Mededeling

Collapse
No announcement yet.

virus melding

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • virus melding

    Telkens als ik mijn pc opstart krijg ik de volgende melding van mijn anti-virus
    programma 'troj/virtum-gen detected in C:\windows\system 32\nnnnl.dll.'
    ik krijg dit niet weg van mijn scherm. Ook heb ik het bestandje opgezocht in mijn bestanden en daar gevonden, maar wat ik ook probeer, ik krijg het niet verwijderd ook al heb ik alles afgesloten. Mijn pc blijft melden dat ik het niet kan verwijderen omdat bestandje in gebruik is.
    Gaarne de wijze hoe ik dit bestandje kan verwijderen

  • #2
    Dag hanver,

    Maak even een hijackthislog en post deze.

    Comment


    • #3
      HijackThis-log

      hallo marckie, hierbij mijn HijackThis-log, ik hoop dat je mij kunt helpen , ik wordt gek van dat schermpje



      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:59:37, on 17-1-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
      C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
      C:\WINDOWS\system32\HPConfig.exe
      C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\HPQ\One-Touch\OneTouch.EXE
      C:\Program Files\TomTom HOME\TomTomHOME.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
      C:\temp downloads\sfus.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Orange\AntiVirus\sweepsrv.sys
      C:\WINDOWS\system32\MsPMSPSv.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
      O18 - Filter hijack: text/html - (no CLSID) - (no file)
      O20 - Winlogon Notify: nnnmnli - nnnmnli.dll (file missing)
      O20 - Winlogon Notify: ssqpmnn - ssqpmnn.dll (file missing)
      O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
      O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
      O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
      O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\temp downloads\sfus.exe
      O23 - Service: sweepsrv.sys - Sophos Plc - C:\Program Files\Orange\AntiVirus\sweepsrv.sys

      --
      End of file - 2825 bytes

      Comment


      • #4
        Is di de volledige log?
        Heb je zelf een aantal sleutels verwijderd met hijackthis?
        Of heb je hulp gekregen op een ander fora?

        Comment


        • #5
          volgens mij is dit de volledige log, en toen ik vandaag mijn computer opstarten
          had ik het schermpje weer. dus probleem is er nog

          Comment


          • #6
            Graag een antwoord op mijn andere twee vragen aub.

            Comment


            • #7
              nee, hoezo mis je iets,

              hierbij nogmaals mijn log die ik net heb gemaakt

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 18:08:48, on 18-1-2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
              C:\WINDOWS\system32\HPConfig.exe
              C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
              C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
              C:\temp downloads\sfus.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\HPQ\One-Touch\OneTouch.EXE
              C:\Program Files\Orange\AntiVirus\sweepsrv.sys
              C:\Program Files\TomTom HOME\TomTomHOME.exe
              C:\Program Files\Winamp\winampa.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
              C:\WINDOWS\system32\MsPMSPSv.exe
              C:\Program Files\Winamp\winamp.exe
              C:\WINDOWS\system32\wuauclt.exe
              C:\Program Files\Internet Explorer\iexplore.exe
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: (no name) - {06817558-BB78-4FFF-B5F2-71B1B7E0A4A5} - (no file)
              O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll (file missing)
              O2 - BHO: (no name) - {0EA21015-561F-40AA-AE3E-BF83600C1957} - (no file)
              O2 - BHO: (no name) - {13945182-BC2D-4998-B799-88B112D21E1C} - (no file)
              O2 - BHO: (no name) - {1A589AA6-EDDD-4552-AB9A-4EDFF5CDD7DE} - C:\WINDOWS\system32\ssqpmnn.dll (file missing)
              O2 - BHO: (no name) - {277D74F0-4E2A-4E59-B118-B1178F9C4BBB} - (no file)
              O2 - BHO: (no name) - {3A030110-2E09-4CBF-A561-981A9FB9F24C} - (no file)
              O2 - BHO: (no name) - {4C913AA5-8369-4389-9DD2-F54E5D055C96} - (no file)
              O2 - BHO: (no name) - {4CBECEF5-6E3C-48A6-84A1-84AA021E3E1B} - (no file)
              O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O2 - BHO: (no name) - {57BA7694-E604-45B1-BF25-75C1250BDCA9} - (no file)
              O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
              O2 - BHO: (no name) - {6E8677CB-095C-4616-B877-ADC08D92F9C0} - (no file)
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O2 - BHO: (no name) - {85780861-B49F-4EB7-9DB3-1485FBD449BC} - (no file)
              O2 - BHO: (no name) - {9BF81C78-4A6B-4D17-8073-4D41C7E9544D} - (no file)
              O2 - BHO: (no name) - {A041C192-F4BE-4B58-B23A-B5B15A53E699} - C:\WINDOWS\system32\nnnnl.dll
              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
              O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
              O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
              O2 - BHO: (no name) - {B9068F32-22A8-42BE-BD27-7F9A6B69A4BA} - (no file)
              O2 - BHO: (no name) - {BE57875E-68F1-4E2E-BCFF-DB7AE973E904} - (no file)
              O2 - BHO: (no name) - {CDF0CC74-ED05-4DBF-92CE-45BE20B574C0} - (no file)
              O2 - BHO: (no name) - {D0D4F553-4291-46B1-BC46-B820B0EAB3A3} - (no file)
              O2 - BHO: (no name) - {D7F75F27-6022-4F3A-9957-B7E5DCBB3B1C} - (no file)
              O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
              O2 - BHO: (no name) - {EB8EF243-6D52-42F6-98FA-663C74A5E446} - (no file)
              O2 - BHO: (no name) - {ebec3472-29fc-4677-9c5f-05eae4fc81be} - (no file)
              O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
              O4 - HKLM\..\Run: [hpsjbmgr] C:\SCANJET\PrecisionScanLT\hpsjbmgr.exe
              O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
              O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
              O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
              O4 - HKCU\..\Run: [BioniXWallpaper] "C:\Documents and Settings\Hans.PC-VERMUNT\Mijn documenten\dowloads\temp\kazaaplus 6.2 + kazza plus 2.6 keygen\Program Files\BioniX Wallpaper v4.60\BioniX Wallper.exe"
              O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
              O4 - HKUS\S-1-5-18\..\Run: [PcSync] E:\programma's opslag\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [PcSync] E:\programma's opslag\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
              O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
              O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
              O4 - Global Startup: VPN Client.lnk = ?
              O8 - Extra context menu item: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
              O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
              O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
              O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
              O18 - Filter hijack: text/html - (no CLSID) - (no file)
              O20 - Winlogon Notify: nnnmnli - nnnmnli.dll (file missing)
              O20 - Winlogon Notify: ssqpmnn - ssqpmnn.dll (file missing)
              O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
              O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
              O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
              O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
              O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
              O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\temp downloads\sfus.exe
              O23 - Service: sweepsrv.sys - Sophos Plc - C:\Program Files\Orange\AntiVirus\sweepsrv.sys

              --
              End of file - 8355 bytes
              Last edited by hanver; 18-01-08, 18:12.

