Mededeling

Collapse
No announcement yet.

Trojan.vundo - trojan.adclicker - Trage PC

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Trojan.vundo - trojan.adclicker - Trage PC

    Hallo,

    Onze pc is erg traag, en af en toe geeft Norton Antivirus een melding dat er een Trojan.vundo of een trojan.adclicker is geblokkeerd. Ik heb de geadviseerde scans gedaan en hier is mijn Hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:38, on 2008-01-01
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\CWDefScn.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Xfire\xfire.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ncoOSCheck] C:\Program Files\Norton Confidential\osCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AcctMgr] "C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" /startup
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Fraps] C:\PROGRAM FILES\FRAPS\FRAPS.EXE
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 8439 bytes


    Wat kan er aan de hand zijn??

    Grt. sylvia02

  • #2
    Hi Sylvia02,

    Ik zie dat je TeaTimer van Spybot op de achtergrond hebt draaien, deze kan in de weg zitten met het fixen van HijackThis-regels. Zet daarom de TeaTimer eventjes uit, dit doe je op de volgende manier:

    1. Start Spybot Search and Destroy.
    2. Ga naar 'Mode' > selecteer Advanced Mode
    3. Ga naar 'Tools' en klik op het Resident-icoon in de lijst
    4. Haal het vinkje weg bij Resident TeaTimer en klik OK

    5. Download nu [url=http://downloads.subratam.org/ResetTeaTimer.bat]ResetTeaTimer.bat naar je bureaublad. (rechtsklikken -> opslaan als..)
    6. Open nu ResetTeaTimer.bat vanaf je bureaublad.

    TeaTimer is nu uitgezet en gereset.

    Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix en sla het op je bureaublad op.

    Open Combofix.exe en volg de instructies, aanvaard de disclaimer door '1' te typen.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Het is mogelijk dat de PC zichzelf automatisch opnieuw opstart. Wanneer de fix is gedaan en na mogelijk herstart zal een log (combofix.txt) openen. Plaats de inhoud van dit bericht in je volgende reactie samen met een nieuw logje van HijackThis.

    - Daniël

    Comment


    • #3
      Hallo Daniel,
      Dank voor je reactie. Ik heb gedaan zoals je adviseerde. Bijgaande logjes:
      ComboFix 07-12-31.4 - Sylvia 2008-01-01 23:12:10.1 - NTFSx86
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.932 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Sylvia\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\Sylvia\Application Data\macromedia\Flash Player\#SharedObjects\AJ2PBR8G\www.broadcaster.com
      C:\Documents and Settings\Sylvia\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
      C:\Documents and Settings\Sylvia\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
      C:\WINDOWS\system32\acirrqjl.ini
      C:\WINDOWS\system32\aluekatu.dll
      C:\WINDOWS\system32\cbxwurq.dll
      C:\WINDOWS\system32\dgjlm.ini
      C:\WINDOWS\system32\dgjlm.ini2
      C:\WINDOWS\system32\dgjlm.tmp
      C:\WINDOWS\system32\hjjlm.ini
      C:\WINDOWS\system32\hjjlm.ini2
      C:\WINDOWS\system32\hoebamxh.dll
      C:\WINDOWS\system32\ifkurolq.ini
      C:\WINDOWS\system32\kssrnuep.dll
      C:\WINDOWS\system32\mcrh.tmp
      C:\WINDOWS\system32\mjnbxwsi.dll
      C:\WINDOWS\system32\mljgd.dll
      C:\WINDOWS\system32\mljjh.dll
      C:\WINDOWS\system32\pqtss.ini
      C:\WINDOWS\system32\pqtss.ini2
      C:\WINDOWS\system32\prutv.ini
      C:\WINDOWS\system32\prutv.ini2
      C:\WINDOWS\system32\rjtdefpg.dll
      C:\WINDOWS\system32\sjutvkkh.ini
      C:\WINDOWS\system32\sjxwulmd.dll
      C:\WINDOWS\system32\srqss.ini
      C:\WINDOWS\system32\srqss.ini2
      C:\WINDOWS\system32\ssqrs.dll
      C:\WINDOWS\system32\sstqp.dll
      C:\WINDOWS\system32\vturp.dll
      C:\WINDOWS\system32\winccf32.dll
      C:\WINDOWS\system32\xbadd.ini
      C:\WINDOWS\system32\xbadd.ini2

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2007-12-01 to 2008-01-01 ))))))))))))))))))))))))))))))
      .

      2008-01-01 14:57 . 2008-01-01 14:57 <DIR> d-------- C:\Program Files\Trend Micro
      2008-01-01 14:20 . 2008-01-01 14:20 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
      2008-01-01 14:04 . 2008-01-01 14:04 77,376 --a------ C:\WINDOWS\system32\slmhuvgi.dll
      2007-12-30 21:13 . 2007-12-30 21:13 78,400 --a------ C:\WINDOWS\system32\usofxjje.dll
      2007-12-29 21:20 . 2007-12-29 21:20 78,912 --a------ C:\WINDOWS\system32\pvncmsef.dll
      2007-12-28 21:21 . 2007-12-28 21:21 77,888 --a------ C:\WINDOWS\system32\rrwdocpb.dll
      2007-12-28 21:18 . 2007-12-28 21:18 1,031,379 ---hs---- C:\WINDOWS\system32\rxdtjsgm.ini
      2007-12-28 14:38 . 2007-12-28 14:38 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
      2007-12-28 14:38 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
      2007-12-27 21:18 . 2007-12-27 21:18 81,984 --a------ C:\WINDOWS\system32\cusetrjb.dll
      2007-12-27 21:15 . 2007-12-28 21:16 1,031,319 ---hs---- C:\WINDOWS\system32\ktqtubrl.ini
      2007-12-27 21:15 . 2007-12-27 21:15 1,031,139 ---hs---- C:\WINDOWS\system32\lgbmqupk.ini
      2007-12-27 16:06 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
      2007-12-27 16:06 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\dllcache\sonypvu1.sys
      2007-12-27 09:00 . 2007-12-27 16:06 1,027,582 ---hs---- C:\WINDOWS\system32\lnwevruc.ini
      2007-12-27 08:59 . 2007-12-27 08:59 81,984 --a------ C:\WINDOWS\system32\qwalvdee.dll
      2007-12-26 19:03 . 2007-12-27 08:38 1,027,582 ---hs---- C:\WINDOWS\system32\hlehtxom.ini
      2007-12-25 09:44 . 2007-12-25 14:33 1,010,086 ---hs---- C:\WINDOWS\system32\dfwhckqp.ini
      2007-12-25 09:41 . 2007-12-25 09:41 78,400 --a------ C:\WINDOWS\system32\vikmiwjy.dll
      2007-12-24 18:53 . 2007-12-25 09:39 1,010,252 ---hs---- C:\WINDOWS\system32\repwetat.ini
      2007-12-24 18:37 . 2008-01-01 23:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
      2007-12-24 18:37 . 2008-01-01 23:22 1,409 --a------ C:\WINDOWS\QTFont.for
      2007-12-23 17:48 . 2007-12-24 18:38 1,012,253 ---hs---- C:\WINDOWS\system32\kjdybjue.ini
      2007-12-22 14:16 . 2007-12-22 14:16 <DIR> d-------- C:\Splash
      2007-12-22 14:09 . 2007-12-28 10:48 803 --a------ C:\WINDOWS\CoDUO.INI
      2007-12-22 13:39 . 2007-12-22 14:07 733 --a------ C:\WINDOWS\CoD.INI
      2007-12-17 20:21 . 2007-12-17 20:28 <DIR> d-------- C:\Program Files\The All-Seeing Eye
      2007-12-10 12:57 . 2007-12-10 12:57 <DIR> d-------- C:\Program Files\Windows Sidebar
      2007-12-09 19:44 . 2007-12-09 19:58 <DIR> d-------- C:\Program Files\Game Cam v1.4
      2007-12-08 19:31 . 2007-12-08 19:32 <DIR> d-------- C:\Temp
      2007-12-08 11:09 . 2007-12-08 11:30 24 --a------ C:\WINDOWS\system32\sysmwwod.dll
      2007-12-08 11:05 . 2002-11-13 11:14 1,703,936 --a------ C:\WINDOWS\system32\NCTAudioFile.dll
      2007-12-08 11:05 . 2002-11-06 15:12 360,448 --a------ C:\WINDOWS\system32\NCTWMAFile.dll
      2007-12-08 11:05 . 2000-12-06 00:00 209,608 --a------ C:\WINDOWS\system32\Tabctl32.ocx
      2007-12-08 11:04 . 2007-12-12 15:41 <DIR> d-------- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
      2007-12-08 11:04 . 2002-06-13 13:50 376,832 --a------ C:\WINDOWS\system32\actskin4.ocx
      2007-12-08 11:04 . 2002-09-06 11:36 233,472 --a------ C:\WINDOWS\system32\lame_enc.dll
      2007-12-08 11:04 . 2001-08-08 21:00 40,960 --a------ C:\WINDOWS\system32\DGPNorm.ocx
      2007-12-08 10:59 . 2001-03-17 21:34 22,528 --a------ C:\WINDOWS\system32\WNASPI32.DLL
      2007-12-08 10:59 . 2002-07-17 09:05 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
      2007-12-08 10:58 . 2007-12-08 11:03 <DIR> d-------- C:\Program Files\4Musics OGG to WAV Converter
      2007-12-08 09:19 . 2007-12-08 09:59 <DIR> d-------- C:\Program Files\Video Jasper
      2007-12-07 03:07 . 2007-12-07 03:07 102,400 --a------ C:\WINDOWS\system32\SampleGrabber.ax
      2007-12-05 16:30 . 2005-05-22 19:08 180,736 --a------ C:\WINDOWS\RCScreen1.scr
      2007-12-05 16:30 . 2007-12-05 16:30 67 --a------ C:\WINDOWS\RCScreen1.ini

