Mededeling

Collapse
No announcement yet.

trojan.vundo, pc traag functies vallen uit..

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    trojan.vundo, pc traag functies vallen uit..

    Hoi!

    Niet al te blije laptop gebruiker schreeuwt om hulp. Sinds enige weken komt Symantec met de melding dat ik het trojan.vundo virus heb.

    Mn comp is vreselijk traag;
    handtekening bij outlook werkt niet meer;
    bij start up: mist dhdwdl.dll file.
    En als ik een escherm sluit blijft de inhoud staan.
    Soms valt ook heel explorer en daarmee alle bureaublad items alsmede de explorerbalk uit.

    Wel weg laten halen m.b.v. Symantec, maar blijft terugkomen. Ik zie op verschillende fora dat er hulp bij nodig is vandaar dat ik jullie helden inschakel.

    ik heb Adaware en Spybot S&D uitgevoerd en dit kwam er uit Hijackthis:


    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Symantec\SPA\smc.exe
    c:\Program Files\Symantec\SPA\snac.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\WINDOWS\System32\taskswitch.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\iPass\iPassConnect\iPCAgent.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
    C:\Program Files\Oracle\Outlook Connector\ocautoupds.exe
    C:\Program Files\Oracle\ODrive\XfsSvcCon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
    C:\Program Files\Oracle\ODrive\odrive.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Oracle\ODrive\ODFWAgent.exe
    C:\Program Files\hott notes 4\hottnotes.exe
    C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    c:\Program Files\Symantec\SPA\SmcGui.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\microsoft office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://globalsearch.us.oracle.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mypip.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.oracle.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpad/wpad.dat
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.oracleads.com;files.us.oracle.com;*.oraclecorp.com;*.oracle.com;*.oracleportal.com;<local>
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
    O4 - HKLM\..\Run: [AutoProfileRepair] "C:\Program Files\Oracle\Outlook Connector\profilerepair.exe" -msi
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [TweakAutomaticUpdates] C:\WINDOWS\orclobi\gdswsuspatch_soon.exe /s
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /OfficeXPHack
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [ntpgds] C:\WINDOWS\orclobi\synctime.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [903cd8a7] rundll32.exe "C:\WINDOWS\system32\pjcgqfyv.dll",b
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [FirefoxConfig] C:\WINDOWS\orclobi\config\firefoxconfig.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [ThunderbirdConfig] C:\WINDOWS\orclobi\config\tbirdconfig.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [FirefoxConfig] C:\WINDOWS\orclobi\config\firefoxconfig.exe (User 'Default user')
    O4 - Startup: hott notes 4.lnk = C:\Program Files\hott notes 4\hottnotes.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Oracle Drive.lnk = C:\Program Files\Oracle\ODrive\odrive.exe
    O4 - Global Startup: VPN Client.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://my.oracle.com
    O16 - DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - https://conference.oracle.com/imtapp/res/jar/cnsload.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {CAFECAFE-0013-0001-0025-ABCDEFABCDEF} (JInitiator 1.3.1.25) - https://global-forms.oraclecorp.com/jinitiator/oajinit.exe
    O16 - DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} (JInitiator 1.3.1.28) - https://global-forms.oraclecorp.com/jinitiator/oajinit.exe
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nl.oracle.com
    O17 - HKLM\Software\..\Telephony: DomainName = nl.oracle.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nl.oracle.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = nl.oracle.com
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = nl.oracle.com
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
    O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
    O23 - Service: Oracle Connector Automatic Updates Service (ocautoupds) - Oracle Corporation - C:\Program Files\Oracle\Outlook Connector\ocautoupds.exe
    O23 - Service: ODrive Service (OdService) - Oracle - C:\Program Files\Oracle\ODrive\XfsSvcCon.exe
    O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Symantec Protection Agent 5.1 (SmcService) - Symantec Corporation - c:\Program Files\Symantec\SPA\smc.exe
    O23 - Service: Symantec NAC Service (SNAC) - Symantec Corporation - c:\Program Files\Symantec\SPA\snac.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: WMDM PMSP Service - Unknown owner - C:\WINDOWS\system32\MsPMSPSv.exe (file missing)

    --
    End of file - 11108 bytes



    Hoop dat jullie me kunnen helpen!
    Labels: Geen
    • Citaat
  • #2
    extra info:

    In mijn Symantec antivirus History komen sinds ik het trojan.vundo virus heb ook de volgende meldingen voor:

    trojan.adclicker
    trojan.metajuan
    adware.Ezula
    casinoonnet

    Nogmaals, alvast bedankt voor jullie hulp!
    • Citaat

    Comment

    • #3
      Download VirtumundoBegone (mirror)
      Sla dit op op je bureaublad.

      Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
      Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
      Als de fix klaar is, start je de pc opnieuw op.
      Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.


      Download: RVAXO.exe
      • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
      • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
        Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
      • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
      • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
        Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
      • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
      • Post de inhoud van de logfile in je volgende bericht.


      Download Combofix naar je Bureaublad.
      Dubbelklik op Combofix.exe
      Kies voor "Continue" door 1 te typen gevolgd door ENTER.
      Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
      Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
      Plaats deze log in je volgende post.

      NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
      • Citaat

      Comment

      • #4
        Hoi!

        Bedankt voor de snelle reactie. Bij deze de logjes van respectievelijk: Virtomundobegone, RVAXO en Combifix.

        Bij de laatste opstart kreeg ik de melding missing file: system32/pjcgqfvv.dll.


