Mededeling

Collapse
No announcement yet.

Infectie Virtumonde

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Infectie Virtumonde

    Hallo allemaal,

    ik gebruik Windows Vista en ben waarschijnlijk geïnfecteerd met Virtumonde. Als ik de computer opstart krijg ik twee meldingen:

    “Er is een fout opgetreden tijdens het laden van C:\Users\T2DC7~1.VER\AppData\Local\Temp\wvuss.dll”

    Kan opgegeven module niet vinden.

    “Er is een fout opgetreden tijdens het laden van C:\Users\T2DC7~1.VER\AppData\Local\Temp\cbaby.dll”

    Kan opgegeven module niet vinden.


    AdAware vindt niks, Spybot blijft maar Virtumonde vinden. Als ik deze verwijder geeft Spybot aan dat het weg is, maar zodra ik de laptop opnieuw opstart krijg ik alsnog de meldingen.

    HijackThis geeft het volgende log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:42:28, on 29-1-2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16575)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\OEM02Mon.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Software\Nokia PC Suite\Nokia PC Suite 6\PCSuite.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Windows\explorer.exe
    C:\Users\T. Vermeulen\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\T2DC7~1.VER\AppData\Local\Temp\wvuss.dll,#1
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\T2DC7~1.VER\AppData\Local\Temp\cbaby.dll,c
    O4 - HKCU\..\Run: [aeb8de92] rundll32.exe "C:\Users\T2DC7~1.VER\AppData\Local\Temp\jhuivrsm.dll",b
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Software\Nokia PC Suite\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Software\Nokia PC Suite\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Software\Nokia PC Suite\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O13 - Gopher Prefix:
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 13394 bytes

    Ik ben van 31 jan tot 3 feb op vakantie, mochten jullie dat willen weten Alvast bedankt!

  • #2
    Hallo,

    Rechtsklik op C:\Program Files\Trend Micro\HijackThis\HijackThis.exe en kies voor "Als Administrator uitvoeren.
    Bevest de melding die je kijgt van Gebruikersaccountbeheer, door op "Toestaan" te klikken.
    Klik daarna op knop "Scan".
    Plaats een vinkje bij de volgende items:

    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\T2DC7~1.VER\AppData\Local\Temp\wvuss.dll,#1
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\T2DC7~1.VER\AppData\Local\Temp\cbaby.dll,c
    O4 - HKCU\..\Run: [aeb8de92] rundll32.exe "C:\Users\T2DC7~1.VER\AppData\Local\Temp\jhuivrsm.dll",b


    Klik daarna op "Fix checked" en sluit HijackThis af.

    Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Plaats het op je bureaublad.
    Dubbelklik er op om het programma te starten.
    In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
    Volg de instructies op het scherm.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

    Comment


    • #3
      Hallo, ik ben weer terug! Ik heb bovenstaande uitgevoerd, levert het volgende op:

      ComboFix 08-02.03.1 - T. Vermeulen 2008-02-04 14:32:37.1 - NTFSx86
      Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1026 [GMT 1:00]
      Gestart vanuit: C:\Users\T. Vermeulen\Desktop\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
      C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat

      ----- BITS: Mogelijk geïnfecteerde sites -----

      hxxp://download.windowsupdate.com
      hxxp://www.download.windowsupdate.com
      hxxp://minhaselecao.blogspot.com
      hxxp://dl.ziza.ru
      hxxp://dl
      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))
      .

