Mededeling

Collapse
No announcement yet.

Win 32: Agent-OKH

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Win 32: Agent-OKH

    Beste lezer,

    Mijn computer is ongelooflijk traag met opstarten en ik krijg de melding dat er een Trojaans paard gevonden is(Win 32: Agent-OKH). Ik had tot gisteren Avira AntiVir op mijn computer staan maar die gaf de melding dat het trojaanse paard niet verwijdert kon worden. Nu heb ik er Avast opgerzet in de hoop dat het daarmee wel lukte maar daarmee krijg ik dezelfde melding.

    Ik heb zoals gevraagd eerst Spybot en ad-aware laten lopen en toen het volegende log gedraaid met HijackThis:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:06:57, on 26-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\WINDOWS\System32\hphmon04.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    C:\Program Files\UPC\bin\sprtcmd.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Outlook Express\MSIMN.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scrapbookpapier.nl/mb/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door chello broadband n.v.
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
    O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [WinInit] Win86.exe
    O4 - HKLM\..\Run: [WinLogin] win32x.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Win Updator Services] ctfnom.exe
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
    O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UPC] "C:\Program Files\UPC\bin\sprtcmd.exe" /P UPC
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SystemSv12] C:\WINDOWS\system32\newmaxxsv234.exe
    O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\RunServices: [Microsoft--Updates] sxvhost.exe
    O4 - HKLM\..\RunServices: [Win Updator Services] ctfnom.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [Win Updator Services] ctfnom.exe
    O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?11573ff5643147f0a3a7b1a9fff3678b
    O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?11573ff5643147f0a3a7b1a9fff3678b
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134688477796
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://fotoservice.fotoquelle.nl/FotoQuelle/UserControls/Part/Upload/ImageUploader3.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4363/mcfscan.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe


    Ik hoop dat je me van dit probleem af kan helpen...

    Alvast bedankt voor de moeite!

    Grt,
    Ingen
    Labels: Geen
    • Citaat
  • #2
    Hallo Ingen,

    1. Download SDFix naar je Bureaublad.
    • Dubbelklik om uit te pakken naar een eigen map met de naam SDFix.
      Start je computer op in veilige modus.
      Open de map SDfix en dubbelklik op runthis.bat om de tool te starten.
      Computer laten herstarten wanneer dit gevraagd wordt.
      SDfix loopt verder en opent na afloop een rapportje!.
      Post dit rapport in je volgende antwoord.

    2. Download Combofix naar je Bureaublad.
    • Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

      OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
      • Dubbelklik op Combofix.exe
        Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

      Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
      Plaats deze log in je volgende post, samen met het logje van SDFix.

    Groeten,
    Thor
    Wat er ook gebeurt, doe alsof het de bedoeling is ...
    ---------------------------------------------

    Preventie: Spywareblaster.
    Online scans: Kaspersky Online--Bitdefender--Verdacht bestandje? Kontroleer het hier.
    Antispyware-scans: Adaware SE--Spybot Search&Destroy--Installeer deze scanners NIET !!
    • Citaat

    Comment

    • #3
      Ten eerste bedankt voor de super snelle reactie. Dat had ik op 2de kerstdag helemaal niet verwacht!

      Hier de logs, ik doe het even in twee berichten want ik krijg een melding over teveel afbeeldingen.

      SDFix: Version 1.119

      Run by Administrator on wo 26-12-2007 at 17:12

      Microsoft Windows XP [versie 5.1.2600]

      Running From: C:\DOCUME~1\INGENK~1\MIJNDO~1\SDFix

      Safe Mode:
      Checking Services:

      Name:
      Driver
      runtime
      SysLibrary

      Path:
      \??\C:\WINDOWS\system32\kernelw.sys
      \??\C:\WINDOWS\System32\drivers\runtime.sys
      \??\C:\WINDOWS\system32\DefLib.sys

      Driver - Deleted
      runtime - Deleted
      SysLibrary - Deleted


      Restoring Windows Registry Values
      Restoring Windows Default Hosts File

      Rebooting...

