Mededeling

Collapse
No announcement yet.

HijackThis log

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    HijackThis log

    L.S.,

    Ik heb laatst Spyware op mijn gekregen. Adware heeft het nodige eraf weten te halen, maar nu wil graag weten hoe mijn PC helemaal bevrijdt is van Spyware, vandaar dit HijackThis log.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:09:44, on 8-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\FolderSize\FolderSizeSvc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\ehome\ehtray .exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\ARPWRMSG.EXE
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2 .exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\DAEMON Tools\daemon .exe
    C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\WINDOWS\lsass .exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
    C:\PROGRA~1\Softwin\BITDEF~1\bdmcon .exe
    C:\Program Files\Softwin\BitDefender10\bdagent .exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\lsass .exe
    C:\Program Files\MSN Messenger\MsnMsgr .Exe
    C:\WINDOWS\system32\ctfmon .exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\VisualTaskTips\VisualTaskTips.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    c:\windows\system\hpsysdrv.exe
    C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\HP_Administrator\Bureaublad\Tinuz\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F3 - REG:win.ini: load=C:\WINDOWS\system32\vtstr.exe
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass .exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
    O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
    O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Startup: FID1F6~1 .EXE
    O4 - Startup: findfast .exe
    O4 - Startup: findfast .exe
    O4 - Startup: findfast .exe
    O4 - Startup: findfast .exe
    O4 - Startup: findfast .exe
    O4 - Startup: findfast .exe
    O4 - Startup: findfast .exe
    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: VisualTaskTips.lnk = C:\Program Files\VisualTaskTips\VisualTaskTips.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {2E843840-4966-4C88-8A8B-EDD674055832} (Ieswplay Control) - http://plugins.screenwatch.com/wm/swplay.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164126848258
    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqemea/downloads/msxml4.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 10804 bytes
    Labels: Geen
    • Citaat
  • #2
    Sluit alle open vensters.
    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

    F3 - REG:win.ini: load=C:\WINDOWS\system32\vtstr.exe
    O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass .exe
    O4 - Startup: FID1F6~1 .EXE
    O4 - Startup: findfast .exe
    O4 - Startup: findfast .exe
    O4 - Startup: findfast .exe
    O4 - Startup: findfast .exe
    O4 - Startup: findfast .exe
    O4 - Startup: findfast .exe
    O4 - Startup: findfast .exe
    O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll

    Klik daarna op "Fix checked" en sluit HijackThis af.

    Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Plaats het op je bureaublad.
    Dubbelklik er op om het programma te starten.
    In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
    Volg de instructies op het scherm.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
    • Citaat

    Comment

    • #3
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:39:03, on 9-1-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\arservice.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\Program Files\FolderSize\FolderSizeSvc.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\CyberLink\Shared files\RichVideo.exe
      C:\Program Files\Spyware Doctor\sdhelp.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
      C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
      C:\WINDOWS\ehome\mcrdsvc.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\VisualTaskTips\VisualTaskTips.exe
      C:\Program Files\Softwin\BitDefender10\vsserv.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\internet explorer\iexplore.exe
      C:\Documents and Settings\HP_Administrator\Bureaublad\Tinuz\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
      O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
      O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" /run
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
      O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
      O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
      O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
      O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
      O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: VisualTaskTips.lnk = C:\Program Files\VisualTaskTips\VisualTaskTips.exe
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
      O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
      O16 - DPF: {2E843840-4966-4C88-8A8B-EDD674055832} (Ieswplay Control) - http://plugins.screenwatch.com/wm/swplay.cab
      O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
      O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164126848258
      O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqemea/downloads/msxml4.cab
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
      O20 - Winlogon Notify: ssqrrrs - ssqrrrs.dll (file missing)
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
      O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
      O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
      O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
      O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