      Geen nieuwe bestanden aangemaakt in deze periode

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-04 13:32 6,736 ----a-w C:\Windows\system32\drivers\PROCEXP90.SYS
      2008-02-04 13:32 --------- d-----w C:\Users\T. Vermeulen\AppData\Roaming\Skype
      2008-02-04 13:25 --------- d-----w C:\ProgramData\Symantec
      2008-02-04 13:09 --------- d-----w C:\Users\T. Vermeulen\AppData\Roaming\skypePM
      2008-01-29 11:29 28,000 ----a-w C:\Users\T. Vermeulen\AppData\Roaming\nvModes.dat
      2008-01-29 11:28 --------- d---a-w C:\ProgramData\TEMP
      2008-01-28 18:50 --------- d-----w C:\Program Files\Hitman Pro
      2008-01-28 18:49 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
      2008-01-28 15:36 --------- d-----w C:\Program Files\ESET
      2008-01-28 15:09 --------- d-----w C:\Program Files\SpywareBlaster
      2008-01-28 15:08 --------- d-----w C:\Program Files\Spyware Doctor
      2008-01-28 15:07 --------- d-----w C:\Users\T. Vermeulen\AppData\Roaming\Webroot
      2008-01-28 15:06 512,096 ----a-w C:\Windows\system32\drivers\amon.sys
      2008-01-28 15:06 298,104 ----a-w C:\Windows\System32\imon.dll
      2008-01-28 15:06 15,424 ----a-w C:\Windows\system32\drivers\nod32drv.sys
      2008-01-28 14:37 --------- d-----w C:\Program Files\Spybot - Search & Destroy
      2008-01-27 16:16 --------- d-----w C:\Users\T. Vermeulen\AppData\Roaming\Lavasoft
      2008-01-27 16:12 --------- d-----w C:\Program Files\Lavasoft
      2008-01-27 14:53 --------- d-----w C:\Users\T. Vermeulen\AppData\Roaming\PC Tools
      2008-01-27 14:42 --------- d-----w C:\ProgramData\Prevx
      2008-01-26 18:52 --------- d-----w C:\ProgramData\Roxio
      2008-01-26 17:39 --------- d-----w C:\Program Files\Norton AntiVirus
      2008-01-26 17:36 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
      2008-01-26 17:36 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
      2008-01-26 17:36 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
      2008-01-26 17:36 --------- d-----w C:\Program Files\Symantec
      2008-01-26 16:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2008-01-26 15:49 --------- d-----w C:\Users\T. Vermeulen\AppData\Roaming\Symantec
      2008-01-26 15:42 --------- d-----w C:\ProgramData\Symantec Temporary Files
      2008-01-26 13:16 --------- d-----w C:\ProgramData\McAfee
      2008-01-26 13:16 --------- d-----w C:\Program Files\McAfee
      2008-01-26 00:58 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
      2008-01-26 00:58 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
      2008-01-26 00:58 22,328 ----a-w C:\Users\T. Vermeulen\AppData\Roaming\PnkBstrK.sys
      2008-01-26 00:58 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
      2008-01-25 13:42 --------- d--h--r C:\Users\T. Vermeulen\AppData\Roaming\SecuROM
      2008-01-25 13:38 --------- d-----w C:\ProgramData\Media Center Programs
      2008-01-25 13:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-01-25 13:36 --------- d-----w C:\Program Files\Eidos
      2008-01-24 17:34 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
      2008-01-24 17:34 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
      2008-01-24 17:34 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
      2008-01-24 17:34 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
      2008-01-24 17:34 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
      2008-01-24 17:34 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
      2008-01-24 17:34 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
      2008-01-24 16:14 --------- d-----w C:\Program Files\Activision
      2008-01-24 15:40 --------- d-----w C:\ProgramData\Microsoft Help
      2008-01-24 11:56 --------- d-----w C:\Program Files\Windows Mail
      2008-01-23 23:58 804,352 ----a-w C:\Windows\system32\drivers\tcpip.sys
      2008-01-23 23:58 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
      2008-01-23 23:58 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
      2008-01-23 23:58 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
      2008-01-23 23:58 24,064 ----a-w C:\Windows\System32\netcfg.exe
      2008-01-23 23:58 22,016 ----a-w C:\Windows\System32\netiougc.exe
      2008-01-23 23:58 217,272 ----a-w C:\Windows\system32\drivers\netio.sys
      2008-01-23 23:58 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
      2008-01-23 23:58 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
      2008-01-23 23:58 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
      2008-01-23 23:58 1,686,016 ----a-w C:\Windows\System32\gameux.dll
      2008-01-23 23:57 1,327,104 ----a-w C:\Windows\System32\quartz.dll
      2008-01-23 23:56 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
      2008-01-23 23:56 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
      2008-01-23 23:56 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
