Mededeling

Collapse
No announcement yet.

amvo

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • amvo

    bij het herstarten van de p.c. krijg ik steeds:
    De instructie op 0x10013f32 verwijst naar geheugen op 0x000000ff. De lees- of schrijfbewerking ("read") op het geheugen is mislukt.


    Ook zou ik graag willen weten of het mogelijk is dat een mobieltje besmet is, en een fototoestel? Moet ik die ook scannen op virussen?

    Logfile of HijackThis v1.99.1
    Scan saved at 13:54:01, on 20.02.08
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\system32\Fmctrl.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\capimonitor\capimonitor.exe
    C:\Program Files\DateInTray\DateInTray.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\Vox\VoxVox32.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\OUTPOS~1\outpost.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\internet\download\antispyware\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://10.0.0.138
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshMediaBar.dll
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Outpost Firewall\outpost.exe /waitservice
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
    O4 - Startup: OpenOffice.org 2.3 .lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Startup: Snelkoppeling naar capimonitor.lnk = C:\Program Files\capimonitor\capimonitor.exe
    O4 - Startup: Snelkoppeling naar DateInTray.exe.lnk = C:\Program Files\DateInTray\DateInTray.exe
    O4 - Startup: Snelkoppeling naar NoteTab.lnk = C:\Program Files\NoteTab Light\NoteTab.exe
    O4 - Startup: Snelkoppeling naar VoxVox32.lnk = C:\Program Files\Vox\VoxVox32.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program Files\Outpost Firewall\TRASH.EXE (HKCU)
    O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program Files\Outpost Firewall\TRASH.EXE (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: http://www.freerecordshop.nl
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197824463562
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197824591312
    O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://members.driverguide.com/director/dispatch_getfile.php?mode=toolkit_lite
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\OUTPOS~1\outpost.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


    je weet: ik ben je dankbaar want ik heb er zelf geen bal verstand van.

  • #2
    Inderdaad een virus via USB.

    Download het volgende programma en start het.
    Flash_Disinfector.exe

    Het programma sluit Internet Explorer en de Windows Verkenner.
    Er wordt gevraagd om de USB-disk aan te sluiten. Herhaal dit als je meerdere USB apparaten hebt. (mobiel MP3-player of fototoestel)

    Download Combofix naar je Bureaublad.
    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
    • Dubbelklik op Combofix.exe
      Volg de instructies, aanvaard de disclaimer door Yes te klikken.
      Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats dit log in je volgende post samen met een nieuw HijackThis log.

    Comment


    • #3
      ok, heb ik gedaan

      ComboFix 08-02-20.2 - pvk 2008-02-20 17:58:10.11 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.601 [GMT 1:00]
      Gestart vanuit: E:\internet\download\antispyware\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))
      .

      2008-02-17 14:37 . 2008-02-17 14:38 <DIR> d-------- C:\Program Files\iMesh Applications
      2008-02-17 14:37 . 2008-02-17 15:50 <DIR> d-------- C:\Documents and Settings\P\Application Data\iMesh
      2008-02-17 14:37 . 2007-11-22 16:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
      2008-02-14 18:28 . 2008-02-14 18:28 <DIR> d-------- C:\Program Files\Intelore
      2008-02-14 18:28 . 2008-02-14 18:28 <DIR> d-------- C:\Documents and Settings\P\Application Data\Intelore
      2008-02-12 19:37 . 2008-02-12 19:37 <DIR> d-------- C:\Program Files\Overhoor
      2008-02-12 19:34 . 2008-02-12 19:34 <DIR> d-------- C:\Program Files\DrillAss
      2008-02-12 19:34 . 2008-02-12 19:35 295 --a------ C:\WINDOWS\DrillAss.ini
      2008-02-12 19:34 . 2008-02-12 19:37 47 --a------ C:\WINDOWS\OH4WIN.REG
      2008-02-08 14:22 . 2008-02-08 14:22 104 --a------ C:\WINDOWS\packspel.dat
      2008-02-05 14:15 . 2008-02-05 14:15 <DIR> d-------- C:\HAVEN
      2008-02-05 14:10 . 2008-02-08 14:21 <DIR> d-------- C:\PACKMOB
      2008-02-01 23:53 . 2008-02-01 23:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
      2008-02-01 23:53 . 2008-02-01 23:53 1,409 --a------ C:\WINDOWS\QTFont.for
      2008-01-28 14:34 . 2008-01-28 14:34 <DIR> d-------- C:\Program Files\Lavasoft
      2008-01-28 14:34 . 2008-01-28 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-01-28 14:33 . 2008-01-28 14:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2008-01-25 14:45 . 2006-05-11 10:48 106,496 --a------ C:\WINDOWS\system32\DrvTrNTl.dll
      2008-01-25 14:45 . 2006-05-17 21:53 54,272 --a------ C:\WINDOWS\system32\DrvTrNTm.dll
      2008-01-24 20:38 . 2008-01-24 20:38 <DIR> d-------- C:\WINDOWS\naevius_yt_1
      2008-01-24 20:38 . 2008-01-24 20:47 <DIR> d-------- C:\Program Files\Naevius YouTube Converter
      2008-01-24 20:38 . 2008-02-10 15:42 <DIR> d-------- C:\naevius_temp_folder
      2008-01-24 00:05 . 2008-01-24 00:05 <DIR> d-------- C:\Program Files\HighCriteria

