Mededeling

Collapse
No announcement yet.

last van spyware

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • last van spyware

    kheb last van spyware, gisteren zag ik dat outerinfo ineens op mijn pc geinstalleerd was ,dat heb ik dan verwijderd en het komt niet meer terug.
    Maar nu heb ik last van een programma genaamd Vundo.MM dat telkens om de 8 seconden terugkeert: dit krijg ik dan ook om mijn scherm: The Win32/Vundo.MM was detected in C:\WINDOWS\SYSTEM32\AWTQPOL.DLL.
    Machine: DELL8400, User: DELL8400\Thomas.
    File Status: File is cured and the machine needs to reboot to complete cure.

    het is een realtime infection alert van etrust antivirus

    heb al met ad-aware en spybot SD gescant

    dit is mijn hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:53:38, on 7-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Broadcom\BACS\BacsTray.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Drmupgds\Drmupgds.exe
    C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
    C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/nl/nld/gen/default.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/nl/nld/gen/default.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/nl/nld/gen/default.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: {83a59780-f270-477a-a664-fc315e2b1033} - {3301b2e5-13cf-466a-a774-072f08795a38} - C:\WINDOWS\system32\wmvbsyrj.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\awtqpol.dll
    O2 - BHO: (no name) - {F102E4CE-A7A7-44A0-B8C6-020354B6C94F} - C:\WINDOWS\system32\ddabx.dll (file missing)
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\\BacsTray.exe
    O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [bc7c5017] rundll32.exe "C:\WINDOWS\system32\jkmyhtxf.dll",b
    O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\AVSystemCare\bm.exe" dm=http://avsystemcare.com ad=http://avsystemcare.com sd=http://ykeeper.avsystemcare.com
    O4 - HKLM\..\Run: [ptask] C:\Program Files\AVSystemCare\ptask.exe
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2733] command /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8882] cmd /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5903] command /c del "C:\Program Files\BearShare\Logs\memory.txt"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9989] cmd /c del "C:\Program Files\BearShare\Logs\memory.txt"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6370] command /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC833] cmd /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5882] command /c del "C:\Program Files\BearShare\Logs\streams.txt"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6190] cmd /c del "C:\Program Files\BearShare\Logs\streams.txt"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2787] command /c del "C:\WINDOWS\SYSTEM32\ddabx.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4804] cmd /c del "C:\WINDOWS\SYSTEM32\ddabx.dll_old"
    O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /LUT
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6750] command /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7591] cmd /c del "C:\Program Files\BearShare\Logs\hosts-state.txt"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6971] command /c del "C:\Program Files\BearShare\Logs\memory.txt"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1332] cmd /c del "C:\Program Files\BearShare\Logs\memory.txt"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5611] command /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9308] cmd /c del "C:\Program Files\BearShare\Logs\ordinal.txt"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB9300] command /c del "C:\Program Files\BearShare\Logs\streams.txt"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1999] cmd /c del "C:\Program Files\BearShare\Logs\streams.txt"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6807] command /c del "C:\WINDOWS\SYSTEM32\ddabx.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD8881] cmd /c del "C:\WINDOWS\SYSTEM32\ddabx.dll_old"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.gomyhit.com
    O15 - Trusted Zone: *.imageservr.com
    O15 - Trusted Zone: *.imagesrvr.com
    O15 - Trusted Zone: *.storageguardsoft.com
    O15 - Trusted Zone: *.gomyhit.com (HKLM)
    O15 - Trusted Zone: *.imageservr.com (HKLM)
    O15 - Trusted Zone: *.imagesrvr.com (HKLM)
    O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylomgames.com/activex/zylomgamesplayer.cab
    O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/spsp29953.01noopt/spyspottercabinstall.cab
    O20 - Winlogon Notify: awtqpol - C:\WINDOWS\SYSTEM32\awtqpol.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\System32\dlbtcoms.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O24 - Desktop Component 0: (no name) - http://img221.imageshack.us/img221/6454/vistaaq6.png

    --
    End of file - 13997 bytes
    Last edited by intelli; 07-02-08, 13:00.