      2008-01-23 23:56 39,936 ----a-w C:\Windows\System32\slcinst.dll
      2008-01-23 23:56 351,232 ----a-w C:\Windows\System32\SLUI.exe
      2008-01-23 23:56 33,280 ----a-w C:\Windows\System32\slwmi.dll
      2008-01-23 23:56 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
      2008-01-23 23:56 223,232 ----a-w C:\Windows\System32\WMASF.DLL
      2008-01-23 23:56 223,232 ----a-w C:\Windows\System32\SLC.dll
      2008-01-23 23:56 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
      2008-01-23 23:56 186,368 ----a-w C:\Windows\System32\SLLUA.exe
      2008-01-23 23:54 824,832 ----a-w C:\Windows\System32\wininet.dll
      2008-01-23 23:54 56,320 ----a-w C:\Windows\System32\iesetup.dll
      2008-01-23 23:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
      2008-01-23 23:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
      2008-01-23 23:25 --------- d-----w C:\Users\T. Vermeulen\AppData\Roaming\Nokia
      2008-01-23 18:33 --------- d-----w C:\ProgramData\PC Suite
      2008-01-23 18:26 --------- d-----w C:\Program Files\DIFX
      2008-01-23 18:25 --------- d-----w C:\Users\T. Vermeulen\AppData\Roaming\PC Suite
      2008-01-23 18:24 --------- d-----w C:\Program Files\Common Files\PCSuite
      2008-01-23 18:24 --------- d-----w C:\Program Files\Common Files\Nokia
      2008-01-23 18:23 --------- d-----w C:\Program Files\PC Connectivity Solution
      2008-01-23 18:19 --------- d-----w C:\ProgramData\Installations
      2008-01-23 17:39 --------- d-----w C:\Program Files\Microsoft Works
      2008-01-23 17:38 --------- d-----w C:\Program Files\MSBuild
      2008-01-23 17:37 --------- d-----w C:\Program Files\Microsoft.NET
      2008-01-23 17:35 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
      2008-01-23 17:30 --------- d-----w C:\Program Files\DAEMON Tools Lite
      2008-01-23 17:29 --------- d-----w C:\Users\T. Vermeulen\AppData\Roaming\DAEMON Tools
      2008-01-23 17:24 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
      2008-01-23 17:03 --------- d-----w C:\Program Files\ffdshow
      2008-01-23 17:02 --------- d-----w C:\Program Files\AC3Filter
      2008-01-23 16:54 32 ----a-w C:\Users\All Users\ezsid.dat
      2008-01-23 16:54 32 ----a-w C:\ProgramData\ezsid.dat
      2008-01-23 16:51 --------- d-----w C:\ProgramData\Skype
      2008-01-23 16:51 --------- d-----w C:\Program Files\Skype
      2008-01-23 16:51 --------- d-----w C:\Program Files\Common Files\Skype
      2008-01-23 16:47 --------- d-----w C:\Users\T. Vermeulen\AppData\Roaming\Roxio
      2008-01-23 16:45 --------- d-----w C:\Program Files\Java
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
      2008-02-04 14:25 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
      "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
      "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 17:51 486856]
      "PC Suite Tray"="C:\Software\Nokia PC Suite\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-20 21:43 1006264]
      "ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 07:03 17920]
      "Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-24 10:27 159744]
      "OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-08-29 06:54 36864]
      "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 19:23 405504]
      "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-16 07:54 86016]
      "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-16 07:53 8429568]
      "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-16 07:54 81920]
      "NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-05-16 07:54 67584]
      "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
      "DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 17:43 118784]
      "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
      "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184]
      "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 17:10 184320]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
      "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-20 14:32 1838592]
      "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
      "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]
      "McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39 136768]
      "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 22:07 51048]
      "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
      "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41 596760]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "Nokia.PCSync"="C:\Software\Nokia PC Suite\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
      BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 18:55:50 703280]
      Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-01-20 14:18:40 50688]
      QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-01-20 14:17:33 45056]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

