Mededeling

Collapse
No announcement yet.

trojan.Metajuan en Vundo

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • trojan.Metajuan en Vundo

    Hallo,

    Telkens ik mijn browser open, krijg ik te maken met ongewenste popups en geeft norton antivirus de melding dat ofwel trojan.metujan, trojan.vundo of diownloader geblokeerd heeft. Zowel Norton, Adaware, als Windows Defender verwijderen ze na een scan, maar ze blijven telkens terugkomen als ik opnieuw opstart.

    Hieronder het Hijackthis-log:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 9:09:18, on 22/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\JavaCore\JavaCore.exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\LANChat Pro\LANChat.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    C:\Documents and Settings\esmets\Bureaublad\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.liberaalarchief.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0413/bl8.asp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.liberaalarchief.be
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {B81D3EA8-B17F-4958-9DF9-67A8C9689E99} - C:\WINDOWS\system32\ddcca.dll
    O2 - BHO: TBSB08131 - {BEF0D9FA-0BC4-4CE3-812D-63642A7E2590} - C:\Program Files\IEToolbar\Power Search Tool\power_search_tool_new.dll
    O2 - BHO: {0b48fbb9-e3ef-8f78-8c04-e48b01b54cfc} - {cfc45b10-b84e-40c8-87f8-fe3e9bbf84b0} - C:\WINDOWS\system32\vllkfxrx.dll
    O2 - BHO: (no name) - {D85530E8-D39D-49D0-9F36-300D594556D2} - C:\WINDOWS\system32\ssqqpqn.dll
    O3 - Toolbar: (no name) - {BFB5F154-9212-46F3-B547-AC6106030A54} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [BM30fea8b7] Rundll32.exe "C:\WINDOWS\system32\phjenykd.dll",s
    O4 - HKLM\..\Run: [33cd9b2b] rundll32.exe "C:\WINDOWS\system32\dtomcnum.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-18 Startup: Microsoft Office Outlook 2003.lnk = ? (User 'SYSTEM')
    O4 - S-1-5-18 Startup: Snelkoppeling naar LANChat.lnk = C:\Program Files\LANChat Pro\LANChat.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Microsoft Office Outlook 2003.lnk = ? (User 'Default user')
    O4 - .DEFAULT Startup: Snelkoppeling naar LANChat.lnk = C:\Program Files\LANChat Pro\LANChat.exe (User 'Default user')
    O4 - Startup: Microsoft Office Outlook 2003.lnk = ?
    O4 - Startup: Snelkoppeling naar LANChat.lnk = C:\Program Files\LANChat Pro\LANChat.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = liberaalarchief.be
    O17 - HKLM\Software\..\Telephony: DomainName = liberaalarchief.be
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CB477104-B228-4D82-B69F-974FF32522D3}: NameServer = 192.168.1.101,195.238.2.21
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = liberaalarchief.be
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = liberaalarchief.be
    O20 - Winlogon Notify: ssqqpqn - C:\WINDOWS\SYSTEM32\ssqqpqn.dll
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/esmets/LOCALS~1/Temp/msohtml1/05/clip_image002.jpg

    --
    End of file - 10869 bytes

    Alvast bedankt voor juliie hulp

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.

    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen(je kan hem ook hier vinden: C:\Combofix.txt)
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      Hierbij de resultaten van RVAXO en Combofix

      ---RVAXO.exe Updated: 2008-02-21---first run---
      Files found:
      C:\WINDOWS\system32\uhcypmyo.dllbox
      C:\WINDOWS\system32\accdd.ini2
      C:\WINDOWS\system32\mcrh.tmp
      C:\WINDOWS\mrofinu572.exe
      C:\WINDOWS\mrofinu572.exe.tmp
      C:\WINDOWS\system32\pac.txt

      Uninstallers:


      Folders Found:

      C:\Program Files\Temporary
      C:\Program Files\Inetget2
      C:\WINDOWS\system32\nGpxx01

