Mededeling

Collapse
No announcement yet.

Virus vundo

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Virus vundo

    Beste,

    sinds geruime tijd zit m'n laptop met een trojan virus, vundo genaamd, Norton Internet Security krijgt 'm er niet af, ik heb ook al adaware laten draaien alsook een prog om het register op te schonen. Niks blijkt krachtig genoeg, tot ik jullie site vond via google, en daar een identiek probleem + oplossing gelezen heb.
    Hieronder volgt de log van de betreffende laptop;
    Logfile of HijackThis v1.99.1
    Scan saved at 15:53:29, on 6/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\ATK0100\HControl.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvGraphicsInterface] C:\WINDOWS\system32\wwjtatsz.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [f013ba53] rundll32.exe "C:\WINDOWS\system32\kvgcpork.dll",b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ewie.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe



    Hopelijk kunnen jullie me helpen, ik durf de laptop niet meer op het netwerk toelaten, bang dat ie de boel infecteert. Alvast heeel veel dank.
    MVG, rulan.

  • #2
    Ho Rulan,
    Welkom op Nucia!

    Je gebruikt een oude versie van HijackThis, lees dit even door:
    http://www.nucia.eu/forum/showthread.php?t=28820


    1. * Clean de Cache and Cookies in IE:
    • Sluit Internet Explorer.
    • Ga naar Configuratiescherm > Internet Opties > tab Algemeen
    • Klik de Cookies verwijderen knop
    • Klik op de Bestanden verwijderen knop ernaast
    • Vink aan: Ook alle off line items verwijderen, klik OK
    * Clean de Cache and Cookies in Firefox (In geval Firefox geïnstalleerd is):
    • Go to Extra > Opties.
    • Klik Privacy in het menu.
    • Klik op de knop wissen (Geschiedenis, Cookies, Cache).
    • Klik OK om het venster opnieuw te sluiten.
    * Clean andere Temporary files + Prullenbak
    • Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
    • Laat het je systeem scannen op bestanden die moeten verwijderd worden
    • Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
    • Klik daarna op OK.

    2. Download Dr.Web CureIt en sla het op je bureaublad op.
    • Dubbelklik drweb-cureit.exe en sta het toe om te express scan te starten.
      Indien er een popup verschijnt met het voorstel tot kopen/50% korting mag je deze sluiten.
    • De express scan zal de bestanden scannen die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt klik op 'alles selecteren' kies nu voor 'repareren' en uit het kleine menutje dat verschijnt kies je 'verplaatsen'.
    • Kies bovenaan in het menu voor Language/Taal en wijzig deze naar Dutch (Nederlands) indien deze bij jou anders staat ingesteld.
    • Druk op F9, kies daarna voor het tabblad Acties en stel daar het volgende in onder Malware:
      • Adware: Verplaats
      • Dialers: Verplaats
      • Jokes: Rapportage
      • Riskware: Rapportage
      • Hacktools: Verplaats
      • Haal dan het vinkje weg bij 'Prompt bij actie'.
    • Kies daarna voor het tabblad Scan en verwijder het vinkje bij Heuristische analyse.
      Druk vervolgens op Toepassen gevolgd door OK.
    • Eenmaal als de korte scan is beëindigd vink je aan: Volledige scan.
      Druk daarna op het groene pijltje (start knop) om de scan te starten.
    • Gevonden bestanden worden naar '%USERPROFILE%\DocterWeb\Quarantine' -map verplaatst indien het herstellen niet mogelijk is.
    • Nadat de scan gedaan is ga dan naar Bestand en kies Rapportage lijst opslaan.
      Bewaar deze op je bureaublad en sluit daarna Dr.Web CureIt.
    • Herstart vervolgens de computer!! Dit is een belangrijke stap want het kan zijn dat Dr.Web CureIt bestanden zal verplaatsen/verwijderen tijdens herstart.