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-20 14:56 --------- d-----w C:\Program Files\Outpost Firewall
      2008-02-20 14:56 --------- d-----w C:\Program Files\capimonitor
      2008-02-20 14:56 --------- d-----w C:\Documents and Settings\P\Application Data\OpenOffice.org2
      2008-02-19 11:54 --------- d-----w C:\Program Files\Common Files\Adobe
      2008-01-24 19:43 --------- d-----w C:\Program Files\DivX
      2008-01-17 20:52 --------- d-----w C:\Program Files\Op de boerderij
      2008-01-16 11:45 --------- d-----w C:\Program Files\Trend Micro
      2008-01-16 10:55 262,144 ----a-w C:\ntuser.dat
      2008-01-16 03:07 --------- d-----w C:\Program Files\Hitman Pro
      2008-01-16 02:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-01-16 01:54 --------- d-----w C:\Program Files\SpywareBlaster
      2008-01-12 22:12 --------- d-----w C:\Program Files\Uniblue
      2008-01-12 22:12 --------- d-----w C:\Program Files\Diafaan Oproep Lite
      2008-01-12 22:12 --------- d-----w C:\Documents and Settings\P\Application Data\Uniblue
      2008-01-08 17:21 --------- d-----w C:\Program Files\Webvox Instellingen
      2008-01-08 15:30 --------- d-----w C:\Documents and Settings\P\Application Data\Samsung
      2008-01-06 15:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-01-06 15:40 --------- d-----w C:\Program Files\Samsung
      2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
      2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
      2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
      2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
      2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
      2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
      2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
      2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
      2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
      2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
      2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
      2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
      2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
      2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
      2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
      2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
      2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
      2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
      2008-01-03 18:56 --------- d-----w C:\Program Files\DP
      2008-01-02 10:48 --------- d-----w C:\Program Files\Payvision
      2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
      2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
      2007-11-29 13:11 160 ----a-w C:\install.dat
      2007-11-14 08:27 69,632 ----a-w C:\Program Files\DBXtract.exe
      2006-04-28 17:59 128,544 ----a-w C:\Program Files\FindFile.exe
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
      2008-02-07 11:54 398768 --a------ C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 14:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
      "SoundMan"="SOUNDMAN.EXE" [2004-07-01 04:58 73728 C:\WINDOWS\SoundMan.exe]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848]
      "nwiz"="nwiz.exe" [2006-08-11 14:43 1519616 C:\WINDOWS\system32\nwiz.exe]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
      "AlcWzrd"="ALCWZRD.EXE" [2004-07-05 11:05 2550272 C:\WINDOWS\ALCWZRD.EXE]
      "FmctrlTray"="Fmctrl.EXE" [2001-08-20 14:47 270336 C:\WINDOWS\system32\fmctrl.exe]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 14:43 86016]
      "Outpost Firewall"="C:\Program Files\Outpost Firewall\outpost.exe" [2004-03-10 15:18 87040]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
      "RegistryMechanic"=""
      "TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-05-12 01:32 86016]
      "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]

      C:\Documents and Settings\P\Menu Start\Programma's\Opstarten\
      OpenOffice.org 2.3 .lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
      Snelkoppeling naar capimonitor.lnk - C:\Program Files\capimonitor\capimonitor.exe [2006-05-20 22:53:38 1444864]
      Snelkoppeling naar DateInTray.exe.lnk - C:\Program Files\DateInTray\DateInTray.exe [2006-02-15 14:30:32 78848]
      Snelkoppeling naar NoteTab.lnk - C:\Program Files\NoteTab Light\NoteTab.exe [2006-05-21 11:45:08 1797632]
      Snelkoppeling naar VoxVox32.lnk - C:\Program Files\Vox\VoxVox32.exe [2006-05-22 19:57:55 462848]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22 288472]