  • #2
    Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
    O2 - BHO: {83a59780-f270-477a-a664-fc315e2b1033} - {3301b2e5-13cf-466a-a774-072f08795a38} - C:\WINDOWS\system32\wmvbsyrj.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {F102E4CE-A7A7-44A0-B8C6-020354B6C94F} - C:\WINDOWS\system32\ddabx.dll (file missing)
    O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
    O4 - HKLM\..\Run: [bc7c5017] rundll32.exe "C:\WINDOWS\system32\jkmyhtxf.dll",b
    O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\AVSystemCare\bm.exe" dm=http://avsystemcare.com ad=http://avsystemcare.com sd=http://ykeeper.avsystemcare.com
    O4 - HKLM\..\Run: [ptask] C:\Program Files\AVSystemCare\ptask.exe
    O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe
    O15 - Trusted Zone: *.gomyhit.com
    O15 - Trusted Zone: *.imageservr.com
    O15 - Trusted Zone: *.imagesrvr.com
    O15 - Trusted Zone: *.storageguardsoft.com
    O15 - Trusted Zone: *.gomyhit.com (HKLM)
    O15 - Trusted Zone: *.imageservr.com (HKLM)
    O15 - Trusted Zone: *.imagesrvr.com (HKLM)
    O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
    O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spysp...cabinstall.cab

    Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      RVAXO log:


      ---RVAXO.exe Updated: 2008-02-07---first run---
      Files found:
      C:\WINDOWS\system32\xbadd.ini2
      C:\WINDOWS\b122.exe
      C:\WINDOWS\mrofinu1000106.exe
      C:\WINDOWS\mrofinu572.exe
      C:\WINDOWS\mrofinu572.exe.tmp
      C:\WINDOWS\system32\pac.txt

      Uninstallers:


      Folders Found:

      C:\Program Files\Temporary
      C:\Documents and Settings\All Users\Application Data\SalesMon
      C:\WINDOWS\system32\nGpxx01
      C:\Temp\1cb

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------


      combofix log:mijn pc is wel niet herstart, moet dat nog?

      ComboFix 08-02.05.3 - Thomas 2008-02-07 14:02:18.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.563 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Thomas\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\cookies.ini
      C:\WINDOWS\SYSTEM32\fxthymkj.ini
      C:\WINDOWS\system32\jkmyhtxf.dll
      C:\WINDOWS\system32\wmvbsyrj.dll
      C:\WINDOWS\SYSTEM32\xbadd.ini

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-07 to 2008-02-07 ))))))))))))))))))))))))))))))
      .