              Comment


              • #8
                Ik denk dat je zelf ook wel ziet dat deze log veel uitgebreider is. Niet ?

                Comment


                • #9
                  okee, je hebt gelijk. dus weet ik niet wat ik de eerste keer fout heb gedaan maar alla. Maar kun je nu wel mijn probleem oplossen?

                  Comment


                  • #10
                    Sluit alle open vensters.
                    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

                    O2 - BHO: (no name) - {06817558-BB78-4FFF-B5F2-71B1B7E0A4A5} - (no file)
                    O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll (file missing)
                    O2 - BHO: (no name) - {0EA21015-561F-40AA-AE3E-BF83600C1957} - (no file)
                    O2 - BHO: (no name) - {13945182-BC2D-4998-B799-88B112D21E1C} - (no file)
                    O2 - BHO: (no name) - {1A589AA6-EDDD-4552-AB9A-4EDFF5CDD7DE} - C:\WINDOWS\system32\ssqpmnn.dll (file missing)
                    O2 - BHO: (no name) - {277D74F0-4E2A-4E59-B118-B1178F9C4BBB} - (no file)
                    O2 - BHO: (no name) - {3A030110-2E09-4CBF-A561-981A9FB9F24C} - (no file)
                    O2 - BHO: (no name) - {4C913AA5-8369-4389-9DD2-F54E5D055C96} - (no file)
                    O2 - BHO: (no name) - {4CBECEF5-6E3C-48A6-84A1-84AA021E3E1B} - (no file)
                    O2 - BHO: (no name) - {57BA7694-E604-45B1-BF25-75C1250BDCA9} - (no file)
                    O2 - BHO: (no name) - {6E8677CB-095C-4616-B877-ADC08D92F9C0} - (no file)
                    O2 - BHO: (no name) - {85780861-B49F-4EB7-9DB3-1485FBD449BC} - (no file)
                    O2 - BHO: (no name) - {9BF81C78-4A6B-4D17-8073-4D41C7E9544D} - (no file)
                    O2 - BHO: (no name) - {A041C192-F4BE-4B58-B23A-B5B15A53E699} - C:\WINDOWS\system32\nnnnl.dll
                    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
                    O2 - BHO: (no name) - {B9068F32-22A8-42BE-BD27-7F9A6B69A4BA} - (no file)
                    O2 - BHO: (no name) - {BE57875E-68F1-4E2E-BCFF-DB7AE973E904} - (no file)
                    O2 - BHO: (no name) - {CDF0CC74-ED05-4DBF-92CE-45BE20B574C0} - (no file)
                    O2 - BHO: (no name) - {D0D4F553-4291-46B1-BC46-B820B0EAB3A3} - (no file)
                    O2 - BHO: (no name) - {D7F75F27-6022-4F3A-9957-B7E5DCBB3B1C} - (no file)
                    O2 - BHO: (no name) - {EB8EF243-6D52-42F6-98FA-663C74A5E446} - (no file)
                    O2 - BHO: (no name) - {ebec3472-29fc-4677-9c5f-05eae4fc81be} - (no file)
                    O8 - Extra context menu item: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW
                    O18 - Filter hijack: text/html - (no CLSID) - (no file)
                    O20 - Winlogon Notify: nnnmnli - nnnmnli.dll (file missing)
                    O20 - Winlogon Notify: ssqpmnn - ssqpmnn.dll (file missing)


                    Klik daarna op "Fix checked" en sluit HijackThis af.


                    Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
                    Plaats het op je bureaublad.
                    Dubbelklik er op om het programma te starten.
                    In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
                    Volg de instructies op het scherm.
                    Als het tooltje klaar is, opent er een logfile (combofix.txt).
                    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

                    Comment


                    • #11
                      Oorspronkelijk geplaatst door hanver Bekijk Berichten
                      Maar kun je nu wel mijn probleem oplossen?
                      We gaan proberen.
                      Zie de instructies hierboven.

                      Comment


                      • #12
                        beste Marckie,

                        hierbij als eerste het combi-fix file

                        ComboFix 08-01-18.4 - Hans 2008-01-18 18:47:56.1 - NTFSx86
                        Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.127 [GMT 1:00]
                        Gestart vanuit: C:\Documents and Settings\Hans.PC-VERMUNT\Local Settings\Temporary Internet Files\Content.IE5\89ATUDEX\ComboFix[1].exe
                        * Nieuw herstelpunt werd aangemaakt

                        WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
                        .

                        (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                        .

                        C:\Documents and Settings\All Users.WINDOWS\Application Data.\salesmonitor
                        C:\Documents and Settings\Hans.PC-VERMUNT\Application Data\setup_nl[2].exe
                        C:\WINDOWS\system32\ddsigwfj.dll
                        C:\WINDOWS\system32\fkchrypo.dll
                        C:\WINDOWS\system32\gnljdaqa.ini
                        C:\WINDOWS\system32\jfwgisdd.ini
                        C:\WINDOWS\system32\lnnnn.ini
                        C:\WINDOWS\system32\lnnnn.ini2
                        C:\WINDOWS\system32\mcrh.tmp
                        C:\WINDOWS\system32\mowvrioj.ini
                        C:\WINDOWS\system32\nqgcyhxx.ini
                        C:\WINDOWS\system32\nqgcyhxx.ini2
                        C:\WINDOWS\system32\nqgcyhxx.tmp
                        C:\WINDOWS\system32\opyrhckf.ini
                        C:\WINDOWS\system32\oyloptyh.ini
                        C:\WINDOWS\system32\pyimcwwj.ini
                        C:\WINDOWS\system32\rhycmata.dll
                        C:\WINDOWS\system32\ydigrjir.ini
                        C:\WINDOWS\system32\ymvjgcpg.ini
                        C:\x.dat
                        C:\z.dat
                        C:\WINDOWS\Fonts\-

                        .
                        ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

                        .
                        -------\LEGACY_DOMAINSERVICE
                        -------\nm


                        (((((((((((((((((((( Bestanden Gemaakt van 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))
                        .