      --
      End of file - 9276 bytes

      ComboFix 08-01-09.2 - HP_Administrator 2008-01-09 12:27:36.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.280 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\HP_Administrator\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Autorun.inf
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Helper
      C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
      C:\Program Files\lsass.exe
      C:\Program Files\QuickTime\qttask .exe
      C:\WINDOWS\ehome\ehtray .exe
      C:\WINDOWS\hosts
      C:\WINDOWS\lsass .exe
      C:\WINDOWS\system32\ctfmon .exe
      C:\WINDOWS\system32\drvdojr.dll
      C:\WINDOWS\system32\drvmewr.dll
      C:\WINDOWS\system32\jfnhmjkn.exe
      C:\WINDOWS\system32\jlhmpixc.dll
      C:\WINDOWS\system32\ltdfblms.ini
      C:\WINDOWS\system32\mcrh.tmp
      C:\WINDOWS\system32\rtstv.ini
      C:\WINDOWS\system32\rtstv.ini2
      C:\WINDOWS\system32\smlbfdtl.dll
      C:\WINDOWS\system32\vtstr.dll
      C:\WINDOWS\system32\vtstr.exe
      C:\WINDOWS\system32\wowfx.dll
      D:\Autorun.inf

      Code:
       <pre>
C:\WINDOWS\ehome\ehtray .exe ---> QooBox
C:\WINDOWS\system32\ctfmon .exe ---> QooBox
</pre>
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

      .
      -------\LEGACY_DOMAINSERVICE
      -------\DomainService


      (((((((((((((((((((( Bestanden Gemaakt van 2007-12-09 to 2008-01-09 ))))))))))))))))))))))))))))))
      .

      2008-01-09 12:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
      2008-01-09 10:57 . 2006-09-05 17:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
      2008-01-09 08:13 . 2008-01-09 08:13 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
      2008-01-08 10:20 . 2008-01-08 10:20 <DIR> d-------- C:\Program Files\Lavasoft
      2008-01-08 10:20 . 2008-01-08 10:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-01-08 10:19 . 2008-01-08 10:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2008-01-07 23:13 . 2008-01-07 23:13 0 --a------ C:\Install
      2008-01-07 22:13 . 2008-01-07 22:13 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\EasySpywareCleaner.com
      2008-01-07 22:11 . 2008-01-07 22:11 9,728 --a------ C:\WINDOWS\system32\printer .exe
      2008-01-04 17:25 . 2008-01-04 17:25 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Bitdefender
      2008-01-04 17:09 . 2008-01-04 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-01-09 11:33 --------- d-----w C:\Program Files\QuickTime
      2008-01-09 10:34 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\ChessBase
      2008-01-09 08:35 --------- d-----w C:\Program Files\MSN Messenger
      2008-01-09 07:43 --------- d-----w C:\Program Files\DAEMON Tools
      2008-01-08 10:29 --------- d-----w C:\Program Files\iTunes
      2008-01-07 20:40 --------- d-----w C:\Program Files\Spyware Doctor
      2008-01-05 17:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2007-12-18 10:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2007-12-10 23:34 --------- d-----w C:\Program Files\Easy CD-DA Extractor 7
      2007-12-08 08:51 --------- d-----w C:\Program Files\Van Dale Lexicografie
      2007-12-06 21:03 --------- d-----w C:\Program Files\MSBuild
      2007-12-06 21:03 --------- d-----w C:\Program Files\Microsoft Works
      2007-12-06 20:57 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
      2007-12-06 14:23 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Logitech
      2007-12-06 14:18 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
      2007-12-06 14:18 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
      2007-12-06 14:18 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
      2007-12-06 14:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
      2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
      2006-08-20 16:03 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
      2004-09-02 04:00 60,416 --sha-w C:\WINDOWS\VistaMizer\old\msimn.exe
      .
      Code:
      <pre>
----a-w            61,440 2008-01-09 07:11:35  C:\hp\KBD\KBD .EXE
----a-w            39,792 2008-01-09 07:08:42  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w            77,824 2008-01-09 07:08:36  C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt .exe
----a-w           155,648 2008-01-09 07:08:33  C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
----a-w            71,216 2008-01-09 07:08:39  C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
----a-w            54,832 2008-01-09 07:08:39  C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
----a-w           133,016 2008-01-09 07:08:36  C:\Program Files\DAEMON Tools\daemon .exe
----a-w            49,152 2008-01-09 07:08:30  C:\Program Files\HP\HP Software Update\HPwuSchd2 .exe
----a-w           267,048 2008-01-08 10:29:15  C:\Program Files\iTunes\iTunesHelper .exe
----a-w           132,496 2008-01-08 10:29:10  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w            31,016 2008-01-09 07:08:48  C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
----a-w         5,674,352 2008-01-09 07:09:06  C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w            69,632 2008-01-09 07:08:51  C:\Program Files\Softwin\BitDefender10\bdagent .exe
----a-w           290,816 2008-01-09 07:08:50  C:\Program Files\Softwin\BitDefender10\bdmcon .exe
----a-w           237,568 2008-01-09 07:08:29  C:\WINDOWS\SMINST\RECGUARD .EXE
----a-w             9,728 2008-01-07 21:11:44  C:\WINDOWS\system32\printer .exe
</pre>

