Mededeling

Collapse
No announcement yet.

antispywareconductor.com/Trojan Metajuan

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • antispywareconductor.com/Trojan Metajuan

    ik ben vermoedelijk gehijacked. Ik krijg de melding dat ik spyware heb en dat ik antispyware.com moet bezoeken en de software downloaden. Heb ik uiteraard niet gedaan. Norton security scan geeft aan dat ik Trojan.Metajuan heb. Wordt verwijderd maar komt steeds terug. PCTools Spyware doctor geeft ook steeds terugkerende meldingen van hijacks. Kunnen jullie hier iets mee? Alvast dank, Job

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:05:42, on 22-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Spyware Doctor\pctsGui.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=0070623
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.nl/hws/sb/dell-row/nl/side.html?channel=nl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.nl/hws/sb/dell-row/nl/side.html?channel=nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?hl=nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.nl/hws/sb/dell-row/nl/side.html?channel=nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=0070623
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=0070623
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [yayxwvuuro] Rundll32.exe "C:\WINDOWS\system32\vturomll.dll",s
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

    --
    End of file - 9417 bytes

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen(je kan hem ook hier vinden: C:\Combofix.txt)
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      Hier de logs:

      Eerst RVAXO

      ---RVAXO.exe Updated: 2008-02-21---first run---
      Files found:
      C:\WINDOWS\system32\afipelby.dllbox
      C:\WINDOWS\system32\vrxrleeh.dllbox
      C:\WINDOWS\system32\wjivdodv.dllbox
      C:\WINDOWS\system32\vbzip10.dll
      C:\Documents and Settings\Job\Mijn documenten\pos???.tmp
      C:\pos???.tmp
      C:\Documents and Settings\Job\Bureau~1\Help and Support Center.lnk

      Uninstallers:


      Folders Found:


      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------

      en hier combofix

      ComboFix 08-02-22.2 - Job 2008-02-22 11:48:41.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.574 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Job\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\DOCUME~1\Linde\LOCALS~1\Temp\awvvw.dll
      C:\Temp\isgTi19
      C:\WINDOWS\system32\jpxsqwuu.ini
      C:\WINDOWS\system32\jvjiybex.dll
      C:\WINDOWS\system32\kjmsdidq.dll
      C:\WINDOWS\system32\lamonluu.ini
      C:\WINDOWS\system32\nGpxx18
      C:\WINDOWS\system32\qvpwwklj.ini
      C:\WINDOWS\system32\vfnhuosg.dll
      C:\WINDOWS\Fonts\-

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-22 to 2008-02-22 ))))))))))))))))))))))))))))))
      .

