Mededeling

Collapse
No announcement yet.

last van popups

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • last van popups

    Tijdens het gebruik van internet heb ik last van popups (antispyware en reclame)

    Ik heb adaware en spybot gedraaid, maar heb er nog steeds last van. Hieronder staat de log van hijack.

    Ik hoop dat iemand me kan helpen. Bijvoorbaat dank

    Groeten
    Edwin

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:28:58, on 26-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\SYSTEM32\bgsvcgen.exe
    C:\IDSServer\idss.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
    C:\Program Files\Network Associates\Common Framework\McTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\WorkPace\WorkPace.exe
    C:\Program Files\WorkPace\sv32_240.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://webmail.topdesk.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://las:8089/lift/lift?modulenaam=urenmodule&kaarttype=uur
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [AdVantage Setup] C:\Program Files\Webteh\BSplayer\AdVantageSetup.exe
    O4 - HKLM\..\Run: [98baee53] rundll32.exe "C:\WINDOWS\system32\urgoauta.dll",b
    O4 - HKLM\..\Run: [BM9b89ddcf] Rundll32.exe "C:\WINDOWS\system32\cbusdndt.dll",s
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NetMsg] C:\Program Files\NetMsg\NetMsg.exe -Systray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Snelkoppeling naar Network Starter.lnk = D:\Network Mirror\Laptop-tools\Networkstarter\Network Starter.exe
    O4 - Startup: WorkPace.lnk = C:\Program Files\WorkPace\WorkPace.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://webmail.topdesk.com/
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tis.local
    O17 - HKLM\Software\..\Telephony: DomainName = tis.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{004E8920-F202-44E3-B7C5-6EA881006D14}: NameServer = 213.197.28.3,213.197.30.28
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tis.local
    O17 - HKLM\System\CS1\Services\Tcpip\..\{004E8920-F202-44E3-B7C5-6EA881006D14}: NameServer = 213.197.28.3,213.197.30.28
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SYSTEM32\bgsvcgen.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IDS Server - Unknown owner - C:\IDSServer\idss.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 9546 bytes

  • #2
    Hi Edwin,

    Welkom op Nucia.nl

    Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]ComboFix en sla het op je bureaublad op.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download ComboFix opnieuw.
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
    • Dubbelklik op Combofix.exe
      Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
      Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
    Plaats deze log in je volgende post, samen met een vers HijackThis logje.

    - Daniël

    Comment


    • #3
      Bedankt

      Hee Daniël

      Bedankt voor de hulp!
      Ik heb gedaan wat je zei en hier onderstaan de beide logs eerst die van combofix en dan de hijackthis log.
      Ik heb in de tussen tijd ook zelf wat geprobeert, misschien had ik dat niet moeten doen Ik heb Malwarebytes' Anti-maleware gedraaid. Het leek daarna voorbij te zijn, maar kreeg later toch nog meldingen van norton security scan.
      Na het draaien van Anti-maleware krijg ik ook steeds de volgende melding bij het opstarten: "er is een fout opgetreden tijdens het laden van c:\windows\system32\urgoauta.dll dak module niet vinden"

      Groeten
      Edwin

      ComboFix 08-02-25.3 - RenskeH 2008-03-01 12:31:57.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.600 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\renskeh\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\cdpiwxnd.dll
      C:\WINDOWS\system32\charset.dll
      C:\WINDOWS\system32\duntuiko.dll
      C:\WINDOWS\SYSTEM32\ghhkj.ini
      C:\WINDOWS\SYSTEM32\ghhkj.ini2
      C:\WINDOWS\system32\pac.txt
      C:\WINDOWS\SYSTEM32\qrqss.ini
      C:\WINDOWS\SYSTEM32\qrqss.ini2
      C:\WINDOWS\SYSTEM32\sttss.ini
      C:\WINDOWS\SYSTEM32\sttss.ini2

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

      .
      -------\nm


      (((((((((((((((((((( Bestanden Gemaakt van 2008-02-01 to 2008-03-01 ))))))))))))))))))))))))))))))
      .