      2008-02-07 13:43 . 2008-02-07 13:44 <DIR> d-------- C:\RVAXO
      2008-02-07 13:40 . 2008-02-07 11:43 673,683 --a------ C:\WINDOWS\SYSTEM32\RVAXO.bat
      2008-02-07 13:40 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\SYSTEM32\remove.exe
      2008-02-07 12:50 . 2008-02-07 13:32 <DIR> d-------- C:\HijackThis
      2008-02-07 12:12 . 2008-02-07 12:12 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-02-07 12:12 . 2008-02-07 13:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-02-07 10:33 . 2008-02-07 10:33 <DIR> d--hs---- C:\AVSystemCare
      2008-02-07 10:32 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll
      2008-02-06 21:12 . 2008-02-06 21:12 <DIR> d-------- C:\Program Files\Lavasoft
      2008-02-06 21:12 . 2008-02-06 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-02-06 21:11 . 2008-02-06 21:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2008-02-06 19:48 . 2008-02-06 19:48 <DIR> d-------- C:\Program Files\Drmupgds
      2008-02-06 19:45 . 2008-02-06 19:45 <DIR> d-------- C:\WINDOWS\SYSTEM32\feq9
      2008-02-06 19:45 . 2008-02-06 19:45 <DIR> d-------- C:\WINDOWS\SYSTEM32\dp1
      2008-02-06 19:45 . 2008-02-06 19:45 <DIR> d-------- C:\Temp\isgTi19
      2008-02-06 19:45 . 2008-02-07 13:41 <DIR> d-------- C:\Temp
      2008-02-06 13:28 . 2008-02-06 13:28 <DIR> d-------- C:\Program Files\Paint.NET
      2008-02-06 13:22 . 2008-02-06 13:22 <DIR> d-------- C:\WINDOWS\SYSTEM32\XPSViewer
      2008-02-06 13:22 . 2008-02-06 13:22 <DIR> d-------- C:\Program Files\MSBuild
      2008-02-06 13:21 . 2008-02-06 13:21 <DIR> d-------- C:\Program Files\Reference Assemblies
      2008-02-06 13:21 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\SYSTEM32\spmsg2.dll
      2008-02-06 13:17 . 2008-02-06 13:17 <DIR> d-------- C:\Program Files\MSXML 6.0
      2008-01-29 22:08 . 2008-01-29 22:11 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat
      2008-01-26 21:04 . 2008-01-26 21:04 <DIR> d-------- C:\Documents and Settings\Thomas\Application Data\Samsung
      2008-01-26 20:35 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\SYSTEM32\framedyn.dll
      2008-01-26 20:34 . 2008-01-26 20:34 <DIR> d-------- C:\WINDOWS\SYSTEM32\Samsung_USB_Drivers
      2008-01-26 20:34 . 2008-01-26 20:34 <DIR> d-------- C:\Program Files\Samsung
      2008-01-26 20:34 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssm_mdm.sys
      2008-01-26 20:34 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssm_bus.sys
      2008-01-26 20:34 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssm_mdfl.sys
      2008-01-26 20:34 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssm_cmnt.sys
      2008-01-26 20:34 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssm_cm.sys
      2008-01-26 20:34 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssm_whnt.sys
      2008-01-26 20:34 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssm_wh.sys
      2008-01-26 20:34 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\StarOpen.sys
      2008-01-26 20:34 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
      2008-01-25 21:13 . 2008-01-25 21:14 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
      2008-01-23 15:03 . 2008-01-23 15:03 244 --ah----- C:\sqmnoopt10.sqm
      2008-01-23 15:03 . 2008-01-23 15:03 232 --ah----- C:\sqmdata10.sqm
      2008-01-21 17:29 . 2008-01-21 17:29 <DIR> d-------- C:\Documents and Settings\sander\Application Data\HighAndes
      2008-01-21 16:36 . 2008-01-21 16:36 <DIR> d-------- C:\Program Files\HighAndes
      2008-01-21 16:36 . 2008-01-21 16:36 <DIR> d-------- C:\Documents and Settings\Thomas\Application Data\HighAndes
      2008-01-21 16:36 . 2008-01-21 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HighAndes
      2008-01-15 16:54 . 2008-01-15 16:54 <DIR> d-------- C:\Documents and Settings\sander\Application Data\Verzendmap van Share-to-Web
      2008-01-13 15:43 . 2008-01-13 15:44 2,733 --a------ C:\WINDOWS\DevMgr.ini
      2008-01-13 15:42 . 2003-06-24 12:39 350,208 -ra------ C:\WINDOWS\SYSTEM32\hpojwiad.dll
      2008-01-13 15:42 . 2003-06-24 12:40 90,112 -ra------ C:\WINDOWS\SYSTEM32\hpocon09.exe
      2008-01-13 15:42 . 2003-06-24 12:39 22,139 -ra------ C:\WINDOWS\SYSTEM32\hpocoi08.dll
      2008-01-13 15:42 . 2001-02-16 13:12 22,048 -ra------ C:\WINDOWS\SYSTEM32\cocpyinf.dll
      2008-01-13 15:42 . 2001-08-17 21:47 8,704 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Dot4Scan.sys
      2008-01-13 15:42 . 2001-08-17 21:47 8,704 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4scan.sys
      2008-01-13 15:39 . 2008-01-13 15:39 <DIR> d-------- C:\Documents and Settings\Thomas\Application Data\Verzendmap van Share-to-Web
      2008-01-13 15:39 . 2008-01-13 15:39 20 --a------ C:\WINDOWS\Hposcv07.INI
      2008-01-13 15:37 . 2008-01-13 15:39 <DIR> d-------- C:\Program Files\Hewlett-Packard
      2008-01-13 15:36 . 2008-01-13 15:37 <DIR> d-------- C:\WINDOWS\SYSTEM32\NtmsData
      2008-01-13 15:36 . 2008-01-13 15:39 <DIR> d-------- C:\WINDOWS\AiOTemp
      2008-01-13 13:23 . 2004-08-04 06:58 207,360 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Dot4.sys
      2008-01-13 13:23 . 2004-08-04 06:58 207,360 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4.sys
      2008-01-13 13:23 . 2001-09-06 19:40 23,936 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Dot4usb.sys
      2008-01-13 13:23 . 2001-09-06 19:40 23,936 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4usb.sys
      2008-01-13 13:23 . 2001-08-17 21:47 12,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Dot4Prt.sys
      2008-01-13 13:23 . 2001-08-17 21:47 12,928 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4prt.sys