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-01-01 19:40 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
      2008-01-01 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-01-01 14:16 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
      2008-01-01 13:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-01-01 12:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
      2007-12-25 12:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2007-12-21 16:49 --------- d-----w C:\Program Files\Norton AntiVirus
      2007-12-20 13:58 --------- d-----w C:\Program Files\Google
      2007-12-20 10:34 --------- d-s---w C:\Program Files\Xfire
      2007-12-16 12:09 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
      2007-12-16 12:09 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
      2007-12-16 12:09 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
      2007-12-16 12:09 --------- d-----w C:\Program Files\Symantec
      2007-12-12 14:39 --------- d-----w C:\Program Files\Windows Live Toolbar
      2007-12-12 14:01 --------- d-----w C:\Program Files\MSN Messenger
      2007-12-10 11:45 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\Symantec
      2007-12-08 15:41 --------- d-----w C:\Program Files\Fraps
      2007-12-08 10:21 --------- d-----w C:\Program Files\MediaMonkey (IPod)
      2007-12-06 19:59 --------- d-----w C:\Documents and Settings\Jurrien\Application Data\LimeWire
      2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
      2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
      2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
      2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
      2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
      2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
      2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
      2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
      2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
      2007-11-27 21:10 --------- d-----w C:\Program Files\Windows Live
      2007-11-27 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2007-11-25 21:15 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\VoipStunt
      2007-11-15 20:55 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
      2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
      2007-11-08 13:07 --------- d-----w C:\Program Files\Prisma
      2004-01-08 13:46 2,185,052 ----a-w C:\Documents and Settings\Sylvia\Wild Divine.exe
      2007-07-14 17:18 1,031,587 -csh--w C:\WINDOWS\system32\qstwa.bak2
      2007-07-14 17:21 1,032,910 -csh--w C:\WINDOWS\system32\qstwa.ini2
      2007-08-11 19:21 650,982 -csh--w C:\WINDOWS\system32\stvwa.bak1
      2007-08-11 19:21 650,438 -csh--w C:\WINDOWS\system32\stvwa.bak2
      2007-08-11 19:54 6,933 -csh--w C:\WINDOWS\system32\stvwa.ini2
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58beb46d-74a0-4d22-a507-5ce6a1086a7b}]
      2008-01-01 14:04 77376 --a------ C:\WINDOWS\system32\slmhuvgi.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
      2007-12-10 12:59 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C19CA02B-6853-4AE9-9054-5CC449B0893B}]
      C:\WINDOWS\system32\ddabx.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
      "VoipStunt"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" [ ]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
      "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
      "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
      "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-10 11:19 77824]
      "HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 18:35 49152]
      "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
      "ncoOSCheck"="C:\Program Files\Norton Confidential\osCheck.exe" [2006-12-15 11:47 120416]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
      "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-13 20:46 185784]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 22:07 51048]
      "AcctMgr"="C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" [2006-11-28 03:43 591488]
      "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 21:53 714608]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
      "SymLnch"="C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" [2007-08-26 17:04 687976]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
      Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]

      R2 CWMonitor;Symantec Crimeware Protection Driver;C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\Monitor.sys [2006-10-05 07:41]
      R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 22:07]
      R3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 11:29]
      R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
      S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
      S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
      S3 Dual Mode;Dual Mode Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2002-10-09 20:24]
      S3 dump_wmimmc;dump_wmimmc;C:\ijji\ENGLISH\U_SF\GameGuard\dump_wmimmc.sys
      S3 gAGP440p;gAGP440p;C:\DOCUME~1\Jasper\LOCALS~1\Temp\gAGP440p.sys
      S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]

      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-01-01 19:00:02 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
      - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
      "2007-11-15 15:36:28 C:\WINDOWS\Tasks\naar ed brink om 16.job"
      - C:\Documents and Settings\Jasper\Mijn documenten\Afspraak 1.txt
      "2007-12-31 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - Sylvia.job"
      - C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
      .
      **************************************************************************

      catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-01 23:26:41
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-01-01 23:30:13 - machine was rebooted
      C:\qoobox\ComboFix-quarantined-files.txt 2008-01-01 22:30:09
      .
      2007-12-13 21:33:25 --- E O F ---


      Hijackthis-log:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:43:01, on 1-1-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\CWDefScn.exe
      C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\WINDOWS\System32\snmp.exe
      C:\WINDOWS\System32\PAStiSvc.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\stsystra.exe
      C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
      C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
      C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
      C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
      C:\Documents and Settings\Sylvia\Bureaublad\HijackThis.exe
      C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: {b7a6801a-6ec5-705a-22d4-0a47d64beb85} - {58beb46d-74a0-4d22-a507-5ce6a1086a7b} - C:\WINDOWS\system32\slmhuvgi.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
      O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: (no name) - {C19CA02B-6853-4AE9-9054-5CC449B0893B} - C:\WINDOWS\system32\ddabx.dll (file missing)
      O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
      O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
      O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [ncoOSCheck] C:\Program Files\Norton Confidential\osCheck.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [AcctMgr] "C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" /startup
      O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
      O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
      O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
      O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
      O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

      --
      End of file - 9139 bytes


      gr.Sylvia

      Comment


      • #4
        Open een nieuw kladblok bestand.

        Kopieer en plak daarin de onderstaande dik gedrukte blauwe tekst.
        Ga naar 'Bestand' -> 'Opslaan als..' en sla het vervolgens op je bureaublad op als CFScript.txt.
        • Registry::
          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58beb46d-74a0-4d22-a507-5ce6a1086a7b}]
          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C19CA02B-6853-4AE9-9054-5CC449B0893B}]

          Files::
          C:\WINDOWS\system32\slmhuvgi.dll
          C:\WINDOWS\system32\usofxjje.dll
          C:\WINDOWS\system32\pvncmsef.dll
          C:\WINDOWS\system32\rrwdocpb.dll
          C:\WINDOWS\system32\rxdtjsgm.ini
          C:\WINDOWS\system32\cusetrjb.dll
          C:\WINDOWS\system32\ktqtubrl.ini
          C:\WINDOWS\system32\lgbmqupk.ini
          C:\WINDOWS\system32\lnwevruc.ini
          C:\WINDOWS\system32\qwalvdee.dll
          C:\WINDOWS\system32\hlehtxom.ini
          C:\WINDOWS\system32\dfwhckqp.ini
          C:\WINDOWS\system32\vikmiwjy.dll
          C:\WINDOWS\system32\repwetat.ini
          C:\WINDOWS\system32\kjdybjue.ini
          C:\WINDOWS\system32\qstwa.bak2
          C:\WINDOWS\system32\qstwa.ini2
          C:\WINDOWS\system32\stvwa.bak1
          C:\WINDOWS\system32\stvwa.bak2
          C:\WINDOWS\system32\stvwa.ini2
          C:\WINDOWS\system32\ddabx.dll


        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:



        Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
        Post na herstart de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw logje van HijackThis.

        Comment


        • #5
          Bijgaand de nieuwe logjes:

          ComboFix 07-12-31.4 - Sylvia 2008-01-02 22:39:49.2 - NTFSx86
          Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.925 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Sylvia\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\Sylvia\Bureaublad\CFScript.txt.doc
          * Nieuw herstelpunt werd aangemaakt
          .

          (((((((((((((((((((( Bestanden Gemaakt van 2007-12-02 to 2008-01-02 ))))))))))))))))))))))))))))))
          .

          2008-01-02 11:13 . 2008-01-02 11:13 <DIR> d-------- C:\WINDOWS\LastGood
          2008-01-01 14:57 . 2008-01-01 14:57 <DIR> d-------- C:\Program Files\Trend Micro
          2008-01-01 14:20 . 2008-01-01 14:20 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
          2008-01-01 14:04 . 2008-01-01 14:04 77,376 --a------ C:\WINDOWS\system32\slmhuvgi.dll
          2007-12-30 21:13 . 2007-12-30 21:13 78,400 --a------ C:\WINDOWS\system32\usofxjje.dll
          2007-12-29 21:20 . 2007-12-29 21:20 78,912 --a------ C:\WINDOWS\system32\pvncmsef.dll
          2007-12-28 21:21 . 2007-12-28 21:21 77,888 --a------ C:\WINDOWS\system32\rrwdocpb.dll
          2007-12-28 21:18 . 2007-12-28 21:18 1,031,379 ---hs---- C:\WINDOWS\system32\rxdtjsgm.ini
          2007-12-28 14:38 . 2007-12-28 14:38 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
          2007-12-28 14:38 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
          2007-12-27 21:18 . 2007-12-27 21:18 81,984 --a------ C:\WINDOWS\system32\cusetrjb.dll
          2007-12-27 21:15 . 2007-12-28 21:16 1,031,319 ---hs---- C:\WINDOWS\system32\ktqtubrl.ini
          2007-12-27 21:15 . 2007-12-27 21:15 1,031,139 ---hs---- C:\WINDOWS\system32\lgbmqupk.ini
          2007-12-27 16:06 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
          2007-12-27 16:06 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\dllcache\sonypvu1.sys
          2007-12-27 09:00 . 2007-12-27 16:06 1,027,582 ---hs---- C:\WINDOWS\system32\lnwevruc.ini
          2007-12-27 08:59 . 2007-12-27 08:59 81,984 --a------ C:\WINDOWS\system32\qwalvdee.dll
          2007-12-26 19:03 . 2007-12-27 08:38 1,027,582 ---hs---- C:\WINDOWS\system32\hlehtxom.ini
          2007-12-25 09:44 . 2007-12-25 14:33 1,010,086 ---hs---- C:\WINDOWS\system32\dfwhckqp.ini
          2007-12-25 09:41 . 2007-12-25 09:41 78,400 --a------ C:\WINDOWS\system32\vikmiwjy.dll
          2007-12-24 18:53 . 2007-12-25 09:39 1,010,252 ---hs---- C:\WINDOWS\system32\repwetat.ini
          2007-12-24 18:37 . 2008-01-02 22:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
          2007-12-24 18:37 . 2008-01-01 23:22 1,409 --a------ C:\WINDOWS\QTFont.for
          2007-12-23 17:48 . 2007-12-24 18:38 1,012,253 ---hs---- C:\WINDOWS\system32\kjdybjue.ini
          2007-12-22 14:16 . 2007-12-22 14:16 <DIR> d-------- C:\Splash
          2007-12-22 14:09 . 2007-12-28 10:48 803 --a------ C:\WINDOWS\CoDUO.INI
          2007-12-22 13:39 . 2007-12-22 14:07 733 --a------ C:\WINDOWS\CoD.INI
          2007-12-17 20:21 . 2007-12-17 20:28 <DIR> d-------- C:\Program Files\The All-Seeing Eye
          2007-12-10 12:57 . 2007-12-10 12:57 <DIR> d-------- C:\Program Files\Windows Sidebar
          2007-12-09 19:44 . 2007-12-09 19:58 <DIR> d-------- C:\Program Files\Game Cam v1.4
          2007-12-08 19:31 . 2007-12-08 19:32 <DIR> d-------- C:\Temp
          2007-12-08 11:09 . 2007-12-08 11:30 24 --a------ C:\WINDOWS\system32\sysmwwod.dll
          2007-12-08 11:05 . 2002-11-13 11:14 1,703,936 --a------ C:\WINDOWS\system32\NCTAudioFile.dll
          2007-12-08 11:05 . 2002-11-06 15:12 360,448 --a------ C:\WINDOWS\system32\NCTWMAFile.dll
          2007-12-08 11:05 . 2000-12-06 00:00 209,608 --a------ C:\WINDOWS\system32\Tabctl32.ocx
          2007-12-08 11:04 . 2007-12-12 15:41 <DIR> d-------- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
          2007-12-08 11:04 . 2002-06-13 13:50 376,832 --a------ C:\WINDOWS\system32\actskin4.ocx
          2007-12-08 11:04 . 2002-09-06 11:36 233,472 --a------ C:\WINDOWS\system32\lame_enc.dll
          2007-12-08 11:04 . 2001-08-08 21:00 40,960 --a------ C:\WINDOWS\system32\DGPNorm.ocx
          2007-12-08 10:59 . 2001-03-17 21:34 22,528 --a------ C:\WINDOWS\system32\WNASPI32.DLL
          2007-12-08 10:59 . 2002-07-17 09:05 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
          2007-12-08 10:58 . 2007-12-08 11:03 <DIR> d-------- C:\Program Files\4Musics OGG to WAV Converter
          2007-12-08 09:19 . 2007-12-08 09:59 <DIR> d-------- C:\Program Files\Video Jasper
          2007-12-07 03:07 . 2007-12-07 03:07 102,400 --a------ C:\WINDOWS\system32\SampleGrabber.ax
          2007-12-05 16:30 . 2005-05-22 19:08 180,736 --a------ C:\WINDOWS\RCScreen1.scr
          2007-12-05 16:30 . 2007-12-05 16:30 67 --a------ C:\WINDOWS\RCScreen1.ini

