PDA

Volledige versie bekijken : Taskmanager / Regedit / CMD - disabled!



Gothrix
11 februari 2007, 21:48
Kheb vaak het probleem dat m'n taakbeheer uitgeschakeld is door de "systeembeheerder". Evenals m'n regedit en command.
Nogtans, ik ben de enige gebruiker op deze pc, en ben systeembeheerder.

Dit is te fixen door er eens met Adaware over te lopen en stuff dat het vond te verwijderen. Maar na een paar uur is het probleem er terug.


HJT log zegt me het volgende:

Logfile of HijackThis v1.99.0
Scan saved at 21:42:59, on 11/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\WebcamMax\CAMTHINS.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Globe Software\StatBar\StatBar.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Video\ManifestEngine.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HDD Thermometer\HDD Thermometer.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
G:\T00ls vol1\GrabClip\GrabClip.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Xfire\xfire.exe
C:\Documents and Settings\Gothrix\Bureaublad\Q3E Minimizer_v1.45.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
J:\MOZILLA\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
O2 - BHO: War Rock Toolbar Helper - {0914953A-B6C0-42C3-983E-5213C64AFA9B} - C:\Program Files\War Rock Toolbar\v3.2.0.0\War_Rock_Toolbar.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: War Rock Toolbar - {5D956A61-05E7-427B-A2B1-BF32FB18B1BE} - C:\Program Files\War Rock Toolbar\v3.2.0.0\War_Rock_Toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\CAMTHINS.exe" /m
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 10\LaunchList.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKCU\..\Run: [StatBar] C:\Program Files\Globe Software\StatBar\StatBar.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RSD_HDDThermo] C:\Program Files\HDD Thermometer\HDD Thermometer.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\RunOnce: [Q3E Minimizer v1.45] C:\Documents and Settings\Gothrix\Bureaublad\Q3E Minimizer_v1.45.EXE
O4 - Startup: Snelkoppeling naar GrabClip.lnk = G:\T00ls vol1\GrabClip\GrabClip.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Windows Firewall (WF) / Internet-verbinding delen (ICS) - Unknown - C:\WINDOWS\C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: StyleXPService - Unknown - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe


Ook ontbreekt ik zo te zien svchost.exe (zie paar regels hierboven), en dit zou verklaren waarom ik geen netwerk kan leggen tussen m'n laptop en m'n pc.

Help? Iemand?

Bedankt op voorhand alvast!

Jurgenv1
11 februari 2007, 21:59
Download de nieuwere versie van hijackthis hier:
http://www.majorgeeks.com/downloadget.php?id=3155&file=13&evp=3304750663b552982a8baee6434cfc13

Pak hijackthis.exe uit en plaats die in een vaste map bv C:/hijackthis en post dan een nieuw hijackthis logje hier.

Gothrix
11 februari 2007, 22:25
Logfile of HijackThis v1.99.1
Scan saved at 22:24:52, on 11/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\WebcamMax\CAMTHINS.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Globe Software\StatBar\StatBar.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HDD Thermometer\HDD Thermometer.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
G:\T00ls vol1\GrabClip\GrabClip.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Xfire\xfire.exe
C:\Documents and Settings\Gothrix\Bureaublad\Q3E Minimizer_v1.45.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\totalcmd (gothrix presets)\TOTALCMD.EXE
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\ACE Mega CoDecS Pack\Media Player Classic\mplayerc.exe
C:\WINDOWS\system32\divxsm.exe
I:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
O2 - BHO: War Rock Toolbar Helper - {0914953A-B6C0-42C3-983E-5213C64AFA9B} - C:\Program Files\War Rock Toolbar\v3.2.0.0\War_Rock_Toolbar.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\CAMTHINS.exe" /m
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 10\LaunchList.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKCU\..\Run: [StatBar] C:\Program Files\Globe Software\StatBar\StatBar.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RSD_HDDThermo] C:\Program Files\HDD Thermometer\HDD Thermometer.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\RunOnce: [Q3E Minimizer v1.45] C:\Documents and Settings\Gothrix\Bureaublad\Q3E Minimizer_v1.45.EXE
O4 - Startup: Snelkoppeling naar GrabClip.lnk = G:\T00ls vol1\GrabClip\GrabClip.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Windows Firewall (WF) / Internet-verbinding delen (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe



Aub! ;)

Jurgenv1
12 februari 2007, 07:35
Download combofix.exe: http://download.bleepingcomputer.com/sUBs/combofix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt) Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

Gothrix
12 februari 2007, 14:07
Jammergenoeg kan ik combofix.exe niet runnen. M'n opdrachtprompt is ook uitgeschakelt.