                        2008-01-18 18:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
                        2008-01-18 18:28 . 2008-01-18 18:28 <DIR> dr-h----- C:\Documents and Settings\Hans.PC-VERMUNT\Onlangs geopend
                        2008-01-18 18:22 . 2008-01-18 18:22 <DIR> d-------- C:\Program Files\CCleaner
                        2008-01-17 18:49 . 2008-01-17 18:49 <DIR> d-------- C:\Program Files\Trend Micro
                        2008-01-16 19:11 . 2008-01-16 19:12 <DIR> d-------- C:\Program Files\Orange
                        2008-01-14 18:22 . 2008-01-14 18:22 294 ---hs---- C:\WINDOWS\system32\dabdgkes.ini
                        2008-01-12 18:46 . 2008-01-12 18:46 294 ---hs---- C:\WINDOWS\system32\bpjupfsq.tmp
                        2008-01-12 18:46 . 2008-01-12 18:46 294 ---hs---- C:\WINDOWS\system32\bpjupfsq.ini
                        2008-01-11 18:53 . 2008-01-11 18:53 294 ---hs---- C:\WINDOWS\system32\sbhntqeg.ini
                        2008-01-11 18:44 . 2008-01-14 18:14 15,663 --a------ C:\WINDOWS\BM6f847a71.xml
                        2008-01-11 18:44 . 2008-01-14 18:19 22 --a------ C:\WINDOWS\pskt.ini
                        2008-01-10 18:48 . 2008-01-10 18:48 294 ---hs---- C:\WINDOWS\system32\jrslqxlv.ini
                        2008-01-10 18:04 . 2008-01-10 18:04 <DIR> d-------- C:\Program Files\Common Files\Ankiro
                        2008-01-10 18:03 . 2008-01-10 18:03 <DIR> d-------- C:\Program Files\Common Files\Application
                        2008-01-09 18:43 . 2008-01-09 18:43 294 ---hs---- C:\WINDOWS\system32\btutunii.tmp
                        2008-01-09 18:43 . 2008-01-09 18:43 294 ---hs---- C:\WINDOWS\system32\btutunii.ini
                        2008-01-08 18:45 . 2008-01-08 18:46 354 ---hs---- C:\WINDOWS\system32\hljxspue.ini
                        2008-01-08 18:17 . 2008-01-08 18:46 294 ---hs---- C:\WINDOWS\system32\jxsmwmsg.ini
                        2008-01-06 18:48 . 2008-01-06 18:48 294 ---hs---- C:\WINDOWS\system32\dbokwipj.ini
                        2008-01-05 18:47 . 2008-01-05 18:47 294 ---hs---- C:\WINDOWS\system32\rslenxvp.ini
                        2008-01-04 18:44 . 2008-01-04 18:44 294 ---hs---- C:\WINDOWS\system32\tqfydbnq.ini
                        2008-01-03 19:05 . 2008-01-03 19:05 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
                        2008-01-03 17:13 . 2008-01-03 17:13 294 ---hs---- C:\WINDOWS\system32\aogfsovd.ini
                        2008-01-02 17:16 . 2008-01-02 17:17 834 ---hs---- C:\WINDOWS\system32\lptphtqh.ini
                        2008-01-01 13:41 . 2008-01-02 17:12 774 ---hs---- C:\WINDOWS\system32\kncrkebc.ini
                        2007-12-31 13:40 . 2008-01-01 13:41 654 ---hs---- C:\WINDOWS\system32\elsfdalc.ini
                        2007-12-30 11:05 . 2007-12-31 13:35 414 ---hs---- C:\WINDOWS\system32\yvtsrmdw.ini
                        2007-12-29 10:57 . 2007-12-29 10:57 474 ---hs---- C:\WINDOWS\system32\tusiaspc.ini
                        2007-12-28 10:47 . 2007-12-29 10:55 414 ---hs---- C:\WINDOWS\system32\vellhthx.ini
                        2007-12-27 09:31 . 2007-12-27 09:31 294 ---hs---- C:\WINDOWS\system32\mvjrxcpw.ini
                        2007-12-24 08:55 . 2007-12-24 09:47 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