      R1 VFILT;Outpost Firewall Kernel Driver;C:\PROGRA~1\OUTPOS~1\kernel\2000\FILTNT.SYS [2004-03-10 15:16]
      R2 AVMPORT;AVMPORT;C:\WINDOWS\system32\drivers\avmport.sys [2007-09-30 01:10]
      R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\PROGRA~1\OUTPOS~1\kernel\ADBLOCK.DLL [2004-03-10 15:17]
      R3 AVMWAN;NDIS WAN CAPI drivers;C:\WINDOWS\system32\DRIVERS\avmwan.sys [2002-08-01 01:00]
      R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\CONTENT.DLL [2004-03-10 15:17]
      R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\PROGRA~1\OUTPOS~1\kernel\DNSCACHE.DLL [2004-03-10 15:16]
      R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\FTPFILT.DLL [2004-03-10 15:18]
      R3 fxusbase;Webvox (Win XP/2000);C:\WINDOWS\system32\DRIVERS\fxusbase.sys [2002-08-01 01:00]
      R3 gameport;FM801 PCI Joystick;C:\WINDOWS\system32\DRIVERS\fmjoy.sys [2001-06-15 00:59]
      R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\HTMLFILT.DLL [2004-03-10 15:16]
      R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\HTTPFILT.DLL [2004-03-10 15:34]
      R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\IMAPFILT.DLL [2004-03-10 15:17]
      R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\MAILFILT.DLL [2004-03-10 15:17]
      R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\NNTPFILT.DLL [2004-03-10 15:17]
      R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\POP3FILT.DLL [2004-03-10 15:17]
      R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\PROTECT.DLL [2004-03-10 15:18]
      R3 wdm_fm801;FM801 PCI Audio (WDM);C:\WINDOWS\system32\drivers\fm801.sys [2001-11-02 07:33]
      S3 DIGIRPS;Digi PortServer-stuurprogramma;C:\WINDOWS\system32\DRIVERS\digirlpt.sys [2001-09-06 18:36]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24f424cf-bdfd-11dc-b1de-00112fb33673}]
      \Shell\AutoRun\command - I:\2ifetri.cmd
      \Shell\explore\Command - I:\2ifetri.cmd
      \Shell\open\Command - I:\2ifetri.cmd

      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-02-18 01:00:27 C:\WINDOWS\Tasks\maak kopie van map pvk.job"
      - C:\WINDOWS\system32\ntbackup.exeRbackup
      "2008-02-10 20:28:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
      - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
      "2008-01-11 18:47:06 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
      - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-20 17:59:37
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-02-20 18:00:06
      ComboFix-quarantined-files.txt 2008-02-20 17:00:03
      ComboFix2.txt 2008-01-29 10:58:00
      ComboFix3.txt 2008-01-29 10:47:45
      ComboFix4.txt 2008-01-29 09:33:25
      ComboFix5.txt 2008-01-17 21:25:52


      en:

      Logfile of HijackThis v1.99.1
      Scan saved at 18:03:03, on 20.02.08
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.5730.0013)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\PROGRA~1\OUTPOS~1\outpost.exe
      C:\WINDOWS\System32\snmp.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\ALCWZRD.EXE
      C:\WINDOWS\system32\Fmctrl.EXE
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
      C:\Program Files\capimonitor\capimonitor.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
      C:\Program Files\DateInTray\DateInTray.exe
      C:\Program Files\NoteTab Light\NoteTab.exe
      C:\Program Files\Vox\VoxVox32.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\Outlook Express\msimn.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\notepad.exe
      E:\internet\download\antispyware\HiJackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://10.0.0.138
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
      O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Outpost Firewall\outpost.exe /waitservice
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
      O4 - Startup: OpenOffice.org 2.3 .lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
      O4 - Startup: Snelkoppeling naar capimonitor.lnk = C:\Program Files\capimonitor\capimonitor.exe
      O4 - Startup: Snelkoppeling naar DateInTray.exe.lnk = C:\Program Files\DateInTray\DateInTray.exe
      O4 - Startup: Snelkoppeling naar NoteTab.lnk = C:\Program Files\NoteTab Light\NoteTab.exe
      O4 - Startup: Snelkoppeling naar VoxVox32.lnk = C:\Program Files\Vox\VoxVox32.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program Files\Outpost Firewall\TRASH.EXE (HKCU)
      O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program Files\Outpost Firewall\TRASH.EXE (HKCU)
      O11 - Options group: [INTERNATIONAL] International*
      O15 - Trusted Zone: http://www.freerecordshop.nl
      O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197824463562
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197824591312
      O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
      O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
      O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://members.driverguide.com/director/dispatch_getfile.php?mode=toolkit_lite
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\OUTPOS~1\outpost.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

      Comment


      • #4
        aanvulling:

        ik moest opnieuw opstarten, gelukkig geen melding meer van
        HTML-code:
        De instructie op 0x10013f32 verwijst naar geheugen op 0x000000ff. De lees- of schrijfbewerking ("read") op het geheugen is mislukt

        Comment


        • #5
          Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

          Registry::
          [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24f424cf-bdfd-11dc-b1de-00112fb33673}]




          Sla dit op op je Bureaublad als CFScript.txt.

          Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



          Dit zal ComboFix doen herstarten.

          Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

          Wat heb je op drive I: ???
          Last edited by Steggel; 20-02-08, 22:38.

          Comment


          • #6
            op min drive I staat een mp3 speler; (en op J de camera, Sony MemoryStick, maar dat had je al gezien, denk ik )

            nog een keer Logfile of HijackThis?

            Comment


            • #7
              In bericht #2 gaf ik opdracht om ComboFix te downloaden op je bureaublad.

              Gestart vanuit: E:\internet\download\antispyware\ComboFix.exe
              Plaats combofix op je bureaublad tesamen met bovenstaande kladblok bestand.

              Sleep dan het bestand CFscript.txt naar ComboFix en post dat log.

              Comment


              • #8
                sorry, ik wist niet dat dat een rol kon spelen.

                ComboFix 08-02-20.2 - pvk 2008-02-20 22:23:23.13 - NTFSx86
                Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.565 [GMT 1:00]
                Gestart vanuit: C:\Documents and Settings\P\Bureaublad\ComboFix.exe
                Command switches used :: C:\Documents and Settings\P\Bureaublad\CFScript.txt
                * Nieuw herstelpunt werd aangemaakt

                WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
                .

                (((((((((((((((((((( Bestanden Gemaakt van 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))
                .

                2008-02-17 14:37 . 2008-02-17 14:38 <DIR> d-------- C:\Program Files\iMesh Applications
                2008-02-17 14:37 . 2008-02-17 15:50 <DIR> d-------- C:\Documents and Settings\P\Application Data\iMesh
                2008-02-17 14:37 . 2007-11-22 16:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
                2008-02-14 18:28 . 2008-02-14 18:28 <DIR> d-------- C:\Program Files\Intelore
                2008-02-14 18:28 . 2008-02-14 18:28 <DIR> d-------- C:\Documents and Settings\P\Application Data\Intelore
                2008-02-12 19:37 . 2008-02-12 19:37 <DIR> d-------- C:\Program Files\Overhoor
                2008-02-12 19:34 . 2008-02-12 19:34 <DIR> d-------- C:\Program Files\DrillAss
                2008-02-12 19:34 . 2008-02-12 19:35 295 --a------ C:\WINDOWS\DrillAss.ini
                2008-02-12 19:34 . 2008-02-12 19:37 47 --a------ C:\WINDOWS\OH4WIN.REG
                2008-02-08 14:22 . 2008-02-08 14:22 104 --a------ C:\WINDOWS\packspel.dat
                2008-02-05 14:15 . 2008-02-05 14:15 <DIR> d-------- C:\HAVEN
                2008-02-05 14:10 . 2008-02-08 14:21 <DIR> d-------- C:\PACKMOB
                2008-02-01 23:53 . 2008-02-01 23:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
                2008-02-01 23:53 . 2008-02-01 23:53 1,409 --a------ C:\WINDOWS\QTFont.for
                2008-01-28 14:34 . 2008-01-28 14:34 <DIR> d-------- C:\Program Files\Lavasoft
                2008-01-28 14:34 . 2008-01-28 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
                2008-01-28 14:33 . 2008-01-28 14:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
                2008-01-25 14:45 . 2006-05-11 10:48 106,496 --a------ C:\WINDOWS\system32\DrvTrNTl.dll
                2008-01-25 14:45 . 2006-05-17 21:53 54,272 --a------ C:\WINDOWS\system32\DrvTrNTm.dll
                2008-01-24 20:38 . 2008-01-24 20:38 <DIR> d-------- C:\WINDOWS\naevius_yt_1
                2008-01-24 20:38 . 2008-01-24 20:47 <DIR> d-------- C:\Program Files\Naevius YouTube Converter
                2008-01-24 20:38 . 2008-02-10 15:42 <DIR> d-------- C:\naevius_temp_folder
                2008-01-24 00:05 . 2008-01-24 00:05 <DIR> d-------- C:\Program Files\HighCriteria

