Mededeling

Collapse
No announcement yet.

Virus vundo

Collapse
X
Collapse
  •  
  • Page of 1
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Virus vundo

    Beste,

    sinds geruime tijd zit m'n laptop met een trojan virus, vundo genaamd, Norton Internet Security krijgt 'm er niet af, ik heb ook al adaware laten draaien alsook een prog om het register op te schonen. Niks blijkt krachtig genoeg, tot ik jullie site vond via google, en daar een identiek probleem + oplossing gelezen heb.
    Hieronder volgt de log van de betreffende laptop;
    Logfile of HijackThis v1.99.1
    Scan saved at 15:53:29, on 6/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\ATK0100\HControl.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvGraphicsInterface] C:\WINDOWS\system32\wwjtatsz.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [f013ba53] rundll32.exe "C:\WINDOWS\system32\kvgcpork.dll",b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ewie.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe



    Hopelijk kunnen jullie me helpen, ik durf de laptop niet meer op het netwerk toelaten, bang dat ie de boel infecteert. Alvast heeel veel dank.
    MVG, rulan.
    Labels: Geen
      • Citaat
    • #2
      Ho Rulan,
      Welkom op Nucia!

      Je gebruikt een oude versie van HijackThis, lees dit even door:
      http://www.nucia.eu/forum/showthread.php?t=28820


      1. * Clean de Cache and Cookies in IE:
      • Sluit Internet Explorer.
      • Ga naar Configuratiescherm > Internet Opties > tab Algemeen
      • Klik de Cookies verwijderen knop
      • Klik op de Bestanden verwijderen knop ernaast
      • Vink aan: Ook alle off line items verwijderen, klik OK
      * Clean de Cache and Cookies in Firefox (In geval Firefox geïnstalleerd is):
      • Go to Extra > Opties.
      • Klik Privacy in het menu.
      • Klik op de knop wissen (Geschiedenis, Cookies, Cache).
      • Klik OK om het venster opnieuw te sluiten.
      * Clean andere Temporary files + Prullenbak
      • Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
      • Laat het je systeem scannen op bestanden die moeten verwijderd worden
      • Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
      • Klik daarna op OK.

      2. Download Dr.Web CureIt en sla het op je bureaublad op.
      • Dubbelklik drweb-cureit.exe en sta het toe om te express scan te starten.
        Indien er een popup verschijnt met het voorstel tot kopen/50% korting mag je deze sluiten.
      • De express scan zal de bestanden scannen die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt klik op 'alles selecteren' kies nu voor 'repareren' en uit het kleine menutje dat verschijnt kies je 'verplaatsen'.
      • Kies bovenaan in het menu voor Language/Taal en wijzig deze naar Dutch (Nederlands) indien deze bij jou anders staat ingesteld.
      • Druk op F9, kies daarna voor het tabblad Acties en stel daar het volgende in onder Malware:
        • Adware: Verplaats
        • Dialers: Verplaats
        • Jokes: Rapportage
        • Riskware: Rapportage
        • Hacktools: Verplaats
        • Haal dan het vinkje weg bij 'Prompt bij actie'.
      • Kies daarna voor het tabblad Scan en verwijder het vinkje bij Heuristische analyse.
        Druk vervolgens op Toepassen gevolgd door OK.
      • Eenmaal als de korte scan is beëindigd vink je aan: Volledige scan.
        Druk daarna op het groene pijltje (start knop) om de scan te starten.
      • Gevonden bestanden worden naar '%USERPROFILE%\DocterWeb\Quarantine' -map verplaatst indien het herstellen niet mogelijk is.
      • Nadat de scan gedaan is ga dan naar Bestand en kies Rapportage lijst opslaan.
        Bewaar deze op je bureaublad en sluit daarna Dr.Web CureIt.
      • Herstart vervolgens de computer!! Dit is een belangrijke stap want het kan zijn dat Dr.Web CureIt bestanden zal verplaatsen/verwijderen tijdens herstart.

      3. Download [url=http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe]Combofix naar je Bureaublad.
      • Dubbelklik op Combofix.exe
        Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door Enter.
        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

      Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
      Plaats deze log in je volgende post, samen met het logje van Dr. Web.