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-07 12:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2008-02-07 11:42 --------- d-----w C:\Program Files\BearShare
      2008-02-06 18:55 --------- d-----w C:\Program Files\Guitar Speed Trainer
      2008-02-06 17:53 --------- d-----w C:\Program Files\SwiftSwitch
      2008-02-05 18:28 --------- d-----w C:\Documents and Settings\Thomas\Application Data\teamspeak2
      2008-01-26 19:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-01-17 21:18 --------- d-----w C:\Documents and Settings\Thomas\Application Data\U3
      2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\SYSTEM32\lsdelete.exe
      2007-11-14 07:29 450,560 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
      2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
      2007-11-07 09:30 727,040 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
      2004-08-04 08:03 50,688 --sh--w C:\WINDOWS\twain_32.dll
      2004-08-04 08:03 1,028,096 --sh--w C:\WINDOWS\SYSTEM32\mfc42.dll
      2004-08-04 08:03 54,784 --sh--w C:\WINDOWS\SYSTEM32\msvcirt.dll
      2004-08-04 08:03 413,696 --sh--w C:\WINDOWS\SYSTEM32\msvcp60.dll
      2004-08-04 08:03 343,040 --sh--w C:\WINDOWS\SYSTEM32\msvcrt.dll
      2007-05-17 11:30 549,376 --sh--w C:\WINDOWS\SYSTEM32\oleaut32.dll
      2004-08-04 08:03 83,456 --sh--w C:\WINDOWS\SYSTEM32\olepro32.dll
      2004-08-04 08:03 12,288 --sh--w C:\WINDOWS\SYSTEM32\regsvr32.exe
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}]
      C:\WINDOWS\system32\awtqpol.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SB Audigy 2 Startup Menu"=" /LUT"
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48 36975]
      "IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 11:23 135168]
      "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15 290816]
      "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 11:43 53248]
      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-25 22:35 335872]
      "CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 09:18 49152]
      "CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 01:00 45056]
      "CTHelper"="CTHELPER.EXE" [2003-02-20 16:45 28672 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
      "AsioReg"="REGSVR32.exe" [2004-08-04 09:03 12288 C:\WINDOWS\SYSTEM32\regsvr32.exe]
      "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
      "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 01:04 122933]
      "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 23:16 52896]
      "URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2004-01-30 09:59 70760]
      "Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-03-29 19:12 290816]
      "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-12-30 20:51 99984]
      "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-22 17:22 180269]
      "bacstray"="C:\Program Files\Broadcom\BACS\\BacsTray.exe" [2004-04-20 12:05 118784]
      "BearShare"="C:\Program Files\BearShare\BearShare.exe" [ ]
      "Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-06 17:14 504080]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 11:45 257088]
      "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 09:11 57344]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      HPAiODevice(hp officejet 7100 series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe [2003-06-24 23:23:40 495682]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{E180F496-8A4B-44E2-9FE0-0364E345DB7F}"= C:\WINDOWS\system32\awtqpol.dll [ ]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqpol]
      awtqpol.dll


      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d76ca6ab-7fd9-11dc-ae91-001111312ab8}]
      \Shell\AutoRun\command - F:\LaunchU3.exe

      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-02-01 17:22:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2008-01-13 14:45:27 C:\WINDOWS\Tasks\HPFRU Task #Hewlett-Packard#hp officejet 7100 series#1200235391.job"
      - C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpqfrucl.exe:-I
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-07 14:03:36
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-02-07 14:04:26
      ComboFix-quarantined-files.txt 2008-02-07 13:04:00
      .
      2008-02-07 10:43:47 --- E O F ---
      Last edited by intelli; 07-02-08, 14:06.

      Comment


      • #4
        Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
        Dit zal alles van RVAXO verwijderen.

        Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:


        Folder::
        C:\AVSystemCare
        C:\Program Files\Drmupgds
        C:\WINDOWS\SYSTEM32\feq9
        C:\WINDOWS\SYSTEM32\dp1
        C:\Temp\isgTi19

        Registry::
        [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}]
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "BearShare"=-
        [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
        "{E180F496-8A4B-44E2-9FE0-0364E345DB7F}"=-
        [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqpol]




        Sla dit op op je Bureaublad als CFScript.txt

        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



        Dit zal ComboFix doen herstarten.
        Start opnieuw op als daarom gevraagd wordt,
        en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje

        Comment


        • #5
          ComboFix 08-02.05.3 - Thomas 2008-02-08 13:56:34.2 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.574 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Thomas\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\Thomas\Bureaublad\CFScript.txt
          * Nieuw herstelpunt werd aangemaakt

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\AVSystemCare
          C:\Program Files\Drmupgds
          C:\Program Files\Drmupgds\Drmupgds.exe
          C:\Temp\isgTi19
          C:\Temp\isgTi19\lPig.log
          C:\WINDOWS\SYSTEM32\dp1
          C:\WINDOWS\SYSTEM32\feq9

          .
          (((((((((((((((((((( Bestanden Gemaakt van 2008-01-08 to 2008-02-08 ))))))))))))))))))))))))))))))
          .

          2008-02-07 13:53 . 2004-08-04 09:03 399,360 --a------ C:\kmd.exe
          2008-02-07 12:50 . 2008-02-07 13:32 <DIR> d-------- C:\HijackThis
          2008-02-07 12:12 . 2008-02-07 12:12 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
          2008-02-07 12:12 . 2008-02-07 13:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2008-02-07 10:32 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll
          2008-02-06 21:12 . 2008-02-06 21:12 <DIR> d-------- C:\Program Files\Lavasoft
          2008-02-06 21:12 . 2008-02-06 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
          2008-02-06 21:11 . 2008-02-06 21:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
          2008-02-06 19:45 . 2008-02-08 13:56 <DIR> d-------- C:\Temp
          2008-02-06 13:28 . 2008-02-06 13:28 <DIR> d-------- C:\Program Files\Paint.NET
          2008-02-06 13:22 . 2008-02-06 13:22 <DIR> d-------- C:\WINDOWS\SYSTEM32\XPSViewer
          2008-02-06 13:22 . 2008-02-06 13:22 <DIR> d-------- C:\Program Files\MSBuild
          2008-02-06 13:21 . 2008-02-06 13:21 <DIR> d-------- C:\Program Files\Reference Assemblies
          2008-02-06 13:21 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\SYSTEM32\spmsg2.dll
          2008-02-06 13:17 . 2008-02-06 13:17 <DIR> d-------- C:\Program Files\MSXML 6.0
          2008-01-29 22:08 . 2008-01-29 22:11 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat
          2008-01-26 21:04 . 2008-01-26 21:04 <DIR> d-------- C:\Documents and Settings\Thomas\Application Data\Samsung
          2008-01-26 20:35 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\SYSTEM32\framedyn.dll
          2008-01-26 20:34 . 2008-01-26 20:34 <DIR> d-------- C:\WINDOWS\SYSTEM32\Samsung_USB_Drivers
          2008-01-26 20:34 . 2008-01-26 20:34 <DIR> d-------- C:\Program Files\Samsung
          2008-01-26 20:34 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssm_mdm.sys
          2008-01-26 20:34 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssm_bus.sys
          2008-01-26 20:34 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssm_mdfl.sys
          2008-01-26 20:34 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssm_cmnt.sys
          2008-01-26 20:34 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssm_cm.sys
          2008-01-26 20:34 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssm_whnt.sys
          2008-01-26 20:34 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssm_wh.sys
          2008-01-26 20:34 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\StarOpen.sys
          2008-01-26 20:34 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
          2008-01-25 21:13 . 2008-01-25 21:14 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
          2008-01-23 15:03 . 2008-01-23 15:03 244 --ah----- C:\sqmnoopt10.sqm
          2008-01-23 15:03 . 2008-01-23 15:03 232 --ah----- C:\sqmdata10.sqm
          2008-01-21 17:29 . 2008-01-21 17:29 <DIR> d-------- C:\Documents and Settings\sander\Application Data\HighAndes
          2008-01-21 16:36 . 2008-01-21 16:36 <DIR> d-------- C:\Program Files\HighAndes
          2008-01-21 16:36 . 2008-01-21 16:36 <DIR> d-------- C:\Documents and Settings\Thomas\Application Data\HighAndes
          2008-01-21 16:36 . 2008-01-21 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HighAndes
          2008-01-15 16:54 . 2008-01-15 16:54 <DIR> d-------- C:\Documents and Settings\sander\Application Data\Verzendmap van Share-to-Web
          2008-01-13 15:43 . 2008-01-13 15:44 2,733 --a------ C:\WINDOWS\DevMgr.ini
          2008-01-13 15:42 . 2003-06-24 12:39 350,208 -ra------ C:\WINDOWS\SYSTEM32\hpojwiad.dll
          2008-01-13 15:42 . 2003-06-24 12:40 90,112 -ra------ C:\WINDOWS\SYSTEM32\hpocon09.exe
          2008-01-13 15:42 . 2003-06-24 12:39 22,139 -ra------ C:\WINDOWS\SYSTEM32\hpocoi08.dll
          2008-01-13 15:42 . 2001-02-16 13:12 22,048 -ra------ C:\WINDOWS\SYSTEM32\cocpyinf.dll
          2008-01-13 15:42 . 2001-08-17 21:47 8,704 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Dot4Scan.sys
          2008-01-13 15:42 . 2001-08-17 21:47 8,704 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4scan.sys
          2008-01-13 15:39 . 2008-01-13 15:39 <DIR> d-------- C:\Documents and Settings\Thomas\Application Data\Verzendmap van Share-to-Web
          2008-01-13 15:39 . 2008-01-13 15:39 20 --a------ C:\WINDOWS\Hposcv07.INI
          2008-01-13 15:37 . 2008-01-13 15:39 <DIR> d-------- C:\Program Files\Hewlett-Packard
          2008-01-13 15:36 . 2008-01-13 15:37 <DIR> d-------- C:\WINDOWS\SYSTEM32\NtmsData
          2008-01-13 15:36 . 2008-01-13 15:39 <DIR> d-------- C:\WINDOWS\AiOTemp
          2008-01-13 13:23 . 2004-08-04 06:58 207,360 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Dot4.sys
          2008-01-13 13:23 . 2004-08-04 06:58 207,360 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4.sys
          2008-01-13 13:23 . 2001-09-06 19:40 23,936 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Dot4usb.sys
          2008-01-13 13:23 . 2001-09-06 19:40 23,936 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4usb.sys
          2008-01-13 13:23 . 2001-08-17 21:47 12,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Dot4Prt.sys
          2008-01-13 13:23 . 2001-08-17 21:47 12,928 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4prt.sys