Jaja, we zitten hier met een harnekkig geval.

Jurgenv1
12 februari 2007, 15:58
* Download en bewaar SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe)
op je bureaublad.

Dubbelklik op SDFix.exe en kies voor Install om het tooltje uit te pakken in een eigen map op je bureaubad. Herstart dan je pc in Veilige modus (http://users.pandora.be/marcvn/spyware/1378056.htm)


In veilige modus, open de SDFix map op je bureaublad en dubbelklik op RunThis.bat om het tooltje te starten.
Typ Y om het clean proces te starten.
het verwijderd alle Trojan Services of Registry Entries die met deze infectie te maken hebben, als het tooltje klaar is zal het jou vertellen om eender welke toets te drukken om je pc te herstarten, doe dit ook.
Wanneer de pc herstart zal het tooltje opnieuw runnen en het opruimproces beëindigen en je de melding Finished tonen, druk dan op eender welke toets om het scriptje te beëindigen en je bureaublad zullen tevoorschijn komen.
Wanneer je bureaublad icoontjes verschijnen zal het rapportje van SDFix openen en ook in de map bewaren onder de naam Report.txt.
Kopieer en plak nu de inhoud van dat rapportje hier met een nieuw hijackthis logje.

Gothrix
12 februari 2007, 17:18
SDFix: Version 1.64

Run by: Gothrix - ma 12/02/2007 @ 17:06:12,87

Microsoft Windows XP [versie 5.1.2600]

Running From: C:\Documents and Settings\Gothrix\Bureaublad\SDFix

Safe Mode:
Checking Services:

Name:

Path:


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\ckl009.dat - Deleted
C:\WINDOWS\system32\scvhost.exe - Deleted
C:\WINDOWS\system32\wsock32.sys - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.

Final Check:


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2re s.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"D:\\games\\FEARCombat\\FEARMP.exe"="D:\\games\\FEARCombat\\FEARMP.exe:*:Enabled:FEAR Combat"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2re s.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"


Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\Gothrix\BUREAU~1\SDFix\backups\backups .zip


Checking For Files with Hidden Attributes :


Finished




Logfile of HijackThis v1.99.1
Scan saved at 17:18:45, on 12/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\WebcamMax\CAMTHINS.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Globe Software\StatBar\StatBar.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HDD Thermometer\HDD Thermometer.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
G:\T00ls vol1\GrabClip\GrabClip.exe
C:\Program Files\Xfire\xfire.exe
C:\Documents and Settings\Gothrix\Bureaublad\Q3E Minimizer_v1.45.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\totalcmd (gothrix presets)\TOTALCMD.EXE
I:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: War Rock Toolbar Helper - {0914953A-B6C0-42C3-983E-5213C64AFA9B} - C:\Program Files\War Rock Toolbar\v3.2.0.0\War_Rock_Toolbar.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\CAMTHINS.exe" /m
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 10\LaunchList.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [StatBar] C:\Program Files\Globe Software\StatBar\StatBar.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RSD_HDDThermo] C:\Program Files\HDD Thermometer\HDD Thermometer.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\RunOnce: [Q3E Minimizer v1.45] C:\Documents and Settings\Gothrix\Bureaublad\Q3E Minimizer_v1.45.EXE
O4 - Startup: Snelkoppeling naar GrabClip.lnk = G:\T00ls vol1\GrabClip\GrabClip.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Windows Firewall (WF) / Internet-verbinding delen (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

Jurgenv1
12 februari 2007, 17:21
Kanje combofix nog eens opnieuw laten runnen?

Gothrix
12 februari 2007, 17:30
Ja, maar het is een serieus grote log. Straks word ik nog beschuldigd van spam. :p


"Gothrix" - 07-02-12 17:28:46 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\Gothrix\Bureaublad"

((((((((((((((((((((((((((((((( Files Created from 2007-01-12 to 2007-02-12 ))))))))))))))))))))))))))))))))))


