I have for more then a month pop-ups . They start alwas with cpv and then a lot of strange things
I used Avast, AVG, spy sweeper but i cannot find the reason why
First you find the logfile from Logfile of Trend Micro HijackThis v2.0.0 (BETA)
and after that the logfile from combofix
Can you help me solving this nasty problem
Thans in advance
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:49:36, on 2-5-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\Hans Winsemius\Bureaublad\Utillities\HiJackThis_v2.exe
C:\WINDOWS\hh.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [spywarefighterguard] "C:\Program Files\SPYWAREfighter\spftray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176929505078
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.115 85.255.112.70
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.115 85.255.112.70
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - (no file)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
"Hans Winsemius" - 07-05-02 14:03:03 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Hans Winsemius\Bureaublad\"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\bund1\temp.txt
C:\DOCUME~1\HANSWI~1\BUREAU~1.\internet explorer.lnk
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\hosts
C:\Program Files\outlook
C:\Program Files\winupdates
C:\WINDOWS\system32\bund1
C:\Program Files\Common Files\{3CECC~1
C:\Program Files\Common Files\{FCECC~1
C:\WINDOWS\system32\drivers\core.sys
((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\core
-------\LEGACY_CLIENT_IP-IPX
-------\LEGACY_CORE
-------\LEGACY_WINDOWS_LOG
((((((((((((((((((((((((((((((( Files Created from 2007-04-02 to 2007-05-02 ))))))))))))))))))))))))))))))))))
2007-05-01 21:33 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2007-05-01 21:33 <DIR> d-------- C:\Program Files\AVSMedia
2007-05-01 21:15 <DIR> d-------- C:\Program Files\nrg2iso
2007-04-30 20:50 <DIR> dr-h----- C:\DOCUME~1\HANSWI~1\Onlangs geopend
2007-04-29 13:07 <DIR> d-------- C:\DOCUME~1\HANSWI~1\APPLIC~1\Uniblue
2007-04-21 13:58 <DIR> d-------- C:\Program Files\Hijack This
2007-04-21 12:18 48,640 -ra------ C:\WINDOWS\system32\INETWH32.DLL
2007-04-21 12:18 317,952 -ra------ C:\WINDOWS\system32\Roboex32.dll
2007-04-21 12:18 1,712,128 -ra------ C:\WINDOWS\system32\gdiplus.dll
2007-04-21 07:06 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-04-21 07:06 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-21 07:06 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-21 07:06 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-04-21 07:06 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-21 07:06 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-21 07:06 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-21 07:06 <DIR> d-------- C:\Program Files\Alwil Software
2007-04-20 19:31 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-20 19:18 <DIR> d-------- C:\Program Files\RogueRemover PRO
2007-04-20 16:34 <DIR> d-------- C:\Program Files\Registry Clean Expert
2007-04-20 16:12 <DIR> d-------- C:\Program Files\Common Files\Application
2007-04-20 16:11 <DIR> d-------- C:\Program Files\SPYWAREfighter
2007-04-20 14:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\logs
2007-04-19 03:22 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-04-19 03:22 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-04-19 03:14 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2007-04-19 03:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sunbelt Software
2007-04-19 03:12 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-04-19 02:55 <DIR> d-------- C:\DOCUME~1\HANSWI~1\DoctorWeb
2007-04-18 09:07 <DIR> d-------- C:\DOCUME~1\HANSWI~1\APPLIC~1\CyberLink
2007-04-17 21:04 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
2007-04-17 21:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-17 21:00 <DIR> d-------- C:\Program Files\ToniArts
2007-04-17 20:22 <DIR> d-------- C:\Program Files\RegCleaner
2007-04-17 20:00 <DIR> d-------- C:\DOCUME~1\HANSWI~1\.housecall6.6
2007-04-17 17:59 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-04-17 17:59 <DIR> d-------- C:\DOCUME~1\HANSWI~1\APPLIC~1\Netscape
2007-04-17 17:58 <DIR> d-------- C:\Program Files\Netscape
2007-04-15 22:29 <DIR> d-------- C:\Program Files\LimeWire
2007-04-15 21:53 <DIR> d-------- C:\Program Files\blcorp
2007-04-15 21:53 <DIR> d-------- C:\DOCUME~1\HANSWI~1\APPLIC~1\Business Logic
2007-04-15 07:17 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-04-15 07:17 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-04-15 07:17 <DIR> d-------- C:\Program Files\Winamp
2007-04-14 07:36 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-04-14 07:36 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-04-14 07:36 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-04-14 07:36 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-04-14 07:36 <DIR> d-------- C:\Program Files\Webroot
