tasks \ At20.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-11-09 c: \ windows \ Tasks \ At21.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-10-30 c: \ windows \ Tasks \ At22.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-10-30 c: \ windows \ Tasks \ At23.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-10-30 c: \ windows \ Tasks \ At24.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-10-30 c: \ windows \ Tasks \ At3.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-10-30 c: \ windows \ Tasks \ At4.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-10-30 c: \ windows \ Tasks \ At5.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-10-30 c: \ windows \ Tasks \ At6.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-10-31 c: \ windows \ Tasks \ At7.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-10-30 c: \ windows \ Tasks \ At8.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-11-01 c: \ windows \ Tasks \ At9.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-11-02 c: \ windows \ Tasks \ At97.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-02 c: \ windows \ Tasks \ At98.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-02 c: \ windows \ Tasks \ At99.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]
.
- - - - WEZEN REMOVED - - - --

HKCU-Run-SWG - c: \ program files \ Google \ GoogleToolbarNotifier \ 1.2.1128.5462 \ G oogleToolbarNotifier.exe
HKCU-Run-RecordNow! - (No file)
HKLM-Run-HPHUPD05 - c: \ program files \ HP \ (45B6180B-DCAB-4093-8EE8-6164457517F0) \ hphupd05.exe
HKLM-Run-AutoTKit - c: \ hp \ bin \ AUTOTKIT.EXE
HKLM-Run-SunJavaUpdateSched - c: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe
HKLM-Run-SunJavaUpdateSched - c: \ program files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe

.
------- Bijkomende Scan -------
.
FireFox -: Profile - C: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ Firefox \ Profiles \0rews22y.default \
FireFox -: prefs.js - STARTUP.HOMEPAGE - over: blank
FF -: plugin - c: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ Firefox \ Profiles \0rews22y.default \ extensions \ moveplayer @ movenetworks. com \ platform \ WINNT_x86-MSVC \ Plugins \ npmnqmp07076007.dll
FF -: plugin - c: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ Plugins \ npPxPlay.dll
FF -: plugin - c: \ program files \ Mozilla Firefox \ plugins \ npmozax.dll
FF -: plugin - c: \ program files \ Mozilla Firefox \ plugins \ npsnapfish.dll
FF -: plugin - c: \ program files \ Real \ RealOne Player \ Netscape6 \ nppl3260.dll
FF -: plugin - c: \ program files \ Real \ RealOne Player \ Netscape6 \ nprjplug.dll
FF -: plugin - c: \ program files \ Real \ RealOne Player \ Netscape6 \ nprpjplug.dll
.

************************************************** ************************

CatchMe 0.3.1367 W2K/XP/Vista - rootkit / stealth malware detector, Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 11:44:13
Windows 5.1.2600 Service Pack 3 NTFS

het scannen van verborgen processen ...

het scannen van verborgen autostart items ...

het scannen van verborgen bestanden ...

************************************************** ************************
.
Voltooingstijd: 2008-11-11 11:47:43
ComboFix-quarantined-files.txt 2008-11-11 18:46:39

Pre-Run: 89004101632 bytes vrij
Post-Run: 89081098240 bytes vrij

272 --- EOF --- 2008-10-30 03:01:59

~ ~
Tot nu toe iexplore.exe hasnt uitgeklapt ^ _ ^
Is er toch om ervoor te zorgen dat het is gegaan?
& & Is het goed als ik verwijder de dingen die ik download?

**evilfantasy** · #6 11 november 2008, 12:04

We zullen alles schoon voordat we klaar. Er is nog meer te doen maar ik moet draaien voor een tijdje. Be back later.

**xalice15x** · #7 11 november 2008, 12:19

Meer stappen? Ik dacht dat we klaar waren D:
Snelle vraag; Is een van deze naar de programma's die zijn geïnstalleerd in mijn computer beïnvloeden?
Alrightie, ik moet gaan voor een beetje ook xP

**xalice15x** · #8 11 november 2008, 13:07

iexplore.exe is nog steeds hier; -;

**evilfantasy** · #9 11 november 2008, 16:28

Nee we niet gedaan. Ik geef het al duidelijk wanneer het voorbij is

Opmerking: de onderstaande instructies zijn die speciaal voor deze gebruiker. Als u geen gebruiker, DO NOT Volg deze aanwijzingen als ze kunnen schade toebrengen aan de werking van uw systeem