      Service ctl_w32 - Deleted after Reboot

      Normal Mode:
      Checking Files:

      Trojan Files Found:

      C:\WINDOWS\SYSTEM32\FTPUPD.EXE - Deleted
      C:\WINDOWS\system32\0_exception.nls - Deleted
      C:\WINDOWS\system32\dllh8jkd1q8.exe - Deleted
      C:\WINDOWS\system32\TFTP1220 - Deleted
      C:\WINDOWS\system32\TFTP2876 - Deleted
      C:\WINDOWS\system32\TFTP3008 - Deleted
      C:\WINDOWS\system32\TFTP3024 - Deleted
      C:\WINDOWS\system32\TFTP860 - Deleted
      C:\WINDOWS\Temp\startdrv.exe - Deleted
      C:\WINDOWS\system32\drivers\ctl_w32.sys - Deleted




      Removing Temp Files...

      ADS Check:

      C:\WINDOWS
      No streams found.

      C:\WINDOWS\system32
      No streams found.

      C:\WINDOWS\system32\svchost.exe
      No streams found.

      C:\WINDOWS\system32\ntoskrnl.exe
      No streams found.



      Final Check:

      catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2007-12-26 17:26:47
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden services & system hive ...

      scanning hidden registry entries ...

      scanning hidden files ...

      scan completed successfully
      hidden processes: 0
      hidden services: 0
      hidden files: 0


      Remaining Services:
      ------------------



      Authorized Application Key Export:

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
      "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
      "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
      "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
      "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
      "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
      "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

      Remaining Files:
      ---------------

      File Backups: - C:\DOCUME~1\INGENK~1\MIJNDO~1\SDFix\backups\backups.zip

      Files with Hidden Attributes:

      Sat 23 Sep 2006 19,456 ...H. --- "C:\Documents and Settings\Ingen Kok\Local Settings\Temp\~WRL2612.tmp"
      Sat 23 Sep 2006 19,456 ...H. --- "C:\Documents and Settings\Ingen Kok\Local Settings\Temp\~WRL3711.tmp"
      Sat 14 Feb 2004 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg"
      Sat 14 Feb 2004 12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg"
      Sun 8 Jan 2006 9,718 A..H. --- "C:\Program Files\Microsoft Office\Office\Werkbalk\Off2.tmp"
      Wed 23 Jul 2003 38,912 A..H. --- "C:\Documents and Settings\Ingen Kok\Mijn documenten\Mijn documenten\Jort\~WRL0133.tmp"

      Finished!
      • Citaat

      Comment

      • #4
        ComboFix 07-12-21.4 - Ingen Kok 2007-12-26 18:34:35.1 - NTFSx86
        Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.78 [GMT 1:00]
        Gestart vanuit: C:\Documents and Settings\Ingen Kok\Local Settings\Temporary Internet Files\Content.IE5\BOL6FW56\ComboFix[1].exe
        * Nieuw herstelpunt werd aangemaakt
        .

        (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        C:\Documents and Settings\Robert Monteban\Application Data\install.dat
        C:\WINDOWS\system32\9_exception.nls
        C:\WINDOWS\system32\shellgui32.dll

        .
        ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

        .
        -------\LEGACY_RUNTIME
        -------\LEGACY_SYSLIBRARY


        (((((((((((((((((((( Bestanden Gemaakt van 2007-11-26 to 2007-12-26 ))))))))))))))))))))))))))))))
        .