      - Daniël
      Last edited by BendeBoy; 06-01-08, 23:20.
        • Citaat

        Comment

        • #3
          Virus vundo

          Hallo,
          Zoals gevraagd de logjes van Dr. Web en Combofix.

          Log Dr. Web:

          0AA17A5B.dll C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.Virtumod.246
          1E557399.exe C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.EzulaAd
          1FCC4249.exe C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.EzulaAd
          2AD44859.dll C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.Virtumod.246
          2B647FBB.dll C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.Virtumod.246
          2B7B25A2.dll C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.Virtumod.246
          2BE3652F.dll C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.Virtumod.246
          2C357ED5.dll C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.Virtumod.246
          54D033E1.dll C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.Virtumod.246
          55CD41AB.exe C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.Proxy.2379
          69360773.exe C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.Proxy.2379
          6C083C57.exe C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.EzulaAd
          7BC172BE.dll C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.Virtumod.246
          7C2D5C47.exe C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.EzulaAd
          7D352524.exe C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.EzulaAd
          cywmygyr.exe C:\Documents and Settings\Gebruiker\Local Settings\Temp Trojan.EzulaAd Verwijderd.
          hxalwgow.exe C:\Documents and Settings\Gebruiker\Local Settings\Temp Trojan.EzulaAd Verwijderd.
          niirrtcj.exe C:\Documents and Settings\Gebruiker\Local Settings\Temp Trojan.EzulaAd Verwijderd.
          POSTOOBE.NEC C:\DRIVERS VBS.Generic.278 Verwijderd.
          A0000912.exe C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP11 Trojan.Proxy.2379 Verwijderd.
          A0000920.exe C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP11 Trojan.Proxy.2379 Verwijderd.
          A0000921.exe C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP11 Trojan.Proxy.2379 Verwijderd.
          A0000922.exe C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP11 Trojan.Proxy.2379 Verwijderd.
          A0000923.exe C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP11 Trojan.Proxy.2379 Verwijderd.
          A0000924.exe C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP11 Trojan.Proxy.2379 Verwijderd.
          A0000926.exe C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP11 Trojan.Proxy.2379 Verwijderd.
          A0001954.dll C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP14 Trojan.Virtumod.246 Verwijderd.
          A0001980.dll C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP14 Trojan.Virtumod.246 Verwijderd.
          A0002033.dll C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP16 Trojan.Virtumod.246 Verwijderd.
          A0002034.dll C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP16 Trojan.Virtumod.246 Verwijderd.
          A0002035.dll C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP16 Trojan.Virtumod.246 Verwijderd.
          A0002036.dll C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP16 Trojan.Virtumod.246 Verwijderd.
          A0002038.dll C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP16 Trojan.Virtumod.246 Verwijderd.
          A0002040.dll C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP16 Trojan.Virtumod.246 Verwijderd.
          A0000015.dll C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP2 Trojan.Juan.29 Verwijderd.
          A0000016.dll C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP2 Trojan.Virtumod.232 Verwijderd.
          A0000017.exe C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP2 Trojan.EzulaAd Verwijderd.
          awtsspq.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.
          byxvusr.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.
          cbxxyyv.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.
          ddcbyvs.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.
          efcywvw.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.
          hggdcyx.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.
          iiffccd.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.
          mljjjjh.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.
          mljkigg.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.
          pmnnopm.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.
          pmnopml.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.
          rqrppoo.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.
          urqpmnl.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.
          urqppqr.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.
          urqromn.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.