      2008-02-22 11:41 . 2008-02-22 11:41 <DIR> d-------- C:\RVAXO
      2008-02-22 11:37 . 2008-02-21 15:42 708,525 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-02-22 11:37 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
      2008-02-22 09:05 . 2008-02-22 09:05 <DIR> d-------- C:\Program Files\Trend Micro
      2008-02-21 12:08 . 2008-02-21 12:08 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AppDate
      2008-02-21 08:54 . 2008-02-21 08:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
      2008-02-21 08:54 . 2008-02-21 08:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
      2008-02-20 13:10 . 2008-02-20 13:10 <DIR> d-------- C:\Documents and Settings\Linde\Application Data\AppDate
      2008-02-20 10:45 . 2008-02-21 08:15 <DIR> d-------- C:\Documents and Settings\Job\Application Data\AppDate
      2008-02-20 10:45 . 2008-02-20 10:45 34,304 --a------ C:\WINDOWS\system32\vturomll.dll
      2008-02-20 10:45 . 2008-02-20 10:45 34,304 --a------ C:\WINDOWS\ddcyvtss.dll
      2008-02-20 10:45 . 2008-02-20 10:45 34,304 --a------ C:\Documents and Settings\Job\Application Data\jkhfcayy.dll
      2008-02-20 10:45 . 2008-02-22 11:53 341 --a------ C:\WINDOWS\system32\yayyaaxv
      2008-02-16 15:26 . 2008-02-16 15:29 <DIR> d-------- C:\WINDOWS\system32\NtmsData
      2008-02-16 14:46 . 2008-02-16 14:51 <DIR> d-------- C:\Program Files\Disney Interactive
      2008-02-16 14:46 . 2008-02-16 14:51 2,048 --a------ C:\WINDOWS\disney.ini
      2008-02-15 23:25 . 2008-02-15 23:25 <DIR> dr------- C:\Documents and Settings\LocalService\Favorieten
      2008-02-15 13:00 . 2008-02-15 13:03 <DIR> d-------- C:\Program Files\DirPrn
      2008-02-15 13:00 . 2008-02-15 13:00 249,856 --------- C:\WINDOWS\Setup1.exe
      2008-02-15 13:00 . 2008-02-15 13:00 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
      2008-02-14 18:04 . 2008-02-14 18:04 <DIR> d-------- C:\Documents and Settings\Ellen\Application Data\VanDale
      2008-02-10 17:02 . 2008-02-10 17:02 <DIR> d-------- C:\Documents and Settings\Job\Application Data\VanDale
      2008-02-10 16:57 . 2008-02-10 21:38 304 --a------ C:\WINDOWS\vdgwwin.ini
      2008-02-10 16:55 . 2008-02-10 16:55 <DIR> d-------- C:\VanDale
      2008-02-10 16:54 . 2008-02-10 16:54 <DIR> d-------- C:\Documents and Settings\Job\WINDOWS
      2008-02-09 18:34 . 2008-02-21 09:59 <DIR> d-------- C:\Program Files\Spyware Doctor
      2008-02-09 18:34 . 2008-02-09 18:34 <DIR> d-------- C:\Documents and Settings\Job\Application Data\PC Tools
      2008-02-09 18:34 . 2008-02-22 11:53 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
      2008-02-09 18:34 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
      2008-02-09 18:34 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
      2008-02-09 18:34 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
      2008-02-09 18:34 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
      2008-02-09 18:33 . 2008-02-22 11:32 <DIR> d-------- C:\Program Files\Norton Security Scan
      2008-02-09 18:33 . 2008-02-21 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
      2008-02-09 12:33 . 2008-02-20 10:56 <DIR> d-------- C:\Documents and Settings\Job\Application Data\LimeWire
      2008-02-05 16:56 . 2008-02-05 16:56 <DIR> d-------- C:\Documents and Settings\Job\Application Data\vlc
      2008-02-03 19:05 . 2008-02-03 19:05 <DIR> d-------- C:\Documents and Settings\Gast\Application Data\Jasc Software Inc
      2008-02-03 19:04 . 2004-09-13 13:59 <DIR> d--h----- C:\Documents and Settings\Gast\Sjablonen
      2008-02-03 19:04 . 2008-02-03 21:24 <DIR> dr-h----- C:\Documents and Settings\Gast\Onlangs geopend
      2008-02-03 19:04 . 2004-09-13 13:59 <DIR> d--h----- C:\Documents and Settings\Gast\Netwerkprinteromgeving
      2008-02-03 19:04 . 2008-02-03 19:05 <DIR> dr------- C:\Documents and Settings\Gast\Mijn documenten
      2008-02-03 19:04 . 2004-09-13 13:59 <DIR> dr------- C:\Documents and Settings\Gast\Menu Start
      2008-02-03 19:04 . 2008-02-03 19:04 <DIR> dr------- C:\Documents and Settings\Gast\Favorieten
      2008-02-03 19:04 . 2008-02-03 21:21 <DIR> d-------- C:\Documents and Settings\Gast\Bureaublad
      2008-02-03 19:04 . 2007-06-22 17:49 <DIR> d-------- C:\Documents and Settings\Gast\Application Data\Symantec
      2008-02-03 19:04 . 2008-02-03 19:04 <DIR> d-------- C:\Documents and Settings\Gast\Application Data\Logitech
      2008-02-03 19:04 . 2007-06-22 17:52 <DIR> d--h----- C:\Documents and Settings\Gast\Application Data\Gtek
      2008-01-31 15:25 . 2008-02-20 13:15 <DIR> d-------- C:\Program Files\eMule
      2008-01-30 16:55 . 2008-01-30 16:55 <DIR> d-------- C:\Program Files\Malmberg
      2008-01-30 16:55 . 1999-03-24 01:06 1,046,288 --a------ C:\WINDOWS\system32\msjet35.dll
      2008-01-30 16:55 . 1996-11-08 01:48 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
      2008-01-30 16:55 . 2000-12-13 16:47 123,664 --a------ C:\WINDOWS\system32\MSJINT35.DLL
      2008-01-30 16:52 . 2008-01-30 16:52 <DIR> d-------- C:\temp\Data
      2008-01-30 16:51 . 2008-01-30 16:51 <DIR> d-------- C:\temp\Extra Software
      2008-01-28 10:00 . 2008-01-28 10:00 52 --a------ C:\WINDOWS\cool.ini
      2008-01-28 09:59 . 2008-01-28 09:59 <DIR> d-------- C:\Documents and Settings\Job\Application Data\Syntrillium
      2008-01-28 09:58 . 2008-01-28 10:00 <DIR> d-------- C:\Program Files\Cool2000
      2008-01-27 16:21 . 2008-01-27 16:22 <DIR> d-------- C:\wamp
      2008-01-26 16:04 . 2008-01-26 16:04 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\Logitech
      2008-01-25 18:41 . 2008-01-25 18:41 <DIR> d-------- C:\Program Files\Common Files\AmbraSoft
      2008-01-25 18:41 . 2008-01-25 18:41 <DIR> d-------- C:\Program Files\AmbraSoft