        2007-12-26 18:46 . 2007-12-26 18:46 0 --a------ C:\WINDOWS\SYSTEM32\3_exception.nls
        2007-12-26 17:11 . 2007-12-26 17:11 <DIR> d-------- C:\WINDOWS\ERUNT
        2007-12-26 16:57 . 2007-12-26 16:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Verzendmap van Share-to-Web
        2007-12-26 00:38 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
        2007-12-26 00:38 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
        2007-12-26 00:37 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
        2007-12-26 00:37 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys
        2007-12-21 01:27 . 2007-12-26 18:44 21,760 --a------ C:\WINDOWS\Msx31.sys
        2007-12-20 23:03 . 2007-12-21 01:26 1,261,568 --a------ C:\ffastunT.ffl
        2007-12-20 16:48 . 2007-12-20 16:48 21,760 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Msx31.sys
        2007-12-18 18:53 . 2007-12-18 18:53 <DIR> d-------- C:\Program Files\Smoby Players
        2007-12-18 18:26 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\hidusb.sys
        2007-12-18 18:26 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hidusb.sys
        2007-12-08 16:42 . 2007-12-08 16:42 <DIR> d-------- C:\Program Files\DIFX

        .
        ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2007-12-25 22:56 --------- d-----w C:\Program Files\Lavasoft
        2007-12-25 22:56 --------- d-----w C:\Documents and Settings\Ingen Kok\Application Data\Lavasoft
        2007-12-25 22:18 --------- d-----r C:\Program Files\TypingMaster
        2007-12-25 22:15 --------- d-----w C:\Program Files\Gamenext
        2007-12-16 11:03 3,643 ----a-w C:\Documents and Settings\Ingen Kok\Application Data\mdb.bin
        2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
        2007-11-29 21:51 --------- d-----w C:\Program Files\Windows Live Toolbar
        2007-11-16 23:29 --------- d-----w C:\Documents and Settings\Robert Monteban\Application Data\MSN6
        2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
        2004-07-09 18:57 1,384 ----a-w C:\Documents and Settings\Robert Monteban\system.sys
        2004-06-29 06:45 1,384 ----a-w C:\Documents and Settings\Ingen Kok\system.sys
        2003-07-20 10:20 14,899,160 ----a-w C:\Program Files\AcroReader51_NLD_full.exe
        .

        ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        REGEDIT4
        *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
        "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 01:03 C:\WINDOWS\SYSTEM32\rundll32.exe]
        "Win Updator Services"="ctfnom.exe"

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:03 C:\WINDOWS\SYSTEM32\rundll32.exe]
        "WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2000-07-12 10:59]
        "Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-12 12:14]
        "Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-29 15:56]
        "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 16:44]
        "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-04-04 20:49]
        "HPHmon04"="C:\WINDOWS\System32\hphmon04.exe" [2002-04-04 20:48]
        "HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-04-04 21:04]
        "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19]
        "NAV Agent"="C:\PROGRA~1\NORTON~1\navapw32.exe"
        "windows auto update"=""
        "WinInit"="Win86.exe"
        "nwiz"="nwiz.exe" [2003-10-06 13:16 C:\WINDOWS\SYSTEM32\nwiz.exe]
        "Win Updator Services"="ctfnom.exe"
        "DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04]
        "Adware.Srv32"="C:\WINDOWS\system32\runsrv32.exe"
        "EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 13:09]
        "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe"
        "UPC"="C:\Program Files\UPC\bin\sprtcmd.exe" [2005-08-16 07:12]
        "RemoteAssist"=""
        "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
        "Microsoft--Updates"="sxvhost.exe"
        "Win Updator Services"="ctfnom.exe"

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03]
        "Win Updator Services"="ctfnom.exe"

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
        "Win Updator Services"="ctfnom.exe"

        C:\Documents and Settings\Ingen Kok\Menu Start\Programma's\Opstarten\
        Microsoft Office Snelzoeken.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-02-02 23:00:00]
        Office Opstarten.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-02-02 23:00:00]

        C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
        Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
        Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2002-09-04 23:30:50]
        Herinneringen van Microsoft Works Agenda.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-12 12:14:38]

        [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
        "{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}"= C:\WINDOWS\system32\ioctrl.dll [ ]

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Msx31.sys]
        @="Driver"

        R0 Msx31;Msx31;C:\WINDOWS\system32\Drivers\Msx31.sys [2007-12-20 16:48]
        R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 03:00]
        S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 21:52]

        .
        Inhoud van de 'Gedeelde Taken' map
        "2007-12-26 16:56:02 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"
        .
        **************************************************************************

        catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2007-12-26 18:46:13
        Windows 5.1.2600 Service Pack 2 NTFS

        scannen van verborgen processen ...

        scannen van verborgen autostart items ...

        scannen van verborgen bestanden ...