Verwijder deze bestanden / mappen, als volgt:

1. Ga naar Start > Rennen > Type Notepad.exe en klik op OK Kladblok te openen.
Het moet worden Kladblok, Wordpad niet.
2. Kopieer de tekst in de onderstaande code vak door alle tekst en drukken Ctrl + C

Code:

3. Ga naar het Kladblok-venster en klik op Bewerken > Plakken
4. Klik vervolgens op Bestand > Redden
5. Geef het bestand de naam CFScript.txt - Sla het bestand op uw bureaublad
6. Vervolgens sleept u de CFScript (houd de linker muisknop te slepen, terwijl het bestand) en de daling van het (laat de linker muisknop) in ComboFix.exe zoals je kunt zien in het screenshot hieronder. Belangrijk: Voer deze instructie zorgvuldig!

ComboFix zal beginnen uit te voeren, volg de instructies.
Na een reboot (in geval er gevraagd om opnieuw op te starten), zal een log voor je.
Post dat log (Combofix.txt) in je volgende antwoord.

Opmerking: Niet muisklik ComboFix het venster terwijl het draait. Dat kan ertoe leiden dat uw systeem te bevriezen

**xalice15x** · #10 11 november 2008, 17:36

Oke ^ __ ^

Combofix Aanmelden

ComboFix 08-11-10.01 - Administrator 2008-11-11 17:21:42.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.153 [GMT -7:00]
Running from: C: \ Documents and Settings \ Administrator \ Desktop \ ComboFix.exe
Command switches used:: c: \ Documents and Settings \ Administrator \ Desktop \ CFScript.txt
* Gemaakt van een nieuw herstelpunt

FILE:
c: \ windows \ SET25A.tmp
c: \ windows \ system32 \0LFlxR4x.exe
c: \ windows \ system32 \0LFlxR4x.exe_
c: \ windows \ system32 \ fj8wNOvc.exe
c: \ windows \ Opdrachten \ At1.job
c: \ windows \ Tasks \ At10.job
c: \ windows \ Tasks \ At100.job
c: \ windows \ Tasks \ At101.job
c: \ windows \ Tasks \ At102.job
c: \ windows \ Tasks \ At103.job
c: \ windows \ Tasks \ At104.job
c: \ windows \ Tasks \ At105.job
c: \ windows \ Tasks \ At106.job
c: \ windows \ Tasks \ At107.job
c: \ windows \ Tasks \ At108.job
c: \ windows \ Tasks \ At109.job
c: \ windows \ Tasks \ At11.job
c: \ windows \ Tasks \ At110.job
c: \ windows \ Tasks \ At111.job
c: \ windows \ Tasks \ At112.job
c: \ windows \ Tasks \ At113.job
c: \ windows \ Tasks \ At114.job
c: \ windows \ Tasks \ At115.job
c: \ windows \ Tasks \ At116.job
c: \ windows \ Tasks \ At117.job
c: \ windows \ Tasks \ At118.job
c: \ windows \ Tasks \ At119.job
c: \ windows \ Tasks \ At12.job
c: \ windows \ Tasks \ At120.job
c: \ windows \ Tasks \ At13.job
c: \ windows \ Tasks \ At14.job
c: \ windows \ Tasks \ At15.job
c: \ windows \ Tasks \ At16.job
c: \ windows \ Tasks \ At17.job
c: \ windows \ Tasks \ At18.job
c: \ windows \ Tasks \ At19.job
c: \ windows \ Tasks \ At2.job
c: \ windows \ Tasks \ At20.job
c: \ windows \ Tasks \ At21.job
c: \ windows \ Tasks \ At22.job
c: \ windows \ Tasks \ At23.job
c: \ windows \ Tasks \ At24.job
c: \ windows \ Tasks \ At3.job
c: \ windows \ Tasks \ At4.job
c: \ windows \ Tasks \ At5.job
c: \ windows \ Tasks \ At6.job
c: \ windows \ Tasks \ At7.job
c: \ windows \ Tasks \ At8.job
c: \ windows \ Tasks \ At9.job
c: \ windows \ Tasks \ At97.job
c: \ windows \ Tasks \ At98.job
c: \ windows \ Tasks \ At99.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