2007-02-12 17:00 <DIR> d-------- C:\WINDOWS\pss
2007-02-11 21:35 43,520 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2007-02-11 21:35 <DIR> d-------- C:\Program Files\DIFX
2007-02-11 21:20 33,280 --a------ C:\WINDOWS\system32\drivers\AmdLLD.sys
2007-02-11 21:19 <DIR> d-------- C:\Program Files\AMD
2007-02-08 21:52 41 --a------ C:\WINDOWS\popcinfo.dat
2007-02-08 21:51 <DIR> d-------- C:\Program Files\PopCap Games
2007-02-07 21:05 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-02-07 21:05 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-02-07 13:54 <DIR> d-------- C:\WINDOWS\ShellNew
2007-02-07 12:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Media Center Programs
2007-02-05 00:53 2,150,912 --a------ C:\WINDOWS\system32\kernel1.exe
2007-02-03 20:28 <DIR> d-------- C:\Program Files\CyberLink
2007-02-03 20:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\CyberLink
2007-02-02 01:24 <DIR> d-------- C:\DOCUME~1\Gothrix\Application Data\dvdcss
2007-02-01 19:29 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-02-01 19:20 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-02-01 19:20 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-02-01 19:20 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-02-01 19:20 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-02-01 19:20 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-02-01 19:20 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-02-01 17:51 86,016 --a------ C:\WINDOWS\system32\LMISODmx.dll
2007-02-01 17:51 53,248 --------- C:\WINDOWS\system32\ltserial.dll
2007-02-01 17:51 487,424 --a------ C:\WINDOWS\system32\LtAct14n.dll
2007-02-01 17:51 401,408 --a------ C:\WINDOWS\system32\LDECAAC.dll
2007-02-01 17:51 393,216 --a------ C:\WINDOWS\system32\LDECMPG4.dll
2007-02-01 17:51 327,680 --a------ C:\WINDOWS\system32\LDecMPG4Krn.dll
2007-02-01 17:51 278,528 --a------ C:\WINDOWS\system32\LDecAACKrn.dll
2007-02-01 17:51 241,664 --a------ C:\WINDOWS\system32\LMMpgDmxP.dll
2007-02-01 17:51 196,608 --------- C:\WINDOWS\system32\LMOggSpl.dll
2007-02-01 17:51 180,224 --a------ C:\WINDOWS\system32\DSKernel2.dll
2007-02-01 17:51 135,168 --a------ C:\WINDOWS\system32\ltact.dll
2007-02-01 17:51 <DIR> d-------- C:\Program Files\LEAD Technologies, Inc
2007-02-01 14:03 <DIR> d-------- C:\Program Files\TGTSoft
2007-02-01 05:56 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-02-01 05:56 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-02-01 05:56 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-02-01 05:56 639,066 --a------ C:\WINDOWS\system32\DivX.dll
2007-01-31 22:27 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-01-31 21:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\NVIDIA
2007-01-31 20:32 <DIR> d-------- C:\Program Files\DesktopLara
2007-01-31 15:05 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-01-31 15:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-01-31 15:05 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-01-31 15:01 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-01-31 15:01 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-01-31 12:33 <DIR> d-------- C:\WINDOWS\NV36683772.TMP
2007-01-31 12:33 <DIR> d-------- C:\NVIDIA
2007-01-31 00:15 118,784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-01-30 19:56 <DIR> d-------- C:\Program Files\thriXXX
2007-01-30 19:45 4 --a------ C:\WINDOWS\info147.sys
2007-01-30 19:44 <DIR> d-------- C:\Program Files\Common Files\Totem Shared
2007-01-30 12:12 <DIR> d-------- C:\Program Files\Common Files\SystemRequirementsLab
2007-01-30 12:11 <DIR> d-------- C:\DOCUME~1\Gothrix\Application Data\System Requirements Lab
2007-01-30 06:03 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-01-30 06:03 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-01-30 06:03 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-01-30 05:56 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-01-30 05:56 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-01-30 05:56 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-01-30 05:56 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-01-30 05:56 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-01-30 05:56 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-01-30 05:56 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-01-30 05:56 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-01-27 23:23 230,982 --a------ C:\WINDOWS\War_Rock_Toolbar_Uninstaller_9859.exe