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------


      ComboFix 08-02-22.2 - esmets 2008-02-22 10:45:07.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.150 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\esmets\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\esmets\Application Data\macromedia\Flash Player\#SharedObjects\ZKTCZZFC\iforex.com
      C:\Documents and Settings\esmets\Application Data\macromedia\Flash Player\#SharedObjects\ZKTCZZFC\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
      C:\Documents and Settings\esmets\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
      C:\Documents and Settings\esmets\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
      C:\Temp\isgTi19
      C:\WINDOWS\b152.exe
      C:\WINDOWS\b153.exe
      C:\WINDOWS\system32\accdd.ini
      C:\WINDOWS\system32\accdd.ini2
      C:\WINDOWS\system32\cbvfvums.dll
      C:\WINDOWS\system32\ddcca.dll
      C:\WINDOWS\system32\ddccbbx.dll
      C:\WINDOWS\system32\drivers\fad.sys
      C:\WINDOWS\system32\dtomcnum.dll
      C:\WINDOWS\system32\jfqjkmwl.dll
      C:\WINDOWS\system32\kpodlijj.dll
      C:\WINDOWS\system32\muncmotd.ini
      C:\WINDOWS\system32\phjenykd.dll
      C:\WINDOWS\system32\sjjjhvyd.dll
      C:\WINDOWS\system32\ssqqpqn.dll
      C:\WINDOWS\system32\uqiebgvi.dll
      C:\WINDOWS\system32\vllkfxrx.dll
      C:\WINDOWS\system32\wrekhmro.dll

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-22 to 2008-02-22 ))))))))))))))))))))))))))))))
      .

      2008-02-22 10:34 . 2008-02-22 10:35 <DIR> d-------- C:\RVAXO
      2008-02-22 10:32 . 2008-02-21 15:42 708,525 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-02-22 10:32 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
      2008-02-22 08:26 . 2008-02-22 08:52 894 ---hs---- C:\WINDOWS\system32\hrvoqqny.ini
      2008-02-22 08:21 . 2008-02-22 08:23 69,992 --a------ C:\WINDOWS\BM30fea8b7.xml
      2008-02-22 08:21 . 2008-02-22 10:45 21 --a------ C:\WINDOWS\pskt.ini
      2008-02-21 10:42 . 2008-02-21 10:58 <DIR> d-------- C:\Program Files\JavaCore
      2008-02-21 10:37 . 2008-02-22 08:40 <DIR> d-------- C:\Program Files\xInsIDE
      2008-02-21 08:19 . 2008-02-22 08:18 714 ---hs---- C:\WINDOWS\system32\ybvsmksb.ini
      2008-02-20 10:27 . 2008-02-22 10:45 <DIR> d-------- C:\Temp
      2008-02-19 15:49 . 2008-02-19 15:49 <DIR> d-------- C:\Documents and Settings\esmets\Application Data\MSN6
      2008-02-19 15:49 . 2008-02-19 15:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
      2008-02-14 11:35 . 2008-02-14 11:35 <DIR> d-------- C:\Program Files\pdf995

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-14 07:52 --------- d-----w C:\Program Files\Common Files\Adobe
      2008-02-13 08:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2008-02-01 07:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
      2008-01-15 08:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
      2008-01-15 04:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
      2008-01-12 17:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BEF0D9FA-0BC4-4CE3-812D-63642A7E2590}]
      2007-09-08 01:06 2158592 --a------ C:\Program Files\IEToolbar\Power Search Tool\power_search_tool_new.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
      "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-07 09:03 68856]
      "JavaCore"="C:\Program Files\JavaCore\JavaCore.exe" [2008-02-21 10:42 144896]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 16:48 32881]
      "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 07:57 143360]
      "DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 13:34 69632]
      "srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 22:34 36864]
      "SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 19:01 525824]
      "CPQEASYACC"="C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe" [2001-12-14 13:01 32768]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
      "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 00:11 771704]
      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
      "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

      C:\Documents and Settings\esmets\Menu Start\Programma's\Opstarten\
      Microsoft Office Outlook 2003.lnk - C:\WINDOWS\Installer\{91110413-6000-11D3-8CFE-0150048383C9}\outicon.exe [2004-08-13 13:17:26 794624]
      Snelkoppeling naar LANChat.lnk - C:\Program Files\LANChat Pro\LANChat.exe [2004-08-13 13:10:51 146432]


      .
      Inhoud van de 'Gedeelde Taken' map
      "2007-11-29 09:35:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2008-02-22 09:53:36 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
      - C:\Program Files\Windows Defender\MpCmdRun.exe
      "2007-03-16 14:51:31 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan - esmets.job"
      - C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
      "2008-02-21 10:27:28 C:\WINDOWS\Tasks\User_Feed_Synchronization-{6E7C95CC-3C6E-42EE-906A-B3C1564E8119}.job"
      - C:\WINDOWS\system32\msfeedssync.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-22 10:52:11
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
      C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
      C:\Compaq\EAKDRV\EAUSBKBD.EXE
      C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
      C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
      C:\WINDOWS\System32\imapi.exe
      C:\WINDOWS\system32\userinit.exe
      .
      **************************************************************************
      .
      Voltooingstijd: 2008-02-22 10:55:31 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-02-22 09:55:27
      .
      2008-02-22 07:25:21 --- E O F ---



      Alvast bedankt!