        Virtomundobegone
        [12/19/2007, 10:48:03] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\erwinv\Desktop\VirtumundoBeGone.exe" )
        [12/19/2007, 10:48:13] - Detected System Information:
        [12/19/2007, 10:48:13] - Windows Version: 5.1.2600, Service Pack 2
        [12/19/2007, 10:48:13] - Current Username: erwinv (Admin)
        [12/19/2007, 10:48:13] - Windows is in NORMAL mode.
        [12/19/2007, 10:48:13] - Searching for Browser Helper Objects:
        [12/19/2007, 10:48:13] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
        [12/19/2007, 10:48:13] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
        [12/19/2007, 10:48:13] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
        [12/19/2007, 10:48:13] - BHO 4: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
        [12/19/2007, 10:48:13] - BHO 5: {5D33B3E0-4FB3-4ED1-9106-B6EB06A3B7C2} (ODriveAdvPropHelper Class)
        [12/19/2007, 10:48:13] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
        [12/19/2007, 10:48:13] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
        [12/19/2007, 10:48:13] - Finished Searching Browser Helper Objects
        [12/19/2007, 10:48:13] - Finishing up...
        [12/19/2007, 10:48:13] - Nothing found! Exiting...


        RVAXO
        ----------------RVAXO.exe first run-------------

        Files found:

        C:\WINDOWS\tasks\At1.job
        C:\WINDOWS\system32\yayvvuv.dll.vir
        C:\WINDOWS\system32\gjjlm.ini2
        C:\WINDOWS\system32\llnmp.ini2
        C:\WINDOWS\system32\nnnmp.ini2

        Uninstallers Rogue scanners:


        Folders Found:


        Hosts-file was reset, If you use a custom hosts file please replace it...

        --------------RVAXO.exe last run---------------

        Files found:

        Folders Found:

        --------------RVAXO.exe finished----------------

        Combifix
        ComboFix 07-12-19.3 - erwinv 2007-12-19 10:35:46.1 - NTFSx86
        Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.347 [GMT 1:00]
        Running from: C:\Documents and Settings\erwinv\Desktop\ComboFix.exe
        * Created a new restore point
        .

        ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        C:\WINDOWS\Downloaded Program Files\cnsload-3.0.1.357.dll
        C:\WINDOWS\Downloaded Program Files\cnsload.inf
        C:\WINDOWS\system32\gjjlm.ini
        C:\WINDOWS\system32\gjjlm.ini2
        C:\WINDOWS\system32\llnmp.ini
        C:\WINDOWS\system32\mljjg.dll
        C:\WINDOWS\system32\rhquqrsh.dll

        .
        ((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
        .