2007-01-27 23:23 <DIR> d-------- C:\Program Files\War Rock Toolbar
2007-01-27 23:23 <DIR> d-------- C:\DOCUME~1\Gothrix\Application Data\InstallShield
2007-01-26 20:16 <DIR> d-------- C:\Program Files\iMesh Applications
2007-01-26 20:16 <DIR> d-------- C:\DOCUME~1\Gothrix\Application Data\iMesh
2007-01-26 14:08 <DIR> d-------- C:\DOCUME~1\Gothrix\Application Data\Adobe
2007-01-25 19:19 982 --a------ C:\WINDOWS\eReg.dat
2007-01-25 17:06 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2007-01-25 16:55 <DIR> d-------- C:\Program Files\HDD Thermometer
2007-01-25 16:55 <DIR> d-------- C:\DOCUME~1\Gothrix\Application Data\HDD Thermometer
2007-01-25 16:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\HDD Thermometer
2007-01-22 23:32 <DIR> d-------- C:\DOCUME~1\Gothrix\Application Data\vlc
2007-01-22 23:21 <DIR> d-------- C:\Program Files\VideoLAN
2007-01-22 15:13 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-01-19 16:27 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2007-01-19 16:26 171,008 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
2007-01-19 16:24 974,848 --a------ C:\WINDOWS\system32\MFC70.DLL
2007-01-19 16:24 964,608 --a------ C:\WINDOWS\system32\MFC70U.DLL
2007-01-19 16:24 61,440 --a------ C:\WINDOWS\system32\MFC71FRA.DLL
2007-01-19 16:24 54,784 --a------ C:\WINDOWS\system32\MSVCI70.DLL
2007-01-19 16:24 487,424 --a------ C:\WINDOWS\system32\MSVCP70.DLL
2007-01-19 16:24 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-01-19 16:18 14,165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys
2007-01-19 16:18 <DIR> d-------- C:\Program Files\Pinnacle
2007-01-19 16:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Pinnacle
2007-01-18 15:18 <DIR> d-------- C:\Program Files\BitComet
2007-01-18 15:18 <DIR> d-------- C:\Downloads
2007-01-18 13:25 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-01-18 13:25 114,688 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-01-18 13:25 <DIR> d-------- C:\Program Files\OpenAL
2007-01-18 02:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-17 21:56 <DIR> d-------- C:\Fraps
2007-01-17 15:42 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-17 01:16 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-01-16 14:53 <DIR> d-------- C:\Program Files\Lavasoft
2007-01-16 14:53 <DIR> d-------- C:\DOCUME~1\Gothrix\Application Data\Lavasoft
2007-01-16 14:43 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2007-01-16 14:43 <DIR> d-------- C:\Program Files\VstPlugins
2007-01-16 14:42 <DIR> d-------- C:\Program Files\Image-Line
2007-01-15 20:38 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-01-15 20:38 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-01-15 20:38 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-01-15 20:38 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-01-15 20:37 <DIR> d-------- C:\Program Files\Winamp
2007-01-15 18:42 <DIR> d-------- C:\Program Files\Soulseek-Test
2007-01-15 17:30 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-01-15 16:56 <DIR> d-------- C:\Program Files\WebcamMax
2007-01-15 16:42 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-01-14 22:06 <DIR> d-------- C:\WINDOWS\Sun
2007-01-14 22:06 <DIR> d-------- C:\DOCUME~1\Gothrix\Application Data\Sun
2007-01-14 22:05 <DIR> d-------- C:\Program Files\Java
2007-01-14 22:05 <DIR> d-------- C:\Program Files\Common Files\Java
2007-01-14 00:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Trymedia
2007-01-12 22:59 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-01-12 17:13 <DIR> d-------- C:\DOCUME~1\Gothrix\Application Data\Ahead
2007-01-12 17:11 <DIR> d-------- C:\Program Files\Nero
2007-01-12 17:11 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-01-12 16:55 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-01-12 13:46 <DIR> d-------- C:\DOCUME~1\Gothrix\Application Data\WinRAR
2007-01-12 01:12 166 --a------ C:\WINDOWS\system32\del32.bat