c: \ windows \ SET25A.tmp
c: \ windows \ system32 \0LFlxR4x.exe
c: \ windows \ system32 \0LFlxR4x.exe.a_a
c: \ windows \ system32 \ fj8wNOvc.exe
c: \ windows \ Opdrachten \ At1.job
c: \ windows \ Tasks \ At10.job
c: \ windows \ Tasks \ At100.job
c: \ windows \ Tasks \ At101.job
c: \ windows \ Tasks \ At102.job
c: \ windows \ Tasks \ At103.job
c: \ windows \ Tasks \ At104.job
c: \ windows \ Tasks \ At105.job
c: \ windows \ Tasks \ At106.job
c: \ windows \ Tasks \ At107.job
c: \ windows \ Tasks \ At108.job
c: \ windows \ Tasks \ At109.job
c: \ windows \ Tasks \ At11.job
c: \ windows \ Tasks \ At110.job
c: \ windows \ Tasks \ At111.job
c: \ windows \ Tasks \ At112.job
c: \ windows \ Tasks \ At113.job
c: \ windows \ Tasks \ At114.job
c: \ windows \ Tasks \ At115.job
c: \ windows \ Tasks \ At116.job
c: \ windows \ Tasks \ At117.job
c: \ windows \ Tasks \ At118.job
c: \ windows \ Tasks \ At119.job
c: \ windows \ Tasks \ At12.job
c: \ windows \ Tasks \ At120.job
c: \ windows \ Tasks \ At13.job
c: \ windows \ Tasks \ At14.job
c: \ windows \ Tasks \ At15.job
c: \ windows \ Tasks \ At16.job
c: \ windows \ Tasks \ At17.job
c: \ windows \ Tasks \ At18.job
c: \ windows \ Tasks \ At19.job
c: \ windows \ Tasks \ At2.job
c: \ windows \ Tasks \ At20.job
c: \ windows \ Tasks \ At21.job
c: \ windows \ Tasks \ At22.job
c: \ windows \ Tasks \ At23.job
c: \ windows \ Tasks \ At24.job
c: \ windows \ Tasks \ At3.job
c: \ windows \ Tasks \ At4.job
c: \ windows \ Tasks \ At5.job
c: \ windows \ Tasks \ At6.job
c: \ windows \ Tasks \ At7.job
c: \ windows \ Tasks \ At8.job
c: \ windows \ Tasks \ At9.job
c: \ windows \ Tasks \ At97.job
c: \ windows \ Tasks \ At98.job
c: \ windows \ Tasks \ At99.job

.
((((((((((((((((((((((((( Bestanden Gemaakt van 2008-10-12 tot 2008-11-12 ))))))))))) ))))))))))))))))))))
.