      Comment


      • #4
        Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:



        File::
        C:\WINDOWS\system32\hrvoqqny.ini
        C:\WINDOWS\BM30fea8b7.xml
        C:\WINDOWS\pskt.ini
        C:\WINDOWS\system32\ybvsmksb.ini

        Folder::
        C:\Program Files\JavaCore
        C:\Program Files\xInsIDE

        Registry::
        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "JavaCore"=-




        Sla dit op op je Bureaublad als CFScript.txt

        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



        Dit zal ComboFix doen herstarten.
        Start opnieuw op als daarom gevraagd wordt,
        en post de inhoud van de Combofix.txt in je volgende antwoord.

        Comment


        • #5
          Hierbij het log van combofix


          ComboFix 08-02-22.2 - esmets 2008-02-22 12:01:24.2 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.178 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\esmets\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\esmets\Bureaublad\CFScript.txt
          * Nieuw herstelpunt werd aangemaakt

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

          FILE ::
          C:\WINDOWS\BM30fea8b7.xml
          C:\WINDOWS\pskt.ini
          C:\WINDOWS\system32\hrvoqqny.ini
          C:\WINDOWS\system32\ybvsmksb.ini
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\Program Files\JavaCore
          C:\Program Files\JavaCore\JavaCore.exe
          C:\Program Files\JavaCore\UnInstall.exe
          C:\Program Files\xInsIDE
          C:\WINDOWS\BM30fea8b7.xml
          C:\WINDOWS\pskt.ini
          C:\WINDOWS\system32\hrvoqqny.ini
          C:\WINDOWS\system32\ybvsmksb.ini

          .
          (((((((((((((((((((( Bestanden Gemaakt van 2008-01-22 to 2008-02-22 ))))))))))))))))))))))))))))))
          .

          2008-02-22 10:34 . 2008-02-22 10:35 <DIR> d-------- C:\RVAXO
          2008-02-22 10:32 . 2008-02-21 15:42 708,525 --a------ C:\WINDOWS\system32\RVAXO.bat
          2008-02-22 10:32 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
          2008-02-20 10:27 . 2008-02-22 10:45 <DIR> d-------- C:\Temp
          2008-02-19 15:49 . 2008-02-19 15:49 <DIR> d-------- C:\Documents and Settings\esmets\Application Data\MSN6
          2008-02-19 15:49 . 2008-02-19 15:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
          2008-02-14 11:35 . 2008-02-14 11:35 <DIR> d-------- C:\Program Files\pdf995

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-02-14 07:52 --------- d-----w C:\Program Files\Common Files\Adobe
          2008-02-13 08:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
          2008-02-01 07:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
          2008-01-15 08:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
          2008-01-15 04:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
          2008-01-12 17:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
          2008-01-11 05:52 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
          2007-12-19 22:57 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
          2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
          2007-12-08 05:18 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
          2007-12-06 14:32 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
          2007-12-06 11:04 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
          2007-12-06 11:04 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
          2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
          2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
          2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
          2007-12-04 18:42 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BEF0D9FA-0BC4-4CE3-812D-63642A7E2590}]
          2007-09-08 01:06 2158592 --a------ C:\Program Files\IEToolbar\Power Search Tool\power_search_tool_new.dll

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
          "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
          "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-07 09:03 68856]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 16:48 32881]
          "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 07:57 143360]
          "DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 13:34 69632]
          "srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 22:34 36864]
          "SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 19:01 525824]
          "CPQEASYACC"="C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe" [2001-12-14 13:01 32768]
          "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
          "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
          "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 00:11 771704]
          "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
          "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
          "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

          C:\Documents and Settings\esmets\Menu Start\Programma's\Opstarten\
          Microsoft Office Outlook 2003.lnk - C:\WINDOWS\Installer\{91110413-6000-11D3-8CFE-0150048383C9}\outicon.exe [2004-08-13 13:17:26 794624]
          Snelkoppeling naar LANChat.lnk - C:\Program Files\LANChat Pro\LANChat.exe [2004-08-13 13:10:51 146432]


          .
          Inhoud van de 'Gedeelde Taken' map
          "2007-11-29 09:35:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          "2008-02-22 09:53:36 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
          - C:\Program Files\Windows Defender\MpCmdRun.exe
          "2007-03-16 14:51:31 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan - esmets.job"
          - C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
          "2008-02-22 10:23:27 C:\WINDOWS\Tasks\User_Feed_Synchronization-{6E7C95CC-3C6E-42EE-906A-B3C1564E8119}.job"
          - C:\WINDOWS\system32\msfeedssync.exe
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-02-22 12:03:53
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          Voltooingstijd: 2008-02-22 12:04:40
          ComboFix-quarantined-files.txt 2008-02-22 11:04:38
          ComboFix2.txt 2008-02-22 09:55:32
          .
          2008-02-22 07:25:21 --- E O F ---

          Comment


          • #6
            Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
            Dit zal alles van RVAXO doen verwijderen.