          Log Combofix:

          ComboFix 08-01-07.5 - Gebruiker 2008-01-07 19:24:10.1 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1510 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Gebruiker\Bureaublad\ComboFix.exe
          * Nieuw herstelpunt werd aangemaakt
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\WINDOWS\cookies.ini
          C:\WINDOWS\system32\_000006_.tmp.dll
          C:\WINDOWS\system32\_000009_.tmp.dll
          C:\WINDOWS\system32\_000010_.tmp.dll
          C:\WINDOWS\system32\aaubkdwu.ini
          C:\WINDOWS\system32\bisnmedv.ini
          C:\WINDOWS\system32\gfhkj.ini
          C:\WINDOWS\system32\gfhkj.ini2
          C:\WINDOWS\system32\iqdsvgtb.ini
          C:\WINDOWS\system32\kngoxmni.ini
          C:\WINDOWS\system32\kropcgvk.ini
          C:\WINDOWS\system32\mcrh.tmp
          C:\WINDOWS\system32\onnrueon.ini
          C:\WINDOWS\system32\siplxhbo.ini
          C:\WINDOWS\system32\UpMedia
          C:\WINDOWS\system32\UpMedia\uninstallSE.exe
          C:\WINDOWS\system32\utstv.ini
          C:\WINDOWS\system32\utstv.ini2
          C:\WINDOWS\system32\vtstu.dll
          C:\WINDOWS\system32\vturo.dll
          C:\WINDOWS\system32\yadaorci.ini

          .
          ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

          .
          -------\LEGACY_IPRIP
          -------\Iprip


          (((((((((((((((((((( Bestanden Gemaakt van 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))
          .

          2008-01-07 19:22 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
          2008-01-07 11:23 . 2008-01-07 11:23 <DIR> d-------- C:\Documents and Settings\Gebruiker\DoctorWeb
          2008-01-06 15:51 . 2008-01-06 15:53 <DIR> d-------- C:\HijackThis
          2007-12-31 18:46 . 2007-12-31 18:51 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\U3
          2007-12-22 13:28 . 2007-12-22 13:32 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
          2007-12-22 10:37 . 2007-12-22 10:37 <DIR> d-------- C:\Program Files\Lavasoft
          2007-12-22 10:37 . 2007-12-22 10:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
          2007-12-13 16:28 . 2007-12-16 15:55 2,998,179 ---hs---- C:\WINDOWS\system32\dyuoyyij.ini
          2007-12-13 15:29 . 2007-12-13 15:56 2,998,233 ---hs---- C:\WINDOWS\system32\puuixxup.ini
          2007-12-12 14:24 . 2007-12-13 14:09 1,633,020 ---hs---- C:\WINDOWS\system32\vrmxjels.ini
          2007-12-10 15:32 . 2007-12-10 15:32 <DIR> d-------- C:\Program Files\iPod
          2007-12-09 08:54 . 2007-12-09 08:54 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\CyberLink

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-01-07 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
          2008-01-04 09:06 --------- d-----w C:\Program Files\Norton Internet Security
          2008-01-03 22:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
          2007-12-26 20:05 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\uTorrent
          2007-12-22 09:36 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
          2007-12-10 14:33 --------- d-----w C:\Program Files\iTunes
          2007-12-10 14:29 --------- d-----w C:\Program Files\QuickTime
          2007-12-03 16:26 --------- d-----w C:\Program Files\Webteh
          2007-12-03 16:26 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\BSplayer
          2007-12-01 18:02 --------- d-----w C:\Program Files\Windows Live Toolbar
          2007-12-01 09:13 --------- d-----w C:\Program Files\Java
          2007-11-30 21:11 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\vlc
          2007-11-30 21:09 --------- d-----w C:\Program Files\VideoLAN
          2007-11-30 20:38 --------- d-----w C:\Program Files\LimeWire
          2007-11-30 20:38 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\LimeWire
          2007-11-14 20:02 --------- d-----w C:\Program Files\uTorrent
          2007-11-14 19:57 --------- d-----w C:\Program Files\BitComet
          2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
          2007-11-12 17:37 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
          2007-07-01 13:27 382 ----a-w C:\Documents and Settings\Gebruiker\Application Data\internaldb6334.dat
          2007-07-01 13:22 194 ----a-w C:\Documents and Settings\Gebruiker\Application Data\internaldb8467.dat
          2007-07-01 13:22 18,432 ----a-w C:\Documents and Settings\Gebruiker\Application Data\internaldb41.dat
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bef3c70b-7a98-47ef-b15c-e99156c887e9}]
          C:\WINDOWS\system32\edyqioga.dll