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 05:00 15360]
      "msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ftutil2"="ftutil2.dll" [2004-06-07 07:05 106496 C:\WINDOWS\system32\ftutil2.dll]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-31 13:35 7634944]
      "nwiz"="nwiz.exe" [2006-10-31 13:35 1622016 C:\WINDOWS\system32\nwiz.exe]
      "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [ ]
      "PCDrProfiler"=""
      "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" [ ]
      "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [ ]
      "KBD"="C:\HP\KBD\KBD.EXE" [ ]
      "amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [ ]
      "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [ ]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
      "BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [ ]
      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "Spyware Doctor"=""

      C:\Documents and Settings\HP_Administrator\Menu Start\Programma's\Opstarten\
      OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 10:40:44]
      VisualTaskTips.lnk - C:\Program Files\VisualTaskTips\VisualTaskTips.exe [2006-07-31 12:33:50]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
      "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
      "UIHost"="LogonUI.EXE"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrrrs]
      ssqrrrs.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "appinit_dlls"=sockspy.dll

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
      SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll

      R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51]
      R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-02-14 20:07]
      R3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 11:44]
      S3 PolarUSB;Polar USB Interface;C:\WINDOWS\system32\DRIVERS\PolarUSB.sys [2001-07-12 16:49]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f1eb45f-a231-11db-9949-001731b94052}]
      \Shell\AutoRun\command - N:\OnSpcLCK.exe

      *Newly Created Service* - AVGASCLN
      .
      Inhoud van de 'Gedeelde Taken' map
      "2007-10-16 09:14:25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-09 12:35:54
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
      -> C:\Program Files\VisualTaskTips\VttHooks.dll
      .
      Voltooingstijd: 2008-01-09 12:38:21 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-01-09 11:38:17
      .
      2007-12-12 22:42:24 --- E O F ---
      • Citaat

      Comment

      • #4
        Sluit alle open vensters.
        Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

        O20 - Winlogon Notify: ssqrrrs - ssqrrrs.dll (file missing)

        Klik daarna op "Fix checked" en sluit HijackThis af.


        Open een kladblokbestand.
        Kopieer de ondestaande code, en plak deze in het kladblokbestand.
        Sla het kladblokbestand op als CFScript.txt
        Code:
        RENV::
C:\hp\KBD\KBD .EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt .exe
C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\HP\HP Software Update\HPwuSchd2 .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
C:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\Program Files\Softwin\BitDefender10\bdagent .exe
C:\Program Files\Softwin\BitDefender10\bdmcon .exe
C:\WINDOWS\SMINST\RECGUARD .EXE

FILE::
C:\WINDOWS\system32\printer .exe
        Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

        ComboFix zal opnieuw starten.
        Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
        Post de inhoud van de logfile.

        Start HijackThis opnieuw, maak een nieuwe log en post deze.
        • Citaat

        Comment

        • #5
          Opmerking: Ik moest wel de '1' in toetsen op ComboFix te laten starten

          ComboFix 08-01-09.2 - HP_Administrator 2008-01-09 13:21:12.2 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.461 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\HP_Administrator\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\HP_Administrator\Bureaublad\CFScript.txt
          * Nieuw herstelpunt werd aangemaakt

          FILE
          C:\WINDOWS\system32\printer .exe
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\WINDOWS\system32\printer .exe

          .
          (((((((((((((((((((( Bestanden Gemaakt van 2007-12-09 to 2008-01-09 ))))))))))))))))))))))))))))))
          .