        Scan succesvol afgerond
        verborgen bestanden: 0

        **************************************************************************
        .
        Voltooingstijd: 2007-12-26 18:49:40 - machine was rebooted
        .
        2007-12-12 19:08:52 --- E O F ---
        • Citaat

        Comment

        • #5
          Hallo Ingen,

          Nog wat opruimen :

          Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
          • File::
            C:\WINDOWS\SYSTEM32\3_exception.nls
            C:\WINDOWS\Msx31.sys
            C:\WINDOWS\SYSTEM32\DRIVERS\Msx31.sys
            C:\WINDOWS\system32\runsrv32.exe
            Driver::
            Msx31
            Registry::
            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "Win Updator Services"=-
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "windows auto update"=-
            "WinInit"=-
            "Win Updator Services"=-
            "RemoteAssist"=-
            "Adware.Srv32"=-
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
            "Microsoft--Updates"=-
            "Win Updator Services"=-
            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
            "Win Updator Services"=-
            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
            "Win Updator Services"=-
            [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Msx31.sys]

          Sla dit vervolgens op op je Bureaublad als CFScript.txt.

          Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



          Dit zal ComboFix doen herstarten.
          Start opnieuw op als daarom gevraagd wordt,
          en post de inhoud van de Combofix.txt in je volgende antwoord samen met een HijackThislogje.

          Ondervind je nog problemen ?

          Groeten,
          Thor
          Wat er ook gebeurt, doe alsof het de bedoeling is ...
          ---------------------------------------------

          Preventie: Spywareblaster.
          Online scans: Kaspersky Online--Bitdefender--Verdacht bestandje? Kontroleer het hier.
          Antispyware-scans: Adaware SE--Spybot Search&Destroy--Installeer deze scanners NIET !!
          • Citaat

          Comment

          • #6
            Ik had voornamelijk last tijden het opstarten en dat lijkt nu goed te gaan.

            Dit zijn de twee gevraagde logs:

            ComboFix 07-12-21.4 - Ingen Kok 2007-12-26 20:00:57.2 - NTFSx86
            Gestart vanuit: C:\Documents and Settings\Ingen Kok\Bureaublad\ComboFix.exe
            Command switches used :: C:\Documents and Settings\Ingen Kok\Bureaublad\CFScript.txt
            * Nieuw herstelpunt werd aangemaakt

            FILE
            C:\WINDOWS\Msx31.sys
            C:\WINDOWS\SYSTEM32\3_exception.nls
            C:\WINDOWS\SYSTEM32\DRIVERS\Msx31.sys
            C:\WINDOWS\system32\runsrv32.exe
            .

            (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            C:\WINDOWS\Msx31.sys
            C:\WINDOWS\system32\3_exception.nls
            C:\WINDOWS\SYSTEM32\DRIVERS\Msx31.sys

            .
            ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

            .
            -------\LEGACY_MSX31
            -------\Msx31


            (((((((((((((((((((( Bestanden Gemaakt van 2007-11-26 to 2007-12-26 ))))))))))))))))))))))))))))))
            .