        2007-12-19 10:38 . 2007-12-19 10:38 244 --ah----- C:\sqmnoopt19.sqm
        2007-12-19 10:38 . 2007-12-19 10:38 232 --ah----- C:\sqmdata19.sqm
        2007-12-19 10:31 . 2007-12-19 10:39 <DIR> d-------- C:\RVAXO
        2007-12-19 10:25 . 2007-12-19 10:25 244 --ah----- C:\sqmnoopt18.sqm
        2007-12-19 10:25 . 2007-12-19 10:25 232 --ah----- C:\sqmdata18.sqm
        2007-12-18 17:15 . 2007-12-18 17:15 244 --ah----- C:\sqmnoopt17.sqm
        2007-12-18 17:15 . 2007-12-18 17:15 232 --ah----- C:\sqmdata17.sqm
        2007-12-18 14:34 . 2007-12-18 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
        2007-12-18 13:24 . 2007-12-18 13:24 <DIR> d-------- C:\Program Files\Lavasoft
        2007-12-18 13:24 . 2007-12-18 13:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
        2007-12-18 13:24 . 2007-12-18 13:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
        2007-12-18 13:19 . 2007-12-18 13:19 <DIR> d-------- C:\Program Files\Trend Micro
        2007-12-18 11:48 . 2007-12-18 11:48 244 --ah----- C:\sqmnoopt16.sqm
        2007-12-18 11:48 . 2007-12-18 11:48 232 --ah----- C:\sqmdata16.sqm
        2007-12-17 13:50 . 2007-12-17 13:50 244 --ah----- C:\sqmnoopt15.sqm
        2007-12-17 13:50 . 2007-12-17 13:50 232 --ah----- C:\sqmdata15.sqm
        2007-12-17 11:30 . 2007-12-17 11:30 244 --ah----- C:\sqmnoopt14.sqm
        2007-12-17 11:30 . 2007-12-17 11:30 232 --ah----- C:\sqmdata14.sqm
        2007-12-17 09:55 . 2007-12-17 09:57 1,393 --a------ C:\WINDOWS\imsins.BAK
        2007-12-17 09:23 . 2007-10-29 23:43 1,287,680 --------- C:\WINDOWS\system32\dllcache\quartz.dll
        2007-12-17 09:23 . 2007-07-06 13:46 660,992 --------- C:\WINDOWS\system32\dllcache\mqqm.dll
        2007-12-17 09:23 . 2007-07-06 13:46 471,552 --------- C:\WINDOWS\system32\dllcache\mqutil.dll
        2007-12-17 09:23 . 2007-07-06 13:46 177,152 --------- C:\WINDOWS\system32\dllcache\mqrt.dll
        2007-12-17 09:23 . 2007-07-06 13:46 138,240 --------- C:\WINDOWS\system32\dllcache\mqad.dll
        2007-12-17 09:23 . 2007-07-06 13:46 95,744 --------- C:\WINDOWS\system32\dllcache\mqsec.dll
        2007-12-17 09:23 . 2007-07-06 11:05 72,960 --------- C:\WINDOWS\system32\dllcache\mqac.sys
        2007-12-17 09:23 . 2007-07-06 13:46 48,640 --------- C:\WINDOWS\system32\dllcache\mqupgrd.dll
        2007-12-17 09:23 . 2007-07-06 13:46 47,104 --------- C:\WINDOWS\system32\dllcache\mqdscli.dll
        2007-12-17 09:23 . 2007-07-06 13:46 16,896 --------- C:\WINDOWS\system32\dllcache\mqise.dll
        2007-12-11 17:16 . 2007-12-11 17:16 244 --ah----- C:\sqmnoopt13.sqm
        2007-12-11 17:16 . 2007-12-11 17:16 232 --ah----- C:\sqmdata13.sqm
        2007-12-11 16:32 . 2007-12-11 14:33 527,649 --a------ C:\WINDOWS\system32\RVAXO.bat
        2007-12-11 16:32 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
        2007-12-10 17:15 . 2007-12-10 17:15 244 --ah----- C:\sqmnoopt12.sqm
        2007-12-10 17:15 . 2007-12-10 17:15 232 --ah----- C:\sqmdata12.sqm
        2007-12-07 16:32 . 2007-12-07 16:32 244 --ah----- C:\sqmnoopt11.sqm
        2007-12-07 16:32 . 2007-12-07 16:32 232 --ah----- C:\sqmdata11.sqm
        2007-12-07 15:49 . 2007-12-07 15:49 244 --ah----- C:\sqmnoopt10.sqm
        2007-12-07 15:49 . 2007-12-07 15:49 232 --ah----- C:\sqmdata10.sqm
        2007-12-07 14:54 . 2007-12-07 14:54 244 --ah----- C:\sqmnoopt09.sqm
        2007-12-07 14:54 . 2007-12-07 14:54 232 --ah----- C:\sqmdata09.sqm
        2007-12-07 09:32 . 2007-12-07 09:32 294 --ahs---- C:\WINDOWS\system32\vyfqgcjp.ini
        2007-12-03 15:11 . 2007-12-03 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
        2007-12-03 11:38 . 2007-12-03 11:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
        2007-12-03 11:26 . 2007-12-03 11:26 <DIR> d-------- C:\Program Files\Microsoft.NET
        2007-12-03 11:18 . 2007-12-03 11:18 <DIR> d-------- C:\Program Files\CCleaner
        2007-12-03 11:16 . 2007-12-03 11:16 <DIR> d-------- C:\Program Files\Yahoo!
        2007-12-03 10:49 . 2007-12-03 10:49 <DIR> d-------- C:\VundoFix Backups
        2007-12-03 09:50 . 2007-12-03 09:50 <DIR> d-------- C:\Program Files\Enigma Software Group
        2007-11-30 16:19 . 2007-11-30 16:19 <DIR> d-------- C:\Documents and Settings\erwinv\Application Data\DAEMON Tools Pro
        2007-11-30 16:09 . 2007-12-03 15:10 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
        2007-11-30 15:49 . 2007-11-30 15:49 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
        2007-11-29 10:06 . 2007-12-07 11:50 317 --ahs---- C:\WINDOWS\system32\nnnmp.ini
        2007-11-27 14:49 . 2007-12-03 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
        2007-11-27 14:31 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
        2007-11-26 09:56 . 2007-11-26 09:56 <DIR> d-------- C:\Temp\[email protected]
        2007-11-23 14:53 . 2007-11-23 14:53 <DIR> d-------- C:\Documents and Settings\erwinv\Application Data\Thinstall
        2007-11-23 14:28 . 2007-11-23 14:28 <DIR> d-------- C:\Temp\[email protected]
        2007-11-21 17:08 . 2007-11-21 17:08 244 --ah----- C:\sqmnoopt08.sqm
        2007-11-21 17:08 . 2007-11-21 17:08 232 --ah----- C:\sqmdata08.sqm

        .
        (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2007-11-29 15:28 --------- d-----w C:\Documents and Settings\erwinv\Application Data\Oracle Instant Chat
        2007-11-27 13:30 --------- d-----w C:\Program Files\Microsoft ActiveSync
        2007-11-27 08:33 --------- d-----w C:\Program Files\DYMO Label
        2007-11-23 14:00 --------- d-----w C:\Program Files\Norton Security Scan
        2007-11-23 13:45 --------- d-----w C:\Program Files\Mozilla Thunderbird
        2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
        2007-11-07 09:04 --------- d-----w C:\Program Files\Common Files\Oracle
        2007-10-31 10:09 --------- d-----w C:\Program Files\Java
        2006-11-06 14:23 12,500 ----a-w C:\Program Files\INSTALL.LOG
        .

        ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* empty entries & legit default entries are not shown
        REGEDIT4

        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5494722A-7881-416E-98D7-238211CEFCE5}]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 16:52]
        "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
        "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 17:34]
        "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-06-22 13:45]
        "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "CoolSwitch"="C:\WINDOWS\System32\taskswitch.exe" [2001-10-08 11:59]
        "AutoProfileRepair"="C:\Program Files\Oracle\Outlook Connector\profilerepair.exe" [2007-07-06 08:50]
        "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 18:26]
        "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 19:33]
        "TweakAutomaticUpdates"="C:\WINDOWS\orclobi\gdswsuspatch_soon.exe" [2005-12-22 11:34]
        "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2001-06-26 12:00]
        "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2001-06-26 12:00]
        "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2001-06-26 12:00]
        "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2001-06-26 12:00]
        "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2001-06-26 12:00]
        "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:56 C:\WINDOWS\system32\bthprops.cpl]
        "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 C:\WINDOWS\stsystra.exe]
        "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-07-14 15:07]
        "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-07-14 15:04]
        "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 13:58]
        "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 12:13]
        "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 00:04]
        "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01]
        "ntpgds"="C:\WINDOWS\orclobi\synctime.exe" [2003-04-07 14:59]
        "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
        "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-04-26 07:29]
        "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
        "903cd8a7"="C:\WINDOWS\system32\pjcgqfyv.dll"

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
        "FirefoxConfig"="C:\WINDOWS\orclobi\config\firefoxconfig.exe" [2006-11-01 17:31]
        "ThunderbirdConfig"="C:\WINDOWS\orclobi\config\tbirdconfig.exe" [2006-11-01 17:35]
        "TSClientMSIUninstaller"="cmd.exe" [2004-08-03 23:56 C:\WINDOWS\system32\cmd.exe]

        C:\Documents and Settings\erwinv\Start Menu\Programs\Startup\
        hott notes 4.lnk - C:\Program Files\hott notes 4\hottnotes.exe [2007-05-16 02:04:42]

        C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
        Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
        Oracle Drive.lnk - C:\Program Files\Oracle\ODrive\odrive.exe [2006-09-22 12:47:00]
        VPN Client.lnk - c:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2007-09-21 08:38:35]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
        PCANotify.dll 2004-11-01 10:50 8704 C:\WINDOWS\system32\PCANotify.dll

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
        "ERSvc"=2 (0x2)

        R1 TDFSD;TDFSD;C:\WINDOWS\system32\Drivers\TDFSD.sys [2006-09-22 12:41]
        R2 iPCAgent;iPCAgent;C:\Program Files\iPass\iPassConnect\iPCAgent.exe [2006-01-19 18:06]
        R2 MyDesktopWindows;MyDesktopService;C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe [2007-10-19 19:32]
        R2 ocautoupds;Oracle Connector Automatic Updates Service;"C:\Program Files\Oracle\Outlook Connector\ocautoupds.exe" [2007-07-06 08:47]
        R2 OdService;ODrive Service;C:\Program Files\Oracle\ODrive\XfsSvcCon.exe svcmanager
        R2 PMEMNT;PMEMNT;C:\WINDOWS\pmemnt.sys [2000-09-01 07:11]
        R2 QOSMyDesktop;QOS MyDesktop;C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe [2006-04-21 20:14]
        R2 SNAC;Symantec NAC Service;c:\Program Files\Symantec\SPA\snac.exe [2007-01-10 16:44]
        R2 WGX;Extend WG Protocol Driver;C:\WINDOWS\system32\Drivers\WGX.sys [2007-01-10 16:44]
        S4 SysGuard;SysGuard;C:\WINDOWS\system32\Drivers\Sysguard.sys [2007-01-10 16:41]
        S4 SysPlant;SysPlant for NT;C:\WINDOWS\system32\Drivers\SysPlant.sys [2007-01-10 16:46]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
        HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

        .
        Contents of the 'Scheduled Tasks' folder
        "2007-09-24 10:01:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
        - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
        "2007-12-19 09:44:55 C:\WINDOWS\Tasks\At1.job"
        - C:\WINDOWS\orclobi\gdswsuspatch.exe
        "2007-12-07 14:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
        - C:\Program Files\Norton Security Scan\Nss.exe
        .
        **************************************************************************

        catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2007-12-19 10:44:56
        Windows 5.1.2600 Service Pack 2 NTFS

        scanning hidden processes ...

        scanning hidden autostart entries ...

        scanning hidden files ...

        scan completed successfully
        hidden files: 0

        **************************************************************************
        .
        Completion time: 2007-12-19 10:46:10 - machine was rebooted
        .
        2007-12-03 12:17:12 --- E O F ---
        • Citaat

        Comment

        • #5
          Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
          Dit zal alles van RVAXO doen verwijderen.

          Download de bijlage: CFScript.txt

          Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



          Dit zal ComboFix doen herstarten.
          Start opnieuw op als daarom gevraagd wordt,
          en post de inhoud van de Combofix.txt in je volgende antwoord.
          Bijgevoegde Bestanden
          • Citaat

          Comment

          • #6
            Bij deze

            ComboFix 07-12-19.3 - erwinv 2007-12-19 13:38:23.2 - NTFSx86
            Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.361 [GMT 1:00]
            Running from: C:\Documents and Settings\erwinv\Desktop\ComboFix.exe
            Command switches used :: C:\Documents and Settings\erwinv\Desktop\cfscript.txt
            * Created a new restore point

            FILE
            C:\WINDOWS\system32\nnnmp.ini
            C:\WINDOWS\system32\vyfqgcjp.ini
            .

            ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            C:\VundoFix Backups
            C:\WINDOWS\system32\nnnmp.ini
            C:\WINDOWS\system32\vyfqgcjp.ini

            .
            ((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
            .