          2008-01-09 12:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
          2008-01-09 10:57 . 2006-09-05 17:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
          2008-01-08 10:20 . 2008-01-08 10:20 <DIR> d-------- C:\Program Files\Lavasoft
          2008-01-08 10:20 . 2008-01-08 10:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
          2008-01-08 10:19 . 2008-01-08 10:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
          2008-01-07 23:13 . 2008-01-07 23:13 0 --a------ C:\Install
          2008-01-07 22:13 . 2008-01-07 22:13 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\EasySpywareCleaner.com
          2008-01-04 17:25 . 2008-01-04 17:25 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Bitdefender
          2008-01-04 17:09 . 2008-01-04 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-01-09 12:21 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
          2008-01-09 12:21 --------- d-----w C:\Program Files\MSN Messenger
          2008-01-09 12:21 --------- d-----w C:\Program Files\iTunes
          2008-01-09 12:21 --------- d-----w C:\Program Files\DAEMON Tools
          2008-01-09 12:17 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\ChessBase
          2008-01-09 11:33 --------- d-----w C:\Program Files\QuickTime
          2008-01-07 20:40 --------- d-----w C:\Program Files\Spyware Doctor
          2008-01-05 17:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2007-12-18 10:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
          2007-12-10 23:34 --------- d-----w C:\Program Files\Easy CD-DA Extractor 7
          2007-12-08 08:51 --------- d-----w C:\Program Files\Van Dale Lexicografie
          2007-12-06 21:03 --------- d-----w C:\Program Files\MSBuild
          2007-12-06 21:03 --------- d-----w C:\Program Files\Microsoft Works
          2007-12-06 20:57 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
          2007-12-06 14:23 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Logitech
          2007-12-06 14:18 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
          2007-12-06 14:18 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
          2007-12-06 14:18 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
          2007-12-06 14:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
          2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
          2007-10-30 23:27 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
          2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
          2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
          2007-10-25 16:57 8,501,760 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
          2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
          2007-10-25 08:28 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
          2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
          2007-10-10 23:53 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
          2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
          2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
          2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
          2007-10-10 23:53 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
          2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
          2007-10-10 23:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
          2007-10-10 23:53 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
          2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
          2007-10-10 23:53 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
          2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
          2007-10-10 23:53 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
          2007-10-10 23:53 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
          2007-10-10 23:53 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
          2007-10-10 23:53 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
          2007-10-10 23:53 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
          2007-10-10 23:53 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
          2007-10-10 23:53 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
          2007-10-10 23:53 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
          2007-10-10 23:53 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
          2007-10-10 23:53 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
          2007-10-10 11:02 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
          2007-10-10 11:02 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
          2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
          2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
          2006-08-20 16:03 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
          2004-09-02 04:00 60,416 --sha-w C:\WINDOWS\VistaMizer\old\msimn.exe
          .

          ((((((((((((((((((((((((((((( [email protected]_12.38.00.25 )))))))))))))))))))))))))))))))))))))))))
          .
          - 2008-01-09 11:25:46 360,448 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
          + 2008-01-09 12:21:03 360,448 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
          - 2008-01-09 11:25:46 126,976 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
          + 2008-01-09 12:21:03 126,976 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
          - 2008-01-09 11:25:46 360,448 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
          + 2008-01-09 12:21:03 360,448 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
          - 2008-01-09 11:25:46 126,976 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
          + 2008-01-09 12:21:03 126,976 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
          - 2008-01-09 11:25:47 10,539,008 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
          + 2008-01-09 12:21:03 10,539,008 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
          - 2008-01-09 11:25:47 319,488 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
          + 2008-01-09 12:21:04 319,488 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
          + 2008-01-09 07:08:29 237,568 ----a-w C:\WINDOWS\SMINST\RECGUARD.EXE
          + 2008-01-09 12:05:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_67c.dat
          .
          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 05:00 15360]
          "msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-09 08:09 5674352]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "ftutil2"="ftutil2.dll" [2004-06-07 07:05 106496 C:\WINDOWS\system32\ftutil2.dll]
          "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-31 13:35 7634944]
          "nwiz"="nwiz.exe" [2006-10-31 13:35 1622016 C:\WINDOWS\system32\nwiz.exe]
          "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2008-01-09 08:08 237568]
          "PCDrProfiler"=""
          "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" [ ]
          "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2008-01-09 08:08 49152]
          "KBD"="C:\HP\KBD\KBD.EXE" [2008-01-09 08:11 61440]
          "amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-01-09 08:08 77824]
          "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2008-01-09 08:08 54832]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
          "BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2008-01-09 08:08 290816]
          "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "Spyware Doctor"=""