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-22 10:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2008-02-22 07:06 --------- d-----w C:\Program Files\CDex_150
      2008-02-21 09:48 22 ----a-w C:\WINDOWS\Fonts\x.zip
      2008-02-16 13:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-02-09 17:33 --------- d-----w C:\Program Files\Google
      2008-02-04 22:06 --------- d-----w C:\Documents and Settings\Job\Application Data\FileZilla
      2008-02-04 21:56 --------- d-----w C:\Program Files\FileZilla Client
      2008-01-20 20:14 --------- d-----w C:\Program Files\CDBurnerXP
      2008-01-20 20:03 --------- d-----w C:\Program Files\Reference Assemblies
      2008-01-20 20:03 --------- d-----w C:\Program Files\MSBuild
      2008-01-20 20:01 --------- d-----w C:\Program Files\MSXML 6.0
      2008-01-19 21:16 --------- d-----w C:\Documents and Settings\Job\Application Data\Ahead
      2008-01-18 19:37 --------- d-----w C:\Program Files\Pinnacle
      2008-01-18 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
      2008-01-18 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
      2008-01-18 17:05 --------- d-----w C:\Program Files\proDAD
      2008-01-18 16:56 --------- d-----w C:\Program Files\AdorageI-SAL
      2008-01-18 16:56 --------- d-----w C:\Program Files\AdorageI-GfxDatas
      2008-01-18 16:54 --------- d-----w C:\Program Files\QuickTime
      2008-01-18 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
      2008-01-18 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
      2008-01-18 16:27 --------- d-----w C:\Program Files\SmartSound Software
      2008-01-18 16:26 --------- d-----w C:\Program Files\DivX
      2008-01-15 16:17 --------- d-----w C:\Documents and Settings\Ellen\Application Data\Logitech
      2008-01-15 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
      2008-01-15 16:05 --------- d-----w C:\Documents and Settings\Mischa\Application Data\Logitech
      2008-01-14 15:33 --------- d-----w C:\Documents and Settings\Linde\Application Data\Logitech
      2008-01-14 13:18 --------- d-----w C:\Program Files\Common Files\InstallShield
      2008-01-14 13:18 --------- d-----w C:\Documents and Settings\Job\Application Data\Logitech
      2008-01-14 13:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
      2008-01-14 13:17 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
      2008-01-14 13:17 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
      2008-01-14 13:17 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
      2008-01-14 13:16 --------- d-----w C:\Program Files\Logitech
      2008-01-14 13:16 --------- d-----w C:\Program Files\Common Files\Logishrd
      2008-01-14 13:16 --------- d-----w C:\Documents and Settings\Job\Application Data\InstallShield
      2008-01-14 13:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
      2008-01-14 09:06 --------- d-----w C:\Program Files\Common Files\Adobe
      2008-01-14 09:02 --------- d-----w C:\Program Files\Bonjour
      2008-01-14 08:58 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
      2008-01-14 08:38 --------- d-----w C:\Program Files\Microsoft.NET
      2008-01-13 21:56 --------- d-----w C:\Program Files\Java
      2008-01-11 05:52 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
      2008-01-08 15:22 --------- d-----w C:\Documents and Settings\Job\Application Data\.ABC
      2007-12-26 10:24 --------- d-----w C:\Program Files\Windows Media Connect 2
      2007-12-25 16:54 --------- d-----w C:\Documents and Settings\Linde\Application Data\Jasc Software Inc
      2007-12-24 17:40 --------- d-----w C:\Documents and Settings\Job\Application Data\PHP Designer 2007
      2007-12-24 17:39 --------- d-----w C:\Program Files\PHP Designer 2007
      2007-12-24 13:06 --------- d-----w C:\Program Files\EasyPHP1-8
      2007-12-24 13:04 --------- d-----w C:\Program Files\ABC
      2007-12-24 11:46 --------- d-----w C:\Documents and Settings\Ellen\Application Data\Jasc Software Inc
      2007-12-24 10:12 --------- d-----w C:\Program Files\Ahead
      2007-12-24 10:10 --------- d-----w C:\Program Files\Common Files\Ahead
      2007-12-24 10:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
      2007-12-23 22:41 --------- d-----w C:\Documents and Settings\Job\Application Data\phpDesigner 2008
      2007-12-23 22:36 --------- d-----w C:\Documents and Settings\Job\Application Data\HAPedit
      2007-12-23 22:30 --------- d-----w C:\Documents and Settings\Job\Application Data\Sonic
      2007-12-23 22:30 --------- d-----w C:\Documents and Settings\Job\Application Data\Leadertech
      2007-12-23 19:13 99,776 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
      2007-12-23 19:13 --------- d-----w C:\Program Files\Common Files\Acronis
      2007-12-23 19:13 --------- d-----w C:\Program Files\Acronis
      2007-12-22 13:43 --------- d-----w C:\Documents and Settings\Ruben\Application Data\Jasc Software Inc
      2007-12-22 13:41 --------- d-----w C:\Documents and Settings\Mischa\Application Data\Jasc Software Inc
      2007-12-22 12:52 --------- d-----w C:\Program Files\Electronic Arts
      2007-12-22 10:10 --------- d-----w C:\Program Files\Jasc Software Inc
      2007-12-22 10:10 --------- d-----w C:\Program Files\Common Files\Jasc Software Inc
      2007-12-22 10:10 --------- d-----w C:\Documents and Settings\Job\Application Data\Jasc Software Inc
      2007-12-19 22:57 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
      2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
      2007-12-08 05:18 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
      2007-12-06 11:04 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
      2007-12-06 11:04 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
      2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
      2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
      2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
      2007-12-04 18:42 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{646AD24F-2F19-4481-BBB0-B08501139A1B}]
      2008-02-20 10:45 34304 --a------ C:\WINDOWS\ddcyvtss.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-10 18:36 7323648]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
      "SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 10:20 282624 C:\WINDOWS\stsystra.exe]
      "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 07:15 151552]
      "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12 94208]
      "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
      "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
      "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
      "PCLEUSBTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [ ]
      "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00 94208]
      "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]
      "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514]
      "IJNetworkScanUtility"="C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2006-10-26 01:16 132704]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
      "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28 36352]
      "OSSelectorReinstall"="C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2006-04-12 15:15 1261475]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
      "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
      "PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 00:26 406016]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-18 17:54 98304]
      "yayxwvuuro"="C:\WINDOWS\system32\vturomll.dll" [2008-02-20 10:45 34304]
      "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-09 18:33:18 125624]
      Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-14 14:16:42 784912]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\afipelby]
      afipelby.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
      c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vrxrleeh]
      vrxrleeh.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wjivdodv]
      wjivdodv.dll