                        .
                        ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                        .
                        2008-01-16 18:32 --------- d-----w C:\Program Files\Google
                        2008-01-15 19:09 --------- d-----w C:\Documents and Settings\Hans.PC-VERMUNT\Application Data\LimeWire
                        2008-01-14 17:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\clp
                        2007-12-22 11:47 --------- d-----w C:\Program Files\Winamp
                        2007-12-22 08:34 --------- d-----w C:\Program Files\PC Connectivity Solution
                        2007-12-17 20:42 --------- d-----w C:\Program Files\Microsoft ActiveSync
                        2007-12-17 18:47 --------- d-----w C:\Program Files\UltimateZip
                        2007-12-17 18:39 --------- d-----w C:\Program Files\HP
                        2007-12-09 20:03 --------- d-----w C:\Program Files\Common Files\Network Associates
                        2007-12-09 20:02 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Network Associates
                        2007-12-09 19:17 --------- d-----w C:\Program Files\epson
                        2007-12-09 18:36 --------- d-----w C:\Documents and Settings\franka\Application Data\Preventon
                        2007-12-09 08:29 --------- d-----w C:\Documents and Settings\Hans.PC-VERMUNT\Application Data\Preventon
                        2007-12-09 08:14 15,863,805 ----a-w C:\Program Files\pc-antivirus.exe
                        2007-12-09 07:44 8,540 ----a-w C:\WINDOWS\system32\oqeljwxg.dll
                        2007-12-07 18:06 8,536 ----a-w C:\WINDOWS\system32\kryvtotb.dll
                        2007-12-03 21:33 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
                        2007-12-03 18:58 --------- d-----w C:\Documents and Settings\Hans.PC-VERMUNT\Application Data\Dcads Advanced Toolbar
                        2007-12-03 17:32 8,536 ----a-w C:\WINDOWS\system32\rysusiax.dll
                        2007-12-02 14:49 --------- d-----w C:\Documents and Settings\Hans.PC-VERMUNT\Application Data\MSN6
                        2007-11-29 21:50 882,992 ----a-w C:\Program Files\Google Updater.exe
                        2007-11-29 20:07 --------- d-----w C:\Program Files\spamfighter
                        2007-11-29 17:57 --------- d-----w C:\Documents and Settings\franka\Application Data\LimeWire
                        2007-11-24 08:13 --------- d-----w C:\Program Files\Common Files\Adobe
                        2007-11-23 18:27 --------- d-----w C:\Documents and Settings\Hans.PC-VERMUNT\Application Data\Uniblue
                        2007-11-23 18:26 --------- d-----w C:\Documents and Settings\Hans.PC-VERMUNT\Application Data\schijfbewaker
                        2007-11-23 18:20 --------- d-----w C:\Program Files\Common Files\SchijfBewaker
                        2007-11-23 18:20 --------- d-----r C:\Documents and Settings\All Users.WINDOWS\Application Data\schijfbewaker
                        2007-11-22 16:59 120 ----a-w C:\n.bat
                        2007-11-22 16:58 2,608 ----a-w C:\Documents and Settings\Hans.PC-VERMUNT\z.dat
                        2007-11-22 16:58 1,158 ----a-w C:\Documents and Settings\Hans.PC-VERMUNT\x.dat
                        2007-11-21 22:10 --------- d-----w C:\Program Files\LimeWire
                        2007-11-18 11:02 --------- d-----w C:\Program Files\TomTom HOME
                        2007-11-17 10:01 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
                        2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
                        2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
                        2007-03-28 18:06 66,480 -c--a-w C:\Documents and Settings\Hans.PC-VERMUNT\Application Data\GDIPFONTCACHEV1.DAT
                        2006-10-29 18:47 66,480 -c--a-w C:\Documents and Settings\franka\Application Data\GDIPFONTCACHEV1.DAT
                        .

                        ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                        .
                        .
                        REGEDIT4
                        *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A041C192-F4BE-4B58-B23A-B5B15A53E699}]
                        C:\WINDOWS\system32\nnnnl.dll

                        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                        "BioniXWallpaper"="C:\Documents and Settings\Hans.PC-VERMUNT\Mijn documenten\dowloads\temp\kazaaplus 6.2 + kazza plus 2.6 keygen\Program Files\BioniX Wallpaper v4.60\BioniX Wallper.exe" [ ]
                        "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]
                        "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 09:55 68856]

                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                        "hpsjbmgr"="C:\SCANJET\PrecisionScanLT\hpsjbmgr.exe" [ ]
                        "QT4HPOT"="C:\Program Files\HPQ\One-Touch\OneTouch.EXE" [2003-10-03 20:07 102400]
                        "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 16:52 3770024]
                        "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 16:16 37376]

                        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                        "PcSync"="E:\programma's opslag\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]

                        C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
                        Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]
                        VPN Client.lnk - C:\WINDOWS\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico [2006-05-04 16:04:41]

                        [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
                        Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\nnnnl.dll

                        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\6cb749ed]
                        C:\WINDOWS\system32\cladfsle.dll

                        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
                        --a------ 2007-10-10 19:51 39792 E:\programma's opslag\adobe pdf reader\Reader\Reader_sl.exe

                        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
                        --a------ 2002-08-16 01:18 28672 C:\WINDOWS\system32\Ati2mdxx.exe

                        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
                        --a------ 2002-08-14 16:29 290816 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

                        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM6f847a71]
                        C:\WINDOWS\system32\gumbdkua.dll

                        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
                        --a------ 2003-07-17 12:50 184412 C:\Program Files\HPQ\Default Settings\cpqset.exe

                        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
                        --a------ 2004-08-04 00:03 15360 C:\WINDOWS\system32\ctfmon.exe

                        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Display Settings]
                        --a------ 2002-08-15 06:26 45056 C:\Program Files\HPQ\Notebook Utilities\hptasks.exe

                        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX8400 Series]
                        --a------ 2007-04-12 07:00 182272 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.exe

                        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
                        --a------ 2007-02-21 10:45 356352 C:\Program Files\Browser Mouse\mouse32a.exe

                        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
                        --------- 2005-02-16 22:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

                        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
                        --a------ 2007-01-23 11:19 223232 E:\programma's opslag\Nokia PC Suite 6\LaunchApplication.exe

                        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Preventon RealTime Antivirus]
                        --a------ 2006-06-29 11:11 919552 C:\Program Files\Orange\AntiVirus\AVRealTime.exe

                        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
                        --a------ 2003-07-18 17:23 868352 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

                        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
                        --a------ 2003-05-01 18:44 65536 C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe

                        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
                        --a------ 2007-10-09 17:04 425984 C:\Program Files\Common Files\SchijfBewaker\strpmon.exe

                        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
                        --a------ 2008-01-02 17:03 308880 C:\temp downloads\SFAgent.exe

                        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
                        --a------ 2007-08-31 16:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

                        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
                        --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

                        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
                        --a------ 2007-07-29 09:55 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

                        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
                        --------- 2003-05-23 00:06 610304 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

                        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
                        --------- 2003-05-22 23:10 110592 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

                        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Now]
                        --a------ 2003-01-30 10:34 282624 C:\Program Files\HPQ\Notebook Utilities\TvNow.exe