            2007-12-19 10:38 . 2007-12-19 10:38 244 --ah----- C:\sqmnoopt19.sqm
            2007-12-19 10:38 . 2007-12-19 10:38 232 --ah----- C:\sqmdata19.sqm
            2007-12-19 10:25 . 2007-12-19 10:25 244 --ah----- C:\sqmnoopt18.sqm
            2007-12-19 10:25 . 2007-12-19 10:25 232 --ah----- C:\sqmdata18.sqm
            2007-12-18 17:15 . 2007-12-18 17:15 244 --ah----- C:\sqmnoopt17.sqm
            2007-12-18 17:15 . 2007-12-18 17:15 232 --ah----- C:\sqmdata17.sqm
            2007-12-18 14:34 . 2007-12-18 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
            2007-12-18 13:24 . 2007-12-18 13:24 <DIR> d-------- C:\Program Files\Lavasoft
            2007-12-18 13:24 . 2007-12-18 13:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
            2007-12-18 13:24 . 2007-12-18 13:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
            2007-12-18 13:19 . 2007-12-18 13:19 <DIR> d-------- C:\Program Files\Trend Micro
            2007-12-18 11:48 . 2007-12-18 11:48 244 --ah----- C:\sqmnoopt16.sqm
            2007-12-18 11:48 . 2007-12-18 11:48 232 --ah----- C:\sqmdata16.sqm
            2007-12-17 13:50 . 2007-12-17 13:50 244 --ah----- C:\sqmnoopt15.sqm
            2007-12-17 13:50 . 2007-12-17 13:50 232 --ah----- C:\sqmdata15.sqm
            2007-12-17 11:30 . 2007-12-17 11:30 244 --ah----- C:\sqmnoopt14.sqm
            2007-12-17 11:30 . 2007-12-17 11:30 232 --ah----- C:\sqmdata14.sqm
            2007-12-17 09:55 . 2007-12-17 09:57 1,393 --a------ C:\WINDOWS\imsins.BAK
            2007-12-17 09:23 . 2007-10-29 23:43 1,287,680 --------- C:\WINDOWS\system32\dllcache\quartz.dll
            2007-12-17 09:23 . 2007-07-06 13:46 660,992 --------- C:\WINDOWS\system32\dllcache\mqqm.dll
            2007-12-17 09:23 . 2007-07-06 13:46 471,552 --------- C:\WINDOWS\system32\dllcache\mqutil.dll
            2007-12-17 09:23 . 2007-07-06 13:46 177,152 --------- C:\WINDOWS\system32\dllcache\mqrt.dll
            2007-12-17 09:23 . 2007-07-06 13:46 138,240 --------- C:\WINDOWS\system32\dllcache\mqad.dll
            2007-12-17 09:23 . 2007-07-06 13:46 95,744 --------- C:\WINDOWS\system32\dllcache\mqsec.dll
            2007-12-17 09:23 . 2007-07-06 11:05 72,960 --------- C:\WINDOWS\system32\dllcache\mqac.sys
            2007-12-17 09:23 . 2007-07-06 13:46 48,640 --------- C:\WINDOWS\system32\dllcache\mqupgrd.dll
            2007-12-17 09:23 . 2007-07-06 13:46 47,104 --------- C:\WINDOWS\system32\dllcache\mqdscli.dll
            2007-12-17 09:23 . 2007-07-06 13:46 16,896 --------- C:\WINDOWS\system32\dllcache\mqise.dll
            2007-12-11 17:16 . 2007-12-11 17:16 244 --ah----- C:\sqmnoopt13.sqm
            2007-12-11 17:16 . 2007-12-11 17:16 232 --ah----- C:\sqmdata13.sqm
            2007-12-10 17:15 . 2007-12-10 17:15 244 --ah----- C:\sqmnoopt12.sqm
            2007-12-10 17:15 . 2007-12-10 17:15 232 --ah----- C:\sqmdata12.sqm
            2007-12-07 16:32 . 2007-12-07 16:32 244 --ah----- C:\sqmnoopt11.sqm
            2007-12-07 16:32 . 2007-12-07 16:32 232 --ah----- C:\sqmdata11.sqm
            2007-12-07 15:49 . 2007-12-07 15:49 244 --ah----- C:\sqmnoopt10.sqm
            2007-12-07 15:49 . 2007-12-07 15:49 232 --ah----- C:\sqmdata10.sqm
            2007-12-07 14:54 . 2007-12-07 14:54 244 --ah----- C:\sqmnoopt09.sqm
            2007-12-07 14:54 . 2007-12-07 14:54 232 --ah----- C:\sqmdata09.sqm
            2007-12-03 15:11 . 2007-12-03 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
            2007-12-03 11:38 . 2007-12-03 11:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
            2007-12-03 11:26 . 2007-12-03 11:26 <DIR> d-------- C:\Program Files\Microsoft.NET
            2007-12-03 11:18 . 2007-12-03 11:18 <DIR> d-------- C:\Program Files\CCleaner
            2007-12-03 11:16 . 2007-12-03 11:16 <DIR> d-------- C:\Program Files\Yahoo!
            2007-12-03 09:50 . 2007-12-03 09:50 <DIR> d-------- C:\Program Files\Enigma Software Group
            2007-11-30 16:19 . 2007-11-30 16:19 <DIR> d-------- C:\Documents and Settings\erwinv\Application Data\DAEMON Tools Pro
            2007-11-30 16:09 . 2007-12-03 15:10 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
            2007-11-30 15:49 . 2007-11-30 15:49 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
            2007-11-27 14:49 . 2007-12-03 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
            2007-11-27 14:31 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
            2007-11-26 09:56 . 2007-11-26 09:56 <DIR> d-------- C:\Temp\[email protected]
            2007-11-23 14:53 . 2007-11-23 14:53 <DIR> d-------- C:\Documents and Settings\erwinv\Application Data\Thinstall
            2007-11-23 14:28 . 2007-11-23 14:28 <DIR> d-------- C:\Temp\[email protected]
            2007-11-21 17:08 . 2007-11-21 17:08 244 --ah----- C:\sqmnoopt08.sqm
            2007-11-21 17:08 . 2007-11-21 17:08 232 --ah----- C:\sqmdata08.sqm