      R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080131.001\IDSvix86.sys [2008-01-26 00:37]
      R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-08-29 22:25]
      R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 22:07]
      R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
      R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
      R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 01:39]
      R3 btwaudio;Bluetooth-audioapparaat;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 02:37]
      R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 00:13]
      R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 00:13]
      R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-29 06:54]
      R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-29 06:55]
      R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
      R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 13:50]
      S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
      S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]
      S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      bthsvcs REG_MULTI_SZ BthServ
      WindowsMobile REG_MULTI_SZ wcescomm rapimgr
      LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f06dc6f-c9d8-11dc-911f-001e4cdd670e}]
      \shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
      \shell\dinstall\command - F:\Directx\dxsetup.exe

      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-01-28 20:15:33 C:\Windows\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - T. Vermeulen.job"
      - C:\Program Files\Norton AntiVirus\Navw32.exeB/TASK:
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-04 14:34:51
      Windows 6.0.6000 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-02-04 14:35:52
      ComboFix-quarantined-files.txt 2008-02-04 13:35:49
      .
      2008-01-24 19:29:03 --- E O F ---


      en:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 14:36:57, on 4-2-2008
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16575)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Program Files\DellTPad\Apoint.exe
      C:\Windows\OEM02Mon.exe
      C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
      C:\Windows\WindowsMobile\wmdc.exe
      C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
      C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
      C:\Program Files\Dell\MediaDirect\PCMService.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\McAfee\Common Framework\UdaterUI.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\Program Files\Spyware Doctor\pctsTray.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\DAEMON Tools Lite\daemon.exe
      C:\Software\Nokia PC Suite\Nokia PC Suite 6\PCSuite.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\Program Files\Digital Line Detect\DLG.exe
      C:\Program Files\Dell\QuickSet\quickset.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files\DellTPad\ApMsgFwd.exe
      C:\Program Files\DellTPad\Apntex.exe
      C:\Program Files\DellTPad\HidFind.exe
      C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
      c:\program files\common files\installshield\updateservice\isuspm.exe
      C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\conime.exe
      C:\Windows\explorer.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Users\T. Vermeulen\Desktop\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: ::1 localhost
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
      O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
      O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
      O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
      O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
      O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
      O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
      O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
      O4 - HKCU\..\Run: [PC Suite Tray] "C:\Software\Nokia PC Suite\Nokia PC Suite 6\PCSuite.exe" -onlytray
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Software\Nokia PC Suite\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEEM')
      O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Software\Nokia PC Suite\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
      O4 - Global Startup: BTTray.lnk = ?
      O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
      O4 - Global Startup: QuickSet.lnk = ?
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
      O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
      O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O13 - Gopher Prefix:
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
      O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
      O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
      O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
      O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
      O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
      O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
      O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
      O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
      O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
      O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

      --
      End of file - 12893 bytes


      Alvast bedankt voor de hulp!

      Comment


      • #4
        Zijn er nog problemen?

        Comment


        • #5
          Heb net m'n laptop even opnieuw opgestart, ik krijg geen meldingen meer. Hoera! Verder nog afsluitende handelingen te verrichten?

          Comment


          • #6
            Welke antivirussoftware en welke firewall gebruik je?
            Ik zie sporen van NOD32, van McAfee en van Norton.
            Welke wil je behouden, welke wil je verwijderen?

            Comment


            • #7
              Ik wil norton graag behouden. NOD32 was volgens mij onderdeel van Hitman Pro die ik heb aangevinkt, en er zat een proefversie van McAfee op m'n computer.

              Comment


              • #8
                Oh, en Firewall is volgens mij gewoon die van Windows Vista.

                Comment


                • #9
                  Best dat je McAfee verwijderd dan.

                  Ga naar Configuratiescherm - Programma's en onderdelen en deïnstalleer alles van McAfee.

                  Herstart de computer.

                  Update je antivirusprogramma en laat de volledige computer scannen.
                  Wordt er nog wat gevonden, dan laat je dit verwijderen.

                  Meldt of er nog problemen optreden.

                  Comment


                  • #10
                    Ik heb alles van mcafee al eerder verwijderd, voordat ik op dit forum ging posten. Raar dat je dat dan alsnog ziet... Maar ik heb Norton laten updaten en een volledige scan laten doen: helemaal niks!

                    Kan ik de hijackthis en combofix deinstalleren?

                    Comment


                    • #11
                      Maak nog even een nieuwe hijackthislog en post deze.