    3. Download [url=http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe]Combofix naar je Bureaublad.
    • Dubbelklik op Combofix.exe
      Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door Enter.
      Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post, samen met het logje van Dr. Web.

    - Daniël
    Last edited by BendeBoy; 07-01-08, 00:20.

    Comment


    • #3
      Virus vundo

      Hallo,
      Zoals gevraagd de logjes van Dr. Web en Combofix.

      Log Dr. Web:

      0AA17A5B.dll C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.Virtumod.246
      1E557399.exe C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.EzulaAd
      1FCC4249.exe C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.EzulaAd
      2AD44859.dll C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.Virtumod.246
      2B647FBB.dll C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.Virtumod.246
      2B7B25A2.dll C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.Virtumod.246
      2BE3652F.dll C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.Virtumod.246
      2C357ED5.dll C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.Virtumod.246
      54D033E1.dll C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.Virtumod.246
      55CD41AB.exe C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.Proxy.2379
      69360773.exe C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.Proxy.2379
      6C083C57.exe C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.EzulaAd
      7BC172BE.dll C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.Virtumod.246
      7C2D5C47.exe C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.EzulaAd
      7D352524.exe C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine Trojan.EzulaAd
      cywmygyr.exe C:\Documents and Settings\Gebruiker\Local Settings\Temp Trojan.EzulaAd Verwijderd.
      hxalwgow.exe C:\Documents and Settings\Gebruiker\Local Settings\Temp Trojan.EzulaAd Verwijderd.
      niirrtcj.exe C:\Documents and Settings\Gebruiker\Local Settings\Temp Trojan.EzulaAd Verwijderd.
      POSTOOBE.NEC C:\DRIVERS VBS.Generic.278 Verwijderd.
      A0000912.exe C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP11 Trojan.Proxy.2379 Verwijderd.
      A0000920.exe C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP11 Trojan.Proxy.2379 Verwijderd.
      A0000921.exe C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP11 Trojan.Proxy.2379 Verwijderd.
      A0000922.exe C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP11 Trojan.Proxy.2379 Verwijderd.
      A0000923.exe C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP11 Trojan.Proxy.2379 Verwijderd.
      A0000924.exe C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP11 Trojan.Proxy.2379 Verwijderd.
      A0000926.exe C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP11 Trojan.Proxy.2379 Verwijderd.
      A0001954.dll C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP14 Trojan.Virtumod.246 Verwijderd.
      A0001980.dll C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP14 Trojan.Virtumod.246 Verwijderd.
      A0002033.dll C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP16 Trojan.Virtumod.246 Verwijderd.
      A0002034.dll C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP16 Trojan.Virtumod.246 Verwijderd.
      A0002035.dll C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP16 Trojan.Virtumod.246 Verwijderd.
      A0002036.dll C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP16 Trojan.Virtumod.246 Verwijderd.
      A0002038.dll C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP16 Trojan.Virtumod.246 Verwijderd.
      A0002040.dll C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP16 Trojan.Virtumod.246 Verwijderd.
      A0000015.dll C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP2 Trojan.Juan.29 Verwijderd.
      A0000016.dll C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP2 Trojan.Virtumod.232 Verwijderd.
      A0000017.exe C:\System Volume Information\_restore{4C7F8487-696B-40EA-B8EF-ED8B30379CC8}\RP2 Trojan.EzulaAd Verwijderd.
      awtsspq.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.
      byxvusr.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.
      cbxxyyv.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.
      ddcbyvs.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.
      efcywvw.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.
      hggdcyx.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.
      iiffccd.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.
      mljjjjh.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.
      mljkigg.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.
      pmnnopm.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.
      pmnopml.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.
      rqrppoo.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.
      urqpmnl.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.
      urqppqr.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.
      urqromn.dll C:\WINDOWS\system32 Trojan.Virtumod.240 Verwijderd.