                .
                ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                2008-02-20 20:26 --------- d-----w C:\Program Files\Outpost Firewall
                2008-02-20 17:11 --------- d-----w C:\Program Files\capimonitor
                2008-02-20 17:11 --------- d-----w C:\Documents and Settings\P\Application Data\OpenOffice.org2
                2008-02-19 11:54 --------- d-----w C:\Program Files\Common Files\Adobe
                2008-01-24 19:43 --------- d-----w C:\Program Files\DivX
                2008-01-17 20:52 --------- d-----w C:\Program Files\Op de boerderij
                2008-01-16 11:45 --------- d-----w C:\Program Files\Trend Micro
                2008-01-16 10:55 262,144 ----a-w C:\ntuser.dat
                2008-01-16 03:07 --------- d-----w C:\Program Files\Hitman Pro
                2008-01-16 02:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                2008-01-16 01:54 --------- d-----w C:\Program Files\SpywareBlaster
                2008-01-12 22:12 --------- d-----w C:\Program Files\Uniblue
                2008-01-12 22:12 --------- d-----w C:\Program Files\Diafaan Oproep Lite
                2008-01-12 22:12 --------- d-----w C:\Documents and Settings\P\Application Data\Uniblue
                2008-01-08 17:21 --------- d-----w C:\Program Files\Webvox Instellingen
                2008-01-08 15:30 --------- d-----w C:\Documents and Settings\P\Application Data\Samsung
                2008-01-06 15:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
                2008-01-06 15:40 --------- d-----w C:\Program Files\Samsung
                2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
                2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
                2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
                2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
                2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
                2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
                2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
                2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
                2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
                2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
                2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
                2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
                2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
                2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
                2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
                2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
                2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
                2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
                2008-01-03 18:56 --------- d-----w C:\Program Files\DP
                2008-01-02 10:48 --------- d-----w C:\Program Files\Payvision
                2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
                2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
                2007-11-29 13:11 160 ----a-w C:\install.dat
                2007-11-14 08:27 69,632 ----a-w C:\Program Files\DBXtract.exe
                2006-04-28 17:59 128,544 ----a-w C:\Program Files\FindFile.exe
                .

                ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                .
                REGEDIT4
                *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
                2008-02-07 11:54 398768 --a------ C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll

                [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 14:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
                "SoundMan"="SOUNDMAN.EXE" [2004-07-01 04:58 73728 C:\WINDOWS\SoundMan.exe]
                "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848]
                "nwiz"="nwiz.exe" [2006-08-11 14:43 1519616 C:\WINDOWS\system32\nwiz.exe]
                "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
                "AlcWzrd"="ALCWZRD.EXE" [2004-07-05 11:05 2550272 C:\WINDOWS\ALCWZRD.EXE]
                "FmctrlTray"="Fmctrl.EXE" [2001-08-20 14:47 270336 C:\WINDOWS\system32\fmctrl.exe]
                "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
                "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 14:43 86016]
                "Outpost Firewall"="C:\Program Files\Outpost Firewall\outpost.exe" [2004-03-10 15:18 87040]
                "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
                "RegistryMechanic"=""
                "TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-05-12 01:32 86016]
                "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
                "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

                [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]

                C:\Documents and Settings\P\Menu Start\Programma's\Opstarten\
                OpenOffice.org 2.3 .lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
                Snelkoppeling naar capimonitor.lnk - C:\Program Files\capimonitor\capimonitor.exe [2006-05-20 22:53:38 1444864]
                Snelkoppeling naar DateInTray.exe.lnk - C:\Program Files\DateInTray\DateInTray.exe [2006-02-15 14:30:32 78848]
                Snelkoppeling naar NoteTab.lnk - C:\Program Files\NoteTab Light\NoteTab.exe [2006-05-21 11:45:08 1797632]
                Snelkoppeling naar VoxVox32.lnk - C:\Program Files\Vox\VoxVox32.exe [2006-05-22 19:57:55 462848]

                C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22 288472]

                R1 VFILT;Outpost Firewall Kernel Driver;C:\PROGRA~1\OUTPOS~1\kernel\2000\FILTNT.SYS [2004-03-10 15:16]
                R2 AVMPORT;AVMPORT;C:\WINDOWS\system32\drivers\avmport.sys [2007-09-30 01:10]
                R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\PROGRA~1\OUTPOS~1\kernel\ADBLOCK.DLL [2004-03-10 15:17]
                R3 AVMWAN;NDIS WAN CAPI drivers;C:\WINDOWS\system32\DRIVERS\avmwan.sys [2002-08-01 01:00]
                R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\CONTENT.DLL [2004-03-10 15:17]
                R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\PROGRA~1\OUTPOS~1\kernel\DNSCACHE.DLL [2004-03-10 15:16]
                R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\FTPFILT.DLL [2004-03-10 15:18]
                R3 fxusbase;Webvox (Win XP/2000);C:\WINDOWS\system32\DRIVERS\fxusbase.sys [2002-08-01 01:00]
                R3 gameport;FM801 PCI Joystick;C:\WINDOWS\system32\DRIVERS\fmjoy.sys [2001-06-15 00:59]
                R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\HTMLFILT.DLL [2004-03-10 15:16]
                R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\HTTPFILT.DLL [2004-03-10 15:34]
                R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\IMAPFILT.DLL [2004-03-10 15:17]
                R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\MAILFILT.DLL [2004-03-10 15:17]
                R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\NNTPFILT.DLL [2004-03-10 15:17]
                R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\POP3FILT.DLL [2004-03-10 15:17]
                R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\PROTECT.DLL [2004-03-10 15:18]
                R3 wdm_fm801;FM801 PCI Audio (WDM);C:\WINDOWS\system32\drivers\fm801.sys [2001-11-02 07:33]
                S3 DIGIRPS;Digi PortServer-stuurprogramma;C:\WINDOWS\system32\DRIVERS\digirlpt.sys [2001-09-06 18:36]