                      Comment


                      • #12
                        Logfile of Trend Micro HijackThis v2.0.2
                        Scan saved at 18:57:22, on 4-2-2008
                        Platform: Windows Vista (WinNT 6.00.1904)
                        MSIE: Internet Explorer v7.00 (7.00.6000.16575)
                        Boot mode: Normal

                        Running processes:
                        C:\Windows\system32\Dwm.exe
                        C:\Windows\system32\taskeng.exe
                        C:\Windows\Explorer.EXE
                        C:\Program Files\DellTPad\Apoint.exe
                        C:\Windows\OEM02Mon.exe
                        C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
                        C:\Windows\System32\rundll32.exe
                        C:\Windows\System32\rundll32.exe
                        C:\Windows\WindowsMobile\wmdc.exe
                        C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
                        C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
                        C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                        C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
                        C:\Program Files\Dell\MediaDirect\PCMService.exe
                        C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
                        C:\Program Files\McAfee\Common Framework\UdaterUI.exe
                        C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
                        C:\Program Files\Spyware Doctor\pctsTray.exe
                        C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
                        C:\Program Files\Windows Live\Messenger\msnmsgr.exe
                        C:\Program Files\Skype\Phone\Skype.exe
                        C:\Program Files\DAEMON Tools Lite\daemon.exe
                        C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                        C:\Software\Nokia PC Suite\Nokia PC Suite 6\PCSuite.exe
                        C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
                        C:\Program Files\Digital Line Detect\DLG.exe
                        C:\Program Files\Dell\QuickSet\quickset.exe
                        C:\Windows\System32\rundll32.exe
                        C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
                        C:\Program Files\Skype\Plugin Manager\skypePM.exe
                        c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
                        C:\Program Files\DellTPad\ApMsgFwd.exe
                        C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
                        C:\Program Files\DellTPad\Apntex.exe
                        C:\Program Files\DellTPad\HidFind.exe
                        C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
                        C:\Users\T. Vermeulen\Desktop\HijackThis.exe

                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                        O1 - Hosts: ::1 localhost
                        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                        O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                        O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
                        O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
                        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
                        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
                        O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                        O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
                        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                        O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
                        O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
                        O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
                        O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
                        O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
                        O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
                        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
                        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
                        O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
                        O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
                        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
                        O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
                        O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                        O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
                        O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
                        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                        O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
                        O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
                        O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
                        O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
                        O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
                        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                        O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
                        O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
                        O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
                        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                        O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
                        O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
                        O4 - HKCU\..\Run: [PC Suite Tray] "C:\Software\Nokia PC Suite\Nokia PC Suite 6\PCSuite.exe" -onlytray
                        O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
                        O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
                        O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
                        O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Software\Nokia PC Suite\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEEM')
                        O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Software\Nokia PC Suite\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
                        O4 - Global Startup: BTTray.lnk = ?
                        O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
                        O4 - Global Startup: QuickSet.lnk = ?
                        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
                        O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
                        O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
                        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
                        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
                        O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
                        O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
                        O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
                        O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
                        O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
                        O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
                        O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
                        O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
                        O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
                        O13 - Gopher Prefix:
                        O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
                        O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                        O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
                        O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
                        O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
                        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                        O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                        O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
                        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
                        O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
                        O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                        O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
                        O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
                        O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
                        O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
                        O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
                        O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
                        O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
                        O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
                        O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
                        O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                        O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
                        O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
                        O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
                        O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

                        --
                        End of file - 12739 bytes

                        Comment


                        • #13
                          Dit zorgt er voor dat alles van McAfee uitgeschakeld wordt:
                          Ga naar Start - uitvoeren en tik in: services.msc
                          Zoek deze service: McAfee Framework Service
                          Stop de service, klik op stoppen, en zet het opstartype op uitgeschakeld.

                          Doe dit ook voor: McAfee SystemGuards

                          Met hijackthis fix je deze nog:
                          O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

                          Meldingen van Gebruikersaccountbeheer die je krijgt, sta je toe tijdens deze procedure.


                          Ga naar Start - Uitvoeren en tik in: ComboFix /u
                          Druk op Enter.

                          Comment


                          • #14
                            Ik kan beide bestanden niet stoppen, er is alleen de optie om te starten.

                            Comment


                            • #15
                              Probeer de instructies uit te voeren in veilige modus.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X