      Log Combofix:

      ComboFix 08-01-07.5 - Gebruiker 2008-01-07 19:24:10.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1510 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Gebruiker\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\cookies.ini
      C:\WINDOWS\system32\_000006_.tmp.dll
      C:\WINDOWS\system32\_000009_.tmp.dll
      C:\WINDOWS\system32\_000010_.tmp.dll
      C:\WINDOWS\system32\aaubkdwu.ini
      C:\WINDOWS\system32\bisnmedv.ini
      C:\WINDOWS\system32\gfhkj.ini
      C:\WINDOWS\system32\gfhkj.ini2
      C:\WINDOWS\system32\iqdsvgtb.ini
      C:\WINDOWS\system32\kngoxmni.ini
      C:\WINDOWS\system32\kropcgvk.ini
      C:\WINDOWS\system32\mcrh.tmp
      C:\WINDOWS\system32\onnrueon.ini
      C:\WINDOWS\system32\siplxhbo.ini
      C:\WINDOWS\system32\UpMedia
      C:\WINDOWS\system32\UpMedia\uninstallSE.exe
      C:\WINDOWS\system32\utstv.ini
      C:\WINDOWS\system32\utstv.ini2
      C:\WINDOWS\system32\vtstu.dll
      C:\WINDOWS\system32\vturo.dll
      C:\WINDOWS\system32\yadaorci.ini

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

      .
      -------\LEGACY_IPRIP
      -------\Iprip


      (((((((((((((((((((( Bestanden Gemaakt van 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))
      .

      2008-01-07 19:22 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
      2008-01-07 11:23 . 2008-01-07 11:23 <DIR> d-------- C:\Documents and Settings\Gebruiker\DoctorWeb
      2008-01-06 15:51 . 2008-01-06 15:53 <DIR> d-------- C:\HijackThis
      2007-12-31 18:46 . 2007-12-31 18:51 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\U3
      2007-12-22 13:28 . 2007-12-22 13:32 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
      2007-12-22 10:37 . 2007-12-22 10:37 <DIR> d-------- C:\Program Files\Lavasoft
      2007-12-22 10:37 . 2007-12-22 10:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2007-12-13 16:28 . 2007-12-16 15:55 2,998,179 ---hs---- C:\WINDOWS\system32\dyuoyyij.ini
      2007-12-13 15:29 . 2007-12-13 15:56 2,998,233 ---hs---- C:\WINDOWS\system32\puuixxup.ini
      2007-12-12 14:24 . 2007-12-13 14:09 1,633,020 ---hs---- C:\WINDOWS\system32\vrmxjels.ini
      2007-12-10 15:32 . 2007-12-10 15:32 <DIR> d-------- C:\Program Files\iPod
      2007-12-09 08:54 . 2007-12-09 08:54 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\CyberLink