                        R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-20 03:47]
                        R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-20 02:40]
                        R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\temp downloads\sfus.exe" [2008-01-02 17:03]
                        R3 ALiIRDA;Stuurprogramma voor ALi-infraroodapparaat;C:\WINDOWS\system32\DRIVERS\alifir.sys [2001-08-17 22:49]
                        R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\system32\drivers\caliaud.sys [2002-11-05 17:04]
                        R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys [2002-11-05 17:04]
                        R3 InterCheck Control;InterCheck Control;C:\Program Files\Orange\AntiVirus\icntdrv5.sys [2006-05-05 15:30]
                        R3 InterCheck Filter;InterCheck Filter;C:\Program Files\Orange\AntiVirus\icntflt5.sys [2006-05-05 15:30]
                        R3 InterCheck Support 01;InterCheck Support 01;C:\Program Files\Orange\AntiVirus\icntst01.sys [2006-05-05 15:30]
                        R3 InterCheck Support 02;InterCheck Support 02;C:\Program Files\Orange\AntiVirus\icntst02.sys [2006-05-05 15:30]
                        R3 InterCheck Support 03;InterCheck Support 03;C:\Program Files\Orange\AntiVirus\icntst03.sys [2006-05-05 15:30]
                        R3 InterCheck Support 04;InterCheck Support 04;C:\Program Files\Orange\AntiVirus\icntst04.sys [2006-05-05 15:30]
                        R3 InterCheck Support 05;InterCheck Support 05;C:\Program Files\Orange\AntiVirus\icntst05.sys [2006-05-05 15:30]
                        R3 InterCheck Support 06;InterCheck Support 06;C:\Program Files\Orange\AntiVirus\icntst06.sys [2006-05-05 15:30]
                        R3 InterCheck Support 07;InterCheck Support 07;C:\Program Files\Orange\AntiVirus\icntst07.sys [2006-05-05 15:30]
                        R3 InterCheck Support 08;InterCheck Support 08;C:\Program Files\Orange\AntiVirus\icntst08.sys [2005-11-30 18:06]
                        R3 InterCheck Support 09;InterCheck Support 09;C:\Program Files\Orange\AntiVirus\icntst09.sys [2006-05-05 15:30]
                        R3 InterCheck Support 10;InterCheck Support 10;C:\Program Files\Orange\AntiVirus\icntst10.sys [2006-05-05 15:30]
                        R3 InterCheck Support 11;InterCheck Support 11;C:\Program Files\Orange\AntiVirus\icntst11.sys [2006-05-05 15:30]
                        R3 InterCheck Support 12;InterCheck Support 12;C:\Program Files\Orange\AntiVirus\icntst12.sys [2006-05-05 15:30]
                        R3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver;C:\WINDOWS\system32\DRIVERS\Express.sys [2002-01-18 11:00]
                        S3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS [2003-07-17 03:01]
                        S3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet-adapterstuurprogramma;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 21:12]
                        S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]

                        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8f0a394-6f79-11db-a924-000e7f7bbe66}]
                        \Shell\AutoRun\command - F:\InstallTomTomHOME.exe

                        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea6d6651-6f6f-11db-a922-000e7f7bbe66}]
                        \Shell\AutoRun\command - F:\InstallTomTomHOME.exe

                        .
                        Inhoud van de 'Gedeelde Taken' map
                        "2008-01-10 18:14:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
                        - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
                        "2007-11-17 09:41:55 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
                        - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
                        .
                        **************************************************************************

                        catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                        Rootkit scan 2008-01-18 19:05:21
                        Windows 5.1.2600 Service Pack 2 NTFS

                        scannen van verborgen processen ...

                        scannen van verborgen autostart items ...

                        scannen van verborgen bestanden ...

                        Scan succesvol afgerond
                        verborgen bestanden: 0

                        **************************************************************************
                        .
                        Voltooingstijd: 2008-01-18 19:12:19 - machine was rebooted
                        ComboFix-quarantined-files.txt 2008-01-18 18:12:13
                        .
                        2007-12-26 13:13:48 --- E O F ---


                        hierna de nieuwe hijjack log

                        Logfile of Trend Micro HijackThis v2.0.2
                        Scan saved at 19:13:49, on 18-1-2008
                        Platform: Windows XP SP2 (WinNT 5.01.2600)
                        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                        Boot mode: Normal

                        Running processes:
                        C:\WINDOWS\System32\smss.exe
                        C:\WINDOWS\system32\winlogon.exe
                        C:\WINDOWS\system32\services.exe
                        C:\WINDOWS\system32\lsass.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\WINDOWS\system32\spoolsv.exe
                        C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
                        C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
                        C:\WINDOWS\system32\HPConfig.exe
                        C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
                        C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                        C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
                        C:\temp downloads\sfus.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\Program Files\Orange\AntiVirus\sweepsrv.sys
                        C:\WINDOWS\system32\MsPMSPSv.exe
                        C:\WINDOWS\Explorer.EXE
                        C:\Program Files\HPQ\One-Touch\OneTouch.EXE
                        C:\Program Files\TomTom HOME\TomTomHOME.exe
                        C:\Program Files\Winamp\winampa.exe
                        C:\WINDOWS\system32\ctfmon.exe
                        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                        C:\WINDOWS\system32\wuauclt.exe
                        C:\WINDOWS\system32\notepad.exe
                        C:\Program Files\Internet Explorer\iexplore.exe
                        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                        O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
                        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                        O2 - BHO: (no name) - {A041C192-F4BE-4B58-B23A-B5B15A53E699} - C:\WINDOWS\system32\nnnnl.dll (file missing)
                        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
                        O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
                        O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
                        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                        O4 - HKLM\..\Run: [hpsjbmgr] C:\SCANJET\PrecisionScanLT\hpsjbmgr.exe
                        O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
                        O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
                        O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
                        O4 - HKCU\..\Run: [BioniXWallpaper] "C:\Documents and Settings\Hans.PC-VERMUNT\Mijn documenten\dowloads\temp\kazaaplus 6.2 + kazza plus 2.6 keygen\Program Files\BioniX Wallpaper v4.60\BioniX Wallper.exe"
                        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                        O4 - HKUS\S-1-5-18\..\Run: [PcSync] E:\programma's opslag\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
                        O4 - HKUS\.DEFAULT\..\Run: [PcSync] E:\programma's opslag\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
                        O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                        O4 - Global Startup: VPN Client.lnk = ?
                        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                        O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
                        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
                        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
                        O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
                        O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
                        O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
                        O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
                        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                        O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
                        O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
                        O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
                        O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                        O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\temp downloads\sfus.exe
                        O23 - Service: sweepsrv.sys - Sophos Plc - C:\Program Files\Orange\AntiVirus\sweepsrv.sys

                        --
                        End of file - 6417 bytes


                        ik hoor het nog wel

                        groetjes hanver

                        Comment


                        • #13
                          Hanver,

                          Gestart vanuit: C:\Documents and Settings\Hans.PC-VERMUNT\Local Settings\Temporary Internet Files\Content.IE5\89ATUDEX\ComboFix[1].exe
                          Lijkt me best dat je de instructies correct opvolgt, anders ga je problemen krijgen.
                          Plaats Combofix.exe op je bureaublad!