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 14:00 15360]
          "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-02 12:46 68856]
          "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 18:25 1961984]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-02 14:00 208952]
          "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 14:00 455168]
          "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 14:00 455168]
          "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]
          "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
          "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-06-01 13:57 573440]
          "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-12 13:36 774233]
          "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-12 15:11 7577600]
          "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-12 15:11 86016]
          "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-02-23 12:40 106496]
          "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 06:15 102400]
          "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
          "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
          "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-01 11:04 52840]
          "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-30 18:53 1838592]
          "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
          "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
          "NvGraphicsInterface"="C:\WINDOWS\system32\wwjtatsz.exe" [ ]
          "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
          "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
          "f013ba53"="C:\WINDOWS\system32\kvgcpork.dll" [ ]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-02 14:00 15360]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
          "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
          "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomnmlj]
          qomnmlj.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
          "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
          backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
          --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
          --a------ 2004-09-02 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
          --------- 2005-10-11 18:25 1961984 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
          --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
          --a------ 2006-06-12 15:11 1519616 C:\WINDOWS\system32\nwiz.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
          --a------ 2007-11-14 23:43 286720 C:\Program Files\QuickTime\qttask.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
          -ra------ 2007-06-08 14:18 23233576 C:\Program Files\Skype\Phone\Skype.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
          --a------ 2007-05-02 12:46 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

          R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 10:45]
          S3 p2pgasvc;Groepsverificatie van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-09-02 14:00]
          S3 p2pimsvc;Identiteitsbeheer van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-09-02 14:00]
          S3 p2psvc;Peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-09-02 14:00]
          S3 PNRPSvc;Naamomzettingsprotocol van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-09-02 14:00]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
          p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d64b6a8-b7c8-11dc-a90a-0018f3fc31a4}]
          \Shell\AutoRun\command - F:\LaunchU3.exe -a

          *Newly Created Service* - COMHOST
          .
          Inhoud van de 'Gedeelde Taken' map
          "2007-09-07 16:08:26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          "2008-01-07 10:55:07 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
          - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
          "2007-11-16 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - Deno Computers.job"
          - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
          "2008-01-04 02:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
          - C:\Program Files\RegistrySmart\RegistrySmart.ex
          - C:\Program Files\RegistrySmar
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-01-07 19:32:29
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          Voltooingstijd: 2008-01-07 19:35:14 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-01-07 18:35:12
          .
          2007-12-23 12:10:01 --- E O F ---


          Bedankt voor de hulp!
          MVG, Rulan.
            • Citaat

            Comment

            • #4
              Hallo again,

              Voor het ogenblik werkt de laptop terug normaal, ik kan terug op internet, enkel als ie opstart geeft hij volgende melding: "Er is een fout opgetreden tijdens het laden van C:\WINDOWS\system32\kvgcpork.dll. Kan opgegeven module niet vinden.
              Waarschijnlijk is er tijdens het opruimen iets misgegaan.
              De laptop werkt wel goed, dat is dus geen probleem, maar iets zegt me dat dit bestand nodig is.

              MVG, Rulan.
                • Citaat

                Comment

                • #5
                  Hi Rulan,

                  maar iets zegt me dat dit bestand nodig is.
                  Dat bestand is malware, die gaan we nu verwijderen


                  Open een nieuw kladblok bestand.

                  Kopieer en plak daarin de onderstaande dik gedrukte blauwe tekst.
                  Ga naar 'Bestand' -> 'Opslaan als..' en sla het vervolgens op je bureaublad op als CFScript.txt.
                  File::
                  C:\WINDOWS\system32\dyuoyyij.ini
                  C:\WINDOWS\system32\puuixxup.ini
                  C:\WINDOWS\system32\vrmxjels.ini
                  C:\WINDOWS\system32\edyqioga.dll
                  C:\WINDOWS\system32\kvgcpork.dll
                  C:\WINDOWS\system32\qomnmlj.dll

                  Folder::
                  C:\Documents and Settings\Gebruiker\DocterWeb\Quarantine

                  Registry::
                  [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomnmlj]
                  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bef3c70b-7a98-47ef-b15c-e99156c887e9}]
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "f013ba53"=-