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-01-02 21:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
          2008-01-02 19:26 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
          2008-01-02 19:26 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
          2008-01-02 18:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
          2008-01-02 09:58 --------- d-s---w C:\Program Files\Xfire
          2008-01-02 09:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
          2008-01-01 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2008-01-01 13:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2007-12-31 15:53 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
          2007-12-21 16:49 --------- d-----w C:\Program Files\Norton AntiVirus
          2007-12-20 13:58 --------- d-----w C:\Program Files\Google
          2007-12-16 12:09 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
          2007-12-16 12:09 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
          2007-12-16 12:09 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
          2007-12-16 12:09 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
          2007-12-16 12:09 --------- d-----w C:\Program Files\Symantec
          2007-12-12 14:39 --------- d-----w C:\Program Files\Windows Live Toolbar
          2007-12-12 14:01 --------- d-----w C:\Program Files\MSN Messenger
          2007-12-10 11:45 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\Symantec
          2007-12-08 15:41 --------- d-----w C:\Program Files\Fraps
          2007-12-08 10:21 --------- d-----w C:\Program Files\MediaMonkey (IPod)
          2007-12-06 19:59 --------- d-----w C:\Documents and Settings\Jurrien\Application Data\LimeWire
          2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
          2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
          2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
          2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
          2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
          2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
          2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
          2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
          2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
          2007-11-27 21:10 --------- d-----w C:\Program Files\Windows Live
          2007-11-27 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
          2007-11-25 21:15 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\VoipStunt
          2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
          2007-11-15 20:55 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
          2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
          2007-11-08 13:07 --------- d-----w C:\Program Files\Prisma
          2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
          2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
          2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
          2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
          2007-10-25 08:28 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
          2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
          2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
          2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
          2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
          2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
          2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
          2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
          2005-05-11 22:36 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
          2004-01-08 13:46 2,185,052 ----a-w C:\Documents and Settings\Sylvia\Wild Divine.exe
          2007-07-14 17:18 1,031,587 -csh--w C:\WINDOWS\system32\qstwa.bak2
          2007-07-14 17:21 1,032,910 -csh--w C:\WINDOWS\system32\qstwa.ini2
          2007-08-11 19:21 650,982 -csh--w C:\WINDOWS\system32\stvwa.bak1
          2007-08-11 19:21 650,438 -csh--w C:\WINDOWS\system32\stvwa.bak2
          2007-08-11 19:54 6,933 -csh--w C:\WINDOWS\system32\stvwa.ini2
          .

          ((((((((((((((((((((((((((((( [email protected]_23.29.52.12 )))))))))))))))))))))))))))))))))))))))))
          .
          + 2008-01-02 09:22:27 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_65c.dat
          .
          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58beb46d-74a0-4d22-a507-5ce6a1086a7b}]
          2008-01-01 14:04 77376 --a------ C:\WINDOWS\system32\slmhuvgi.dll

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
          2007-12-10 12:59 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C19CA02B-6853-4AE9-9054-5CC449B0893B}]
          C:\WINDOWS\system32\ddabx.dll

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
          "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
          "VoipStunt"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" [ ]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
          "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
          "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
          "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
          "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-10 11:19 77824]
          "HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 18:35 49152]
          "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
          "ncoOSCheck"="C:\Program Files\Norton Confidential\osCheck.exe" [2006-12-15 11:47 120416]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
          "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-13 20:46 185784]
          "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
          "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 22:07 51048]
          "AcctMgr"="C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" [2006-11-28 03:43 591488]
          "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 21:53 714608]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
          "SymLnch"="C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" [2007-08-26 17:04 687976]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
          Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]

          R2 CWMonitor;Symantec Crimeware Protection Driver;C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\Monitor.sys [2006-10-05 07:41]
          R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 22:07]
          R3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 11:29]
          R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
          S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
          S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
          S3 Dual Mode;Dual Mode Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2002-10-09 20:24]
          S3 dump_wmimmc;dump_wmimmc;C:\ijji\ENGLISH\U_SF\GameGuard\dump_wmimmc.sys
          S3 gAGP440p;gAGP440p;C:\DOCUME~1\Jasper\LOCALS~1\Temp\gAGP440p.sys
          S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]

          *Newly Created Service* - PNKBSTRK
          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-01-02 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
          - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
          "2007-11-15 15:36:28 C:\WINDOWS\Tasks\naar ed brink om 16.job"
          - C:\Documents and Settings\Jasper\Mijn documenten\Afspraak 1.txt
          "2007-12-31 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - Sylvia.job"
          - C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
          .
          **************************************************************************

          catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-01-02 22:43:36
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          Voltooingstijd: 2008-01-02 22:44:17
          C:\qoobox\ComboFix-quarantined-files.txt 2008-01-02 21:44:12
          C:\qoobox\ComboFix2.txt 2008-01-01 22:30:13
          .
          2007-12-13 21:33:25 --- E O F ---


          en highjackthislog:

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 22:45:30, on 2-1-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\CWDefScn.exe
          C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\WINDOWS\system32\HPZipm12.exe
          C:\WINDOWS\system32\PnkBstrA.exe
          C:\WINDOWS\System32\snmp.exe
          C:\WINDOWS\System32\PAStiSvc.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
          C:\Program Files\MSN Messenger\usnsvc.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\stsystra.exe
          C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
          C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
          C:\Program Files\QuickTime\qttask.exe
          C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
          C:\Program Files\Common Files\Real\Update_OB\realsched.exe
          C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe
          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
          C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
          C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
          C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
          C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\WINDOWS\explorer.exe
          C:\WINDOWS\system32\notepad.exe
          C:\Documents and Settings\Sylvia\Bureaublad\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
          R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: {b7a6801a-6ec5-705a-22d4-0a47d64beb85} - {58beb46d-74a0-4d22-a507-5ce6a1086a7b} - C:\WINDOWS\system32\slmhuvgi.dll
          O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
          O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O2 - BHO: (no name) - {C19CA02B-6853-4AE9-9054-5CC449B0893B} - C:\WINDOWS\system32\ddabx.dll (file missing)
          O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
          O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
          O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
          O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
          O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
          O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
          O4 - HKLM\..\Run: [ncoOSCheck] C:\Program Files\Norton Confidential\osCheck.exe
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
          O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
          O4 - HKLM\..\Run: [AcctMgr] "C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" /startup
          O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
          O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-21-1190067832-492260076-881494414-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Jurrien')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
          O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
          O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
          O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab
          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
          O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
          O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
          O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
          O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
          O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
          O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
          O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

          --
          End of file - 9217 bytes

          gr.Sylvia

          Comment


          • #6
            Er is iets mis gegaan, download de bijlage eens naar je bureaublad en doe het onderstaande


            Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:



            Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
            Post na herstart de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw logje van HijackThis.[/QUOTE]
            Bijgevoegde Bestanden

            Comment


            • #7
              Bijgaand nieuwe logjes:

              ComboFix 07-12-31.4 - Sylvia 2008-01-03 23:34:03.3 - NTFSx86
              Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.904 [GMT 1:00]
              Gestart vanuit: C:\Documents and Settings\Sylvia\Bureaublad\ComboFix.exe
              Command switches used :: C:\Documents and Settings\Sylvia\Bureaublad\CFScript[1] Ben.txt
              * Nieuw herstelpunt werd aangemaakt
              .

              (((((((((((((((((((( Bestanden Gemaakt van 2007-12-03 to 2008-01-03 ))))))))))))))))))))))))))))))
              .