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-01-07 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
      2008-01-04 09:06 --------- d-----w C:\Program Files\Norton Internet Security
      2008-01-03 22:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2007-12-26 20:05 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\uTorrent
      2007-12-22 09:36 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
      2007-12-10 14:33 --------- d-----w C:\Program Files\iTunes
      2007-12-10 14:29 --------- d-----w C:\Program Files\QuickTime
      2007-12-03 16:26 --------- d-----w C:\Program Files\Webteh
      2007-12-03 16:26 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\BSplayer
      2007-12-01 18:02 --------- d-----w C:\Program Files\Windows Live Toolbar
      2007-12-01 09:13 --------- d-----w C:\Program Files\Java
      2007-11-30 21:11 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\vlc
      2007-11-30 21:09 --------- d-----w C:\Program Files\VideoLAN
      2007-11-30 20:38 --------- d-----w C:\Program Files\LimeWire
      2007-11-30 20:38 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\LimeWire
      2007-11-14 20:02 --------- d-----w C:\Program Files\uTorrent
      2007-11-14 19:57 --------- d-----w C:\Program Files\BitComet
      2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
      2007-11-12 17:37 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
      2007-07-01 13:27 382 ----a-w C:\Documents and Settings\Gebruiker\Application Data\internaldb6334.dat
      2007-07-01 13:22 194 ----a-w C:\Documents and Settings\Gebruiker\Application Data\internaldb8467.dat
      2007-07-01 13:22 18,432 ----a-w C:\Documents and Settings\Gebruiker\Application Data\internaldb41.dat
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bef3c70b-7a98-47ef-b15c-e99156c887e9}]
      C:\WINDOWS\system32\edyqioga.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 14:00 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-02 12:46 68856]
      "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 18:25 1961984]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-02 14:00 208952]
      "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 14:00 455168]
      "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 14:00 455168]
      "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]
      "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
      "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-06-01 13:57 573440]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-12 13:36 774233]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-12 15:11 7577600]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-12 15:11 86016]
      "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-02-23 12:40 106496]
      "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 06:15 102400]
      "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
      "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-01 11:04 52840]
      "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-30 18:53 1838592]
      "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
      "NvGraphicsInterface"="C:\WINDOWS\system32\wwjtatsz.exe" [ ]
      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
      "f013ba53"="C:\WINDOWS\system32\kvgcpork.dll" [ ]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-02 14:00 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
      "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomnmlj]
      qomnmlj.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
      backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
      --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
      --a------ 2004-09-02 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
      --------- 2005-10-11 18:25 1961984 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
      --a------ 2006-06-12 15:11 1519616 C:\WINDOWS\system32\nwiz.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      --a------ 2007-11-14 23:43 286720 C:\Program Files\QuickTime\qttask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
      -ra------ 2007-06-08 14:18 23233576 C:\Program Files\Skype\Phone\Skype.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
      --a------ 2007-05-02 12:46 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

      R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 10:45]
      S3 p2pgasvc;Groepsverificatie van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-09-02 14:00]
      S3 p2pimsvc;Identiteitsbeheer van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-09-02 14:00]
      S3 p2psvc;Peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-09-02 14:00]
      S3 PNRPSvc;Naamomzettingsprotocol van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-09-02 14:00]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d64b6a8-b7c8-11dc-a90a-0018f3fc31a4}]
      \Shell\AutoRun\command - F:\LaunchU3.exe -a

      *Newly Created Service* - COMHOST
      .
      Inhoud van de 'Gedeelde Taken' map
      "2007-09-07 16:08:26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2008-01-07 10:55:07 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
      - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
      "2007-11-16 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - Deno Computers.job"
      - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
      "2008-01-04 02:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
      - C:\Program Files\RegistrySmart\RegistrySmart.ex
      - C:\Program Files\RegistrySmar
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-07 19:32:29
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-01-07 19:35:14 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-01-07 18:35:12
      .
      2007-12-23 12:10:01 --- E O F ---


      Bedankt voor de hulp!
      MVG, Rulan.

      Comment


      • #4
        Hallo again,

        Voor het ogenblik werkt de laptop terug normaal, ik kan terug op internet, enkel als ie opstart geeft hij volgende melding: "Er is een fout opgetreden tijdens het laden van C:\WINDOWS\system32\kvgcpork.dll. Kan opgegeven module niet vinden.
        Waarschijnlijk is er tijdens het opruimen iets misgegaan.
        De laptop werkt wel goed, dat is dus geen probleem, maar iets zegt me dat dit bestand nodig is.

        MVG, Rulan.

        Comment


        • #5
          Hi Rulan,

          maar iets zegt me dat dit bestand nodig is.
          Dat bestand is malware, die gaan we nu verwijderen


          Open een nieuw kladblok bestand.

          Kopieer en plak daarin de onderstaande dik gedrukte blauwe tekst.
          Ga naar 'Bestand' -> 'Opslaan als..' en sla het vervolgens op je bureaublad op als CFScript.txt.
          File::
          C:\WINDOWS\system32\dyuoyyij.ini
          C:\WINDOWS\system32\puuixxup.ini
          C:\WINDOWS\system32\vrmxjels.ini
          C:\WINDOWS\system32\edyqioga.dll
          C:\WINDOWS\system32\kvgcpork.dll
          C:\WINDOWS\system32\qomnmlj.dll

          Folder::
          C:\Documents and Settings\Gebruiker\DocterWeb\Quarantine

          Registry::
          [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomnmlj]
          [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bef3c70b-7a98-47ef-b15c-e99156c887e9}]
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "f013ba53"=-

          Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:



          Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
          Post na herstart de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw logje van HijackThis.