                  Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:



                  Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
                  Post na herstart de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw logje van HijackThis.
                    • Citaat

                    Comment

                    • #6
                      Hoi Bendeboy,

                      Hieronder de logjes van Combofix en HJT;

                      ComboFix 08-01-07.5 - Gebruiker 2008-01-14 18:08:19.2 - NTFSx86
                      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1464 [GMT 1:00]
                      Gestart vanuit: C:\Documents and Settings\Gebruiker\Bureaublad\ComboFix.exe
                      Command switches used :: C:\Documents and Settings\Gebruiker\Bureaublad\CFScript.txt
                      * Nieuw herstelpunt werd aangemaakt

                      FILE
                      C:\WINDOWS\system32\dyuoyyij.ini
                      C:\WINDOWS\system32\edyqioga.dll
                      C:\WINDOWS\system32\kvgcpork.dll
                      C:\WINDOWS\system32\puuixxup.ini
                      C:\WINDOWS\system32\qomnmlj.dll
                      C:\WINDOWS\system32\vrmxjels.ini
                      .

                      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                      .

                      C:\WINDOWS\system32\dyuoyyij.ini
                      C:\WINDOWS\system32\puuixxup.ini
                      C:\WINDOWS\system32\vrmxjels.ini

                      .
                      (((((((((((((((((((( Bestanden Gemaakt van 2007-12-14 to 2008-01-14 ))))))))))))))))))))))))))))))
                      .

                      2008-01-09 13:54 . 2008-01-09 13:54 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\Sierra
                      2008-01-09 13:41 . 2008-01-09 13:41 <DIR> d-------- C:\Program Files\Sierra
                      2008-01-08 21:19 . 2008-01-08 21:19 <DIR> d-------- C:\Program Files\Paradox Interactive
                      2008-01-07 19:22 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
                      2008-01-07 11:23 . 2008-01-07 11:23 <DIR> d-------- C:\Documents and Settings\Gebruiker\DoctorWeb
                      2008-01-06 15:51 . 2008-01-06 15:53 <DIR> d-------- C:\HijackThis
                      2007-12-31 18:46 . 2007-12-31 18:51 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\U3
                      2007-12-22 13:28 . 2007-12-22 13:32 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
                      2007-12-22 10:37 . 2007-12-22 10:37 <DIR> d-------- C:\Program Files\Lavasoft
                      2007-12-22 10:37 . 2007-12-22 10:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

                      .
                      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      2008-01-14 16:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
                      2008-01-13 14:24 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
                      2008-01-13 10:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
                      2008-01-12 14:20 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\uTorrent
                      2008-01-11 19:45 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\LimeWire
                      2008-01-09 12:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
                      2008-01-04 09:06 --------- d-----w C:\Program Files\Norton Internet Security
                      2007-12-22 09:36 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
                      2007-12-10 14:33 --------- d-----w C:\Program Files\iTunes
                      2007-12-10 14:32 --------- d-----w C:\Program Files\iPod
                      2007-12-10 14:29 --------- d-----w C:\Program Files\QuickTime
                      2007-12-09 07:54 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\CyberLink
                      2007-12-03 16:26 --------- d-----w C:\Program Files\Webteh
                      2007-12-03 16:26 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\BSplayer
                      2007-12-01 18:02 --------- d-----w C:\Program Files\Windows Live Toolbar
                      2007-12-01 09:13 --------- d-----w C:\Program Files\Java
                      2007-11-30 21:11 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\vlc
                      2007-11-30 21:09 --------- d-----w C:\Program Files\VideoLAN
                      2007-11-30 20:38 --------- d-----w C:\Program Files\LimeWire
                      2007-11-14 20:02 --------- d-----w C:\Program Files\uTorrent
                      2007-11-14 19:57 --------- d-----w C:\Program Files\BitComet
                      2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
                      2007-11-07 09:30 727,040 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
                      2007-11-02 14:17 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
                      2007-10-30 23:27 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
                      2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
                      2007-10-29 22:41 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
                      2007-10-29 22:41 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
                      2007-10-28 09:39 45,056 ----a-w C:\WINDOWS\system32\ftp.exe
                      2007-10-28 09:39 17,408 ----a-w C:\WINDOWS\system32\tftp.exe
                      2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
                      2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
                      2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
                      2007-07-01 13:27 382 ----a-w C:\Documents and Settings\Gebruiker\Application Data\internaldb6334.dat
                      2007-07-01 13:22 194 ----a-w C:\Documents and Settings\Gebruiker\Application Data\internaldb8467.dat
                      2007-07-01 13:22 18,432 ----a-w C:\Documents and Settings\Gebruiker\Application Data\internaldb41.dat
                      .