      2008-02-29 19:38 . 2008-02-29 19:42 <DIR> d-------- C:\Quarantine
      2008-02-27 22:13 . 2008-02-27 22:13 <DIR> d-------- C:\Program Files\Notepad++
      2008-02-27 10:33 . 2008-02-27 10:33 <DIR> d-------- C:\Documents and Settings\renskeh\Application Data\Malwarebytes
      2008-02-27 10:33 . 2008-02-27 10:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-02-26 21:42 . 2008-02-27 10:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-02-26 20:13 . 2008-02-26 20:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-02-26 13:26 . 2008-02-26 14:43 414 ---hs---- C:\WINDOWS\SYSTEM32\nwyglxqv.ini
      2008-02-26 13:18 . 2008-02-28 13:18 147 --a------ C:\WINDOWS\BM9b89ddcf.xml
      2008-02-26 13:18 . 2008-02-29 10:02 22 --a------ C:\WINDOWS\pskt.ini
      2008-02-25 21:21 . 2008-02-25 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
      2008-02-25 21:20 . 2008-02-27 10:37 <DIR> d-------- C:\Documents and Settings\renskeh\Application Data\SUPERAntiSpyware.com
      2008-02-20 17:08 . 2008-02-20 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
      2008-02-20 17:08 . 2007-10-16 20:50 171,272 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
      2008-02-20 17:08 . 2007-10-16 20:50 72,680 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
      2008-02-20 17:08 . 2007-10-16 20:50 64,168 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys
      2008-02-20 17:08 . 2007-10-16 20:50 51,944 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfetdik.sys
      2008-02-20 17:08 . 2007-10-16 20:50 33,960 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
      2008-02-20 17:07 . 2008-02-20 17:07 <DIR> d-------- C:\Program Files\McAfee
      2008-02-20 17:07 . 2008-02-20 17:07 <DIR> d-------- C:\Program Files\Common Files\McAfee
      2008-02-19 07:58 . 2008-02-19 07:58 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
      2008-02-17 10:08 . 2004-06-10 05:00 105,984 --a------ C:\WINDOWS\SYSTEM32\CNMLM5m.DLL
      2008-02-17 10:08 . 2004-06-09 10:33 86,016 --a------ C:\WINDOWS\SYSTEM32\CNMCP5m.exe
      2008-02-17 10:08 . 2004-06-10 05:00 6,656 --a------ C:\WINDOWS\SYSTEM32\CNMVS5m.DLL
      2008-02-15 13:06 . 2008-02-08 11:10 1,495,552 --a------ C:\WINDOWS\SYSTEM32\epoPGPsdk.dll
      2008-02-15 13:06 . 2008-02-08 11:10 280 --a------ C:\WINDOWS\SYSTEM32\epoPGPsdk.dll.sig
      2008-02-15 13:05 . 2008-02-08 11:11 3,797,753 --a------ C:\WINDOWS\FramePkg.exe
      2008-02-03 22:12 . 2008-02-24 19:54 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-03-01 11:23 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2008-03-01 11:20 --------- d-----w C:\Documents and Settings\renskeh\Application Data\U3
      2008-02-29 14:00 --------- d-----w C:\Program Files\Norton Security Scan
      2008-02-29 10:29 --------- d-----w C:\Program Files\FinePixViewer
      2008-02-28 23:58 --------- d-----w C:\Documents and Settings\renskeh\Application Data\Azureus
      2008-02-27 21:10 642 -c--a-w C:\Program Files\Software.txt
      2008-02-27 20:52 --------- d-----w C:\Program Files\TOPXs
      2008-02-27 20:48 --------- d-----w C:\Documents and Settings\renskeh\Application Data\TOPXs
      2008-02-27 09:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
      2008-02-24 19:46 --------- d-----w C:\Documents and Settings\renskeh\Application Data\Downloaded Installations
      2008-02-20 16:09 --------- d-----w C:\Program Files\Network Associates
      2008-02-20 16:07 --------- d-----w C:\Program Files\Common Files\Network Associates
      2008-02-18 20:04 --------- d-----w C:\Program Files\Azureus
      2008-01-28 23:10 --------- d-----w C:\Program Files\iTunes
      2008-01-28 23:10 --------- d-----w C:\Program Files\iPod
      2008-01-28 23:08 --------- d-----w C:\Program Files\QuickTime
      2008-01-20 20:04 --------- d-----w C:\Program Files\usbdailer
      2008-01-20 19:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-01-20 19:26 --------- d-----w C:\Program Files\Microsoft ActiveSync
      2008-01-16 15:30 --------- d-----w C:\Program Files\Spark
      2008-01-16 07:49 --------- d-----w C:\Program Files\Zarafa
      2008-01-16 07:48 --------- d-----w C:\Program Files\Common Files\Adobe
      2007-12-10 14:34 720,896 -c--a-w C:\WINDOWS\iun6002.exe
      2006-10-13 08:20 21,864 -c--a-w C:\Documents and Settings\renskeh\Application Data\GDIPFONTCACHEV1.DAT
      2006-03-23 20:11 121 -c--a-w C:\Program Files\18188770.PAS
      2004-11-05 13:31 1,597,440 ----a-w C:\Documents and Settings\renskeh\Application Data\SecureTraveler.exe
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29B9C8ED-EA17-4E88-B314-695B26CB3B97}]
      C:\WINDOWS\system32\sstts.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
      "NetMsg"="C:\Program Files\NetMsg\NetMsg.exe" [ ]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
      "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 12:39 1289000]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 11:25 68856]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 11:33 155648]
      "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-15 09:02 155648]
      "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-15 09:02 126976]
      "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
      "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 11:26 606208]
      "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 08:04 53248]
      "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01 110592]
      "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]
      "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" [2008-02-08 11:10 136512]
      "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 12:00 144384]
      "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744]
      "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
      "ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2007-10-16 20:50 111952]
      "AdVantage Setup"="C:\Program Files\Webteh\BSplayer\AdVantageSetup.exe" [ ]
      "98baee53"="C:\WINDOWS\system32\urgoauta.dll" [ ]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]