            .
            (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2007-11-29 15:28 --------- d-----w C:\Documents and Settings\erwinv\Application Data\Oracle Instant Chat
            2007-11-27 13:30 --------- d-----w C:\Program Files\Microsoft ActiveSync
            2007-11-27 08:33 --------- d-----w C:\Program Files\DYMO Label
            2007-11-23 14:00 --------- d-----w C:\Program Files\Norton Security Scan
            2007-11-23 13:45 --------- d-----w C:\Program Files\Mozilla Thunderbird
            2007-11-14 07:26 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
            2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
            2007-11-07 09:04 --------- d-----w C:\Program Files\Common Files\Oracle
            2007-10-31 10:09 --------- d-----w C:\Program Files\Java
            2007-10-30 14:25 3,065,856 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
            2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
            2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
            2007-10-27 16:40 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
            2007-10-11 05:57 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
            2007-10-11 05:57 666,112 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
            2007-10-11 05:57 617,984 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
            2007-10-11 05:57 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
            2007-10-11 05:57 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
            2007-10-11 05:57 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
            2007-10-11 05:57 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
            2007-10-11 05:57 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
            2007-10-11 05:57 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
            2007-10-11 05:57 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
            2007-10-11 05:57 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
            2007-10-11 05:57 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
            2007-10-11 05:57 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
            2007-10-11 05:57 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
            2007-10-11 05:57 1,498,112 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
            2007-10-11 05:57 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
            2007-10-11 05:57 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
            2007-10-10 10:48 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
            2006-11-07 12:54 2,016,433 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
            2006-11-06 14:23 12,500 ----a-w C:\Program Files\INSTALL.LOG
            .

            ((((((((((((((((((((((((((((( [email protected]_10.45.45.21 )))))))))))))))))))))))))))))))))))))))))
            .
            - 2007-12-19 09:40:31 282,190 ----a-w C:\WINDOWS\ORCLOBI\MyDesktop\script.dat
            + 2007-12-19 12:34:30 282,190 ----a-w C:\WINDOWS\ORCLOBI\MyDesktop\script.dat
            - 2007-12-19 09:45:17 71,302 ----a-w C:\WINDOWS\system32\perfc009.dat
            + 2007-12-19 12:39:15 71,302 ----a-w C:\WINDOWS\system32\perfc009.dat
            - 2007-12-19 09:45:17 439,598 ----a-w C:\WINDOWS\system32\perfh009.dat
            + 2007-12-19 12:39:15 439,598 ----a-w C:\WINDOWS\system32\perfh009.dat
            .
            ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            *Note* empty entries & legit default entries are not shown
            REGEDIT4

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 16:52]
            "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
            "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 17:34]
            "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-06-22 13:45]
            "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "CoolSwitch"="C:\WINDOWS\System32\taskswitch.exe" [2001-10-08 11:59]
            "AutoProfileRepair"="C:\Program Files\Oracle\Outlook Connector\profilerepair.exe" [2007-07-06 08:50]
            "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 18:26]
            "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 19:33]
            "TweakAutomaticUpdates"="C:\WINDOWS\orclobi\gdswsuspatch_soon.exe" [2005-12-22 11:34]
            "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2001-06-26 12:00]
            "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2001-06-26 12:00]
            "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2001-06-26 12:00]
            "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2001-06-26 12:00]
            "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2001-06-26 12:00]
            "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:56 C:\WINDOWS\system32\bthprops.cpl]
            "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 C:\WINDOWS\stsystra.exe]
            "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-07-14 15:07]
            "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-07-14 15:04]
            "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 13:58]
            "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 12:13]
            "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 00:04]
            "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01]
            "ntpgds"="C:\WINDOWS\orclobi\synctime.exe" [2003-04-07 14:59]
            "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
            "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-04-26 07:29]
            "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]

            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
            "FirefoxConfig"="C:\WINDOWS\orclobi\config\firefoxconfig.exe" [2006-11-01 17:31]
            "ThunderbirdConfig"="C:\WINDOWS\orclobi\config\tbirdconfig.exe" [2006-11-01 17:35]
            "TSClientMSIUninstaller"="cmd.exe" [2004-08-03 23:56 C:\WINDOWS\system32\cmd.exe]

            C:\Documents and Settings\erwinv\Start Menu\Programs\Startup\
            hott notes 4.lnk - C:\Program Files\hott notes 4\hottnotes.exe [2007-05-16 02:04:42]

            C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
            Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
            Oracle Drive.lnk - C:\Program Files\Oracle\ODrive\odrive.exe [2006-09-22 12:47:00]
            VPN Client.lnk - c:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2007-09-21 08:38:35]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
            PCANotify.dll 2004-11-01 10:50 8704 C:\WINDOWS\system32\PCANotify.dll

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
            "ERSvc"=2 (0x2)