                      ((((((((((((((((((((((((((((( snapshot@2008-01-07_19.34.57.23 )))))))))))))))))))))))))))))))))))))))))
                      .
                      - 2007-11-12 17:37:38 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
                      + 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
                      - 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
                      + 2008-01-02 09:21:38 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
                      + 2008-01-14 16:45:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1fc.dat
                      .
                      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      REGEDIT4
                      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 14:00 15360]
                      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-02 12:46 68856]
                      "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 18:25 1961984]

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-02 14:00 208952]
                      "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 14:00 455168]
                      "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 14:00 455168]
                      "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]
                      "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
                      "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-06-01 13:57 573440]
                      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-12 13:36 774233]
                      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-12 15:11 7577600]
                      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-12 15:11 86016]
                      "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-02-23 12:40 106496]
                      "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 06:15 102400]
                      "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
                      "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
                      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-01 11:04 52840]
                      "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-30 18:53 1838592]
                      "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
                      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
                      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
                      "NvGraphicsInterface"="C:\WINDOWS\system32\wwjtatsz.exe" [ ]
                      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
                      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]

                      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-02 14:00 15360]

                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                      "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
                      "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

                      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
                      "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

                      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
                      backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
                      --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
                      --a------ 2004-09-02 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
                      --------- 2005-10-11 18:25 1961984 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
                      --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
                      --a------ 2006-06-12 15:11 1519616 C:\WINDOWS\system32\nwiz.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
                      --a------ 2007-11-14 23:43 286720 C:\Program Files\QuickTime\qttask.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
                      -ra------ 2007-06-08 14:18 23233576 C:\Program Files\Skype\Phone\Skype.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
                      --a------ 2007-05-02 12:46 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

                      R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 10:45]
                      S3 p2pgasvc;Groepsverificatie van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-09-02 14:00]
                      S3 p2pimsvc;Identiteitsbeheer van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-09-02 14:00]
                      S3 p2psvc;Peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-09-02 14:00]
                      S3 PNRPSvc;Naamomzettingsprotocol van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-09-02 14:00]

                      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
                      p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

                      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d64b6a8-b7c8-11dc-a90a-0018f3fc31a4}]
                      \Shell\AutoRun\command - F:\LaunchU3.exe -a

                      *Newly Created Service* - COMHOST
                      .
                      Inhoud van de 'Gedeelde Taken' map
                      "2007-09-07 16:08:26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
                      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
                      "2008-01-14 16:55:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
                      - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
                      "2008-01-11 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - Deno Computers.job"
                      - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
                      "2008-01-04 02:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
                      - C:\Program Files\RegistrySmart\RegistrySmart.ex
                      - C:\Program Files\RegistrySmar
                      .
                      **************************************************************************

                      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                      Rootkit scan 2008-01-14 18:11:00
                      Windows 5.1.2600 Service Pack 2 NTFS

                      scannen van verborgen processen ...

                      scannen van verborgen autostart items ...

                      scannen van verborgen bestanden ...