      C:\Documents and Settings\renskeh\Menu Start\Programma's\Opstarten\
      Snelkoppeling naar Network Starter.lnk - D:\Network Mirror\Laptop-tools\Networkstarter\Network Starter.exe [2007-04-24 09:55:42 329440]
      WorkPace.lnk - C:\Program Files\WorkPace\WorkPace.exe [2005-11-22 09:42:20 825856]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-07-23 14:11:21 24576]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "NoWelcomeScreen"= 1 (0x1)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "DisablePersonalDirChange"= 1 (0x1)
      "EditLevel"= 0 (0x0)
      "NoCommonGroups"= 0 (0x0)
      "NoSMBalloonTip"= 1 (0x1)
      "NoSMConfigurePrograms"= 1 (0x1)
      "NoStartMenuMyMusic"= 1 (0x1)
      "NoSMMyPictures"= 1 (0x1)
      "NoWelcomeScreen"= 1 (0x1)
      "NoOnlinePrintsWizard"= 1 (0x1)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
      C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-616813238-485989776-2992251252-1774\Scripts\Logoff\0\0]
      "Script"=\\tis.local\NETLOGON\KIX32.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-616813238-485989776-2992251252-1774\Scripts\Logon\0\0]
      "Script"=\\tis.local\NETLOGON\KIX32.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-616813238-485989776-2992251252-1817\Scripts\Logon\0\0]
      "Script"=\\tis.local\NETLOGON\KIX32.EXE

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
      SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
      "C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
      "C:\\Program Files\\Azureus\\Azureus.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=

      R2 IDS Server;IDS Server;C:\IDSServer\idss.exe [1999-11-01 08:13]
      R2 msftesql$SQLEXPRESS;SQL Server FullText Search (SQLEXPRESS);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1
      S3 ADM8511;PA090 USB ETHERNET 10/100 ;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2002-01-16 15:02]
      S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2006-04-14 09:04]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
      \Shell\AutoRun\command - F:\LaunchU3.exe -a

      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-02-25 21:30:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2008-02-29 21:53:55 C:\WINDOWS\Tasks\Norton Security Scan.job"
      - C:\Program Files\Norton Security Scan\Nss.exe
      "2008-02-29 04:00:00 C:\WINDOWS\Tasks\toppak.job"
      - C:\Program Files\TOPdesk\TOPdesk Professional IS\toppak.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-03-01 12:45:25
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************

      [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql$SQLEXPRESS]
      "ImagePath"="\"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:SQLEXPRESS"
      .
      --------------------- DLLs Geladen Onder Lopende Processen ---------------------

      PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]
      -> C:\Program Files\WorkPace\wp32_240.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\SYSTEM32\bgsvcgen.exe
      C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
      C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
      C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
      C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
      C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
      C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
      C:\Program Files\Apoint\Apntex.exe
      C:\Program Files\Network Associates\Common Framework\McTray.exe
      C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
      C:\PROGRA~1\MICROS~4\rapimgr.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\WorkPace\sv32_240.exe
      .
      **************************************************************************
      .
      Voltooingstijd: 2008-03-01 12:49:42 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-03-01 11:49:34