                          Open een kladblokbestand.
                          Kopieer de ondestaande code, en plak deze in het kladblokbestand.
                          Sla het kladblokbestand op als CFScript.txt
                          Code:
                          File::
                          C:\WINDOWS\system32\btutunii.tmp
                          C:\WINDOWS\system32\btutunii.ini
                          C:\WINDOWS\system32\hljxspue.ini
                          C:\WINDOWS\system32\jxsmwmsg.ini
                          C:\WINDOWS\system32\dbokwipj.ini
                          C:\WINDOWS\system32\rslenxvp.ini
                          C:\WINDOWS\system32\tqfydbnq.ini
                          C:\WINDOWS\system32\aogfsovd.ini
                          C:\WINDOWS\system32\lptphtqh.ini
                          C:\WINDOWS\system32\kncrkebc.ini
                          C:\WINDOWS\system32\elsfdalc.ini
                          C:\WINDOWS\system32\yvtsrmdw.ini
                          C:\WINDOWS\system32\tusiaspc.ini
                          C:\WINDOWS\system32\vellhthx.ini
                          C:\WINDOWS\system32\mvjrxcpw.ini
                          C:\WINDOWS\system32\oqeljwxg.dll
                          C:\WINDOWS\system32\kryvtotb.dll
                          C:\n.bat
                          C:\WINDOWS\system32\rysusiax.dll
                          
                          Registry::
                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
                          "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
                          
                          [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A041C192-F4BE-4B58-B23A-B5B15A53E699}]
                          
                          [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\6cb749ed]
                          Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

                          ComboFix zal opnieuw starten.
                          Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
                          Post de inhoud van de logfile.

                          Comment


                          • #14
                            reactie 2

                            beste Marckie,

                            hierbij weer het log overzicht van combifix na jouw opdracht.

                            ComboFix 08-01-18.5 - Hans 2008-01-18 19:46:24.2 - NTFSx86
                            Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.125 [GMT 1:00]
                            Gestart vanuit: C:\Documents and Settings\Hans.PC-VERMUNT\Mijn documenten\dowloads\temp\ComboFix.exe
                            Command switches used :: C:\Documents and Settings\Hans.PC-VERMUNT\Bureaublad\CFScript.txt
                            * Nieuw herstelpunt werd aangemaakt

                            WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
                            .

                            (((((((((((((((((((( Bestanden Gemaakt van 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))
                            .

                            2008-01-18 18:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
                            2008-01-18 18:28 . 2008-01-18 19:42 <DIR> dr-h----- C:\Documents and Settings\Hans.PC-VERMUNT\Onlangs geopend
                            2008-01-18 18:22 . 2008-01-18 18:22 <DIR> d-------- C:\Program Files\CCleaner
                            2008-01-17 18:49 . 2008-01-17 18:49 <DIR> d-------- C:\Program Files\Trend Micro
                            2008-01-16 19:11 . 2008-01-16 19:12 <DIR> d-------- C:\Program Files\Orange
                            2008-01-14 18:22 . 2008-01-14 18:22 294 ---hs---- C:\WINDOWS\system32\dabdgkes.ini
                            2008-01-12 18:46 . 2008-01-12 18:46 294 ---hs---- C:\WINDOWS\system32\bpjupfsq.tmp
                            2008-01-12 18:46 . 2008-01-12 18:46 294 ---hs---- C:\WINDOWS\system32\bpjupfsq.ini
                            2008-01-11 18:53 . 2008-01-11 18:53 294 ---hs---- C:\WINDOWS\system32\sbhntqeg.ini
                            2008-01-11 18:44 . 2008-01-14 18:14 15,663 --a------ C:\WINDOWS\BM6f847a71.xml
                            2008-01-11 18:44 . 2008-01-14 18:19 22 --a------ C:\WINDOWS\pskt.ini
                            2008-01-10 18:48 . 2008-01-10 18:48 294 ---hs---- C:\WINDOWS\system32\jrslqxlv.ini
                            2008-01-10 18:04 . 2008-01-10 18:04 <DIR> d-------- C:\Program Files\Common Files\Ankiro
                            2008-01-10 18:03 . 2008-01-10 18:03 <DIR> d-------- C:\Program Files\Common Files\Application
                            2008-01-09 18:43 . 2008-01-09 18:43 294 ---hs---- C:\WINDOWS\system32\btutunii.tmp
                            2008-01-09 18:43 . 2008-01-09 18:43 294 ---hs---- C:\WINDOWS\system32\btutunii.ini
                            2008-01-08 18:45 . 2008-01-08 18:46 354 ---hs---- C:\WINDOWS\system32\hljxspue.ini
                            2008-01-08 18:17 . 2008-01-08 18:46 294 ---hs---- C:\WINDOWS\system32\jxsmwmsg.ini
                            2008-01-06 18:48 . 2008-01-06 18:48 294 ---hs---- C:\WINDOWS\system32\dbokwipj.ini
                            2008-01-05 18:47 . 2008-01-05 18:47 294 ---hs---- C:\WINDOWS\system32\rslenxvp.ini
                            2008-01-04 18:44 . 2008-01-04 18:44 294 ---hs---- C:\WINDOWS\system32\tqfydbnq.ini
                            2008-01-03 19:05 . 2008-01-03 19:05 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
                            2008-01-03 17:13 . 2008-01-03 17:13 294 ---hs---- C:\WINDOWS\system32\aogfsovd.ini
                            2008-01-02 17:16 . 2008-01-02 17:17 834 ---hs---- C:\WINDOWS\system32\lptphtqh.ini
                            2008-01-01 13:41 . 2008-01-02 17:12 774 ---hs---- C:\WINDOWS\system32\kncrkebc.ini
                            2007-12-31 13:40 . 2008-01-01 13:41 654 ---hs---- C:\WINDOWS\system32\elsfdalc.ini
                            2007-12-30 11:05 . 2007-12-31 13:35 414 ---hs---- C:\WINDOWS\system32\yvtsrmdw.ini
                            2007-12-29 10:57 . 2007-12-29 10:57 474 ---hs---- C:\WINDOWS\system32\tusiaspc.ini
                            2007-12-28 10:47 . 2007-12-29 10:55 414 ---hs---- C:\WINDOWS\system32\vellhthx.ini
                            2007-12-27 09:31 . 2007-12-27 09:31 294 ---hs---- C:\WINDOWS\system32\mvjrxcpw.ini
                            2007-12-24 08:55 . 2007-12-24 09:47 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