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Notification Packages REG_MULTI_SZ scecli C:\Documents and Settings\Job\Application Data\jkhfcayy.dll C:\Documents and Settings\Job\Application Data\jkhfcayy.dll

      R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34]
      S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 03:39]
      S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" [2007-09-05 08:59]
      S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld
      S3 ZD1211U(Sitecom);Sitecom Wireless Network USB Adapter Driver(Sitecom);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-07-05 22:38]

      *Newly Created Service* - ENTDRV51
      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-02-15 22:24:13 C:\WINDOWS\Tasks\Norton Security Scan.job"
      - C:\Program Files\Norton Security Scan\Nss.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-22 11:52:55
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      --------------------- DLLs Geladen Onder Lopende Processen ---------------------

      PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
      -> C:\Documents and Settings\Job\Application Data\jkhfcayy.dll

      PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
      -> C:\WINDOWS\system32\vturomll.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
      C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      C:\Program Files\Network Associates\VirusScan\Mcshield.exe
      C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
      C:\Program Files\Spyware Doctor\pctsAuxs.exe
      C:\Program Files\Spyware Doctor\pctsSvc.exe
      C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
      .
      **************************************************************************
      .
      Voltooingstijd: 2008-02-22 11:56:41 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-02-22 10:56:37
      .
      2008-02-14 16:46:22 --- E O F ---

      Wat kun je hier nu uithalen?

      Comment


      • #4
        Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:



        File::
        C:\WINDOWS\system32\vturomll.dll
        C:\WINDOWS\ddcyvtss.dll
        C:\Documents and Settings\Job\Application Data\jkhfcayy.dll
        C:\WINDOWS\system32\yayyaaxv
        C:\WINDOWS\Fonts\x.zip


        Folder::
        C:\Documents and Settings\LocalService\Application Data\AppDate
        C:\Documents and Settings\Linde\Application Data\AppDate
        C:\Documents and Settings\Job\Application Data\AppDate

        Registry::
        [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{646AD24F-2F19-4481-BBB0-B08501139A1B}]
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "yayxwvuuro"=-
        [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\afipelby]
        [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vrxrleeh]
        [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wjivdodv]




        Sla dit op op je Bureaublad als CFScript.txt

        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



        Dit zal ComboFix doen herstarten.
        Start opnieuw op als daarom gevraagd wordt,
        en post de inhoud van de Combofix.txt in je volgende antwoord.