          Comment


          • #6
            Hoi Bendeboy,

            Hieronder de logjes van Combofix en HJT;

            ComboFix 08-01-07.5 - Gebruiker 2008-01-14 18:08:19.2 - NTFSx86
            Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1464 [GMT 1:00]
            Gestart vanuit: C:\Documents and Settings\Gebruiker\Bureaublad\ComboFix.exe
            Command switches used :: C:\Documents and Settings\Gebruiker\Bureaublad\CFScript.txt
            * Nieuw herstelpunt werd aangemaakt

            FILE
            C:\WINDOWS\system32\dyuoyyij.ini
            C:\WINDOWS\system32\edyqioga.dll
            C:\WINDOWS\system32\kvgcpork.dll
            C:\WINDOWS\system32\puuixxup.ini
            C:\WINDOWS\system32\qomnmlj.dll
            C:\WINDOWS\system32\vrmxjels.ini
            .

            (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            C:\WINDOWS\system32\dyuoyyij.ini
            C:\WINDOWS\system32\puuixxup.ini
            C:\WINDOWS\system32\vrmxjels.ini

            .
            (((((((((((((((((((( Bestanden Gemaakt van 2007-12-14 to 2008-01-14 ))))))))))))))))))))))))))))))
            .

            2008-01-09 13:54 . 2008-01-09 13:54 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\Sierra
            2008-01-09 13:41 . 2008-01-09 13:41 <DIR> d-------- C:\Program Files\Sierra
            2008-01-08 21:19 . 2008-01-08 21:19 <DIR> d-------- C:\Program Files\Paradox Interactive
            2008-01-07 19:22 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
            2008-01-07 11:23 . 2008-01-07 11:23 <DIR> d-------- C:\Documents and Settings\Gebruiker\DoctorWeb
            2008-01-06 15:51 . 2008-01-06 15:53 <DIR> d-------- C:\HijackThis
            2007-12-31 18:46 . 2007-12-31 18:51 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\U3
            2007-12-22 13:28 . 2007-12-22 13:32 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
            2007-12-22 10:37 . 2007-12-22 10:37 <DIR> d-------- C:\Program Files\Lavasoft
            2007-12-22 10:37 . 2007-12-22 10:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

            .
            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2008-01-14 16:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
            2008-01-13 14:24 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
            2008-01-13 10:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
            2008-01-12 14:20 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\uTorrent
            2008-01-11 19:45 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\LimeWire
            2008-01-09 12:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
            2008-01-04 09:06 --------- d-----w C:\Program Files\Norton Internet Security
            2007-12-22 09:36 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
            2007-12-10 14:33 --------- d-----w C:\Program Files\iTunes
            2007-12-10 14:32 --------- d-----w C:\Program Files\iPod
            2007-12-10 14:29 --------- d-----w C:\Program Files\QuickTime
            2007-12-09 07:54 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\CyberLink
            2007-12-03 16:26 --------- d-----w C:\Program Files\Webteh
            2007-12-03 16:26 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\BSplayer
            2007-12-01 18:02 --------- d-----w C:\Program Files\Windows Live Toolbar
            2007-12-01 09:13 --------- d-----w C:\Program Files\Java
            2007-11-30 21:11 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\vlc
            2007-11-30 21:09 --------- d-----w C:\Program Files\VideoLAN
            2007-11-30 20:38 --------- d-----w C:\Program Files\LimeWire
            2007-11-14 20:02 --------- d-----w C:\Program Files\uTorrent
            2007-11-14 19:57 --------- d-----w C:\Program Files\BitComet
            2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
            2007-11-07 09:30 727,040 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
            2007-11-02 14:17 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
            2007-10-30 23:27 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
            2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
            2007-10-29 22:41 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
            2007-10-29 22:41 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
            2007-10-28 09:39 45,056 ----a-w C:\WINDOWS\system32\ftp.exe
            2007-10-28 09:39 17,408 ----a-w C:\WINDOWS\system32\tftp.exe
            2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
            2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
            2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
            2007-07-01 13:27 382 ----a-w C:\Documents and Settings\Gebruiker\Application Data\internaldb6334.dat
            2007-07-01 13:22 194 ----a-w C:\Documents and Settings\Gebruiker\Application Data\internaldb8467.dat
            2007-07-01 13:22 18,432 ----a-w C:\Documents and Settings\Gebruiker\Application Data\internaldb41.dat
            .