              2008-01-01 14:57 . 2008-01-01 14:57 <DIR> d-------- C:\Program Files\Trend Micro
              2008-01-01 14:20 . 2008-01-01 14:20 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
              2008-01-01 14:04 . 2008-01-01 14:04 77,376 --a------ C:\WINDOWS\system32\slmhuvgi.dll
              2007-12-30 21:13 . 2007-12-30 21:13 78,400 --a------ C:\WINDOWS\system32\usofxjje.dll
              2007-12-29 21:20 . 2007-12-29 21:20 78,912 --a------ C:\WINDOWS\system32\pvncmsef.dll
              2007-12-28 21:21 . 2007-12-28 21:21 77,888 --a------ C:\WINDOWS\system32\rrwdocpb.dll
              2007-12-28 21:18 . 2007-12-28 21:18 1,031,379 ---hs---- C:\WINDOWS\system32\rxdtjsgm.ini
              2007-12-28 14:38 . 2007-12-28 14:38 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
              2007-12-28 14:38 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
              2007-12-27 21:18 . 2007-12-27 21:18 81,984 --a------ C:\WINDOWS\system32\cusetrjb.dll
              2007-12-27 21:15 . 2007-12-28 21:16 1,031,319 ---hs---- C:\WINDOWS\system32\ktqtubrl.ini
              2007-12-27 21:15 . 2007-12-27 21:15 1,031,139 ---hs---- C:\WINDOWS\system32\lgbmqupk.ini
              2007-12-27 16:06 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
              2007-12-27 16:06 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\dllcache\sonypvu1.sys
              2007-12-27 09:00 . 2007-12-27 16:06 1,027,582 ---hs---- C:\WINDOWS\system32\lnwevruc.ini
              2007-12-27 08:59 . 2007-12-27 08:59 81,984 --a------ C:\WINDOWS\system32\qwalvdee.dll
              2007-12-26 19:03 . 2007-12-27 08:38 1,027,582 ---hs---- C:\WINDOWS\system32\hlehtxom.ini
              2007-12-25 09:44 . 2007-12-25 14:33 1,010,086 ---hs---- C:\WINDOWS\system32\dfwhckqp.ini
              2007-12-25 09:41 . 2007-12-25 09:41 78,400 --a------ C:\WINDOWS\system32\vikmiwjy.dll
              2007-12-24 18:53 . 2007-12-25 09:39 1,010,252 ---hs---- C:\WINDOWS\system32\repwetat.ini
              2007-12-24 18:37 . 2008-01-03 23:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
              2007-12-24 18:37 . 2008-01-01 23:22 1,409 --a------ C:\WINDOWS\QTFont.for
              2007-12-23 17:48 . 2007-12-24 18:38 1,012,253 ---hs---- C:\WINDOWS\system32\kjdybjue.ini
              2007-12-22 14:16 . 2007-12-22 14:16 <DIR> d-------- C:\Splash
              2007-12-22 14:09 . 2007-12-28 10:48 803 --a------ C:\WINDOWS\CoDUO.INI
              2007-12-22 13:39 . 2007-12-22 14:07 733 --a------ C:\WINDOWS\CoD.INI
              2007-12-17 20:21 . 2007-12-17 20:28 <DIR> d-------- C:\Program Files\The All-Seeing Eye
              2007-12-10 12:57 . 2007-12-10 12:57 <DIR> d-------- C:\Program Files\Windows Sidebar
              2007-12-09 19:44 . 2007-12-09 19:58 <DIR> d-------- C:\Program Files\Game Cam v1.4
              2007-12-08 19:31 . 2007-12-08 19:32 <DIR> d-------- C:\Temp
              2007-12-08 11:09 . 2007-12-08 11:30 24 --a------ C:\WINDOWS\system32\sysmwwod.dll
              2007-12-08 11:05 . 2002-11-13 11:14 1,703,936 --a------ C:\WINDOWS\system32\NCTAudioFile.dll
              2007-12-08 11:05 . 2002-11-06 15:12 360,448 --a------ C:\WINDOWS\system32\NCTWMAFile.dll
              2007-12-08 11:05 . 2000-12-06 00:00 209,608 --a------ C:\WINDOWS\system32\Tabctl32.ocx
              2007-12-08 11:04 . 2007-12-12 15:41 <DIR> d-------- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
              2007-12-08 11:04 . 2002-06-13 13:50 376,832 --a------ C:\WINDOWS\system32\actskin4.ocx
              2007-12-08 11:04 . 2002-09-06 11:36 233,472 --a------ C:\WINDOWS\system32\lame_enc.dll
              2007-12-08 11:04 . 2001-08-08 21:00 40,960 --a------ C:\WINDOWS\system32\DGPNorm.ocx
              2007-12-08 10:59 . 2001-03-17 21:34 22,528 --a------ C:\WINDOWS\system32\WNASPI32.DLL
              2007-12-08 10:59 . 2002-07-17 09:05 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
              2007-12-08 10:58 . 2007-12-08 11:03 <DIR> d-------- C:\Program Files\4Musics OGG to WAV Converter
              2007-12-08 09:19 . 2007-12-08 09:59 <DIR> d-------- C:\Program Files\Video Jasper
              2007-12-07 03:07 . 2007-12-07 03:07 102,400 --a------ C:\WINDOWS\system32\SampleGrabber.ax
              2007-12-05 16:30 . 2005-05-22 19:08 180,736 --a------ C:\WINDOWS\RCScreen1.scr
              2007-12-05 16:30 . 2007-12-05 16:30 67 --a------ C:\WINDOWS\RCScreen1.ini

              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2008-01-03 22:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
              2008-01-03 18:55 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
              2008-01-03 18:55 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
              2008-01-03 18:16 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
              2008-01-02 09:58 --------- d-s---w C:\Program Files\Xfire
              2008-01-02 09:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
              2008-01-01 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
              2008-01-01 13:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
              2007-12-31 15:53 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
              2007-12-21 16:49 --------- d-----w C:\Program Files\Norton AntiVirus
              2007-12-20 13:58 --------- d-----w C:\Program Files\Google
              2007-12-16 12:09 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
              2007-12-16 12:09 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
              2007-12-16 12:09 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
              2007-12-16 12:09 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
              2007-12-16 12:09 --------- d-----w C:\Program Files\Symantec
              2007-12-12 14:39 --------- d-----w C:\Program Files\Windows Live Toolbar
              2007-12-12 14:01 --------- d-----w C:\Program Files\MSN Messenger
              2007-12-10 11:45 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\Symantec
              2007-12-08 15:41 --------- d-----w C:\Program Files\Fraps
              2007-12-08 10:21 --------- d-----w C:\Program Files\MediaMonkey (IPod)
              2007-12-06 19:59 --------- d-----w C:\Documents and Settings\Jurrien\Application Data\LimeWire
              2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
              2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
              2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
              2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
              2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
              2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
              2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
              2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
              2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
              2007-11-27 21:10 --------- d-----w C:\Program Files\Windows Live
              2007-11-27 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
              2007-11-25 21:15 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\VoipStunt
              2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
              2007-11-15 20:55 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
              2007-11-14 07:29 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
              2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
              2007-11-08 13:07 --------- d-----w C:\Program Files\Prisma
              2007-10-30 10:14 3,086,848 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
              2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
              2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
              2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
              2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
              2007-10-25 08:28 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
              2007-10-11 06:10 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
              2007-10-11 06:10 669,184 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
              2007-10-11 06:10 619,520 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
              2007-10-11 06:10 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
              2007-10-11 06:10 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
              2007-10-11 06:10 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
              2007-10-11 06:10 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
              2007-10-11 06:10 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
              2007-10-11 06:10 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
              2007-10-11 06:10 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
              2007-10-11 06:10 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
              2007-10-11 06:10 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
              2007-10-11 06:10 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
              2007-10-11 06:10 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
              2007-10-11 06:10 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
              2007-10-11 06:10 1,057,280 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
              2007-10-11 06:10 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
              2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
              2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
              2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
              2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
              2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
              2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
              2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
              2007-10-10 10:48 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
              2005-05-11 22:36 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
              2004-01-08 13:46 2,185,052 ----a-w C:\Documents and Settings\Sylvia\Wild Divine.exe
              2007-07-14 17:18 1,031,587 -csh--w C:\WINDOWS\system32\qstwa.bak2
              2007-07-14 17:21 1,032,910 -csh--w C:\WINDOWS\system32\qstwa.ini2
              2007-08-11 19:21 650,982 -csh--w C:\WINDOWS\system32\stvwa.bak1
              2007-08-11 19:21 650,438 -csh--w C:\WINDOWS\system32\stvwa.bak2
              2007-08-11 19:54 6,933 -csh--w C:\WINDOWS\system32\stvwa.ini2
              .

              ((((((((((((((((((((((((((((( [email protected]_23.29.52.12 )))))))))))))))))))))))))))))))))))))))))
              .
              - 2007-06-15 08:14:17 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
              + 2007-10-11 06:10:13 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
              - 2007-06-15 08:14:17 151,552 -c--a-w C:\WINDOWS\system32\cdfview.dll
              + 2007-10-11 06:10:13 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll
              - 2007-06-15 08:14:17 1,057,280 -c--a-w C:\WINDOWS\system32\danim.dll
              + 2007-10-11 06:10:15 1,057,280 ----a-w C:\WINDOWS\system32\danim.dll
              - 2007-06-15 08:14:17 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
              + 2007-10-11 06:10:15 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
              - 2007-06-15 08:14:17 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
              + 2007-10-11 06:10:15 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
              - 2007-06-15 08:14:17 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
              + 2007-10-11 06:10:15 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
              - 2007-12-04 15:08:21 309,192 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
              + 2008-01-03 15:44:01 309,992 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
              - 2007-12-04 15:10:45 86,488 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
              + 2008-01-03 16:17:47 86,872 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
              - 2007-06-15 08:14:17 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
              + 2007-10-11 06:10:15 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
              - 2007-06-15 08:14:17 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
              + 2007-10-11 06:10:15 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
              - 2006-05-18 05:41:41 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
              + 2007-11-14 07:29:20 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
              - 2007-06-15 08:14:17 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
              + 2007-10-11 06:10:15 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
              - 2007-06-15 08:14:18 3,085,312 ----a-w C:\WINDOWS\system32\mshtml.dll
              + 2007-10-30 10:14:15 3,086,848 ----a-w C:\WINDOWS\system32\mshtml.dll
              - 2007-06-15 08:14:18 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
              + 2007-10-11 06:10:19 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
              - 2007-06-15 08:14:18 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
              + 2007-10-11 06:10:19 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
              - 2007-06-15 08:14:18 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
              + 2007-10-11 06:10:20 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
              - 2007-06-15 08:14:18 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
              + 2007-10-11 06:10:20 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
              - 2007-06-15 08:14:18 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw.dll
              + 2007-10-11 06:10:22 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw.dll
              - 2007-06-15 08:14:18 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
              + 2007-10-11 06:10:22 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
              - 2007-06-15 08:14:18 618,496 ----a-w C:\WINDOWS\system32\urlmon.dll
              + 2007-10-11 06:10:23 619,520 ----a-w C:\WINDOWS\system32\urlmon.dll
              - 2007-06-26 14:53:35 668,672 ----a-w C:\WINDOWS\system32\wininet.dll
              + 2007-10-11 06:10:24 669,184 ----a-w C:\WINDOWS\system32\wininet.dll
              .
              -- Snapshot reset to current date --
              .
              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              REGEDIT4
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

              [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58beb46d-74a0-4d22-a507-5ce6a1086a7b}]
              2008-01-01 14:04 77376 --a------ C:\WINDOWS\system32\slmhuvgi.dll

              [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
              2007-12-10 12:59 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

              [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C19CA02B-6853-4AE9-9054-5CC449B0893B}]
              C:\WINDOWS\system32\ddabx.dll

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
              "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
              "VoipStunt"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" [ ]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
              "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
              "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
              "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
              "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
              "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-10 11:19 77824]
              "HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 18:35 49152]
              "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
              "ncoOSCheck"="C:\Program Files\Norton Confidential\osCheck.exe" [2006-12-15 11:47 120416]
              "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
              "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-13 20:46 185784]
              "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
              "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 22:07 51048]
              "AcctMgr"="C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" [2006-11-28 03:43 591488]
              "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 21:53 714608]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
              "SymLnch"="C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" [2007-08-26 17:04 687976]

              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

              C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
              HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
              Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]

              R2 CWMonitor;Symantec Crimeware Protection Driver;C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\Monitor.sys [2006-10-05 07:41]
              R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 22:07]
              R3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 11:29]
              R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
              S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
              S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
              S3 Dual Mode;Dual Mode Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2002-10-09 20:24]
              S3 dump_wmimmc;dump_wmimmc;C:\ijji\ENGLISH\U_SF\GameGuard\dump_wmimmc.sys
              S3 gAGP440p;gAGP440p;C:\DOCUME~1\Jasper\LOCALS~1\Temp\gAGP440p.sys
              S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]

              *Newly Created Service* - PNKBSTRK
              .
              Inhoud van de 'Gedeelde Taken' map
              "2008-01-03 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
              - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
              "2007-11-15 15:36:28 C:\WINDOWS\Tasks\naar ed brink om 16.job"
              - C:\Documents and Settings\Jasper\Mijn documenten\Afspraak 1.txt
              "2007-12-31 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - Sylvia.job"
              - C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
              .
              **************************************************************************

              catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2008-01-03 23:36:27
              Windows 5.1.2600 Service Pack 2 NTFS

              scannen van verborgen processen ...

              scannen van verborgen autostart items ...

              scannen van verborgen bestanden ...