            R1 TDFSD;TDFSD;C:\WINDOWS\system32\Drivers\TDFSD.sys [2006-09-22 12:41]
            R2 iPCAgent;iPCAgent;C:\Program Files\iPass\iPassConnect\iPCAgent.exe [2006-01-19 18:06]
            R2 MyDesktopWindows;MyDesktopService;C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe [2007-10-19 19:32]
            R2 ocautoupds;Oracle Connector Automatic Updates Service;"C:\Program Files\Oracle\Outlook Connector\ocautoupds.exe" [2007-07-06 08:47]
            R2 OdService;ODrive Service;C:\Program Files\Oracle\ODrive\XfsSvcCon.exe svcmanager
            R2 PMEMNT;PMEMNT;C:\WINDOWS\pmemnt.sys [2000-09-01 07:11]
            R2 QOSMyDesktop;QOS MyDesktop;C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe [2006-04-21 20:14]
            R2 SNAC;Symantec NAC Service;c:\Program Files\Symantec\SPA\snac.exe [2007-01-10 16:44]
            R2 WGX;Extend WG Protocol Driver;C:\WINDOWS\system32\Drivers\WGX.sys [2007-01-10 16:44]
            S4 SysGuard;SysGuard;C:\WINDOWS\system32\Drivers\Sysguard.sys [2007-01-10 16:41]
            S4 SysPlant;SysPlant for NT;C:\WINDOWS\system32\Drivers\SysPlant.sys [2007-01-10 16:46]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
            HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

            .
            Contents of the 'Scheduled Tasks' folder
            "2007-09-24 10:01:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
            - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
            "2007-12-19 12:34:46 C:\WINDOWS\Tasks\At1.job"
            - C:\WINDOWS\orclobi\gdswsuspatch.exe
            "2007-12-07 14:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
            - C:\Program Files\Norton Security Scan\Nss.exe
            .
            **************************************************************************

            catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2007-12-19 13:39:42
            Windows 5.1.2600 Service Pack 2 NTFS

            scanning hidden processes ...






            scanning hidden autostart entries ...

            scanning hidden files ...

            scan completed successfully
            hidden files: 0

            **************************************************************************
            .
            Completion time: 2007-12-19 13:40:07
            C:\ComboFix2.txt ... 2007-12-19 10:46
            .
            2007-12-03 12:17:12 --- E O F ---
            • Citaat

            Comment

            • #7
              Verwijder de volgende map:
              C:\Qoobox\

              Maak dan je prullenbak leeg.

              Download ATF cleaner (mirror)(gemaakt door Atribune)

              Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

              Dubbelklik op ATF cleaner om het programma te starten.
              Op het tabblad "Main", plaats je een vinkje bij Select All.
              Klik op de knop Empty Selected.

              Het volgende doen als je ook FireFox als browser hebt:
              Klik op tabblad "Firefox", plaats een vinkje bij Select All.
              Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
              (dit haalt het vinkje weer weg bij "Firefox saved passwords")
              Klik op de knop Empty Selected.

              Het volgende doen als je ook Opera als browser hebt:
              Klik op tabblad "Opera", plaats een vinkje bij Select All.
              Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
              Klik op de knop Empty Selected.
              Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

              Ga naar Start - Uitvoeren en geef hier het volgende in:
              Combofix /U
              Druk daarna op OK.
              Let op: Er moet een spatie tussen Combofix en /U zitten.

              Dit zal Combofix deïnstalleren.

              Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
              Kijk hier hoe je je systeemherstel moet uitschakelen.
              Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

              Zijn alle problemen dan voorbij?
              • Citaat

              Comment

              • #8
                Het ziet er allemaal goed uit!

                het enige is dat ik mijn handtekening niet meer kan plaatsen in Outlook. Iets wat ontstaan is rondom de start van alle andere problemen. En ik kan vanuit Outlook niet meer klikken op doorgestuurde links. Er wordt wel een Internet explorer scherm geopend, maar die blijft vervolgens leeg. Weet je toevallig wat daar de oorzak van zou kunnen zijn? En is het op te lossen?

                Verder helemaal top!

                Bedankt voor de hulp en snelle reacties!

                Fijne feestdagen gewenst alvast!

                Groet , Erwin
                • Citaat

                Comment

                • #9
                  Post eens een nieuw logje van Hijackthis
                  • Citaat

                  Comment

                  • #10
                    Nieuwe Hijack this

                    Bij deze!

                    Logfile of Trend Micro HijackThis v2.0.2
                    Scan saved at 15:59:40, on 20-12-2007
                    Platform: Windows XP SP2 (WinNT 5.01.2600)
                    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                    Boot mode: Normal