2007-04-14 07:36 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-04-14 07:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-04-14 07:20 <DIR> d-------- C:\DOCUME~1\HANSWI~1\APPLIC~1\Webroot
2007-04-12 15:23 21,425 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-04-12 15:22 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Intel
2007-04-12 15:22 <DIR> d-------- C:\DOCUME~1\Gast\APPLIC~1\Intel
2007-04-12 15:22 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intel
2007-04-12 15:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
2007-04-12 15:22 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
2007-04-12 15:21 <DIR> d-------- C:\DOCUME~1\HANSWI~1\APPLIC~1\Intel
2007-04-12 06:21 <DIR> d-------- C:\Program Files\DIFX
2007-04-12 06:20 679,936 --a------ C:\WINDOWS\system32\NETw4c32.dll
2007-04-12 06:20 2,756,608 --a------ C:\WINDOWS\system32\NETw4r32.dll
2007-04-12 06:20 2,203,520 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2007-04-12 06:18 <DIR> d-------- C:\Intel
2007-04-10 06:05 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Spyware Terminator
2007-04-09 09:08 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-04-09 08:10 <DIR> d-------- C:\WINDOWS\system32\micro1
2007-04-09 08:03 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-08 08:13 <DIR> d-------- C:\Program Files\Azureus
2007-04-07 18:50 <DIR> d-------- C:\DOCUME~1\Gast\APPLIC~1\Talkback
2007-04-07 18:50 <DIR> d-------- C:\DOCUME~1\Gast\APPLIC~1\Google
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-02 13:37 -------- d-------- C:\DOCUME~1\HANSWI~1\APPLIC~1\chessbase
2007-05-02 09:55 -------- d-------- C:\Program Files\mozilla thunderbird
2007-04-26 06:54 -------- d-------- C:\DOCUME~1\HANSWI~1\APPLIC~1\openoffice.org2
2007-04-22 10:58 -------- d-------- C:\Program Files\pestpatrol
2007-04-21 15:14 -------- d-------- C:\Program Files\windows live toolbar
2007-04-21 12:18 -------- d--h----- C:\Program Files\installshield installation information
2007-04-21 11:51 6020 --a------ C:\WINDOWS\mozver.dat
2007-04-17 19:40 -------- d-------- C:\Program Files\hitman pro
2007-04-17 18:45 -------- d-------- C:\Program Files\google
2007-04-17 18:19 -------- d-------- C:\Program Files\hema album software advanced
2007-04-17 17:59 -------- d-------- C:\Program Files\opera
2007-04-16 19:55 -------- d-------- C:\Program Files\freecommander2006
2007-04-16 11:04 10332 --ahs---- C:\WINDOWS\system32\kgygaavl.sys
2007-04-16 11:03 56 -r-hs---- C:\WINDOWS\system32\426abd4b0b.sys
2007-04-15 21:59 -------- d-------- C:\Program Files\totalcmd
2007-04-15 21:59 -------- d-------- C:\Program Files\keeboo
2007-04-15 21:46 -------- d-------- C:\Program Files\eusing free registry cleaner
2007-04-12 19:23 -------- d-------- C:\Program Files\msn messenger
2007-04-12 06:22 79542 --a------ C:\WINDOWS\system32\perfc013.dat
2007-04-12 06:22 464860 --a------ C:\WINDOWS\system32\perfh013.dat
2007-04-09 09:49 -------- d-------- C:\Program Files\dell
2007-04-09 09:35 -------- d-------- C:\DOCUME~1\HANSWI~1\APPLIC~1\flock
2007-04-01 19:00 -------- d-------- C:\Program Files\treepadplus_7
2007-03-30 19:57 -------- d-------- C:\DOCUME~1\HANSWI~1\APPLIC~1\screenshot sender
2007-03-30 19:56 -------- d-------- C:\Program Files\messenger plus! live
2007-03-22 22:47 46344 --a------ C:\WINDOWS\nssetdefaultbrowser.exe
2007-03-20 20:07 -------- d-------- C:\DOCUME~1\HANSWI~1\APPLIC~1\support time burn
2007-03-17 15:45 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-12 20:57 168 -r-hs---- C:\WINDOWS\system32b4bbd6a42.sys
2007-03-11 20:04 -------- d-------- C:\Program Files\treepadplus
2007-03-09 09:57 27376 --a------ C:\WINDOWS\system32\sbbd.exe
2007-03-08 17:39 579072 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:39 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:39 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:37 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-06 07:54 -------- d-------- C:\Program Files\mindmapper4.2
2007-02-28 18:20 25214 --a------ C:\Program Files\b.ico
2007-02-28 18:20 25214 --a------ C:\Program Files\a.ico
2007-02-28 18:17 147456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-02-11 10:18 64 --a------ C:\WINDOWS\system32\kbc.rdat
2007-02-05 22:20 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-02-03 18:47 188 --a------ C:\WINDOWS\system32\ggg.bat
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\system32\dla\tfswshx.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
{AC41D38F-B56D-40AD-94E0-B493D130C959} C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Dell QuickSet"="\"C:\\Program Files\\Dell\\QuickSet\\quickset.exe\""
"DMXLauncher"="\"C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe\""
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"SigmatelSysTrayApp"="stsystra.exe"
"SNPSTD2"="C:\\WINDOWS\\vsnpstd2.exe"