        Comment


        • #5
          LOG 2 Combofix:

          ComboFix 08-02-22.2 - Job 2008-02-22 14:56:50.1 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.531 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Job\Bureaublad\ComboFix.exe
          Command switches used :: F:\CFScript.txt
          * Nieuw herstelpunt werd aangemaakt

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

          FILE ::
          C:\Documents and Settings\Job\Application Data\jkhfcayy.dll
          C:\WINDOWS\ddcyvtss.dll
          C:\WINDOWS\Fonts\x.zip
          C:\WINDOWS\system32\vturomll.dll
          C:\WINDOWS\system32\yayyaaxv
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\Documents and Settings\Job\Application Data\AppDate
          C:\Documents and Settings\Job\Application Data\jkhfcayy.dll
          C:\Documents and Settings\Linde\Application Data\AppDate
          C:\Documents and Settings\LocalService\Application Data\AppDate
          C:\WINDOWS\ddcyvtss.dll
          C:\WINDOWS\Fonts\x.zip
          C:\WINDOWS\system32\vturomll.dll
          C:\WINDOWS\system32\yayyaaxv

          .
          (((((((((((((((((((( Bestanden Gemaakt van 2008-01-22 to 2008-02-22 ))))))))))))))))))))))))))))))
          .

          2008-02-22 11:41 . 2008-02-22 11:41 <DIR> d-------- C:\RVAXO
          2008-02-22 11:37 . 2008-02-21 15:42 708,525 --a------ C:\WINDOWS\system32\RVAXO.bat
          2008-02-22 11:37 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
          2008-02-22 09:05 . 2008-02-22 09:05 <DIR> d-------- C:\Program Files\Trend Micro
          2008-02-21 08:54 . 2008-02-21 08:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
          2008-02-21 08:54 . 2008-02-21 08:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
          2008-02-16 15:26 . 2008-02-16 15:29 <DIR> d-------- C:\WINDOWS\system32\NtmsData
          2008-02-16 14:46 . 2008-02-16 14:51 <DIR> d-------- C:\Program Files\Disney Interactive
          2008-02-16 14:46 . 2008-02-16 14:51 2,048 --a------ C:\WINDOWS\disney.ini
          2008-02-15 23:25 . 2008-02-15 23:25 <DIR> dr------- C:\Documents and Settings\LocalService\Favorieten
          2008-02-15 13:00 . 2008-02-15 13:03 <DIR> d-------- C:\Program Files\DirPrn
          2008-02-15 13:00 . 2008-02-15 13:00 249,856 --------- C:\WINDOWS\Setup1.exe
          2008-02-15 13:00 . 2008-02-15 13:00 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
          2008-02-14 18:04 . 2008-02-14 18:04 <DIR> d-------- C:\Documents and Settings\Ellen\Application Data\VanDale
          2008-02-10 17:02 . 2008-02-10 17:02 <DIR> d-------- C:\Documents and Settings\Job\Application Data\VanDale
          2008-02-10 16:57 . 2008-02-10 21:38 304 --a------ C:\WINDOWS\vdgwwin.ini
          2008-02-10 16:55 . 2008-02-10 16:55 <DIR> d-------- C:\VanDale
          2008-02-10 16:54 . 2008-02-10 16:54 <DIR> d-------- C:\Documents and Settings\Job\WINDOWS
          2008-02-09 18:34 . 2008-02-21 09:59 <DIR> d-------- C:\Program Files\Spyware Doctor
          2008-02-09 18:34 . 2008-02-09 18:34 <DIR> d-------- C:\Documents and Settings\Job\Application Data\PC Tools
          2008-02-09 18:34 . 2008-02-22 15:03 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