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    c:\Program Files\Symantec\SPA\smc.exe
                    c:\Program Files\Symantec\SPA\snac.exe
                    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                    c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
                    C:\Program Files\Symantec AntiVirus\DefWatch.exe
                    C:\Program Files\iPass\iPassConnect\iPCAgent.exe
                    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                    C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
                    C:\Program Files\Oracle\Outlook Connector\ocautoupds.exe
                    C:\Program Files\Oracle\ODrive\XfsSvcCon.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
                    C:\Program Files\Symantec AntiVirus\SavRoam.exe
                    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
                    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                    C:\WINDOWS\Explorer.EXE
                    c:\Program Files\Symantec\SPA\SmcGui.exe
                    C:\WINDOWS\System32\taskswitch.exe
                    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                    C:\PROGRA~1\SYMANT~1\VPTray.exe
                    C:\WINDOWS\system32\rundll32.exe
                    C:\WINDOWS\stsystra.exe
                    C:\WINDOWS\system32\hkcmd.exe
                    C:\Program Files\Dell\QuickSet\quickset.exe
                    C:\Program Files\Apoint\Apoint.exe
                    C:\Program Files\Apoint\HidFind.exe
                    C:\WINDOWS\system32\dla\tfswctrl.exe
                    C:\Program Files\Apoint\Apntex.exe
                    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
                    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
                    C:\Program Files\MSN Messenger\MsnMsgr.Exe
                    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
                    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
                    C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
                    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
                    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
                    C:\Program Files\Oracle\ODrive\odrive.exe
                    C:\Program Files\hott notes 4\hottnotes.exe
                    C:\Program Files\Oracle\ODrive\ODFWAgent.exe
                    C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
                    C:\Program Files\microsoft office\OFFICE11\OUTLOOK.EXE
                    D:\Uitgepakte bestanden\office 2007 Portable\Portable Microsoft Office 2007\EXCEL.EXE
                    C:\Program Files\Mozilla Firefox\firefox.exe
                    D:\Uitgepakte bestanden\office 2007 Portable\Portable Microsoft Office 2007\POWERPNT.EXE
                    C:\Program Files\Internet Explorer\iexplore.exe
                    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mypip.nl/
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.oracle.com
                    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
                    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpad/wpad.dat
                    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.oracleads.com;files.us.oracle.com;*.oraclecorp.com;*.oracle.com;*.oracleportal.com;<local>
                    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
                    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
                    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
                    O2 - BHO: ODriveAdvPropHelper Class - {5D33B3E0-4FB3-4ED1-9106-B6EB06A3B7C2} - C:\WINDOWS\SYSTEM32\ODriveHelper.DLL
                    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
                    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
                    O4 - HKLM\..\Run: [AutoProfileRepair] "C:\Program Files\Oracle\Outlook Connector\profilerepair.exe" -msi
                    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
                    O4 - HKLM\..\Run: [TweakAutomaticUpdates] C:\WINDOWS\orclobi\gdswsuspatch_soon.exe /s
                    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
                    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
                    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
                    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
                    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /OfficeXPHack
                    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
                    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
                    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
                    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
                    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
                    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
                    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
                    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
                    O4 - HKLM\..\Run: [ntpgds] C:\WINDOWS\orclobi\synctime.exe
                    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
                    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
                    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
                    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
                    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
                    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                    O4 - HKUS\S-1-5-18\..\RunOnce: [FirefoxConfig] C:\WINDOWS\orclobi\config\firefoxconfig.exe (User 'SYSTEM')
                    O4 - HKUS\S-1-5-18\..\RunOnce: [ThunderbirdConfig] C:\WINDOWS\orclobi\config\tbirdconfig.exe (User 'SYSTEM')
                    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
                    O4 - HKUS\.DEFAULT\..\RunOnce: [FirefoxConfig] C:\WINDOWS\orclobi\config\firefoxconfig.exe (User 'Default user')
                    O4 - Startup: hott notes 4.lnk = C:\Program Files\hott notes 4\hottnotes.exe
                    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                    O4 - Global Startup: Oracle Drive.lnk = C:\Program Files\Oracle\ODrive\odrive.exe
                    O4 - Global Startup: VPN Client.lnk = ?
                    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
                    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
                    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
                    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
                    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O14 - IERESET.INF: START_PAGE_URL=http://my.oracle.com
                    O16 - DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - https://conference.oracle.com/imtapp/res/jar/cnsload.cab
                    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
                    O16 - DPF: {CAFECAFE-0013-0001-0025-ABCDEFABCDEF} (JInitiator 1.3.1.25) - https://global-forms.oraclecorp.com/jinitiator/oajinit.exe
                    O16 - DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} (JInitiator 1.3.1.28) - https://global-forms.oraclecorp.com/jinitiator/oajinit.exe
                    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nl.oracle.com
                    O17 - HKLM\Software\..\Telephony: DomainName = nl.oracle.com
                    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nl.oracle.com
                    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = nl.oracle.com
                    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = nl.oracle.com
                    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                    O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
                    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
                    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
                    O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
                    O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
                    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                    O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
                    O23 - Service: Oracle Connector Automatic Updates Service (ocautoupds) - Oracle Corporation - C:\Program Files\Oracle\Outlook Connector\ocautoupds.exe
                    O23 - Service: ODrive Service (OdService) - Oracle - C:\Program Files\Oracle\ODrive\XfsSvcCon.exe
                    O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
                    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
                    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
                    O23 - Service: Symantec Protection Agent 5.1 (SmcService) - Symantec Corporation - c:\Program Files\Symantec\SPA\smc.exe
                    O23 - Service: Symantec NAC Service (SNAC) - Symantec Corporation - c:\Program Files\Symantec\SPA\snac.exe
                    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
                    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
                    O23 - Service: WMDM PMSP Service - Unknown owner - C:\WINDOWS\system32\MsPMSPSv.exe (file missing)

                    --
                    End of file - 12084 bytes
                    • Citaat

                    Comment

                    • #11
                      Probeer deze tool eens: http://windowsxp.mvps.org/IEFIX.htm
                      • Citaat

                      Comment

                      • #12
                        vakantie

                        Hoi,

                        Ik was even vergeten te melden dat ik op vakantie ben en derhalve niet de laptop kan controleren. Wanneer ik terugben zal ik dit direct doen en weer van me laten horen.

                        Groet
                        • Citaat

                        Comment

                        Vorige template Volgende
                        Sorry, you are not authorized to view this page
                        Working...
                        X