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-02-08 10:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
          2008-02-07 20:06 --------- d-----w C:\Program Files\SwiftSwitch
          2008-02-07 15:31 --------- d-----w C:\Documents and Settings\Thomas\Application Data\teamspeak2
          2008-02-07 11:42 --------- d-----w C:\Program Files\BearShare
          2008-02-06 18:55 --------- d-----w C:\Program Files\Guitar Speed Trainer
          2008-01-26 19:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2008-01-17 21:18 --------- d-----w C:\Documents and Settings\Thomas\Application Data\U3
          2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\SYSTEM32\lsdelete.exe
          2007-11-14 07:29 450,560 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
          2004-08-04 08:03 50,688 --sh--w C:\WINDOWS\twain_32.dll
          2004-08-04 08:03 1,028,096 --sh--w C:\WINDOWS\SYSTEM32\mfc42.dll
          2004-08-04 08:03 54,784 --sh--w C:\WINDOWS\SYSTEM32\msvcirt.dll
          2004-08-04 08:03 413,696 --sh--w C:\WINDOWS\SYSTEM32\msvcp60.dll
          2004-08-04 08:03 343,040 --sh--w C:\WINDOWS\SYSTEM32\msvcrt.dll
          2007-05-17 11:30 549,376 --sh--w C:\WINDOWS\SYSTEM32\oleaut32.dll
          2004-08-04 08:03 83,456 --sh--w C:\WINDOWS\SYSTEM32\olepro32.dll
          2004-08-04 08:03 12,288 --sh--w C:\WINDOWS\SYSTEM32\regsvr32.exe
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "SB Audigy 2 Startup Menu"=" /LUT"
          "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
          "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48 36975]
          "IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 11:23 135168]
          "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15 290816]
          "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 11:43 53248]
          "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-25 22:35 335872]
          "CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 09:18 49152]
          "CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 01:00 45056]
          "CTHelper"="CTHELPER.EXE" [2003-02-20 16:45 28672 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
          "AsioReg"="REGSVR32.exe" [2004-08-04 09:03 12288 C:\WINDOWS\SYSTEM32\regsvr32.exe]
          "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
          "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 01:04 122933]
          "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
          "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 23:16 52896]
          "URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2004-01-30 09:59 70760]
          "Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-03-29 19:12 290816]
          "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-12-30 20:51 99984]
          "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-22 17:22 180269]
          "bacstray"="C:\Program Files\Broadcom\BACS\\BacsTray.exe" [2004-04-20 12:05 118784]
          "Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-06 17:14 504080]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
          "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 11:45 257088]
          "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 09:11 57344]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          HPAiODevice(hp officejet 7100 series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe [2003-06-24 23:23:40 495682]