                            .
                            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                            .
                            2008-01-18 18:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\clp
                            2008-01-16 18:32 --------- d-----w C:\Program Files\Google
                            2008-01-15 19:09 --------- d-----w C:\Documents and Settings\Hans.PC-VERMUNT\Application Data\LimeWire
                            2007-12-22 11:47 --------- d-----w C:\Program Files\Winamp
                            2007-12-22 08:34 --------- d-----w C:\Program Files\PC Connectivity Solution
                            2007-12-17 20:42 --------- d-----w C:\Program Files\Microsoft ActiveSync
                            2007-12-17 18:47 --------- d-----w C:\Program Files\UltimateZip
                            2007-12-17 18:39 --------- d-----w C:\Program Files\HP
                            2007-12-09 20:03 --------- d-----w C:\Program Files\Common Files\Network Associates
                            2007-12-09 20:02 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Network Associates
                            2007-12-09 19:17 --------- d-----w C:\Program Files\epson
                            2007-12-09 18:36 --------- d-----w C:\Documents and Settings\franka\Application Data\Preventon
                            2007-12-09 08:29 --------- d-----w C:\Documents and Settings\Hans.PC-VERMUNT\Application Data\Preventon
                            2007-12-09 08:14 15,863,805 ----a-w C:\Program Files\pc-antivirus.exe
                            2007-12-03 21:33 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
                            2007-12-03 18:58 --------- d-----w C:\Documents and Settings\Hans.PC-VERMUNT\Application Data\Dcads Advanced Toolbar
                            2007-12-02 14:49 --------- d-----w C:\Documents and Settings\Hans.PC-VERMUNT\Application Data\MSN6
                            2007-11-29 21:50 882,992 ----a-w C:\Program Files\Google Updater.exe
                            2007-11-29 20:07 --------- d-----w C:\Program Files\spamfighter
                            2007-11-29 17:57 --------- d-----w C:\Documents and Settings\franka\Application Data\LimeWire
                            2007-11-24 08:13 --------- d-----w C:\Program Files\Common Files\Adobe
                            2007-11-23 18:27 --------- d-----w C:\Documents and Settings\Hans.PC-VERMUNT\Application Data\Uniblue
                            2007-11-23 18:26 --------- d-----w C:\Documents and Settings\Hans.PC-VERMUNT\Application Data\schijfbewaker
                            2007-11-23 18:20 --------- d-----w C:\Program Files\Common Files\SchijfBewaker
                            2007-11-23 18:20 --------- d-----r C:\Documents and Settings\All Users.WINDOWS\Application Data\schijfbewaker
                            2007-11-22 16:59 120 ----a-w C:\n.bat
                            2007-11-22 16:58 2,608 ----a-w C:\Documents and Settings\Hans.PC-VERMUNT\z.dat
                            2007-11-22 16:58 1,158 ----a-w C:\Documents and Settings\Hans.PC-VERMUNT\x.dat
                            2007-11-21 22:10 --------- d-----w C:\Program Files\LimeWire
                            2007-11-18 11:02 --------- d-----w C:\Program Files\TomTom HOME
                            2007-03-28 18:06 66,480 -c--a-w C:\Documents and Settings\Hans.PC-VERMUNT\Application Data\GDIPFONTCACHEV1.DAT
                            2006-10-29 18:47 66,480 -c--a-w C:\Documents and Settings\franka\Application Data\GDIPFONTCACHEV1.DAT
                            .

                            ((((((((((((((((((((((((((((( [email protected]_19.11.50.57 )))))))))))))))))))))))))))))))))))))))))
                            .
                            - 2008-01-18 17:45:19 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
                            + 2008-01-18 18:45:39 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
                            - 2008-01-18 17:45:19 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
                            + 2008-01-18 18:45:39 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
                            - 2008-01-18 17:45:20 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
                            + 2008-01-18 18:45:40 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
                            - 2008-01-18 17:45:21 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
                            + 2008-01-18 18:45:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
                            - 2008-01-18 17:45:22 7,319,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
                            + 2008-01-18 18:45:43 7,319,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
                            - 2008-01-18 17:45:23 155,648 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
                            + 2008-01-18 18:45:44 155,648 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
                            .
                            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                            .
                            .
                            REGEDIT4
                            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                            "BioniXWallpaper"="C:\Documents and Settings\Hans.PC-VERMUNT\Mijn documenten\dowloads\temp\kazaaplus 6.2 + kazza plus 2.6 keygen\Program Files\BioniX Wallpaper v4.60\BioniX Wallper.exe" [ ]
                            "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]
                            "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 09:55 68856]

                            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                            "hpsjbmgr"="C:\SCANJET\PrecisionScanLT\hpsjbmgr.exe" [ ]
                            "QT4HPOT"="C:\Program Files\HPQ\One-Touch\OneTouch.EXE" [2003-10-03 20:07 102400]
                            "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 16:52 3770024]
                            "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 16:16 37376]

                            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                            "PcSync"="E:\programma's opslag\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]

                            C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
                            Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]
                            VPN Client.lnk - C:\WINDOWS\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico [2006-05-04 16:04:41]

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
                            --a------ 2007-10-10 19:51 39792 E:\programma's opslag\adobe pdf reader\Reader\Reader_sl.exe

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
                            --a------ 2002-08-16 01:18 28672 C:\WINDOWS\system32\Ati2mdxx.exe