                      Scan succesvol afgerond
                      verborgen bestanden: 0

                      **************************************************************************
                      .
                      Voltooingstijd: 2008-01-14 18:11:26
                      ComboFix-quarantined-files.txt 2008-01-14 17:11:24
                      ComboFix2.txt 2008-01-07 18:35:14
                      .
                      2008-01-09 20:06:13 --- E O F ---


                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 18:36:17, on 14/01/2008
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                      Boot mode: Normal

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                      C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
                      C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
                      C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
                      C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
                      C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                      C:\WINDOWS\eHome\ehRecvr.exe
                      C:\WINDOWS\eHome\ehSched.exe
                      C:\WINDOWS\Explorer.EXE
                      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                      C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
                      C:\WINDOWS\system32\nvsvc32.exe
                      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                      C:\WINDOWS\system32\tcpsvcs.exe
                      C:\WINDOWS\System32\snmp.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
                      C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
                      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
                      C:\WINDOWS\ehome\ehtray.exe
                      C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
                      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                      C:\WINDOWS\system32\RUNDLL32.EXE
                      C:\WINDOWS\ATK0100\HControl.exe
                      C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
                      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
                      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                      C:\WINDOWS\ATK0100\ATKOSD.exe
                      C:\Program Files\iTunes\iTunesHelper.exe
                      C:\WINDOWS\system32\ctfmon.exe
                      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
                      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
                      C:\WINDOWS\system32\dllhost.exe
                      C:\WINDOWS\eHome\ehmsas.exe
                      C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
                      c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
                      C:\WINDOWS\System32\svchost.exe
                      c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
                      c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
                      C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
                      C:\Program Files\iPod\bin\iPodService.exe
                      C:\HijackThis\HijackThis.exe
                      C:\Program Files\Messenger\msmsgs.exe

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                      O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
                      O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
                      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
                      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
                      O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
                      O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
                      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
                      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
                      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
                      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
                      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
                      O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
                      O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
                      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
                      O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
                      O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
                      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
                      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
                      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                      O4 - HKLM\..\Run: [NvGraphicsInterface] C:\WINDOWS\system32\wwjtatsz.exe
                      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                      O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
                      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                      O4 - Global Startup: Bluetooth Manager.lnk = ?
                      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
                      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                      O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
                      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
                      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ewie.spaces.live.com//PhotoUpload/MsnPUpld.cab
                      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
                      O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
                      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
                      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                      O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
                      O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
                      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                      O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
                      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
                      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
                      O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
                      O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
                      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                      O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                      O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
                      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
                      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
                      O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
                      O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
                      O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

                      --
                      End of file - 13199 bytes



                      Dit was het wat de logjes betreft.

                      Vriendelijke groeten,
                      Rulan.
                        • Citaat

                        Comment

                        • #7
                          BendeBoy heeft door omstandigheden wat minder tijd om op logjes te reageren.

                          Vertel maar even of je nog problemen ondervindt
                            • Citaat

                            Comment

                            • #8
                              Hoi,

                              Alle problemen lijken van de baan.
                              Hartelijk bedankt voor jullie professionele aanpak van mijn probleem.

                              Groetjes en veel succes, en nogmaals bedankt!

                              Rulan.
                                • Citaat

                                Comment

                                • #9
                                  Graag gedaan hoor

                                  Download ATF cleaner (mirror)(gemaakt door Atribune)

                                  Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                                  Dubbelklik op ATF cleaner om het programma te starten.
                                  Op het tabblad "Main", plaats je een vinkje bij Select All.
                                  Klik op de knop Empty Selected.

                                  Het volgende doen als je ook FireFox als browser hebt:
                                  Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                                  Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                                  (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                                  Klik op de knop Empty Selected.

                                  Het volgende doen als je ook Opera als browser hebt:
                                  Klik op tabblad "Opera", plaats een vinkje bij Select All.
                                  Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                                  Klik op de knop Empty Selected.
                                  Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                                  Ga naar Start - Uitvoeren en geef hier het volgende in:
                                  Combofix /U
                                  Druk daarna op OK.
                                  Let op: Er moet een spatie tussen Combofix en /U zitten.

                                  Dit zal Combofix deïnstalleren.

                                  Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                                  Kijk hier hoe je je systeemherstel moet uitschakelen.
                                  Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                                  Dan is alles wel weer schoon
                                    • Citaat

                                    Comment

                                    Vorige template Volgende
                                    Sorry, you are not authorized to view this page
                                    Working...
                                    X
                                    😀
                                    🥰
                                    🤢
                                    😎
                                    😡
                                    👍
                                    👎