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))


2007-02-12 17:27 -------- d-------- C:\Program Files\mozilla firefox
2007-02-12 17:19 53622 --a------ C:\WINDOWS\system32\perfc013.dat
2007-02-12 17:19 364660 --a------ C:\WINDOWS\system32\perfh013.dat
2007-02-12 17:17 -------- d---s---- C:\Program Files\xfire
2007-02-12 17:17 -------- d-------- C:\DOCUME~1\Gothrix\Application Data\xfire
2007-02-11 04:26 -------- d-------- C:\DOCUME~1\Gothrix\Application Data\teamspeak2
2007-02-07 21:02 -------- d--h----- C:\Program Files\installshield installation information
2007-02-05 17:28 11973 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-02-04 16:36 -------- d-------- C:\Program Files\apple software update
2007-02-03 20:27 -------- d-------- C:\Program Files\Common Files\installshield
2007-01-31 20:45 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll
2007-01-30 06:03 36624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-01-30 06:03 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-01-30 06:03 116472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-01-20 21:18 -------- d-------- C:\Program Files\msn messenger
2007-01-19 16:27 95 --a------ C:\AUTOEXEC.BAT
2007-01-18 15:18 2560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-01-17 22:05 -------- d-------- C:\DOCUME~1\Gothrix\Application Data\divx
2007-01-14 22:06 1289 --a------ C:\WINDOWS\mozver.dat
2007-01-11 18:25 -------- d-------- C:\Program Files\msxml 4.0
2007-01-11 00:25 -------- d-------- C:\Program Files\ace mega codecs pack
2007-01-10 23:50 98304 --a------ C:\WINDOWS\system32\qttask.exe
2007-01-10 23:45 -------- d-------- C:\Program Files\speedfan
2007-01-10 23:43 -------- d-------- C:\Program Files\quicktime
2007-01-10 15:41 -------- d-------- C:\Program Files\rk's demowatcher
2007-01-09 16:17 -------- d-------- C:\DOCUME~1\Gothrix\Application Data\apple computer
2007-01-09 03:13 -------- d-------- C:\Program Files\messenger
2007-01-08 20:48 -------- d-------- C:\Program Files\d-tools
2007-01-08 20:36 -------- d-------- C:\Program Files\logitech
2007-01-08 20:36 -------- d-------- C:\Program Files\Common Files\logitech
2007-01-08 18:57 -------- d-------- C:\Program Files\teamspeak2_rc2
2007-01-08 16:28 -------- d-------- C:\Program Files\globe software
2007-01-08 16:21 -------- d-------- C:\Program Files\Common Files\speechengines
2007-01-08 16:21 -------- d-------- C:\Program Files\Common Files\odbc
2007-01-08 16:20 62 --ahs---- C:\DOCUME~1\Gothrix\Application Data\desktop.ini
2007-01-08 16:05 -------- dr-h----- C:\DOCUME~1\Gothrix\Application Data\securom
2007-01-08 15:56 -------- d-------- C:\DOCUME~1\Gothrix\Application Data\macromedia
2007-01-08 15:55 0 --a------ C:\WINDOWS\nsreg.dat
2007-01-08 15:55 -------- d-------- C:\DOCUME~1\Gothrix\Application Data\mozilla
2007-01-08 15:50 -------- d-------- C:\Program Files\totalcmd (gothrix presets)
2007-01-08 15:41 -------- d-------- C:\Program Files\realtek
2007-01-08 15:40 -------- d-------- C:\Program Files\realtek sound manager
2007-01-08 15:40 -------- d-------- C:\Program Files\realtek ac97
2007-01-08 15:40 -------- d-------- C:\Program Files\avrack
2007-01-08 15:39 -------- d-------- C:\Program Files\via
2007-01-08 15:36 -------- d-------- C:\DOCUME~1\Gothrix\Application Data\identities
2007-01-08 15:31 0 -rahs---- C:\MSDOS.SYS
2007-01-08 15:31 0 -rahs---- C:\IO.SYS
2007-01-08 15:31 0 --a------ C:\CONFIG.SYS
2007-01-08 15:31 -------- d-------- C:\Program Files\microsoft frontpage
2007-01-08 15:30 -------- d--h----- C:\Program Files\windowsupdate
2007-01-08 15:30 -------- d-------- C:\Program Files\online services
2007-01-08 15:29 -------- d-------- C:\Program Files\movie maker
2007-01-08 15:29 -------- d-------- C:\Program Files\Common Files\mssoap
2007-01-08 15:28 21748 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-01-08 15:27 -------- d-------- C:\Program Files\windows nt
2007-01-08 15:27 -------- d-------- C:\Program Files\msn gaming zone
2006-12-21 14:36 40960 --a------ C:\WINDOWS\system32\frapsvid.dll
2006-12-12 17:24 12288 --a------ C:\WINDOWS\system32\divxwmpexttype.dll
2006-12-07 06:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"StatBar"="C:\\Program Files\\Globe Software\\StatBar\\StatBar.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"Steam"=""
"RSD_HDDThermo"="C:\\Program Files\\HDD Thermometer\\HDD Thermometer.exe"
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\runonce]
"Q3E Minimizer v1.45"="C:\\Documents and Settings\\Gothrix\\Bureaublad\\Q3E Minimizer_v1.45.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"QuickTime Task"="\"C:\\WINDOWS\\system32\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"WebcamMaxMoniter"="\"C:\\Program Files\\WebcamMax\\CAMTHINS.exe\" /m"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"LaunchList"="C:\\Program Files\\Pinnacle\\Studio 10\\LaunchList.exe"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"amd_dc_opt"="C:\\Program Files\\AMD\\Dual-Core Optimizer\\amd_dc_opt.exe"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig .exe /auto"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"ForceClassicControlPanel"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoRecentDocsMenu"=dword:00000001
"NoRecentDocsHistory"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\Run]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoRecentDocsMenu"=dword:00000001
"NoRecentDocsHistory"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer\Run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\polic ies\explorer]
"NoRecentDocsMenu"=dword:00000001
"NoRecentDocsHistory"=dword:00000001