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
                            --a------ 2002-08-14 16:29 290816 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM6f847a71]
                            C:\WINDOWS\system32\gumbdkua.dll

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
                            --a------ 2003-07-17 12:50 184412 C:\Program Files\HPQ\Default Settings\cpqset.exe

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
                            --a------ 2004-08-04 00:03 15360 C:\WINDOWS\system32\ctfmon.exe

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Display Settings]
                            --a------ 2002-08-15 06:26 45056 C:\Program Files\HPQ\Notebook Utilities\hptasks.exe

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX8400 Series]
                            --a------ 2007-04-12 07:00 182272 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.exe

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
                            --a------ 2007-02-21 10:45 356352 C:\Program Files\Browser Mouse\mouse32a.exe

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
                            --------- 2005-02-16 22:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
                            --a------ 2007-01-23 11:19 223232 E:\programma's opslag\Nokia PC Suite 6\LaunchApplication.exe

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Preventon RealTime Antivirus]
                            --a------ 2006-06-29 11:11 919552 C:\Program Files\Orange\AntiVirus\AVRealTime.exe

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
                            --a------ 2003-07-18 17:23 868352 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
                            --a------ 2003-05-01 18:44 65536 C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
                            --a------ 2007-10-09 17:04 425984 C:\Program Files\Common Files\SchijfBewaker\strpmon.exe

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
                            --a------ 2008-01-02 17:03 308880 C:\temp downloads\SFAgent.exe

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
                            --a------ 2007-08-31 16:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
                            --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
                            --a------ 2007-07-29 09:55 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
                            --------- 2003-05-23 00:06 610304 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
                            --------- 2003-05-22 23:10 110592 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Now]
                            --a------ 2003-01-30 10:34 282624 C:\Program Files\HPQ\Notebook Utilities\TvNow.exe

                            R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-20 03:47]
                            R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-20 02:40]
                            R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\temp downloads\sfus.exe" [2008-01-02 17:03]
                            R3 ALiIRDA;Stuurprogramma voor ALi-infraroodapparaat;C:\WINDOWS\system32\DRIVERS\alifir.sys [2001-08-17 22:49]
                            R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\system32\drivers\caliaud.sys [2002-11-05 17:04]
                            R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys [2002-11-05 17:04]
                            R3 InterCheck Control;InterCheck Control;C:\Program Files\Orange\AntiVirus\icntdrv5.sys [2006-05-05 15:30]
                            R3 InterCheck Filter;InterCheck Filter;C:\Program Files\Orange\AntiVirus\icntflt5.sys [2006-05-05 15:30]
                            R3 InterCheck Support 01;InterCheck Support 01;C:\Program Files\Orange\AntiVirus\icntst01.sys [2006-05-05 15:30]
                            R3 InterCheck Support 02;InterCheck Support 02;C:\Program Files\Orange\AntiVirus\icntst02.sys [2006-05-05 15:30]
                            R3 InterCheck Support 03;InterCheck Support 03;C:\Program Files\Orange\AntiVirus\icntst03.sys [2006-05-05 15:30]
                            R3 InterCheck Support 04;InterCheck Support 04;C:\Program Files\Orange\AntiVirus\icntst04.sys [2006-05-05 15:30]
                            R3 InterCheck Support 05;InterCheck Support 05;C:\Program Files\Orange\AntiVirus\icntst05.sys [2006-05-05 15:30]
                            R3 InterCheck Support 06;InterCheck Support 06;C:\Program Files\Orange\AntiVirus\icntst06.sys [2006-05-05 15:30]
                            R3 InterCheck Support 07;InterCheck Support 07;C:\Program Files\Orange\AntiVirus\icntst07.sys [2006-05-05 15:30]
                            R3 InterCheck Support 08;InterCheck Support 08;C:\Program Files\Orange\AntiVirus\icntst08.sys [2005-11-30 18:06]
                            R3 InterCheck Support 09;InterCheck Support 09;C:\Program Files\Orange\AntiVirus\icntst09.sys [2006-05-05 15:30]
                            R3 InterCheck Support 10;InterCheck Support 10;C:\Program Files\Orange\AntiVirus\icntst10.sys [2006-05-05 15:30]
                            R3 InterCheck Support 11;InterCheck Support 11;C:\Program Files\Orange\AntiVirus\icntst11.sys [2006-05-05 15:30]
                            R3 InterCheck Support 12;InterCheck Support 12;C:\Program Files\Orange\AntiVirus\icntst12.sys [2006-05-05 15:30]
                            R3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver;C:\WINDOWS\system32\DRIVERS\Express.sys [2002-01-18 11:00]
                            S3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS [2003-07-17 03:01]
                            S3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet-adapterstuurprogramma;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 21:12]
                            S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]

                            [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8f0a394-6f79-11db-a924-000e7f7bbe66}]
                            \Shell\AutoRun\command - F:\InstallTomTomHOME.exe

                            [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea6d6651-6f6f-11db-a922-000e7f7bbe66}]
                            \Shell\AutoRun\command - F:\InstallTomTomHOME.exe

                            .
                            Inhoud van de 'Gedeelde Taken' map
                            "2008-01-10 18:14:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
                            - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
                            "2007-11-17 09:41:55 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
                            - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
                            .
                            **************************************************************************

                            catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                            Rootkit scan 2008-01-18 19:55:24
                            Windows 5.1.2600 Service Pack 2 NTFS

                            scannen van verborgen processen ...

                            scannen van verborgen autostart items ...

                            scannen van verborgen bestanden ...

                            Scan succesvol afgerond
                            verborgen bestanden: 0

                            **************************************************************************
                            .
                            Voltooingstijd: 2008-01-18 20:02:13 - machine was rebooted [Hans]
                            ComboFix-quarantined-files.txt 2008-01-18 19:02:07
                            ComboFix2.txt 2008-01-18 18:12:20
                            .
                            2007-12-26 13:13:48 --- E O F ---


                            is het nu akkoord of dien ik nog meer instructies uit te voeren ?

                            m.vr.gr.

                            hanver

                            Comment


                            • #15
                              Je hebt de voorgaande instructies niet correct uitgevoerd.
                              Doe exact wat ik aangegeven heb, anders lukt het niet.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X