              Scan succesvol afgerond
              verborgen bestanden: 0

              **************************************************************************
              .
              Voltooingstijd: 2008-01-03 23:37:06
              C:\qoobox\ComboFix-quarantined-files.txt 2008-01-03 22:37:02
              C:\qoobox\ComboFix2.txt 2008-01-02 21:44:18
              C:\qoobox\ComboFix3.txt 2008-01-01 22:30:13
              .
              2008-01-02 22:21:53 --- E O F ---

              en highjackthis-log:


              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 23:38:15, on 3-1-2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\CWDefScn.exe
              C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              C:\WINDOWS\system32\HPZipm12.exe
              C:\WINDOWS\system32\PnkBstrA.exe
              C:\WINDOWS\System32\snmp.exe
              C:\WINDOWS\System32\PAStiSvc.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
              C:\Program Files\MSN Messenger\usnsvc.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\WINDOWS\stsystra.exe
              C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
              C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
              C:\Program Files\QuickTime\qttask.exe
              C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
              C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
              C:\Program Files\Common Files\Real\Update_OB\realsched.exe
              C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe
              C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
              C:\WINDOWS\system32\wuauclt.exe
              C:\Program Files\Internet Explorer\iexplore.exe
              C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
              C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
              C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
              C:\WINDOWS\explorer.exe
              C:\WINDOWS\system32\notepad.exe
              C:\Documents and Settings\Sylvia\Bureaublad\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
              R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
              O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O2 - BHO: {b7a6801a-6ec5-705a-22d4-0a47d64beb85} - {58beb46d-74a0-4d22-a507-5ce6a1086a7b} - C:\WINDOWS\system32\slmhuvgi.dll
              O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
              O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O2 - BHO: (no name) - {C19CA02B-6853-4AE9-9054-5CC449B0893B} - C:\WINDOWS\system32\ddabx.dll (file missing)
              O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
              O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
              O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
              O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
              O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
              O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
              O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
              O4 - HKLM\..\Run: [ncoOSCheck] C:\Program Files\Norton Confidential\osCheck.exe
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
              O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
              O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
              O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
              O4 - HKLM\..\Run: [AcctMgr] "C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" /startup
              O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
              O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
              O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
              O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
              O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
              O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab
              O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
              O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
              O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
              O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
              O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
              O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
              O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
              O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
              O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

              --
              End of file - 9001 bytes

              gr.Sylvia

              Comment


              • #8
                Lukt nog steeds niet goed..
                Je hebt hem "CFScript[1] Ben.txt" genoemd.. hij moet "CFScript.txt" heten...

                Comment


                • #9
                  herkansing.....

                  ComboFix 07-12-31.4 - Sylvia 2008-01-04 23:37:58.4 - NTFSx86
                  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.940 [GMT 1:00]
                  Gestart vanuit: C:\Documents and Settings\Sylvia\Bureaublad\ComboFix.exe
                  Command switches used :: C:\Documents and Settings\Sylvia\Bureaublad\CFScript.txt.doc
                  * Nieuw herstelpunt werd aangemaakt
                  .

                  (((((((((((((((((((( Bestanden Gemaakt van 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))
                  .

                  2008-01-01 14:57 . 2008-01-01 14:57 <DIR> d-------- C:\Program Files\Trend Micro
                  2008-01-01 14:20 . 2008-01-01 14:20 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
                  2008-01-01 14:04 . 2008-01-01 14:04 77,376 --a------ C:\WINDOWS\system32\slmhuvgi.dll
                  2007-12-30 21:13 . 2007-12-30 21:13 78,400 --a------ C:\WINDOWS\system32\usofxjje.dll
                  2007-12-29 21:20 . 2007-12-29 21:20 78,912 --a------ C:\WINDOWS\system32\pvncmsef.dll
                  2007-12-28 21:21 . 2007-12-28 21:21 77,888 --a------ C:\WINDOWS\system32\rrwdocpb.dll
                  2007-12-28 21:18 . 2007-12-28 21:18 1,031,379 ---hs---- C:\WINDOWS\system32\rxdtjsgm.ini
                  2007-12-28 14:38 . 2007-12-28 14:38 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
                  2007-12-28 14:38 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
                  2007-12-27 21:18 . 2007-12-27 21:18 81,984 --a------ C:\WINDOWS\system32\cusetrjb.dll
                  2007-12-27 21:15 . 2007-12-28 21:16 1,031,319 ---hs---- C:\WINDOWS\system32\ktqtubrl.ini
                  2007-12-27 21:15 . 2007-12-27 21:15 1,031,139 ---hs---- C:\WINDOWS\system32\lgbmqupk.ini
                  2007-12-27 16:06 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
                  2007-12-27 16:06 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\dllcache\sonypvu1.sys
                  2007-12-27 09:00 . 2007-12-27 16:06 1,027,582 ---hs---- C:\WINDOWS\system32\lnwevruc.ini
                  2007-12-27 08:59 . 2007-12-27 08:59 81,984 --a------ C:\WINDOWS\system32\qwalvdee.dll
                  2007-12-26 19:03 . 2007-12-27 08:38 1,027,582 ---hs---- C:\WINDOWS\system32\hlehtxom.ini
                  2007-12-25 09:44 . 2007-12-25 14:33 1,010,086 ---hs---- C:\WINDOWS\system32\dfwhckqp.ini
                  2007-12-25 09:41 . 2007-12-25 09:41 78,400 --a------ C:\WINDOWS\system32\vikmiwjy.dll
                  2007-12-24 18:53 . 2007-12-25 09:39 1,010,252 ---hs---- C:\WINDOWS\system32\repwetat.ini
                  2007-12-24 18:37 . 2008-01-04 21:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
                  2007-12-24 18:37 . 2008-01-01 23:22 1,409 --a------ C:\WINDOWS\QTFont.for
                  2007-12-23 17:48 . 2007-12-24 18:38 1,012,253 ---hs---- C:\WINDOWS\system32\kjdybjue.ini
                  2007-12-22 14:16 . 2007-12-22 14:16 <DIR> d-------- C:\Splash
                  2007-12-22 14:09 . 2007-12-28 10:48 803 --a------ C:\WINDOWS\CoDUO.INI
                  2007-12-22 13:39 . 2007-12-22 14:07 733 --a------ C:\WINDOWS\CoD.INI
                  2007-12-17 20:21 . 2007-12-17 20:28 <DIR> d-------- C:\Program Files\The All-Seeing Eye
                  2007-12-10 12:57 . 2007-12-10 12:57 <DIR> d-------- C:\Program Files\Windows Sidebar
                  2007-12-09 19:44 . 2007-12-09 19:58 <DIR> d-------- C:\Program Files\Game Cam v1.4
                  2007-12-08 19:31 . 2007-12-08 19:32 <DIR> d-------- C:\Temp
                  2007-12-08 11:09 . 2007-12-08 11:30 24 --a------ C:\WINDOWS\system32\sysmwwod.dll
                  2007-12-08 11:05 . 2002-11-13 11:14 1,703,936 --a------ C:\WINDOWS\system32\NCTAudioFile.dll
                  2007-12-08 11:05 . 2002-11-06 15:12 360,448 --a------ C:\WINDOWS\system32\NCTWMAFile.dll
                  2007-12-08 11:05 . 2000-12-06 00:00 209,608 --a------ C:\WINDOWS\system32\Tabctl32.ocx
                  2007-12-08 11:04 . 2007-12-12 15:41 <DIR> d-------- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
                  2007-12-08 11:04 . 2002-06-13 13:50 376,832 --a------ C:\WINDOWS\system32\actskin4.ocx
                  2007-12-08 11:04 . 2002-09-06 11:36 233,472 --a------ C:\WINDOWS\system32\lame_enc.dll
                  2007-12-08 11:04 . 2001-08-08 21:00 40,960 --a------ C:\WINDOWS\system32\DGPNorm.ocx
                  2007-12-08 10:59 . 2001-03-17 21:34 22,528 --a------ C:\WINDOWS\system32\WNASPI32.DLL
                  2007-12-08 10:59 . 2002-07-17 09:05 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
                  2007-12-08 10:58 . 2007-12-08 11:03 <DIR> d-------- C:\Program Files\4Musics OGG to WAV Converter
                  2007-12-08 09:19 . 2007-12-08 09:59 <DIR> d-------- C:\Program Files\Video Jasper
                  2007-12-07 03:07 . 2007-12-07 03:07 102,400 --a------ C:\WINDOWS\system32\SampleGrabber.ax
                  2007-12-05 16:30 . 2005-05-22 19:08 180,736 --a------ C:\WINDOWS\RCScreen1.scr
                  2007-12-05 16:30 . 2007-12-05 16:30 67 --a------ C:\WINDOWS\RCScreen1.ini