          C:\Documents and Settings\HP_Administrator\Menu Start\Programma's\Opstarten\
          OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 10:40:44]
          VisualTaskTips.lnk - C:\Program Files\VisualTaskTips\VisualTaskTips.exe [2006-07-31 12:33:50]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
          "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
          "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
          "UIHost"="LogonUI.EXE"

          R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51]
          R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-02-14 20:07]
          R3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 11:44]
          S3 PolarUSB;Polar USB Interface;C:\WINDOWS\system32\DRIVERS\PolarUSB.sys [2001-07-12 16:49]

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f1eb45f-a231-11db-9949-001731b94052}]
          \Shell\AutoRun\command - N:\OnSpcLCK.exe

          *Newly Created Service* - AVGASCLN
          .
          Inhoud van de 'Gedeelde Taken' map
          "2007-10-16 09:14:25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-01-09 13:23:30
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          Voltooingstijd: 2008-01-09 13:24:17
          ComboFix-quarantined-files.txt 2008-01-09 12:24:07
          ComboFix2.txt 2008-01-09 11:38:21
          .
          2007-12-12 22:42:24 --- E O F ---

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 13:24:39, on 9-1-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16574)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\csrss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          C:\WINDOWS\arservice.exe
          C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
          C:\WINDOWS\eHome\ehRecvr.exe
          C:\WINDOWS\eHome\ehSched.exe
          C:\Program Files\FolderSize\FolderSizeSvc.exe
          C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\Program Files\CyberLink\Shared files\RichVideo.exe
          C:\Program Files\Spyware Doctor\sdhelp.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
          C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
          C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
          C:\WINDOWS\ehome\mcrdsvc.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
          C:\Program Files\VisualTaskTips\VisualTaskTips.exe
          C:\Program Files\Softwin\BitDefender10\vsserv.exe
          C:\WINDOWS\system32\dllhost.exe
          C:\WINDOWS\System32\alg.exe
          C:\WINDOWS\system32\wbem\wmiapsrv.exe
          C:\WINDOWS\system32\wbem\wmiprvse.exe
          C:\WINDOWS\explorer.exe
          C:\WINDOWS\system32\notepad.exe
          C:\Documents and Settings\HP_Administrator\Bureaublad\Tinuz\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll
          O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
          O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
          O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
          O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
          O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" /run
          O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
          O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
          O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
          O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
          O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
          O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
          O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
          O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
          O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
          O4 - Global Startup: VisualTaskTips.lnk = C:\Program Files\VisualTaskTips\VisualTaskTips.exe
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
          O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
          O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
          O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
          O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
          O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
          O16 - DPF: {2E843840-4966-4C88-8A8B-EDD674055832} (Ieswplay Control) - http://plugins.screenwatch.com/wm/swplay.cab
          O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
          O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164126848258
          O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqemea/downloads/msxml4.cab
          O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
          O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
          O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
          O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
          O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
          O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
          O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
          O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

          --
          End of file - 9138 bytes
          • Citaat

          Comment

          • #6
            Mooi zo. Logjes zien er weer goed uit.
            Ga naar Start - Uitvoeren en tik in: ComboFix /u
            Druk op Enter.

            Verwijder alle bestanden in de map c:\windows\prefetch
            Opruiming van cookies en tijdelijke internetbestanden:
            Sluit alle open vensters van Internet Explorer.
            Ga naar Start en klik op "Configuratiescherm" en dubbelklik op "Internet-opties".
            Het venster "Eigenschappen voor Internet" zal openen.
            Ga naar het tabblad "Algemeen".
            Bij "Browsergeschiedenis" klik je op de knop "Verwijderen".
            Een nieuw venster zal open: Browsergeschiedenis verwijderen.
            Klik onderaan op de knop "Alles verwijderen". In het venster dat nu opent plaats je een vinkje bij "Ook bestanden en instellingen die door invoegtoepassingen zijn opgeslagen, verwijderen".
            Klik op Ja.
            Dit verwijdert de tijdelijke internetbestanden, de cookies, de surfgeschiedenis, de opgeslagen informatie die je in formulieren hebt opgegeven en de opgeslagen wachtwoorden die automatisch worden ingevuld als je je aanmeldt bij een website die je eerder hebt bezocht.
            Indien je deze laatste 2 (formuliergegevens en wachtwoorden) liever niet verwijderd, dan klik je niet op alles verwijderen maar enkel op deze:
            - bij Tijdelijke internetbestanden op Bestanden verwijderen.
            - bij Cookies op Cookies verwijderen.
            - bij Geschiedenis op Geschiedenis verwijderen.