                [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24f424cf-bdfd-11dc-b1de-00112fb33673}]
                \Shell\AutoRun\command - I:\2ifetri.cmd
                \Shell\explore\Command - I:\2ifetri.cmd
                \Shell\open\Command - I:\2ifetri.cmd

                .
                Inhoud van de 'Gedeelde Taken' map
                "2008-02-18 01:00:27 C:\WINDOWS\Tasks\maak kopie van map pvk.job"
                - C:\WINDOWS\system32\ntbackup.exeRbackup
                "2008-02-20 20:28:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
                - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
                "2008-01-11 18:47:06 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
                - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
                .
                **************************************************************************

                catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                Rootkit scan 2008-02-20 22:24:12
                Windows 5.1.2600 Service Pack 2 NTFS

                scannen van verborgen processen ...

                scannen van verborgen autostart items ...

                scannen van verborgen bestanden ...

                Scan succesvol afgerond
                verborgen bestanden: 0

                **************************************************************************
                .
                Voltooingstijd: 2008-02-20 22:24:37
                ComboFix-quarantined-files.txt 2008-02-20 21:24:35
                ComboFix2.txt 2008-02-20 17:58:24
                ComboFix3.txt 2008-02-20 17:00:07
                ComboFix4.txt 2008-01-29 10:58:00
                ComboFix5.txt 2008-01-29 10:47:45

                Comment


                • #9
                  Kan je de blauwe tekst uit bericht #5 nog een keer in notepad copieren en opslaan als CFScript.txt op je bureaublad. Sleep dan nogmaals het bestandje naar ComboFix.

                  Ik heb de code iets aangepast waardoor die regel nu wel wordt verwijderd. Post opnieuw het log.

                  Comment


                  • #10
                    ok, komt ie nog een keer:

                    ComboFix 08-02-20.2 - pvk 2008-02-21 0:11:07.14 - NTFSx86
                    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.549 [GMT 1:00]
                    Gestart vanuit: C:\Documents and Settings\P\Bureaublad\ComboFix.exe
                    Command switches used :: C:\Documents and Settings\P\Bureaublad\CFScript.txt
                    * Nieuw herstelpunt werd aangemaakt

                    WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
                    .

                    (((((((((((((((((((( Bestanden Gemaakt van 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))
                    .

                    2008-02-17 14:37 . 2008-02-17 14:38 <DIR> d-------- C:\Program Files\iMesh Applications
                    2008-02-17 14:37 . 2008-02-17 15:50 <DIR> d-------- C:\Documents and Settings\P\Application Data\iMesh
                    2008-02-17 14:37 . 2007-11-22 16:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
                    2008-02-14 18:28 . 2008-02-14 18:28 <DIR> d-------- C:\Program Files\Intelore
                    2008-02-14 18:28 . 2008-02-14 18:28 <DIR> d-------- C:\Documents and Settings\P\Application Data\Intelore
                    2008-02-12 19:37 . 2008-02-12 19:37 <DIR> d-------- C:\Program Files\Overhoor
                    2008-02-12 19:34 . 2008-02-12 19:34 <DIR> d-------- C:\Program Files\DrillAss
                    2008-02-12 19:34 . 2008-02-12 19:35 295 --a------ C:\WINDOWS\DrillAss.ini
                    2008-02-12 19:34 . 2008-02-12 19:37 47 --a------ C:\WINDOWS\OH4WIN.REG
                    2008-02-08 14:22 . 2008-02-08 14:22 104 --a------ C:\WINDOWS\packspel.dat
                    2008-02-05 14:15 . 2008-02-05 14:15 <DIR> d-------- C:\HAVEN
                    2008-02-05 14:10 . 2008-02-08 14:21 <DIR> d-------- C:\PACKMOB
                    2008-02-01 23:53 . 2008-02-01 23:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
                    2008-02-01 23:53 . 2008-02-01 23:53 1,409 --a------ C:\WINDOWS\QTFont.for
                    2008-01-28 14:34 . 2008-01-28 14:34 <DIR> d-------- C:\Program Files\Lavasoft
                    2008-01-28 14:34 . 2008-01-28 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
                    2008-01-28 14:33 . 2008-01-28 14:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
                    2008-01-25 14:45 . 2006-05-11 10:48 106,496 --a------ C:\WINDOWS\system32\DrvTrNTl.dll
                    2008-01-25 14:45 . 2006-05-17 21:53 54,272 --a------ C:\WINDOWS\system32\DrvTrNTm.dll
                    2008-01-24 20:38 . 2008-01-24 20:38 <DIR> d-------- C:\WINDOWS\naevius_yt_1
                    2008-01-24 20:38 . 2008-01-24 20:47 <DIR> d-------- C:\Program Files\Naevius YouTube Converter
                    2008-01-24 20:38 . 2008-02-10 15:42 <DIR> d-------- C:\naevius_temp_folder
                    2008-01-24 00:05 . 2008-01-24 00:05 <DIR> d-------- C:\Program Files\HighCriteria