          2008-02-09 18:34 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
          2008-02-09 18:34 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
          2008-02-09 18:34 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
          2008-02-09 18:34 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
          2008-02-09 18:33 . 2008-02-22 15:00 <DIR> d-------- C:\Program Files\Norton Security Scan
          2008-02-09 18:33 . 2008-02-21 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
          2008-02-09 12:33 . 2008-02-20 10:56 <DIR> d-------- C:\Documents and Settings\Job\Application Data\LimeWire
          2008-02-05 16:56 . 2008-02-05 16:56 <DIR> d-------- C:\Documents and Settings\Job\Application Data\vlc
          2008-02-03 19:05 . 2008-02-03 19:05 <DIR> d-------- C:\Documents and Settings\Gast\Application Data\Jasc Software Inc
          2008-02-03 19:04 . 2004-09-13 13:59 <DIR> d--h----- C:\Documents and Settings\Gast\Sjablonen
          2008-02-03 19:04 . 2008-02-03 21:24 <DIR> dr-h----- C:\Documents and Settings\Gast\Onlangs geopend
          2008-02-03 19:04 . 2004-09-13 13:59 <DIR> d--h----- C:\Documents and Settings\Gast\Netwerkprinteromgeving
          2008-02-03 19:04 . 2008-02-03 19:05 <DIR> dr------- C:\Documents and Settings\Gast\Mijn documenten
          2008-02-03 19:04 . 2004-09-13 13:59 <DIR> dr------- C:\Documents and Settings\Gast\Menu Start
          2008-02-03 19:04 . 2008-02-03 19:04 <DIR> dr------- C:\Documents and Settings\Gast\Favorieten
          2008-02-03 19:04 . 2008-02-03 21:21 <DIR> d-------- C:\Documents and Settings\Gast\Bureaublad
          2008-02-03 19:04 . 2007-06-22 17:49 <DIR> d-------- C:\Documents and Settings\Gast\Application Data\Symantec
          2008-02-03 19:04 . 2008-02-03 19:04 <DIR> d-------- C:\Documents and Settings\Gast\Application Data\Logitech
          2008-02-03 19:04 . 2007-06-22 17:52 <DIR> d--h----- C:\Documents and Settings\Gast\Application Data\Gtek
          2008-01-31 15:25 . 2008-02-20 13:15 <DIR> d-------- C:\Program Files\eMule
          2008-01-30 16:55 . 2008-01-30 16:55 <DIR> d-------- C:\Program Files\Malmberg
          2008-01-30 16:55 . 1999-03-24 01:06 1,046,288 --a------ C:\WINDOWS\system32\msjet35.dll
          2008-01-30 16:55 . 1996-11-08 01:48 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
          2008-01-30 16:55 . 2000-12-13 16:47 123,664 --a------ C:\WINDOWS\system32\MSJINT35.DLL
          2008-01-30 16:52 . 2008-01-30 16:52 <DIR> d-------- C:\temp\Data
          2008-01-30 16:51 . 2008-01-30 16:51 <DIR> d-------- C:\temp\Extra Software
          2008-01-28 10:00 . 2008-01-28 10:00 52 --a------ C:\WINDOWS\cool.ini
          2008-01-28 09:59 . 2008-01-28 09:59 <DIR> d-------- C:\Documents and Settings\Job\Application Data\Syntrillium
          2008-01-28 09:58 . 2008-01-28 10:00 <DIR> d-------- C:\Program Files\Cool2000
          2008-01-27 16:21 . 2008-01-27 16:22 <DIR> d-------- C:\wamp
          2008-01-26 16:04 . 2008-01-26 16:04 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\Logitech
          2008-01-25 18:41 . 2008-01-25 18:41 <DIR> d-------- C:\Program Files\Common Files\AmbraSoft
          2008-01-25 18:41 . 2008-01-25 18:41 <DIR> d-------- C:\Program Files\AmbraSoft