            2007-12-26 17:11 . 2007-12-26 17:11 <DIR> d-------- C:\WINDOWS\ERUNT
            2007-12-26 16:57 . 2007-12-26 16:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Verzendmap van Share-to-Web
            2007-12-26 00:38 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
            2007-12-26 00:38 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
            2007-12-26 00:37 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
            2007-12-26 00:37 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys
            2007-12-20 23:03 . 2007-12-21 01:26 1,261,568 --a------ C:\ffastunT.ffl
            2007-12-18 18:53 . 2007-12-18 18:53 <DIR> d-------- C:\Program Files\Smoby Players
            2007-12-18 18:26 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\hidusb.sys
            2007-12-18 18:26 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hidusb.sys
            2007-12-08 16:42 . 2007-12-08 16:42 <DIR> d-------- C:\Program Files\DIFX

            .
            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2007-12-25 22:56 --------- d-----w C:\Program Files\Lavasoft
            2007-12-25 22:56 --------- d-----w C:\Documents and Settings\Ingen Kok\Application Data\Lavasoft
            2007-12-25 22:18 --------- d-----r C:\Program Files\TypingMaster
            2007-12-25 22:15 --------- d-----w C:\Program Files\Gamenext
            2007-12-16 11:03 3,643 ----a-w C:\Documents and Settings\Ingen Kok\Application Data\mdb.bin
            2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
            2007-11-29 21:51 --------- d-----w C:\Program Files\Windows Live Toolbar
            2007-11-16 23:29 --------- d-----w C:\Documents and Settings\Robert Monteban\Application Data\MSN6
            2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
            2004-07-09 18:57 1,384 ----a-w C:\Documents and Settings\Robert Monteban\system.sys
            2004-06-29 06:45 1,384 ----a-w C:\Documents and Settings\Ingen Kok\system.sys
            2003-07-20 10:20 14,899,160 ----a-w C:\Program Files\AcroReader51_NLD_full.exe
            .

            ((((((((((((((((((((((((((((( [email protected]_18.48.53.82 )))))))))))))))))))))))))))))))))))))))))
            .
            + 2007-12-26 19:09:22 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_494.dat
            .
            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            REGEDIT4
            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
            "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 01:03 C:\WINDOWS\SYSTEM32\rundll32.exe]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:03 C:\WINDOWS\SYSTEM32\rundll32.exe]
            "WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2000-07-12 10:59]
            "Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-12 12:14]
            "Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-29 15:56]
            "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 16:44]
            "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-04-04 20:49]
            "HPHmon04"="C:\WINDOWS\System32\hphmon04.exe" [2002-04-04 20:48]
            "HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-04-04 21:04]
            "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19]
            "NAV Agent"="C:\PROGRA~1\NORTON~1\navapw32.exe"
            "nwiz"="nwiz.exe" [2003-10-06 13:16 C:\WINDOWS\SYSTEM32\nwiz.exe]
            "DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04]
            "EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 13:09]
            "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe"
            "UPC"="C:\Program Files\UPC\bin\sprtcmd.exe" [2005-08-16 07:12]
            "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]

            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
            "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03]

            C:\Documents and Settings\Ingen Kok\Menu Start\Programma's\Opstarten\
            Microsoft Office Snelzoeken.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-02-02 23:00:00]
            Office Opstarten.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-02-02 23:00:00]

            C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
            Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
            Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2002-09-04 23:30:50]
            Herinneringen van Microsoft Works Agenda.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-12 12:14:38]

            [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
            "{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}"= C:\WINDOWS\system32\ioctrl.dll [ ]

            R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 03:00]
            S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 21:52]

            .
            Inhoud van de 'Gedeelde Taken' map
            "2007-12-26 18:56:02 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"
            .
            **************************************************************************

            catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2007-12-26 20:10:44
            Windows 5.1.2600 Service Pack 2 NTFS

            scannen van verborgen processen ...

            scannen van verborgen autostart items ...

            scannen van verborgen bestanden ...