          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d76ca6ab-7fd9-11dc-ae91-001111312ab8}]
          \Shell\AutoRun\command - F:\LaunchU3.exe

          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-02-01 17:22:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          "2008-01-13 14:45:27 C:\WINDOWS\Tasks\HPFRU Task #Hewlett-Packard#hp officejet 7100 series#1200235391.job"
          - C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpqfrucl.exe:-I
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-02-08 14:00:44
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          Voltooingstijd: 2008-02-08 14:01:40
          ComboFix-quarantined-files.txt 2008-02-08 13:01:08
          ComboFix2.txt 2008-02-07 13:04:27
          .
          2008-02-07 10:43:47 --- E O F ---




          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 14:03:56, on 8-2-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\System32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
          C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Dell\Media Experience\PCMService.exe
          C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
          C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
          C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
          C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
          C:\WINDOWS\system32\CTHELPER.EXE
          C:\WINDOWS\system32\dla\tfswctrl.exe
          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
          C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
          C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
          C:\Program Files\Common Files\Real\Update_OB\realsched.exe
          C:\Program Files\Broadcom\BACS\BacsTray.exe
          C:\PROGRA~1\CA\ETRUST~1\realmon.exe
          C:\Program Files\QuickTime\qttask.exe
          C:\Program Files\iTunes\iTunesHelper.exe
          C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
          C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
          C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
          C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
          C:\WINDOWS\System32\CTsvcCDA.exe
          C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
          C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
          C:\Program Files\CA\eTrust Antivirus\InoRT.exe
          C:\Program Files\CA\eTrust Antivirus\InoTask.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\WINDOWS\system32\ctfmon.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
          C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
          C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
          C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
          C:\WINDOWS\System32\MsPMSPSv.exe
          C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
          C:\Program Files\iPod\bin\iPodService.exe
          C:\Program Files\MSN Messenger\msnmsgr.exe
          C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
          C:\WINDOWS\explorer.exe
          C:\Program Files\Mozilla Firefox\firefox.exe
          C:\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/nl/nld/gen/default.htm
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/nl/nld/gen/default.htm
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
          O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
          O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - (no file)
          O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
          O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
          O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
          O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
          O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
          O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
          O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
          O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
          O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
          O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
          O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
          O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
          O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
          O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
          O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
          O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
          O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
          O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\\BacsTray.exe
          O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
          O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
          O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /LUT
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
          O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
          O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
          O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
          O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylomgames.com/activex/zylomgamesplayer.cab
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
          O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
          O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
          O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
          O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
          O23 - Service: dlbt_device - Dell - C:\WINDOWS\System32\dlbtcoms.exe
          O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
          O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
          O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
          O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
          O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
          O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

          --
          End of file - 10318 bytes

          Comment


          • #6
            Je Java software is verouderd.
            Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
            Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
            • Download Java Runtime Environment (JRE) 6u4 en bewaar het naar je Bureaublad.
            • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
            • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
            • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
            • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
            • Herhaal dit tot alle oudere versies verdwenen zijn.
            • Na het verwijderen van alle oudere versies, herstart je pc.
            • Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


            Download ATF cleaner (mirror)(gemaakt door Atribune)

            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Ga naar Start - Uitvoeren en geef hier het volgende in:
            Combofix /U
            Druk daarna op OK.
            Let op: Er moet een spatie tussen Combofix en /U zitten.