2008-11-11 08:54. 2008-11-11 08:54 <DIR> d -------- c: \ program files \ Trend Micro
2008-11-11 08:38. 2008-11-11 08:38 578.560 - a - c --- c: \ windows \ system32 \ dllcache \ user32.dll
2008-11-11 08:29. 2008-11-11 08:29 <DIR> d -------- c: \ windows \ ERUNT
2008-11-11 08:23. 2008-11-11 08:51 <DIR> d -------- C: \ SDFix
2008-10-31 18:00. 2008-10-31 18:00 <DIR> d -------- C: \ Documents and Settings \ NetworkService \ Application Data \ Yahoo!
2008-10-31 16:40. 2008-10-31 16:40 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Yahoo!
2008-10-31 16:39. 2008-11-10 17:27 <DIR> d -------- c: \ program files \ Yahoo!
2008-10-29 17:23. 2008-10-29 17:23 <DIR> d -------- c: \ windows \ system32 \ CatRoot_bak
2008-10-29 17:23. 2008-09-08 03:41 333.824 ----- c --- c: \ windows \ system32 \ dllcache \ Srv.sys
2008-10-29 17:23. 2008-06-13 04:05 272.128 ----- c --- c: \ windows \ system32 \ dllcache \ Bthport.sys
2008-10-29 17:23. 2008-08-14 03:04 138.496 ----- c --- c: \ windows \ system32 \ dllcache \ Afd.sys
2008-10-29 17:22. 2008-08-14 03:11 2.189.184 ----- c --- c: \ windows \ system32 \ dllcache \ ntoskrnl.exe
2008-10-29 17:22. 2008-08-14 03:09 2.145.280 ----- c --- c: \ windows \ system32 \ dllcache \ Ntkrnlmp.exe
2008-10-29 17:22. 2008-08-14 02:33 2.066.048 ----- c --- c: \ windows \ system32 \ dllcache \ ntkrnlpa.exe
2008-10-29 17:22. 2008-08-14 02:33 2.023.936 ----- c --- c: \ windows \ system32 \ dllcache \ Ntkrpamp.exe
2008-10-29 17:22. 2008-09-15 05:12 1.846.400 ----- c --- c: \ windows \ system32 \ dllcache \ win32k.sys
2008-10-29 17:22. 2008-04-11 12:04 691.712 ----- c --- c: \ windows \ system32 \ dllcache \ inetcomm.dll
2008-10-29 17:22. 2008-05-08 07:02 203.136 ----- c --- c: \ windows \ system32 \ dllcache \ Rmcast.sys
2008-10-28 18:39. 2008-10-28 18:39 10 - a ------ c: \ windows \ Wininit.ini
2008-10-23 14:45. 2008-10-15 09:34 337.408 ----- c --- c: \ windows \ system32 \ dllcache \ Netapi32.dll
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- c: \ windows \ system32 \ scripting
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- c: \ windows \ system32 \ nl
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- c: \ windows \ system32 \ bits
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- c: \ windows \ l2schemas
2008-10-15 18:23. 2006-09-23 14:12 1.022.976 - a ------ c: \ windows \ system32 \ SETA0B.tmp
2008-10-15 18:22. 2008-08-14 03:09 2.145.280 - a ------ c: \ windows \ system32 \ ntoskrnl.exe
2008-10-15 16:09. 2008-10-15 16:09 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Motive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 00:29 --------- d ----- wc: \ program files \ Symantec AntiVirus
2008-11-10 22:05 --------- d ----- wc: \ program files \ DivX
2008-11-10 22:03 --------- d ----- wc: \ Program Files \ Java
2008-11-10 01:37 --------- d ----- wc: \ program files \ Microsoft Plus! Digital Media Edition
2008-11-10 01:35 --------- d ----- wc: \ Program Files \ Microsoft Works
2008-11-08 02:37 90.112 ---- aw c: \ windows \ DUMP3a98.tmp
2008-11-08 01:26 30 ---- aw C: \ Documents and Settings \ Administrator \ jagex_runescape_preferences. DAT
2008-10-29 22:11 --------- d - h - wc: \ program files \ InstallShield Installation Information
2008-10-29 22:11 --------- d ----- wc: \ program files \ ATI Technologies
2008-10-25 01:16 --------- d ----- wc: \ Documents and Settings \ Administrator \ Application Data \ Move Networks
2008-10-16 22:05 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ Viewpoint
2008-10-16 01:06 --------- d ----- wc: \ program files \ Google
2008-09-28 22:59 --------- d ----- wc: \ program files \ common files \ AOL
2008-09-22 21:29 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ AOL OCP
2008-09-22 21:29 --------- ----- wc: \ documents and settings d \ Administrator \ Application Data \ acccore
2008-09-22 21:27 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ AOL
2008-09-17 01:24 --------- d ----- wc: \ Documents and Settings \ Administrator \ Application Data \ Vso
2007-12-28 00:53 79.738 ---- aw C: \ Documents and Settings \ Fonts \ broken_ghost.zip
2007-11-23 01:25 81.920 ---- aw C: \ Documents and Settings \ Administrator \ Application Data \ ezpinst.exe
2007-11-23 01:25 47.360 ---- aw C: \ Documents and Settings \ Administrator \ Application Data \ pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries worden niet weergegeven
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "c: \ windows \ system32 \ Ctfmon.exe" [2008-04-13 15360]
"Window Washer" = "c: \ program files \ Webroot \ Washer \ wwDisp.exe" [2005-03-08 910336]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"IgfxTray" = "c: \ windows \ htpatch.exe" [2004-08-04 50176]
"NvCplDaemon" = "c: \ windows \ system \ hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds" = "C: \ WINDOWS \ System32 \ hkcmd.exe" [2003-10-02 118784]
"CamMonitor" = "c: \ program files \ HP \ Digital Imaging \ Unload \ hpqcmon.exe" [2002-10-07 90112]
"HPHmon05" = "c: \ windows \ system32 \ hphmon05.exe" [2003-05-23 483328]
"KBD" = "c: \ hp \ KBD \ KBD.EXE" [2003-02-11 61440]
"NvMediaCenter" = "C: \ Program Files \ Common Files \ \ jusched.exe" [2003-12-17 151597]
"OsCheck" = "c: \ windows \ SMINST \ NvStartup" [2002-09-13 212992]
"PS2" = "c: \ windows \ system32 \ ps2.exe" [2002-10-16 81920]
"Sunkist2k" = "c: \ program files \ Multimedia Card Reader \ shwicon2k.exe" [2003-08-14 139264]
"ccApp" = "c: \ program files \ common files \ Symantec Shared \ ccApp.exe" [2005-06-02 48752]
"vptray" = "C: \ PROGRA ~ 1 \ SYMNET ~ 1 \ SNDMon.exe / Consumer" [2005-06-23 85696]
"SunJavaUpdateSched" = "c: \ program files \ CyberLink \ TeaTimer.exe" [2004-11-02 32768]
"NeroFilterCheck" = "c: \ windows \ system32 \ NeroCheck.e xe" [2001-07-09 155648]
"GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2007-10-10 39792]
"ATIModeChange" = "Ati2mdxx.exe" [2001-09-05 c: \ windows \ system32 \ Ati2mdxx.exe]
"LTMSG" = "nwiz.exe / install" [2003-07-14 c: \ windows \ nwiz.exe / install]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AdobeUpdater" = "C: \ Program Files \ Common Files \ Adobe \ Updater5 \ AdobeUpdater.exe" [2007-03-01 2321600]