                    .
                    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    2008-02-20 20:26 --------- d-----w C:\Program Files\Outpost Firewall
                    2008-02-20 17:11 --------- d-----w C:\Program Files\capimonitor
                    2008-02-20 17:11 --------- d-----w C:\Documents and Settings\P\Application Data\OpenOffice.org2
                    2008-02-19 11:54 --------- d-----w C:\Program Files\Common Files\Adobe
                    2008-01-24 19:43 --------- d-----w C:\Program Files\DivX
                    2008-01-17 20:52 --------- d-----w C:\Program Files\Op de boerderij
                    2008-01-16 11:45 --------- d-----w C:\Program Files\Trend Micro
                    2008-01-16 10:55 262,144 ----a-w C:\ntuser.dat
                    2008-01-16 03:07 --------- d-----w C:\Program Files\Hitman Pro
                    2008-01-16 02:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                    2008-01-16 01:54 --------- d-----w C:\Program Files\SpywareBlaster
                    2008-01-12 22:12 --------- d-----w C:\Program Files\Uniblue
                    2008-01-12 22:12 --------- d-----w C:\Program Files\Diafaan Oproep Lite
                    2008-01-12 22:12 --------- d-----w C:\Documents and Settings\P\Application Data\Uniblue
                    2008-01-08 17:21 --------- d-----w C:\Program Files\Webvox Instellingen
                    2008-01-08 15:30 --------- d-----w C:\Documents and Settings\P\Application Data\Samsung
                    2008-01-06 15:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
                    2008-01-06 15:40 --------- d-----w C:\Program Files\Samsung
                    2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
                    2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
                    2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
                    2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
                    2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
                    2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
                    2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
                    2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
                    2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
                    2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
                    2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
                    2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
                    2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
                    2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
                    2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
                    2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
                    2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
                    2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
                    2008-01-03 18:56 --------- d-----w C:\Program Files\DP
                    2008-01-02 10:48 --------- d-----w C:\Program Files\Payvision
                    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
                    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
                    2007-11-29 13:11 160 ----a-w C:\install.dat
                    2007-11-14 08:27 69,632 ----a-w C:\Program Files\DBXtract.exe
                    2006-04-28 17:59 128,544 ----a-w C:\Program Files\FindFile.exe
                    .

                    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    .
                    REGEDIT4
                    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
                    2008-02-07 11:54 398768 --a------ C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll

                    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 14:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
                    "SoundMan"="SOUNDMAN.EXE" [2004-07-01 04:58 73728 C:\WINDOWS\SoundMan.exe]
                    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848]
                    "nwiz"="nwiz.exe" [2006-08-11 14:43 1519616 C:\WINDOWS\system32\nwiz.exe]
                    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
                    "AlcWzrd"="ALCWZRD.EXE" [2004-07-05 11:05 2550272 C:\WINDOWS\ALCWZRD.EXE]
                    "FmctrlTray"="Fmctrl.EXE" [2001-08-20 14:47 270336 C:\WINDOWS\system32\fmctrl.exe]
                    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
                    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 14:43 86016]
                    "Outpost Firewall"="C:\Program Files\Outpost Firewall\outpost.exe" [2004-03-10 15:18 87040]
                    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
                    "RegistryMechanic"=""
                    "TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-05-12 01:32 86016]
                    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
                    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

                    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]

                    C:\Documents and Settings\P\Menu Start\Programma's\Opstarten\
                    OpenOffice.org 2.3 .lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
                    Snelkoppeling naar capimonitor.lnk - C:\Program Files\capimonitor\capimonitor.exe [2006-05-20 22:53:38 1444864]
                    Snelkoppeling naar DateInTray.exe.lnk - C:\Program Files\DateInTray\DateInTray.exe [2006-02-15 14:30:32 78848]
                    Snelkoppeling naar NoteTab.lnk - C:\Program Files\NoteTab Light\NoteTab.exe [2006-05-21 11:45:08 1797632]
                    Snelkoppeling naar VoxVox32.lnk - C:\Program Files\Vox\VoxVox32.exe [2006-05-22 19:57:55 462848]

                    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22 288472]