            Dit zal Combofix deïnstalleren.

            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
            Kijk hier hoe je je systeemherstel moet uitschakelen.
            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

            Post als laatste nog een nieuw logje van Hijackthis ter controle

            Comment


            • #7
              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 16:12:47, on 8-2-2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\System32\Ati2evxx.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
              C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
              C:\WINDOWS\Explorer.EXE
              C:\WINDOWS\System32\CTsvcCDA.exe
              C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
              C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
              C:\Program Files\CA\eTrust Antivirus\InoRT.exe
              C:\Program Files\CA\eTrust Antivirus\InoTask.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\System32\MsPMSPSv.exe
              C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
              C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
              C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
              C:\Program Files\Dell\Media Experience\PCMService.exe
              C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
              C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
              C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
              C:\WINDOWS\system32\CTHELPER.EXE
              C:\WINDOWS\system32\dla\tfswctrl.exe
              C:\Program Files\Common Files\Symantec Shared\ccApp.exe
              C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
              C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
              C:\Program Files\Common Files\Real\Update_OB\realsched.exe
              C:\Program Files\Broadcom\BACS\BacsTray.exe
              C:\PROGRA~1\CA\ETRUST~1\realmon.exe
              C:\Program Files\QuickTime\qttask.exe
              C:\Program Files\iTunes\iTunesHelper.exe
              C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
              C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
              C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
              C:\WINDOWS\system32\wuauclt.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
              C:\Program Files\iPod\bin\iPodService.exe
              C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
              C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
              C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
              C:\Program Files\Mozilla Firefox\firefox.exe
              C:\HijackThis\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/nl/nld/gen/default.htm
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/nl/nld/gen/default.htm
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
              O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
              O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
              O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - (no file)
              O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
              O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
              O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
              O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
              O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
              O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
              O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
              O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
              O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
              O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
              O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
              O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
              O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
              O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
              O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
              O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
              O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
              O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\\BacsTray.exe
              O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
              O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
              O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
              O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /LUT
              O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
              O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
              O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
              O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
              O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
              O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
              O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylomgames.com/activex/zylomgamesplayer.cab
              O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
              O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
              O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
              O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
              O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
              O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
              O23 - Service: dlbt_device - Dell - C:\WINDOWS\System32\dlbtcoms.exe
              O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
              O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
              O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
              O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
              O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
              O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
              O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
              O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

              --
              End of file - 10356 bytes

              Comment


              • #8
                Je hebt deze regel in je logje:
                O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L: DUT
                Dit veroorzaakt een opengaande system32 map tijdens het opstarten van Windows.
                Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at http://support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function
                Kan je bovenstaande eens uitvoeren en daarna een nieuw logje plaatsen?

                Comment


                • #9
                  zal het sebiet doen, maar wat me wel opvalt is dat mijn pc nu veel trager opstart :s, hoe zou dat komen?

                  Comment


                  • #10
                    Je zou dit even kunnen proberen:
                    Download Dial-a-fix-2006 en pak beide bestanden in hun eigen map uit naar je Bureaublad.
                    • In de map Dial-a-fix-v0.60.0.24, dubbelklik op Dial-a-fix.exe
                      In het venster dat opengaat, klik onderaan op het icoontje met het dubbele groene vinkje (check all).
                      Klik daarna op "GO" en laat de tool alle instellingen terugzetten.
                      Sluit dit venster na afloop door onderaan op "Exit" te klikken.

                    Meld of dat verbetering geeft.

                    Comment


                    • #11
                      wat doet dat programma precies, want er staat ook een waarschuwing bij

                      Comment


                      • #12
                        Welke waarschuwing krijg je dan?

                        Comment


                        • #13
                          waarschuwing was gwn de warnings op de site zelf
                          maar heb dial a fix toegepast en hij lijkt nu toch sneller op te starten
                          dus bedankt

                          Comment


                          • #14
                            Graag gedaan hoor

                            Comment

                            Sorry, you are not authorized to view this page
                            Working...
                            X