            Blokkeer ook nog de indirecte of third party cookies:
            Op het tabblad Privacy klik je op de knop geavanceerd.
            Plaats een vinkje bij "Automatische cookie-verwerking opheffen".
            Bij Directe cookies zorg je dat "Accepteren" aangeduid is.
            Bij Indirecte cookies kies je voor "Blokkeren".
            Klik op OK.
            Wanneer dit gebeurd is, sluit je het venster "Eigenschappen voor Internet".

            Opruiming van andere tijdelijke mappen en de prullenbak leegmaken:
            Sluit alle open vensters.
            Ga naar Start, kies Uitvoeren en tik in: cleanmgr
            Druk daarna op OK en Schijfopruiming zal gestart worden.
            Indien je meerdere partities hebt kies je de partitie waarop Windows ge&#239;nstalleerd is.
            Laat nu je systeem scannen op bestanden die verwijderd kunnen worden.
            Wanneer het overzicht verschijnt zorg je dat enkel de volgende items aangevinkt zijn:
            - Tijdelijke internetbestanden (indien je de hierboven gegeven procedure niet gevolgd hebt om dit te doen)
            - Prullenbak
            - Tijdelijke bestanden
            Klik daarna op OK.

            Klik op deze ESET Online Scanner (enkel voor InternetExplorer !)
            • * Vink YES, I accept the Terms Of Use aan
              * Klik op de Start button
              * Klik nu op de Install button
              * Klik op Start

              De scanner zal nu initialiseren en updaten
              * Vink Remove found threats NIET aan, tenzij zo gevraagd
              * Klik op de Scan button

              Wacht geduldig af tot de scan voltooid is, dit kan enige tijd in beslag nemen
              * Wanneer de scan be&#235;indigd is, klik op de Details tab
              * Kopi&#235;er en plak de inhoud van dit venster in je volgende antwoord.
              (meestal vind je dit ook terug als C:\Program Files\EsetOnlineScanner\log.txt)
            • Citaat

            Comment

            • #7
              Hierbij het log bestand van de ESET Online virusscanner.

              # version=4
              # OnlineScanner.ocx=1.0.0.56
              # OnlineScannerDLLA.dll=1, 0, 0, 51
              # OnlineScannerDLLW.dll=1, 0, 0, 51
              # OnlineScannerUninstaller.exe=1, 0, 0, 49
              # vers_standard_module=2777 (20080109)
              # vers_arch_module=1.060 (20071228)
              # vers_adv_heur_module=1.064 (20070717)
              # EOSSerial=cbd1e6e117e3264f9f9869f8d22f0ca8
              # end=finished
              # remove_checked=false
              # unwanted_checked=false
              # utc_time=2008-01-09 01:48:16
              # local_time=2008-01-09 02:48:16 (+0100, West-Europa (standaardtijd))
              # country="Netherlands"
              # osver=5.1.2600 NT Service Pack 2
              # scanned=425701
              # found=0
              # scan_time=2399

              Wat vind jij de beste virusscanner, momenteel gebruik ik BitDefender v.10 (free) ... ?
              • Citaat

              Comment

              • #8
                Dat is in orde.
                Zijn er nog problemen?

                Bitdefender, mits geupdate is een goede scanner.
                • Citaat

                Comment

                • #9
                  Nee... Explorer doet het weer fatsoenlijk, geen rare iconen in mijn systeembalk of op mijn bureaublad; er kan dus een slotje op dit topic.

                  Bedankt voor de snelle afhandeling. Top!

                  P.S. Dan blijf ik BitDefender gebruiken (update zich automatisch).
                  • Citaat

                  Comment

                  • #10
                    Graag gedaan. Bitdefender kan je blijven gebruiken.

                    Best dat je nog even alle bestaande systeemherstelpunten wist:
                    Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                    Systeemherstel uitschakelen.

                    Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier en hier.

                    De status van deze thread staat op opgelost.
                    Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk. Dit om het forum netjes en overzichtelijk te houden.
                    Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een priv&#233; bericht met verzoek om heropening.

                    Happy surfing again.
                    • Citaat

                    Comment

                    Vorige template Volgende
                    Sorry, you are not authorized to view this page
                    Working...
                    X