                  .
                  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  2008-01-04 22:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
                  2008-01-04 19:33 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
                  2008-01-04 19:33 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
                  2008-01-04 14:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
                  2008-01-04 12:03 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\Xfire
                  2008-01-04 09:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
                  2008-01-02 09:58 --------- d-s---w C:\Program Files\Xfire
                  2008-01-01 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                  2008-01-01 13:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
                  2007-12-31 15:53 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
                  2007-12-21 16:49 --------- d-----w C:\Program Files\Norton AntiVirus
                  2007-12-20 13:58 --------- d-----w C:\Program Files\Google
                  2007-12-16 12:09 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
                  2007-12-16 12:09 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
                  2007-12-16 12:09 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
                  2007-12-16 12:09 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
                  2007-12-16 12:09 --------- d-----w C:\Program Files\Symantec
                  2007-12-12 14:39 --------- d-----w C:\Program Files\Windows Live Toolbar
                  2007-12-12 14:01 --------- d-----w C:\Program Files\MSN Messenger
                  2007-12-10 11:45 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\Symantec
                  2007-12-08 15:41 --------- d-----w C:\Program Files\Fraps
                  2007-12-08 10:21 --------- d-----w C:\Program Files\MediaMonkey (IPod)
                  2007-12-06 19:59 --------- d-----w C:\Documents and Settings\Jurrien\Application Data\LimeWire
                  2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
                  2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
                  2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
                  2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
                  2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
                  2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
                  2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
                  2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
                  2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
                  2007-11-27 21:10 --------- d-----w C:\Program Files\Windows Live
                  2007-11-27 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
                  2007-11-25 21:15 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\VoipStunt
                  2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
                  2007-11-15 20:55 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
                  2007-11-14 07:29 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
                  2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
                  2007-11-08 13:07 --------- d-----w C:\Program Files\Prisma
                  2007-10-30 10:14 3,086,848 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
                  2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
                  2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
                  2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
                  2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
                  2007-10-25 08:28 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
                  2007-10-11 06:10 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
                  2007-10-11 06:10 669,184 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
                  2007-10-11 06:10 619,520 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
                  2007-10-11 06:10 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
                  2007-10-11 06:10 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
                  2007-10-11 06:10 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
                  2007-10-11 06:10 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
                  2007-10-11 06:10 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
                  2007-10-11 06:10 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
                  2007-10-11 06:10 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
                  2007-10-11 06:10 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
                  2007-10-11 06:10 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
                  2007-10-11 06:10 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
                  2007-10-11 06:10 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
                  2007-10-11 06:10 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
                  2007-10-11 06:10 1,057,280 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
                  2007-10-11 06:10 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
                  2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
                  2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
                  2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
                  2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
                  2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
                  2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
                  2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
                  2007-10-10 10:48 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
                  2005-05-11 22:36 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
                  2004-01-08 13:46 2,185,052 ----a-w C:\Documents and Settings\Sylvia\Wild Divine.exe
                  2007-07-14 17:18 1,031,587 -csh--w C:\WINDOWS\system32\qstwa.bak2
                  2007-07-14 17:21 1,032,910 -csh--w C:\WINDOWS\system32\qstwa.ini2
                  2007-08-11 19:21 650,982 -csh--w C:\WINDOWS\system32\stvwa.bak1
                  2007-08-11 19:21 650,438 -csh--w C:\WINDOWS\system32\stvwa.bak2
                  2007-08-11 19:54 6,933 -csh--w C:\WINDOWS\system32\stvwa.ini2
                  .

                  ((((((((((((((((((((((((((((( snapshot_2008-01-03_23.36.42,56 )))))))))))))))))))))))))))))))))))))))))
                  .
                  - 2008-01-03 16:17:47 86,872 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
                  + 2008-01-04 20:25:24 8,224 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
                  + 2008-01-04 08:56:33 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_784.dat
                  .
                  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  REGEDIT4
                  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58beb46d-74a0-4d22-a507-5ce6a1086a7b}]
                  2008-01-01 14:04 77376 --a------ C:\WINDOWS\system32\slmhuvgi.dll

                  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
                  2007-12-10 12:59 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

                  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C19CA02B-6853-4AE9-9054-5CC449B0893B}]
                  C:\WINDOWS\system32\ddabx.dll

                  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
                  "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
                  "VoipStunt"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" [ ]

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
                  "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
                  "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
                  "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
                  "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
                  "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-10 11:19 77824]
                  "HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 18:35 49152]
                  "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
                  "ncoOSCheck"="C:\Program Files\Norton Confidential\osCheck.exe" [2006-12-15 11:47 120416]
                  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
                  "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-13 20:46 185784]
                  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
                  "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 22:07 51048]
                  "AcctMgr"="C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" [2006-11-28 03:43 591488]
                  "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 21:53 714608]

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
                  "SymLnch"="C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" [2007-08-26 17:04 687976]

                  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

                  C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                  HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
                  Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]

                  R2 CWMonitor;Symantec Crimeware Protection Driver;C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\Monitor.sys [2006-10-05 07:41]
                  R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 22:07]
                  R3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 11:29]
                  R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
                  S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
                  S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
                  S3 Dual Mode;Dual Mode Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2002-10-09 20:24]
                  S3 dump_wmimmc;dump_wmimmc;C:\ijji\ENGLISH\U_SF\GameGuard\dump_wmimmc.sys
                  S3 gAGP440p;gAGP440p;C:\DOCUME~1\Jasper\LOCALS~1\Temp\gAGP440p.sys
                  S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]

                  *Newly Created Service* - PNKBSTRK
                  .
                  Inhoud van de 'Gedeelde Taken' map
                  "2008-01-04 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
                  - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
                  "2007-11-15 15:36:28 C:\WINDOWS\Tasks\naar ed brink om 16.job"
                  - C:\Documents and Settings\Jasper\Mijn documenten\Afspraak 1.txt
                  "2007-12-31 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - Sylvia.job"
                  - C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
                  .
                  **************************************************************************

                  catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                  Rootkit scan 2008-01-04 23:40:22
                  Windows 5.1.2600 Service Pack 2 NTFS

                  scannen van verborgen processen ...

                  scannen van verborgen autostart items ...

                  scannen van verborgen bestanden ...

                  Scan succesvol afgerond
                  verborgen bestanden: 0

                  **************************************************************************
                  .
                  Voltooingstijd: 2008-01-04 23:40:58
                  C:\qoobox\ComboFix-quarantined-files.txt 2008-01-04 22:40:55
                  C:\qoobox\ComboFix2.txt 2008-01-03 22:37:07
                  C:\qoobox\ComboFix3.txt 2008-01-02 21:44:18
                  C:\qoobox\ComboFix4.txt 2008-01-01 22:30:13
                  .
                  2008-01-03 22:42:14 --- E O F ---

                  Highjack:

                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 23:42:38, on 4-1-2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\CWDefScn.exe
                  C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
                  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                  C:\WINDOWS\system32\HPZipm12.exe
                  C:\WINDOWS\system32\PnkBstrA.exe
                  C:\WINDOWS\System32\snmp.exe
                  C:\WINDOWS\System32\PAStiSvc.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\WINDOWS\stsystra.exe
                  C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
                  C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                  C:\Program Files\QuickTime\qttask.exe
                  C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                  C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                  C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
                  C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
                  C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
                  C:\Program Files\MSN Messenger\usnsvc.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\WINDOWS\explorer.exe
                  C:\WINDOWS\system32\notepad.exe
                  C:\Documents and Settings\Sylvia\Bureaublad\HijackThis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
                  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                  O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
                  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O2 - BHO: {b7a6801a-6ec5-705a-22d4-0a47d64beb85} - {58beb46d-74a0-4d22-a507-5ce6a1086a7b} - C:\WINDOWS\system32\slmhuvgi.dll
                  O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
                  O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O2 - BHO: (no name) - {C19CA02B-6853-4AE9-9054-5CC449B0893B} - C:\WINDOWS\system32\ddabx.dll (file missing)
                  O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
                  O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
                  O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
                  O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
                  O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                  O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
                  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                  O4 - HKLM\..\Run: [ncoOSCheck] C:\Program Files\Norton Confidential\osCheck.exe
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                  O4 - HKLM\..\Run: [AcctMgr] "C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" /startup
                  O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
                  O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"
                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                  O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-21-1190067832-492260076-881494414-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Jasper')
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
                  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                  O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
                  O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
                  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
                  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab
                  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                  O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
                  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                  O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                  O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
                  O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                  O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
                  O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                  O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
                  O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
                  O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

                  --
                  End of file - 9050 bytes

                  gr.Sylvia

                  Comment


                  • #10
                    Hallo Sylvia,

                    Laten we het eventjes iets anders proberen:

                    1. Open Deze Computer en kies Extra -> Mapopties.
                    Controleer onder Weergave de volgende instellingen:
                    • Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
                    • Uitzetten: Extensies voor bekende bestandstypen verbergen

                    Druk daarna op Toepassen gevolgd door Ok.

                    2. Dubbelklik op de bijlage en sla het op je bureaublad op. Controleer of het PRECIES deze naam heeft: CFScript.txt - zo niet pas deze dan aub eventjes aan.

                    Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:



                    Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
                    Post na herstart de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw logje van HijackThis.
                    Bijgevoegde Bestanden

                    Comment


                    • #11
                      Oke, komt e.e.a. nog een keer

                      (terwijl ik dit uitvoerde kwamen er steeds meldingen in beeld van toepassingsfouten: regedit.exe en swreg.cfexe en regt.cfexe. Zegt jou dit iets?)

                      ComboFix 07-12-31.4 - Sylvia 2008-01-06 21:08:36.6 - NTFSx86
                      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.1049 [GMT 1:00]
                      Gestart vanuit: C:\Documents and Settings\Sylvia\Bureaublad\ComboFix.exe
                      .

                      (((((((((((((((((((( Bestanden Gemaakt van 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))
                      .

                      2008-01-06 16:33 . 2008-01-06 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
                      2008-01-06 16:31 . 2008-01-06 16:31 <DIR> d-------- C:\Program Files\Apple Software Update
                      2008-01-06 16:31 . 2008-01-06 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
                      2008-01-01 14:57 . 2008-01-01 14:57 <DIR> d-------- C:\Program Files\Trend Micro
                      2007-12-28 14:38 . 2007-12-28 14:38 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
                      2007-12-28 14:38 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
                      2007-12-27 16:06 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
                      2007-12-27 16:06 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\dllcache\sonypvu1.sys
                      2007-12-24 18:37 . 2008-01-06 16:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
                      2007-12-24 18:37 . 2008-01-06 16:32 1,409 --a------ C:\WINDOWS\QTFont.for
                      2007-12-22 14:16 . 2007-12-22 14:16 <DIR> d-------- C:\Splash
                      2007-12-22 14:09 . 2007-12-28 10:48 803 --a------ C:\WINDOWS\CoDUO.INI
                      2007-12-22 13:39 . 2007-12-22 14:07 733 --a------ C:\WINDOWS\CoD.INI
                      2007-12-17 20:21 . 2007-12-17 20:28 <DIR> d-------- C:\Program Files\The All-Seeing Eye
                      2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
                      2007-12-10 12:57 . 2007-12-10 12:57 <DIR> d-------- C:\Program Files\Windows Sidebar
                      2007-12-09 19:44 . 2007-12-09 19:58 <DIR> d-------- C:\Program Files\Game Cam v1.4
                      2007-12-08 19:31 . 2007-12-08 19:32 <DIR> d-------- C:\Temp
                      2007-12-08 11:05 . 2002-11-13 11:14 1,703,936 --a------ C:\WINDOWS\system32\NCTAudioFile.dll
                      2007-12-08 11:05 . 2002-11-06 15:12 360,448 --a------ C:\WINDOWS\system32\NCTWMAFile.dll
                      2007-12-08 11:05 . 2000-12-06 00:00 209,608 --a------ C:\WINDOWS\system32\Tabctl32.ocx
                      2007-12-08 11:04 . 2007-12-12 15:41 <DIR> d-------- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
                      2007-12-08 11:04 . 2002-06-13 13:50 376,832 --a------ C:\WINDOWS\system32\actskin4.ocx
                      2007-12-08 11:04 . 2002-09-06 11:36 233,472 --a------ C:\WINDOWS\system32\lame_enc.dll
                      2007-12-08 11:04 . 2001-08-08 21:00 40,960 --a------ C:\WINDOWS\system32\DGPNorm.ocx
                      2007-12-08 10:59 . 2001-03-17 21:34 22,528 --a------ C:\WINDOWS\system32\WNASPI32.DLL
                      2007-12-08 10:59 . 2002-07-17 09:05 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
                      2007-12-08 10:58 . 2007-12-08 11:03 <DIR> d-------- C:\Program Files\4Musics OGG to WAV Converter
                      2007-12-08 09:19 . 2007-12-08 09:59 <DIR> d-------- C:\Program Files\Video Jasper
                      2007-12-07 03:07 . 2007-12-07 03:07 102,400 --a------ C:\WINDOWS\system32\SampleGrabber.ax