c: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Adobe Gamma Loader.lnk - C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe [2007-11-22 113664]
HP Digital Imaging Monitor.lnk - c: \ program files \ HP \ Digital Imaging \ bin \ hpqtra08.exe [2003-09-16 237568]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"c: \ \ Program Files \ \ Updates van HP \ \ 137903 \ \ Program Files \ \ BackWeb-137903.exe" =
"c: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ Outlook.exe" =
"c: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" =
"c: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ ONENOTE.EXE" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =

R2 CX88XBAR; Conexant 2388x Crossbar Dual Input; c: \ windows \ system32 \ drivers \ CX88XBARDUAL.sys [2003-12-10 7040]
.

************************************************** ************************

CatchMe 0.3.1367 W2K/XP/Vista - rootkit / stealth malware detector, Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 17:26:59
Windows 5.1.2600 Service Pack 3 NTFS

het scannen van verborgen processen ...

het scannen van verborgen autostart items ...

het scannen van verborgen bestanden ...

scannen is voltooid
verborgen bestanden: 0

************************************************** ************************
.
------------------------ Other Running Processes ----------------------- --
.
c: \ windows \ system32 \ ati2evxx.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
c: \ program files \ Photodex \ ProShowGold \ scsiaccess.exe
C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
c: \ program files \ Updates van HP \ 137903 \ Program \ BackWeb-137903.exe
c: \ windows \ system32 \ hpzipm12.exe
.
************************************************** ************************
.
Voltooingstijd: 2008-11-11 17:34:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-12 00:34:22
ComboFix2.txt 2008-11-11 18:47:44

Pre-Run: 89064681472 bytes vrij
Post-Run: 89055629312 bytes vrij

239 --- EOF --- 2008-10-30 03:01:59

Gelijkaardige Draden
Draad	Thread Starter	Forum	Antwoorden	Last Post
Re: iexplore.exe-virus	mpenney	Virus, spyware & Security	6	3 nov 2008 14:11
Iexplore virus en nog meer?	rreiss	Virus, spyware & Security	1	19 okt 2008 18:46
Iexplore.exe virus weer!	davejess00	Virus, spyware & Security	18	13 okt 2008 10:16
IEXPLORER.EXE virus pls review kapen log	nitingaur	Virus, spyware & Security	15	22e sep 2008 16:40
Iexplore.exe-virus	kfarns00	Virus, spyware & Security	9	4 Dec 2007 14:26