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-02-22 12:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
          2008-02-22 07:06 --------- d-----w C:\Program Files\CDex_150
          2008-02-16 13:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2008-02-09 17:33 --------- d-----w C:\Program Files\Google
          2008-02-04 22:06 --------- d-----w C:\Documents and Settings\Job\Application Data\FileZilla
          2008-02-04 21:56 --------- d-----w C:\Program Files\FileZilla Client
          2008-01-20 20:14 --------- d-----w C:\Program Files\CDBurnerXP
          2008-01-20 20:03 --------- d-----w C:\Program Files\Reference Assemblies
          2008-01-20 20:03 --------- d-----w C:\Program Files\MSBuild
          2008-01-20 20:01 --------- d-----w C:\Program Files\MSXML 6.0
          2008-01-19 21:16 --------- d-----w C:\Documents and Settings\Job\Application Data\Ahead
          2008-01-18 19:37 --------- d-----w C:\Program Files\Pinnacle
          2008-01-18 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
          2008-01-18 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
          2008-01-18 17:05 --------- d-----w C:\Program Files\proDAD
          2008-01-18 16:56 --------- d-----w C:\Program Files\AdorageI-SAL
          2008-01-18 16:56 --------- d-----w C:\Program Files\AdorageI-GfxDatas
          2008-01-18 16:54 --------- d-----w C:\Program Files\QuickTime
          2008-01-18 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
          2008-01-18 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
          2008-01-18 16:27 --------- d-----w C:\Program Files\SmartSound Software
          2008-01-18 16:26 --------- d-----w C:\Program Files\DivX
          2008-01-15 16:17 --------- d-----w C:\Documents and Settings\Ellen\Application Data\Logitech
          2008-01-15 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
          2008-01-15 16:05 --------- d-----w C:\Documents and Settings\Mischa\Application Data\Logitech
          2008-01-14 15:33 --------- d-----w C:\Documents and Settings\Linde\Application Data\Logitech
          2008-01-14 13:18 --------- d-----w C:\Program Files\Common Files\InstallShield
          2008-01-14 13:18 --------- d-----w C:\Documents and Settings\Job\Application Data\Logitech
          2008-01-14 13:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
          2008-01-14 13:17 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
          2008-01-14 13:17 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
          2008-01-14 13:17 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
          2008-01-14 13:16 --------- d-----w C:\Program Files\Logitech
          2008-01-14 13:16 --------- d-----w C:\Program Files\Common Files\Logishrd
          2008-01-14 13:16 --------- d-----w C:\Documents and Settings\Job\Application Data\InstallShield
          2008-01-14 13:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
          2008-01-14 09:06 --------- d-----w C:\Program Files\Common Files\Adobe
          2008-01-14 09:02 --------- d-----w C:\Program Files\Bonjour
          2008-01-14 08:58 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
          2008-01-14 08:38 --------- d-----w C:\Program Files\Microsoft.NET
          2008-01-13 21:56 --------- d-----w C:\Program Files\Java
          2008-01-08 15:22 --------- d-----w C:\Documents and Settings\Job\Application Data\.ABC
          2007-12-26 10:24 --------- d-----w C:\Program Files\Windows Media Connect 2
          2007-12-25 16:54 --------- d-----w C:\Documents and Settings\Linde\Application Data\Jasc Software Inc
          2007-12-24 17:40 --------- d-----w C:\Documents and Settings\Job\Application Data\PHP Designer 2007
          2007-12-24 17:39 --------- d-----w C:\Program Files\PHP Designer 2007
          2007-12-24 13:06 --------- d-----w C:\Program Files\EasyPHP1-8
          2007-12-24 13:04 --------- d-----w C:\Program Files\ABC
          2007-12-24 11:46 --------- d-----w C:\Documents and Settings\Ellen\Application Data\Jasc Software Inc
          2007-12-24 10:12 --------- d-----w C:\Program Files\Ahead
          2007-12-24 10:10 --------- d-----w C:\Program Files\Common Files\Ahead
          2007-12-24 10:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
          2007-12-23 22:41 --------- d-----w C:\Documents and Settings\Job\Application Data\phpDesigner 2008
          2007-12-23 22:36 --------- d-----w C:\Documents and Settings\Job\Application Data\HAPedit
          2007-12-23 22:30 --------- d-----w C:\Documents and Settings\Job\Application Data\Sonic
          2007-12-23 22:30 --------- d-----w C:\Documents and Settings\Job\Application Data\Leadertech
          2007-12-23 19:13 99,776 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
          2007-12-23 19:13 --------- d-----w C:\Program Files\Common Files\Acronis
          2007-12-23 19:13 --------- d-----w C:\Program Files\Acronis
          2007-12-22 13:43 --------- d-----w C:\Documents and Settings\Ruben\Application Data\Jasc Software Inc
          2007-12-22 13:41 --------- d-----w C:\Documents and Settings\Mischa\Application Data\Jasc Software Inc
          2007-12-22 12:52 --------- d-----w C:\Program Files\Electronic Arts
          2007-12-22 10:10 --------- d-----w C:\Program Files\Jasc Software Inc
          2007-12-22 10:10 --------- d-----w C:\Program Files\Common Files\Jasc Software Inc
          2007-12-22 10:10 --------- d-----w C:\Documents and Settings\Job\Application Data\Jasc Software Inc
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
          "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-10 18:36 7323648]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
          "SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 10:20 282624 C:\WINDOWS\stsystra.exe]
          "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 07:15 151552]
          "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12 94208]
          "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
          "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
          "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
          "PCLEUSBTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [ ]
          "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00 94208]
          "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]
          "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514]
          "IJNetworkScanUtility"="C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2006-10-26 01:16 132704]
          "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
          "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28 36352]
          "OSSelectorReinstall"="C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2006-04-12 15:15 1261475]
          "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
          "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
          "PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 00:26 406016]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-18 17:54 98304]
          "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-09 18:33:18 125624]
          Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-14 14:16:42 784912]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
          c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