"SynTPEnh"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -startup"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"spywarefighterguard"="\"C:\\Program Files\\SPYWAREfighter\\spftray.exe\""
@=""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\
Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\
Notification Packages REG_MULTI_SZ scecli\
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SBCSSvc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ModemOnHold"="C:\\Program Files\\NetWaiting\\netWaiting.exe"
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
DcomLaunch REG_MULTI_SZ DcomLaunchTermService\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\
WudfServiceGroup REG_MULTI_SZ WUDFSvc\
hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{553a1b06-b5c0-11db-9218-0015c5176a5b}]
Shell\AutoRun\command E:\LaunchU3.exe -a
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5283100-b4fe-11db-9217-0015c5176a5b}]
Shell\AutoRun\command E:\LaunchU3.exe -a
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SBAPIFS
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Easy Onderhoud.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-02 14:18:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-05-02 14:19:00 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-05-02 14:19
CODE
06-09-02 20:55 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\hosts.vir
07-03-08 09:22 1 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\bund1\temp.txt.vir
07-04-09 08:10 192325 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\core.cache.dsk.vir
07-04-09 08:10 72320 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\core.sys.vir
07-04-18 19:23 104 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\HANSWI~1\BUREAU~1\Internet Explorer.lnk.vir
07-04-21 07:04 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cmd.com.vir
07-04-21 07:04 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\netstat.com.vir
07-04-21 07:04 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ping.com.vir
07-04-21 07:04 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\taskkill.com.vir
07-04-21 07:04 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tasklist.com.vir
07-04-21 07:04 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tracert.com.vir
07-05-02 14:05 1002 --a------ C:\Qoobox\Quarantine\Registry_backups\services_core.reg.cf
07-05-02 14:05 1342 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_CORE.reg.cf
07-05-02 14:05 838 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_WINDOWS_LOG.reg.cf
07-05-02 14:05 854 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_CLIENT_IP-IPX.reg.cf
Map PATH-lijst
Het volumenummer is FCEC-CB9E
C:\QOOBOX
\---Quarantine
+---C
| +---DOCUME~1
| | \---HANSWI~1
| | \---BUREAU~1
| | Internet Explorer.lnk.vir
| |
| \---WINDOWS
| | hosts.vir
| |
| \---system32
| | cmd.com.vir
| | netstat.com.vir
| | ping.com.vir
| | taskkill.com.vir
| | tasklist.com.vir
| | tracert.com.vir
| |
| +---bund1
| | temp.txt.vir
| |
| \---drivers
| core.cache.dsk.vir
| core.sys.vir
|
\---Registry_backups
LEGACY_CLIENT_IP-IPX.reg.cf
LEGACY_CORE.reg.cf
LEGACY_WINDOWS_LOG.reg.cf
services_core.reg.cf
07-03-08 09:22 1 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\bund1\temp.txt.vir
07-04-09 08:10 192325 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\core.cache.dsk.vir
07-04-09 08:10 72320 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\core.sys.vir
07-04-18 19:23 104 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\HANSWI~1\BUREAU~1\Internet Explorer.lnk.vir
07-04-21 07:04 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cmd.com.vir
07-04-21 07:04 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\netstat.com.vir
07-04-21 07:04 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ping.com.vir
07-04-21 07:04 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\taskkill.com.vir
07-04-21 07:04 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tasklist.com.vir
07-04-21 07:04 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tracert.com.vir
07-05-02 14:05 1002 --a------ C:\Qoobox\Quarantine\Registry_backups\services_core.reg.cf
07-05-02 14:05 1342 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_CORE.reg.cf
07-05-02 14:05 838 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_WINDOWS_LOG.reg.cf
07-05-02 14:05 854 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_CLIENT_IP-IPX.reg.cf
Map PATH-lijst
Het volumenummer is FCEC-CB9E
C:\QOOBOX
\---Quarantine
+---C
| +---DOCUME~1
| | \---HANSWI~1
| | \---BUREAU~1
| | Internet Explorer.lnk.vir
| |
| \---WINDOWS
| | hosts.vir
| |
| \---system32
| | cmd.com.vir
| | netstat.com.vir
| | ping.com.vir
| | taskkill.com.vir
| | tasklist.com.vir
| | tracert.com.vir
| |
| +---bund1
| | temp.txt.vir
| |
| \---drivers
| core.cache.dsk.vir
| core.sys.vir
|
\---Registry_backups
LEGACY_CLIENT_IP-IPX.reg.cf
LEGACY_CORE.reg.cf
LEGACY_WINDOWS_LOG.reg.cf
services_core.reg.cf