                    R1 VFILT;Outpost Firewall Kernel Driver;C:\PROGRA~1\OUTPOS~1\kernel\2000\FILTNT.SYS [2004-03-10 15:16]
                    R2 AVMPORT;AVMPORT;C:\WINDOWS\system32\drivers\avmport.sys [2007-09-30 01:10]
                    R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\PROGRA~1\OUTPOS~1\kernel\ADBLOCK.DLL [2004-03-10 15:17]
                    R3 AVMWAN;NDIS WAN CAPI drivers;C:\WINDOWS\system32\DRIVERS\avmwan.sys [2002-08-01 01:00]
                    R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\CONTENT.DLL [2004-03-10 15:17]
                    R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\PROGRA~1\OUTPOS~1\kernel\DNSCACHE.DLL [2004-03-10 15:16]
                    R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\FTPFILT.DLL [2004-03-10 15:18]
                    R3 fxusbase;Webvox (Win XP/2000);C:\WINDOWS\system32\DRIVERS\fxusbase.sys [2002-08-01 01:00]
                    R3 gameport;FM801 PCI Joystick;C:\WINDOWS\system32\DRIVERS\fmjoy.sys [2001-06-15 00:59]
                    R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\HTMLFILT.DLL [2004-03-10 15:16]
                    R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\HTTPFILT.DLL [2004-03-10 15:34]
                    R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\IMAPFILT.DLL [2004-03-10 15:17]
                    R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\MAILFILT.DLL [2004-03-10 15:17]
                    R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\NNTPFILT.DLL [2004-03-10 15:17]
                    R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\POP3FILT.DLL [2004-03-10 15:17]
                    R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\PROGRA~1\OUTPOS~1\kernel\PROTECT.DLL [2004-03-10 15:18]
                    R3 wdm_fm801;FM801 PCI Audio (WDM);C:\WINDOWS\system32\drivers\fm801.sys [2001-11-02 07:33]
                    S3 DIGIRPS;Digi PortServer-stuurprogramma;C:\WINDOWS\system32\DRIVERS\digirlpt.sys [2001-09-06 18:36]

                    .
                    Inhoud van de 'Gedeelde Taken' map
                    "2008-02-18 01:00:27 C:\WINDOWS\Tasks\maak kopie van map pvk.job"
                    - C:\WINDOWS\system32\ntbackup.exeRbackup
                    "2008-02-20 20:28:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
                    - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
                    "2008-01-11 18:47:06 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
                    - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
                    .
                    **************************************************************************

                    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                    Rootkit scan 2008-02-21 00:11:55
                    Windows 5.1.2600 Service Pack 2 NTFS

                    scannen van verborgen processen ...

                    scannen van verborgen autostart items ...

                    scannen van verborgen bestanden ...

                    Scan succesvol afgerond
                    verborgen bestanden: 0

                    **************************************************************************
                    .
                    Voltooingstijd: 2008-02-21 0:12:20
                    ComboFix-quarantined-files.txt 2008-02-20 23:12:18
                    ComboFix2.txt 2008-02-20 21:24:38
                    ComboFix3.txt 2008-02-20 17:58:24
                    ComboFix4.txt 2008-02-20 17:00:07
                    ComboFix5.txt 2008-01-29 10:58:00

                    Comment


                    • #11
                      Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klik op OK of toets Enter.
                      Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

                      Open de verkenner ("Deze Computer") en kies Extra -> Mapopties...
                      Controleer onder Weergave de volgende instellingen:

                      Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
                      Uitzetten: Extensies voor bekende bestandstypen verbergen

                      Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
                      Selecteer: Verborgen bestanden en mappen weergeven

                      Druk daarna op Toepassen gevolgd door Ok.

                      Controleer of je het volgende (verborgen) bestand nog ziet:
                      I:\2ifetri.cmd (Wel je MP3-player aansluiten)

                      Alles nu in orde?

                      Comment


                      • #12
                        Combofix verwijderd, weergave-instellingen aangepast , maar 2ifetri.cmd niet te vinden

                        Comment


                        • #13
                          Gelukkig niet meer aanwezig.
                          Dan kan deze naar Opgelost worden verplaatst.

                          Comment


                          • #14
                            alvorens je dat doet, heb ik toch nog een vraagje: morgen komt mijn kleindochter . die heeft
                            - een mobieltje waar ze gedownloade muziek op zet
                            - nog een andere usb stick van mij.

                            hoe te handelen:
                            -a- scannen met avast is voldoende
                            -b- de hele procedure met logjes herhalen, uiteraard met aangesloten apparaten

                            graag advies.

                            Comment


                            • #15
                              Over het uitzetten van de "Autorun" functie moet ik nog eens een pagina voor maken, maar lees deze pagina. (Is wel engels)

                              Hierbij wordt gebruik gemaakt van het programma TweakUI van Microsoft, waarmee je aanpassingen kunt maken zonder in het register te duiken.

                              Er staat dus goed beschreven hoe je die Autorun uit moet zetten voor USB-drives.

                              Dan kan je dus wel een USB apparaat zoals MP3-speler of mobiel aansluiten zonder dat een eventueel virus wordt gestart.
                              Daarna kan je dus met avast de "disk" scannen.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X