          R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34]
          S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 03:39]
          S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" [2007-09-05 08:59]
          S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld
          S3 ZD1211U(Sitecom);Sitecom Wireless Network USB Adapter Driver(Sitecom);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-07-05 22:38]

          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-02-22 14:01:18 C:\WINDOWS\Tasks\Norton Security Scan.job"
          - C:\Program Files\Norton Security Scan\Nss.exe
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-02-22 15:03:46
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          ------------------------ Other Running Processes ------------------------
          .
          C:\Program Files\Bonjour\mDNSResponder.exe
          C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
          C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
          C:\Program Files\Network Associates\VirusScan\Mcshield.exe
          C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
          C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\Program Files\Spyware Doctor\pctsAuxs.exe
          C:\Program Files\Spyware Doctor\pctsSvc.exe
          C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
          .
          **************************************************************************
          .
          Voltooingstijd: 2008-02-22 15:07:07 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-02-22 14:07:04
          ComboFix2.txt 2008-02-22 10:56:42
          .
          2008-02-14 16:46:22 --- E O F ---

          Comment


          • #6
            Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
            Dit zal alles van RVAXO doen verwijderen.

            Download ATF cleaner (mirror)(gemaakt door Atribune)

            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Ga naar Start - Uitvoeren en geef hier het volgende in:
            Combofix /U
            Druk daarna op OK.
            Let op: Er moet een spatie tussen Combofix en /U zitten.

            Dit zal Combofix deïnstalleren.

            Post als laatste nog een nieuw logje van Hijackthis ter controle

            Comment


            • #7
              en het nieuwe Hijack logje:

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 15:46:19, on 22-2-2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16608)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\csrss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Bonjour\mDNSResponder.exe
              C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
              C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
              C:\Program Files\Network Associates\VirusScan\Mcshield.exe
              C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
              C:\Program Files\CDBurnerXP\NMSAccessU.exe
              C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
              C:\WINDOWS\system32\nvsvc32.exe
              C:\Program Files\Spyware Doctor\pctsAuxs.exe
              C:\Program Files\Spyware Doctor\pctsSvc.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\alg.exe
              C:\Program Files\Spyware Doctor\pctsTray.exe
              C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
              C:\WINDOWS\stsystra.exe
              C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
              C:\Program Files\Dell\Media Experience\DMXLauncher.exe
              C:\WINDOWS\System32\DLA\DLACTRLW.EXE
              C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
              C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
              C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
              C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
              C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
              C:\Program Files\Winamp\winampa.exe
              C:\Program Files\QuickTime\qttask.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Messenger\msmsgs.exe
              C:\Program Files\Google\Google Updater\GoogleUpdater.exe
              C:\Program Files\Logitech\SetPoint\SetPoint.exe
              C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
              C:\WINDOWS\explorer.exe
              C:\WINDOWS\system32\wbem\wmiprvse.exe
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?hl=nl
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=0070623
              R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=0070623
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
              O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
              O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
              O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
              O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
              O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
              O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
              O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
              O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
              O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
              O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
              O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
              O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
              O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
              O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
              O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
              O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
              O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
              O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
              O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
              O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
              O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
              O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
              O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
              O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
              O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
              O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
              O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
              O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
              O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
              O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
              O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
              O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
              O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
              O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
              O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
              O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
              O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
              O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
              O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

              --
              End of file - 10241 bytes

              Comment


              • #8
                Logje ziet er goed uit

                Ondervind je nog problemen?

                Comment


                • #9
                  Volgens mij ben ik helemaal schoon. De diverse spyware scanners staan nog even te draaien, maar het ziet er goed uit. Grote waardering voor je/jullie snelle reactie en deskundigheid. Ik ga een donatie doen, want dit scheelt een heleboel herinstallatie ellende.

                  Ik heb net jullie algemene informatie gelezen. Eén vraag staat nog open: hoe worden jullie gefinancierd want van de donaties kun je niet leven lijkt me...

                  ciao, Job

                  Comment


                  • #10
                    Graag gedaan hoor

                    We zijn vrijwilligers en zullen het met die donaties moeten doen

                    Comment


                    • #11
                      Donatie gedaan, nogmaals dank!

                      Comment


                      • #12
                        Bedankt namens de crew

                        Comment

                        Sorry, you are not authorized to view this page
                        Working...
                        X