            ((((((((((((((((((((((((((((( [email protected]_19.34.57.23 )))))))))))))))))))))))))))))))))))))))))
            .
            - 2007-11-12 17:37:38 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
            + 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
            - 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
            + 2008-01-02 09:21:38 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
            + 2008-01-14 16:45:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1fc.dat
            .
            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            REGEDIT4
            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 14:00 15360]
            "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-02 12:46 68856]
            "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 18:25 1961984]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-02 14:00 208952]
            "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 14:00 455168]
            "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 14:00 455168]
            "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]
            "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
            "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-06-01 13:57 573440]
            "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-12 13:36 774233]
            "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-12 15:11 7577600]
            "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-12 15:11 86016]
            "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-02-23 12:40 106496]
            "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 06:15 102400]
            "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
            "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
            "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-01 11:04 52840]
            "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-30 18:53 1838592]
            "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
            "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
            "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
            "NvGraphicsInterface"="C:\WINDOWS\system32\wwjtatsz.exe" [ ]
            "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
            "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]

            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
            "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-02 14:00 15360]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
            "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
            "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
            "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
            backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
            --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
            --a------ 2004-09-02 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
            --------- 2005-10-11 18:25 1961984 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
            --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
            --a------ 2006-06-12 15:11 1519616 C:\WINDOWS\system32\nwiz.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
            --a------ 2007-11-14 23:43 286720 C:\Program Files\QuickTime\qttask.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
            -ra------ 2007-06-08 14:18 23233576 C:\Program Files\Skype\Phone\Skype.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
            --a------ 2007-05-02 12:46 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

            R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 10:45]
            S3 p2pgasvc;Groepsverificatie van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-09-02 14:00]
            S3 p2pimsvc;Identiteitsbeheer van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-09-02 14:00]
            S3 p2psvc;Peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-09-02 14:00]
            S3 PNRPSvc;Naamomzettingsprotocol van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-09-02 14:00]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
            p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

            [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d64b6a8-b7c8-11dc-a90a-0018f3fc31a4}]
            \Shell\AutoRun\command - F:\LaunchU3.exe -a

            *Newly Created Service* - COMHOST
            .
            Inhoud van de 'Gedeelde Taken' map
            "2007-09-07 16:08:26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
            - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
            "2008-01-14 16:55:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
            - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
            "2008-01-11 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - Deno Computers.job"
            - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
            "2008-01-04 02:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
            - C:\Program Files\RegistrySmart\RegistrySmart.ex
            - C:\Program Files\RegistrySmar
            .
            **************************************************************************

            catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2008-01-14 18:11:00
            Windows 5.1.2600 Service Pack 2 NTFS

            scannen van verborgen processen ...

            scannen van verborgen autostart items ...

            scannen van verborgen bestanden ...