                      .
                      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      2008-01-06 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
                      2008-01-06 19:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
                      2008-01-06 18:24 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
                      2008-01-06 18:23 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
                      2008-01-06 15:39 --------- d-----w C:\Program Files\QuickTime
                      2008-01-04 12:03 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\Xfire
                      2008-01-04 09:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
                      2008-01-02 09:58 --------- d-s---w C:\Program Files\Xfire
                      2008-01-01 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                      2008-01-01 13:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
                      2007-12-31 15:53 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
                      2007-12-21 16:49 --------- d-----w C:\Program Files\Norton AntiVirus
                      2007-12-20 13:58 --------- d-----w C:\Program Files\Google
                      2007-12-16 12:09 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
                      2007-12-16 12:09 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
                      2007-12-16 12:09 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
                      2007-12-16 12:09 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
                      2007-12-16 12:09 --------- d-----w C:\Program Files\Symantec
                      2007-12-12 14:39 --------- d-----w C:\Program Files\Windows Live Toolbar
                      2007-12-12 14:01 --------- d-----w C:\Program Files\MSN Messenger
                      2007-12-10 11:45 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\Symantec
                      2007-12-08 15:41 --------- d-----w C:\Program Files\Fraps
                      2007-12-08 10:21 --------- d-----w C:\Program Files\MediaMonkey (IPod)
                      2007-12-06 19:59 --------- d-----w C:\Documents and Settings\Jurrien\Application Data\LimeWire
                      2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
                      2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
                      2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
                      2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
                      2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
                      2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
                      2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
                      2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
                      2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
                      2007-11-27 21:10 --------- d-----w C:\Program Files\Windows Live
                      2007-11-27 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
                      2007-11-25 21:15 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\VoipStunt
                      2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
                      2007-11-15 20:55 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
                      2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
                      2007-11-08 13:07 --------- d-----w C:\Program Files\Prisma
                      2007-10-31 03:57 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
                      2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
                      2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
                      2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
                      2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
                      2007-10-25 08:28 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
                      2007-10-11 06:10 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
                      2007-10-11 06:10 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
                      2007-10-11 06:10 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
                      2007-10-11 06:10 1,057,280 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
                      2007-10-11 06:10 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
                      2007-10-10 23:54 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
                      2007-10-10 23:53 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
                      2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
                      2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
                      2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
                      2007-10-10 23:53 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
                      2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
                      2007-10-10 23:53 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
                      2007-10-10 23:53 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
                      2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
                      2007-10-10 23:53 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
                      2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
                      2007-10-10 23:53 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
                      2007-10-10 23:53 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
                      2007-10-10 23:53 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
                      2007-10-10 23:53 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
                      2007-10-10 23:53 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
                      2007-10-10 23:53 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
                      2007-10-10 23:53 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
                      2007-10-10 23:53 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
                      2007-10-10 23:53 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
                      2007-10-10 23:53 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
                      2007-10-10 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
                      2007-10-10 11:02 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
                      2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
                      2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
                      2005-05-11 22:36 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
                      .

                      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      REGEDIT4
                      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
                      2007-12-10 12:59 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
                      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
                      "VoipStunt"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" [ ]

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
                      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
                      "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
                      "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
                      "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
                      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
                      "HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 18:35 49152]
                      "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
                      "ncoOSCheck"="C:\Program Files\Norton Confidential\osCheck.exe" [2006-12-15 11:47 120416]
                      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
                      "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-13 20:46 185784]
                      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
                      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 22:07 51048]
                      "AcctMgr"="C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" [2006-11-28 03:43 591488]
                      "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 21:53 714608]
                      "combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 12:00 399360]

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
                      "SymLnch"="C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" [2007-08-26 17:04 687976]

                      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

                      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
                      Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]

                      R2 CWMonitor;Symantec Crimeware Protection Driver;C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\Monitor.sys [2006-10-05 07:41]
                      R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 22:07]
                      R3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 11:29]
                      R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
                      S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
                      S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
                      S3 Dual Mode;Dual Mode Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2002-10-09 20:24]
                      S3 dump_wmimmc;dump_wmimmc;C:\ijji\ENGLISH\U_SF\GameGuard\dump_wmimmc.sys
                      S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]

                      .
                      Inhoud van de 'Gedeelde Taken' map
                      "2008-01-06 15:32:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
                      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
                      "2008-01-06 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
                      - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
                      "2007-11-15 15:36:28 C:\WINDOWS\Tasks\naar ed brink om 16.job"
                      - C:\Documents and Settings\Jasper\Mijn documenten\Afspraak 1.txt
                      "2007-12-31 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - Sylvia.job"
                      - C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
                      .
                      **************************************************************************

                      catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                      Rootkit scan 2008-01-06 21:10:24
                      Windows 5.1.2600 Service Pack 2 NTFS

                      scannen van verborgen processen ...

                      scannen van verborgen autostart items ...

                      scannen van verborgen bestanden ...

                      Scan succesvol afgerond
                      verborgen bestanden: 0

                      **************************************************************************
                      .
                      Voltooingstijd: 2008-01-06 21:11:03
                      C:\qoobox\ComboFix-quarantined-files.txt 2008-01-06 20:11:00
                      C:\qoobox\ComboFix2.txt 2008-01-06 20:06:46
                      C:\qoobox\ComboFix3.txt 2008-01-04 22:40:59
                      C:\qoobox\ComboFix4.txt 2008-01-03 22:37:07
                      C:\qoobox\ComboFix5.txt 2008-01-02 21:44:18
                      .
                      2008-01-03 22:42:14 --- E O F ---


                      highjack-log:

                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 21:14:28, on 6-1-2008
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                      Boot mode: Normal

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\Ati2evxx.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\system32\Ati2evxx.exe
                      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\CWDefScn.exe
                      C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
                      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                      C:\WINDOWS\system32\HPZipm12.exe
                      C:\WINDOWS\system32\PnkBstrA.exe
                      C:\WINDOWS\System32\snmp.exe
                      C:\WINDOWS\System32\PAStiSvc.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\stsystra.exe
                      C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
                      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                      C:\Program Files\QuickTime\QTTask.exe
                      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                      C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe
                      C:\WINDOWS\system32\ctfmon.exe
                      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
                      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
                      C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
                      C:\WINDOWS\explorer.exe
                      C:\WINDOWS\system32\notepad.exe
                      C:\Program Files\Internet Explorer\IEXPLORE.EXE
                      C:\Documents and Settings\Sylvia\Bureaublad\HijackThis.exe

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                      O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
                      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
                      O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
                      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                      O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
                      O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
                      O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
                      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
                      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                      O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
                      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                      O4 - HKLM\..\Run: [ncoOSCheck] C:\Program Files\Norton Confidential\osCheck.exe
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                      O4 - HKLM\..\Run: [AcctMgr] "C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" /startup
                      O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
                      O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat
                      O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"
                      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                      O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
                      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
                      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
                      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                      O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
                      O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
                      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
                      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab
                      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
                      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                      O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
                      O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                      O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
                      O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
                      O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
                      O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

                      --
                      End of file - 8991 bytes

                      gr.Sylvia

                      Comment


                      • #12
                        Goedzo! Het lijkt te zijn gelukt!

                        Trek van die foutmeldingen maar even niets aan, het schijnt gelukt te zijn... Laten we nog eventjes een extra scan uitvoeren met Dr.Web... Volg de onderstaande instructies zorgvuldig...

                        Download Dr.Web CureIt en sla het op je bureaublad op.
                        • Dubbelklik drweb-cureit.exe en sta het toe om te express scan te starten.
                          Indien er een popup verschijnt met het voorstel tot kopen/50&#37; korting mag je deze sluiten.
                        • De express scan zal de bestanden scannen die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt klik op 'alles selecteren' kies nu voor 'repareren' en uit het kleine menutje dat verschijnt kies je 'verplaatsen'.
                        • Kies bovenaan in het menu voor Language/Taal en wijzig deze naar Dutch (Nederlands) indien deze bij jou anders staat ingesteld.
                        • Druk op F9, kies daarna voor het tabblad Acties en stel daar het volgende in onder Malware:
                          • Adware: Verplaats
                          • Dialers: Verplaats
                          • Jokes: Rapportage
                          • Riskware: Rapportage
                          • Hacktools: Verplaats
                          • Haal dan het vinkje weg bij 'Prompt bij actie'.
                        • Kies daarna voor het tabblad Scan en verwijder het vinkje bij Heuristische analyse.
                          Druk vervolgens op Toepassen gevolgd door OK.
                        • Eenmaal als de korte scan is be&#235;indigd vink je aan: Volledige scan.
                          Druk daarna op het groene pijltje (start knop) om de scan te starten.
                        • Gevonden bestanden worden naar '%USERPROFILE%\DocterWeb\Quarantine' -map verplaatst indien het herstellen niet mogelijk is.
                        • Nadat de scan gedaan is ga dan naar Bestand en kies Rapportage lijst opslaan.
                          Bewaar deze op je bureaublad en sluit daarna Dr.Web CureIt.
                        • Herstart vervolgens de computer!! Dit is een belangrijke stap want het kan zijn dat Dr.Web CureIt bestanden zal verplaatsen/verwijderen tijdens herstart.
                        • Na het herstarten, kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.