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\polic ies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnph ost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job


************************************************** ******************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

************************************************** ******************

Completion time: 07-02-12 17:29:35

Jurgenv1
12 februari 2007, 17:33
Ziet er goed uit, hoe werkt alles verder?

Gothrix
12 februari 2007, 17:42
Alles werkt terug.

Buiten netwerk leggen (en internet delen) naar m'n laptop.

"Beperkte of geen verbindingsmogelijkheden". Kan zelf m'n firewall en dergelijke niet instellen daar ik errors krijg als ik dat wil doen.

Maar wat me opviel is in het logje van HJT is het volgende:

O23 - Service: Windows Firewall (WF) / Internet-verbinding delen (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\C:\WINDOWS\system32\svchost.exe (file missing)

Dus als je me hiermee nog kan helpen, ben je niet enkel een engel, maar een super-engel ofzo. ;)

Jurgenv1
12 februari 2007, 17:59
* Open kladblok en kopieer en plak het volgende erin:


sc stop SharedAccess
sc delete SharedAccess

Sla dit op als delservice.bat , kies voor opslaan als alle bestanden en plaats het op je bureaublad.
Dubbelklik op delservice.bat. Een dosvenster zal vlug openen en sluiten. Dit is normaal.

Herstart je pc en kijk of het geholpen heeft.

Gothrix
12 februari 2007, 18:18
"De instellingen van Windows Firewall kunnen vanwege een onbekend probleem niet worden weergegeven" krijg ik wanneer ik op 'instellingen' klik.


"Er is een fout opgetreden tijdens het inschakelen van Internet-Verbinding delen. De opgegeven service in geen geïnstalleerde service" krijg ik wanneer ik "Andere netwerkgebruikers mogen via de Internet-verbinding van deze computer verbinding maken" aanvink en op 'ok' klik. Daarna sluit het venster zich automatisch.

Gothrix
12 februari 2007, 18:19
Daarnaast stond er toch ook in het logfile van HJT

O23 - Service: Windows Firewall (WF) / Internet-verbinding delen (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\C:\WINDOWS\system32\svchost.exe (file missing)


"file missing" ... dusja. :s

Gothrix
12 februari 2007, 18:29
Sorry, derde post ondertussen:

Bestanden delen werkt ondertussen al, maar internet delen niet.
En het is hatelijk dat ik niet op het net geraak met m'n laptop. Vooral omdat m'n vrouw die gebruikt om haar mails te checken e.d.

Jurgenv1
12 februari 2007, 18:34
Download sharedaccess.reg (http://windowsxp.mvps.org/reg/sharedaccess.reg) naar je bureaublad (rechtsklikken op de link > doel opslaan als...).

Dubbelklik op sharedaccess.reg, dat nu op je bureaublad staat.
Ga ermee akkoord dat deze gegevens aan het register worden toegevoegd.

Start de pc opnieuw op (belangrijk!).

Ga daarna naar Start > Uitvoeren, type in cmd en klik OK.
Een opdrachtprompt opent.
Type daarin in: NETSH FIREWALL RESET
Druk Enter.

Ga naar Configuratiescherm > Software > Windows Firewall en kijk of de Firewall-instellingen nu wel worden weergegeven.

Gothrix
12 februari 2007, 19:26
Na al die stappen is het gelukt. Kvond de FW niet onder software, maar ik ben er op andere manieren op geraakt.

Nu werkt het netwerk (bestanden / printers delen) en internet delen terug.

Bedankt! M'n vrouw deed al een vreugdedansje. ^^

Gothrix
12 februari 2007, 19:27
Ohja, voordat ik het vergeet (silly me), BEDANKT!

Je bent als het ware een genie!

Jurgenv1
12 februari 2007, 19:29
No prob. ;)