            Scan succesvol afgerond
            verborgen bestanden: 0

            **************************************************************************
            .
            Voltooingstijd: 2008-01-14 18:11:26
            ComboFix-quarantined-files.txt 2008-01-14 17:11:24
            ComboFix2.txt 2008-01-07 18:35:14
            .
            2008-01-09 20:06:13 --- E O F ---


            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 18:36:17, on 14/01/2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.6000.16574)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
            C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
            C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
            C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
            C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
            C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
            C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
            C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            C:\WINDOWS\eHome\ehRecvr.exe
            C:\WINDOWS\eHome\ehSched.exe
            C:\WINDOWS\Explorer.EXE
            C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
            C:\WINDOWS\system32\nvsvc32.exe
            C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
            C:\WINDOWS\system32\tcpsvcs.exe
            C:\WINDOWS\System32\snmp.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
            C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
            C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
            C:\WINDOWS\ehome\ehtray.exe
            C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
            C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
            C:\WINDOWS\system32\RUNDLL32.EXE
            C:\WINDOWS\ATK0100\HControl.exe
            C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
            C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
            C:\Program Files\Common Files\Symantec Shared\ccApp.exe
            C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
            C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
            C:\WINDOWS\ATK0100\ATKOSD.exe
            C:\Program Files\iTunes\iTunesHelper.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
            C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
            C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
            C:\WINDOWS\system32\dllhost.exe
            C:\WINDOWS\eHome\ehmsas.exe
            C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
            c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
            C:\WINDOWS\System32\svchost.exe
            c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
            c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
            C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
            C:\Program Files\iPod\bin\iPodService.exe
            C:\HijackThis\HijackThis.exe
            C:\Program Files\Messenger\msmsgs.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
            O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
            O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
            O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
            O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
            O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
            O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
            O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
            O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
            O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
            O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
            O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
            O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
            O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
            O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
            O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
            O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
            O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
            O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
            O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
            O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
            O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
            O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
            O4 - HKLM\..\Run: [NvGraphicsInterface] C:\WINDOWS\system32\wwjtatsz.exe
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
            O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
            O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
            O4 - Global Startup: Bluetooth Manager.lnk = ?
            O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
            O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
            O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ewie.spaces.live.com//PhotoUpload/MsnPUpld.cab
            O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
            O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
            O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
            O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
            O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
            O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
            O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
            O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
            O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
            O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
            O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
            O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
            O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
            O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
            O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
            O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
            O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
            O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
            O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
            O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
            O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
            O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
            O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
            O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

            --
            End of file - 13199 bytes



            Dit was het wat de logjes betreft.

            Vriendelijke groeten,
            Rulan.

            Comment


            • #7
              BendeBoy heeft door omstandigheden wat minder tijd om op logjes te reageren.

              Vertel maar even of je nog problemen ondervindt

              Comment


              • #8
                Hoi,

                Alle problemen lijken van de baan.
                Hartelijk bedankt voor jullie professionele aanpak van mijn probleem.

                Groetjes en veel succes, en nogmaals bedankt!

                Rulan.

                Comment


                • #9
                  Graag gedaan hoor

                  Download ATF cleaner (mirror)(gemaakt door Atribune)

                  Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                  Dubbelklik op ATF cleaner om het programma te starten.
                  Op het tabblad "Main", plaats je een vinkje bij Select All.
                  Klik op de knop Empty Selected.

                  Het volgende doen als je ook FireFox als browser hebt:
                  Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                  Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                  (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                  Klik op de knop Empty Selected.

                  Het volgende doen als je ook Opera als browser hebt:
                  Klik op tabblad "Opera", plaats een vinkje bij Select All.
                  Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                  Klik op de knop Empty Selected.
                  Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                  Ga naar Start - Uitvoeren en geef hier het volgende in:
                  Combofix /U
                  Druk daarna op OK.
                  Let op: Er moet een spatie tussen Combofix en /U zitten.

                  Dit zal Combofix deïnstalleren.

                  Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                  Kijk hier hoe je je systeemherstel moet uitschakelen.
                  Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                  Dan is alles wel weer schoon

                  Comment

                  Sorry, you are not authorized to view this page
                  Working...
                  X