                        - Dani&#235;l

                        Comment


                        • #13
                          Dank! PC loopt een stuk beter. Cure-it leverde al niets meer op.
                          Bijgaand highjack-log:
                          Logfile of Trend Micro HijackThis v2.0.2
                          Scan saved at 20:30:57, on 10-1-2008
                          Platform: Windows XP SP2 (WinNT 5.01.2600)
                          MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                          Boot mode: Normal

                          Running processes:
                          C:\WINDOWS\System32\smss.exe
                          C:\WINDOWS\system32\winlogon.exe
                          C:\WINDOWS\system32\services.exe
                          C:\WINDOWS\system32\lsass.exe
                          C:\WINDOWS\system32\Ati2evxx.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\WINDOWS\system32\Ati2evxx.exe
                          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                          C:\WINDOWS\system32\spoolsv.exe
                          C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\CWDefScn.exe
                          C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
                          C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                          C:\WINDOWS\system32\HPZipm12.exe
                          C:\WINDOWS\system32\PnkBstrA.exe
                          C:\WINDOWS\system32\PnkBstrB.exe
                          C:\WINDOWS\System32\snmp.exe
                          C:\WINDOWS\System32\PAStiSvc.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\Explorer.EXE
                          C:\WINDOWS\stsystra.exe
                          C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
                          C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                          C:\Program Files\QuickTime\QTTask.exe
                          C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                          C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                          C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe
                          C:\WINDOWS\system32\ctfmon.exe
                          C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                          C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
                          C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                          C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
                          C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
                          C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                          C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                          C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
                          C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
                          C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
                          C:\Documents and Settings\Sylvia\Bureaublad\HijackThis.exe

                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                          R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                          O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
                          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                          O2 - BHO: (no name) - {58beb46d-74a0-4d22-a507-5ce6a1086a7b} - (no file)
                          O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
                          O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
                          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                          O2 - BHO: (no name) - {C19CA02B-6853-4AE9-9054-5CC449B0893B} - (no file)
                          O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
                          O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
                          O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
                          O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
                          O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                          O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
                          O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                          O4 - HKLM\..\Run: [ncoOSCheck] C:\Program Files\Norton Confidential\osCheck.exe
                          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                          O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                          O4 - HKLM\..\Run: [AcctMgr] "C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" /startup
                          O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
                          O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                          O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"
                          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                          O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
                          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                          O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
                          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
                          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
                          O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                          O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
                          O4 - Global Startup: Teamspeak RC2.lnk = C:\Games\Teamspeak2_RC2\TeamSpeak.exe
                          O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
                          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
                          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
                          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                          O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab
                          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                          O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
                          O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                          O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                          O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                          O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                          O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                          O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                          O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
                          O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                          O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
                          O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                          O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
                          O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
                          O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
                          O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

                          --
                          End of file - 9980 bytes

                          PS Mijn Norton abonnement loopt binnenkort af. Heb je nog een goeie tip voor een gratis virusscanner om te downloaden??

                          gr.Sylvia

                          Comment


                          • #14
                            Hallo Sylvia,

                            Zoals ik het zie heb je al een andere gratis virusscanner, namelijk AVG
                            Zal je nog eventjes een logje van ComboFix willen maken?

                            - Daniël

                            Comment


                            • #15
                              Hallo Daniel,

                              Komt de Combo-log:
                              ComboFix 08-01-20.1 - Sylvia 2008-01-20 11:37:59.9 - NTFSx86
                              Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.801 [GMT 1:00]
                              Gestart vanuit: C:\Documents and Settings\Sylvia\Bureaublad\ComboFix.exe

                              WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
                              .

                              (((((((((((((((((((( Bestanden Gemaakt van 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))
                              .

                              2008-01-20 11:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
                              2008-01-18 13:51 . 2008-01-18 13:51 <DIR> d-------- C:\Program Files\Navman
                              2008-01-14 19:53 . 1999-04-23 22:22 151,552 --a------ C:\WINDOWS\system32\MSOSS.DLL
                              2008-01-13 19:17 . 2008-01-13 19:37 <DIR> d-------- C:\Program Files\Wild Divine
                              2008-01-13 17:27 . 1999-11-10 12:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe
                              2008-01-13 12:19 . 2008-01-13 12:34 331 --a------ C:\WINDOWS\CoDUO.INI
                              2008-01-13 11:21 . 2008-01-13 12:16 733 --a------ C:\WINDOWS\CoD.INI
                              2008-01-12 21:19 . 2008-01-12 21:19 <DIR> d--hs---- C:\WINDOWS\ftpcache
                              2008-01-11 01:29 . 2008-01-11 01:29 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
                              2008-01-09 22:08 . 2008-01-20 11:13 <DIR> d-------- C:\Documents and Settings\Sylvia\Application Data\AVG7
                              2008-01-09 22:08 . 2008-01-09 22:08 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
                              2008-01-09 22:07 . 2008-01-09 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
                              2008-01-09 22:07 . 2008-01-09 22:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
                              2008-01-09 20:45 . 2008-01-09 20:45 <DIR> d-------- C:\Documents and Settings\Sylvia\Application Data\teamspeak2
                              2008-01-07 19:12 . 2008-01-07 19:12 <DIR> d-------- C:\Program Files\Recuva
                              2008-01-07 18:43 . 2008-01-07 18:43 <DIR> d-------- C:\Restoration
                              2008-01-07 18:40 . 2008-01-07 18:40 <DIR> d-------- C:\Program Files\Eden Studios
                              2008-01-06 16:31 . 2008-01-06 16:31 <DIR> d-------- C:\Program Files\Apple Software Update
                              2008-01-06 16:31 . 2008-01-06 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
                              2008-01-01 14:57 . 2008-01-01 14:57 <DIR> d-------- C:\Program Files\Trend Micro
                              2007-12-27 16:06 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
                              2007-12-27 16:06 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\dllcache\sonypvu1.sys

                              .
                              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              2008-01-19 10:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
                              2008-01-18 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
                              2008-01-18 16:01 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
                              2008-01-18 16:01 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
                              2008-01-18 12:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
                              2008-01-17 13:37 --------- d-----w C:\Program Files\Fraps
                              2008-01-17 12:14 --------- d-s---w C:\Program Files\Xfire
                              2008-01-15 14:01 221,184 -c--a-w C:\WINDOWS\system32\wrap_oal.dll
                              2008-01-15 12:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
                              2008-01-14 21:28 --------- d-----w C:\Program Files\Wisdom Quest
                              2008-01-13 16:27 --------- d-----w C:\Program Files\QuickTime
                              2008-01-04 12:03 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\Xfire
                              2008-01-01 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                              2007-12-31 15:53 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
                              2007-12-21 16:49 --------- d-----w C:\Program Files\Norton AntiVirus
                              2007-12-20 13:58 --------- d-----w C:\Program Files\Google
                              2007-12-17 19:28 --------- d-----w C:\Program Files\The All-Seeing Eye
                              2007-12-16 12:09 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
                              2007-12-16 12:09 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
                              2007-12-16 12:09 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
                              2007-12-16 12:09 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
                              2007-12-16 12:09 --------- d-----w C:\Program Files\Symantec
                              2007-12-12 14:41 --------- d-----w C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
                              2007-12-12 14:39 --------- d-----w C:\Program Files\Windows Live Toolbar
                              2007-12-12 14:01 --------- d-----w C:\Program Files\MSN Messenger
                              2007-12-10 11:57 --------- d-----w C:\Program Files\Windows Sidebar
                              2007-12-10 11:45 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\Symantec
                              2007-12-09 18:58 --------- d-----w C:\Program Files\Game Cam v1.4
                              2007-12-08 10:21 --------- d-----w C:\Program Files\MediaMonkey (IPod)
                              2007-12-08 10:03 --------- d-----w C:\Program Files\4Musics OGG to WAV Converter
                              2007-12-08 08:59 --------- d-----w C:\Program Files\Video Jasper
                              2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
                              2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
                              2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
                              2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
                              2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
                              2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
                              2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
                              2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
                              2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
                              2007-11-27 21:10 --------- d-----w C:\Program Files\Windows Live
                              2007-11-27 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
                              2007-11-25 21:15 --------- d-----w C:\Documents and Settings\Sylvia\Application Data\VoipStunt
                              2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
                              2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
                              2007-11-07 09:30 727,040 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
                              2007-10-31 03:57 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
                              2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
                              2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
                              2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
                              2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
                              2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
                              2007-10-25 08:28 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
                              2005-05-11 22:36 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
                              .

                              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              .
                              REGEDIT4
                              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                              [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58beb46d-74a0-4d22-a507-5ce6a1086a7b}]

                              [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
                              2007-12-10 12:59 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

                              [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C19CA02B-6853-4AE9-9054-5CC449B0893B}]

                              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                              "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
                              "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
                              "VoipStunt"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" [ ]

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                              "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
                              "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
                              "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
                              "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
                              "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
                              "HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 18:35 49152]
                              "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
                              "ncoOSCheck"="C:\Program Files\Norton Confidential\osCheck.exe" [2006-12-15 11:47 120416]
                              "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
                              "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-13 20:46 185784]
                              "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
                              "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 22:07 51048]
                              "AcctMgr"="C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" [2006-11-28 03:43 591488]
                              "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 21:53 714608]
                              "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-10 20:00 579072]
                              "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-13 17:27 98304]

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
                              "SymLnch"="C:\Documents and Settings\Sylvia\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" [2007-08-26 17:04 687976]

                              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                              "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
                              "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-09 22:07 219136]

                              C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                              HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
                              Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]
                              Teamspeak RC2.lnk - C:\Games\Teamspeak2_RC2\TeamSpeak.exe [2003-08-29 15:13:04 1436160]

                              R2 CWMonitor;Symantec Crimeware Protection Driver;C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\Monitor.sys [2006-10-05 07:41]
                              R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 22:07]
                              R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
                              S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
                              S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
                              S3 Dual Mode;Dual Mode Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2002-10-09 20:24]
                              S3 dump_wmimmc;dump_wmimmc;C:\ijji\ENGLISH\U_SF\GameGuard\dump_wmimmc.sys
                              S3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 11:29]
                              S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]

                              .
                              Inhoud van de 'Gedeelde Taken' map
                              "2008-01-10 06:51:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
                              - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
                              "2008-01-19 11:00:04 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
                              - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
                              "2008-01-14 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - Sylvia.job"
                              - C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
                              .
                              **************************************************************************

                              catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                              Rootkit scan 2008-01-20 11:39:36
                              Windows 5.1.2600 Service Pack 2 NTFS

                              scannen van verborgen processen ...

                              scannen van verborgen autostart items ...

                              scannen van verborgen bestanden ...

                              Scan succesvol afgerond
                              verborgen bestanden: 0

                              **************************************************************************
                              .
                              Voltooingstijd: 2008-01-20 11:40:15
                              ComboFix-quarantined-files.txt 2008-01-20 10:40:12
                              ComboFix2.txt 2008-01-20 10:36:06
                              ComboFix3.txt 2008-01-08 22:36:03
                              .
                              2008-01-19 18:51:58 --- E O F ---

                              Verder heb ik nog een vraag:
                              er staat op mijn bureaublad een logje van cure-it, maar die kan ik niet verwijderen. Er komt steeds in beeld dat het door iemand anders of een programma in gebruik is. Dit terwijl er verder NIETS openstaat. Hoe krijg ik het weg?

                              Is AVG een betrouwbare virusscanner in jullie ogen?

                              m.vr.gr.Sylvia

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X