            Scan succesvol afgerond
            verborgen bestanden: 0

            **************************************************************************
            .
            Voltooingstijd: 2007-12-26 20:14:14 - machine was rebooted
            C:\ComboFix2.txt ... 2007-12-26 18:49
            .
            2007-12-12 19:08:52 --- E O F ---





            Logfile of HijackThis v1.99.1
            Scan saved at 20:18:09, on 26-12-2007
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.6000.16574)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
            C:\Program Files\Alwil Software\Avast4\ashServ.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\System32\nvsvc32.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
            C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
            C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
            C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
            C:\WINDOWS\System32\hphmon04.exe
            C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
            C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
            C:\Program Files\UPC\bin\sprtcmd.exe
            C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
            C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\WINDOWS\system32\RUNDLL32.EXE
            C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
            C:\Program Files\Microsoft Office\Office\OSA.EXE
            C:\WINDOWS\system32\notepad.exe
            C:\Program Files\Outlook Express\MSIMN.EXE
            C:\Program Files\Messenger\msmsgs.exe
            C:\Program Files\Internet Explorer\IEXPLORE.EXE
            C:\Program Files\HijackThis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scrapbookpapier.nl/mb/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
            O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
            O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
            O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
            O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
            O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
            O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
            O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
            O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
            O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
            O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
            O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
            O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
            O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
            O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
            O4 - HKLM\..\Run: [UPC] "C:\Program Files\UPC\bin\sprtcmd.exe" /P UPC
            O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
            O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
            O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
            O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
            O4 - Global Startup: Digital Line Detect.lnk = ?
            O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
            O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
            O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?11573ff5643147f0a3a7b1a9fff3678b
            O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?11573ff5643147f0a3a7b1a9fff3678b
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
            O11 - Options group: [INTERNATIONAL] International*
            O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
            O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134688477796
            O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://fotoservice.fotoquelle.nl/FotoQuelle/UserControls/Part/Upload/ImageUploader3.cab
            O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4363/mcfscan.cab
            O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
            O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
            O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
            O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
            O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
            O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
            O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
            O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
            O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
            • Citaat

            Comment

            • #7
              Dat ziet er inderdaad terug prima uit, Ingen

              Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.
              Verwijder ComboFix via Start > Uitvoeren, kopi&#235;er en plak Combofix /U, en Enter.
              Dit verwijdert zowel ComboFix (en alles in die Quarantaine map), als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

              Lees om herhaling te voorkomen deze beveiligingstips nog eens door. (omvat ook beveiligingsprogramma's)

              Groeten,
              Thor
              Wat er ook gebeurt, doe alsof het de bedoeling is ...
              ---------------------------------------------

              Preventie: Spywareblaster.
              Online scans: Kaspersky Online--Bitdefender--Verdacht bestandje? Kontroleer het hier.
              Antispyware-scans: Adaware SE--Spybot Search&Destroy--Installeer deze scanners NIET !!
              • Citaat

              Comment

              • #8
                Hoi Thor,

                De computer deed vanmorgen bij het opstarten vreemd. Ik kreeg wel de foto die op mijn bureaublad staat te zien maar verder gebeurde er niets. Er kwamen geen pictogrammen tevoorschijn. Na een minuut of 10 heb ik de computer uitgeschakeld door op de aan/uit knop te duwen. Daarna weer geprobeert en toen deed hij het gewoon zoals je zou verwachten. Hij lijkt toch wel sneller te zijn met het openen van programma's dan voorheen dus ik heb wel het idee dat er iets gebeurt is.

                Ik heb net je laatste instructies uitgevoerd en ik heb inderdaad weer een paar nieuwe dingen gelezen die ik zeker zal gebruiken!

                Ik wil je bij deze graag bedanken voor de snelle en perfecte hulp

                Grt,
                Ingen
                • Citaat

                Comment

                • #9
                  Graag gedaan hoor, Ingen

                  Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.
                  Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U, en Enter.
                  Dit verwijdert zowel ComboFix (en alles in die Quarantaine map), als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

                  Groeten,
                  Thor
                  Wat er ook gebeurt, doe alsof het de bedoeling is ...
                  ---------------------------------------------

                  Preventie: Spywareblaster.
                  Online scans: Kaspersky Online--Bitdefender--Verdacht bestandje? Kontroleer het hier.
                  Antispyware-scans: Adaware SE--Spybot Search&Destroy--Installeer deze scanners NIET !!
                  • Citaat

                  Comment

                  Vorige template Volgende
                  Sorry, you are not authorized to view this page
                  Working...
                  X