            Je Java software is verouderd.
            Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
            Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
            • Download Java Runtime Environment (JRE) 6u4 en bewaar het naar je Bureaublad.
            • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
            • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
            • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
            • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
            • Herhaal dit tot alle oudere versies verdwenen zijn.
            • Na het verwijderen van alle oudere versies, herstart je pc.
            • Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


            Download ATF cleaner (mirror)(gemaakt door Atribune)

            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Ga naar Start - Uitvoeren en geef hier het volgende in:
            Combofix /U
            Druk daarna op OK.
            Let op: Er moet een spatie tussen Combofix en /U zitten.

            Dit zal Combofix deïnstalleren.

            Post als laatste nog een nieuw logje van Hijackthis ter controle

            Comment


            • #7
              Hierbij mijn Hijakc-logje

              Logfile of Trend Micro HijackThis v2.0.0 (BETA)
              Scan saved at 13:18, on 2008-02-22
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Windows Defender\MsMpEng.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
              C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
              C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
              C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
              C:\Program Files\Windows Defender\MSASCui.exe
              C:\Program Files\Common Files\Symantec Shared\ccApp.exe
              C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
              C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
              C:\Program Files\QuickTime\QTTask.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\MSN Messenger\MsnMsgr.Exe
              C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
              C:\Compaq\EAKDRV\EAUSBKBD.EXE
              C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
              C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
              C:\Program Files\LANChat Pro\LANChat.exe
              C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
              C:\Program Files\MSN Messenger\usnsvc.exe
              C:\WINDOWS\system32\msiexec.exe
              C:\Program Files\Mozilla Firefox\firefox.exe
              C:\Documents and Settings\esmets\Bureaublad\HiJackThis_v2.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.liberaalarchief.be/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0413/bl8.asp
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.liberaalarchief.be
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
              O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
              O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
              O2 - BHO: TBSB08131 - {BEF0D9FA-0BC4-4CE3-812D-63642A7E2590} - C:\Program Files\IEToolbar\Power Search Tool\power_search_tool_new.dll
              O3 - Toolbar: (no name) - {BFB5F154-9212-46F3-B547-AC6106030A54} - (no file)
              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
              O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
              O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
              O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
              O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
              O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
              O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
              O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
              O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
              O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
              O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
              O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
              O4 - S-1-5-18 Startup: Microsoft Office Outlook 2003.lnk = ? (User 'SYSTEM')
              O4 - S-1-5-18 Startup: Snelkoppeling naar LANChat.lnk = C:\Program Files\LANChat Pro\LANChat.exe (User 'SYSTEM')
              O4 - .DEFAULT Startup: Microsoft Office Outlook 2003.lnk = ? (User 'Default user')
              O4 - .DEFAULT Startup: Snelkoppeling naar LANChat.lnk = C:\Program Files\LANChat Pro\LANChat.exe (User 'Default user')
              O4 - Startup: Microsoft Office Outlook 2003.lnk = ?
              O4 - Startup: Snelkoppeling naar LANChat.lnk = C:\Program Files\LANChat Pro\LANChat.exe
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
              O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
              O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
              O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
              O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
              O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = liberaalarchief.be
              O17 - HKLM\Software\..\Telephony: DomainName = liberaalarchief.be
              O17 - HKLM\System\CCS\Services\Tcpip\..\{CB477104-B228-4D82-B69F-974FF32522D3}: NameServer = 192.168.1.101,195.238.2.21
              O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = liberaalarchief.be
              O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = liberaalarchief.be
              O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
              O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
              O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
              O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
              O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
              O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
              O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
              O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
              O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
              O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

              --
              End of file - 9929 bytes


              Ik wil je alvast bedanken voor de eersteklasse-hulp op afstand (en bijzonder snel). Ik raad dit forum aan iedereen aan. I'll spread the word !

              Comment


              • #8
                Graag gedaan hoor

                Deze regel mag je nog weghalen met Hijackthis:
                O3 - Toolbar: (no name) - {BFB5F154-9212-46F3-B547-AC6106030A54} - (no file)

                Voor de rest ziet het er weer prima uit

                Comment

                Sorry, you are not authorized to view this page
                Working...
                X