      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:52, on 2008-03-01
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\SYSTEM32\bgsvcgen.exe
      C:\IDSServer\idss.exe
      C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
      C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
      C:\Program Files\Apoint\Apoint.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
      C:\Program Files\Dell\QuickSet\quickset.exe
      C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
      C:\WINDOWS\system32\dla\tfswctrl.exe
      C:\Program Files\Apoint\Apntex.exe
      C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Network Associates\Common Framework\McTray.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Digital Line Detect\DLG.exe
      C:\Program Files\WorkPace\WorkPace.exe
      C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
      C:\PROGRA~1\MICROS~4\rapimgr.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\WorkPace\sv32_240.exe
      D:\Temp\hijackthis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://webmail.topdesk.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://las:8089/lift/lift?modulenaam=urenmodule&kaarttype=uur
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {29B9C8ED-EA17-4E88-B314-695B26CB3B97} - C:\WINDOWS\system32\sstts.dll (file missing)
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
      O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
      O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
      O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
      O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
      O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
      O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
      O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
      O4 - HKLM\..\Run: [AdVantage Setup] C:\Program Files\Webteh\BSplayer\AdVantageSetup.exe
      O4 - HKLM\..\Run: [98baee53] rundll32.exe "C:\WINDOWS\system32\urgoauta.dll",b
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [NetMsg] C:\Program Files\NetMsg\NetMsg.exe -Systray
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Snelkoppeling naar Network Starter.lnk = D:\Network Mirror\Laptop-tools\Networkstarter\Network Starter.exe
      O4 - Startup: WorkPace.lnk = C:\Program Files\WorkPace\WorkPace.exe
      O4 - Global Startup: Digital Line Detect.lnk = ?
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
      O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=https://webmail.topdesk.com/
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tis.local
      O17 - HKLM\Software\..\Telephony: DomainName = tis.local
      O17 - HKLM\System\CCS\Services\Tcpip\..\{004E8920-F202-44E3-B7C5-6EA881006D14}: NameServer = 213.197.28.3,213.197.30.28
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tis.local
      O17 - HKLM\System\CS1\Services\Tcpip\..\{004E8920-F202-44E3-B7C5-6EA881006D14}: NameServer = 213.197.28.3,213.197.30.28
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SYSTEM32\bgsvcgen.exe
      O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: IDS Server - Unknown owner - C:\IDSServer\idss.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
      O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
      O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
      O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

      --
      End of file - 9397 bytes

      Comment


      • #4
        Hi,

        Open een nieuw kladblok bestand.

        Kopieer en plak daarin de onderstaande code.
        Ga naar 'Bestand' -> 'Opslaan als..' en sla het vervolgens op je bureaublad op als CFScript.txt.

        Code:
        File::
        C:\WINDOWS\SYSTEM32\nwyglxqv.ini
        C:\WINDOWS\pskt.ini
        C:\WINDOWS\system32\sstts.dll
        
        Registry::
        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29B9C8ED-EA17-4E88-B314-695B26CB3B97}]
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "98baee53"=-
        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:



        Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
        Post na herstart de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw logje van HijackThis.

        Comment


        • #5
          gedaan

          Bijdeze:

          ComboFix 08-02-25.3 - RenskeH 2008-03-04 18:52:29.2 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.588 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\renskeh\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\renskeh\Bureaublad\CFScript.txt
          * Nieuw herstelpunt werd aangemaakt

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

          FILE ::
          C:\WINDOWS\pskt.ini
          C:\WINDOWS\SYSTEM32\nwyglxqv.ini
          C:\WINDOWS\system32\sstts.dll
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\WINDOWS\pskt.ini
          C:\WINDOWS\SYSTEM32\nwyglxqv.ini

          .
          (((((((((((((((((((( Bestanden Gemaakt van 2008-02-04 to 2008-03-04 ))))))))))))))))))))))))))))))
          .

          2008-02-29 19:38 . 2008-03-01 15:00 <DIR> d-------- C:\Quarantine
          2008-02-27 22:13 . 2008-02-27 22:13 <DIR> d-------- C:\Program Files\Notepad++
          2008-02-27 10:33 . 2008-02-27 10:33 <DIR> d-------- C:\Documents and Settings\renskeh\Application Data\Malwarebytes
          2008-02-27 10:33 . 2008-02-27 10:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
          2008-02-26 21:42 . 2008-02-27 10:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2008-02-26 20:13 . 2008-02-26 20:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
          2008-02-26 13:18 . 2008-02-28 13:18 147 --a------ C:\WINDOWS\BM9b89ddcf.xml
          2008-02-25 21:21 . 2008-02-25 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
          2008-02-25 21:20 . 2008-02-27 10:37 <DIR> d-------- C:\Documents and Settings\renskeh\Application Data\SUPERAntiSpyware.com
          2008-02-20 17:08 . 2008-02-20 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
          2008-02-20 17:08 . 2007-10-16 20:50 171,272 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
          2008-02-20 17:08 . 2007-10-16 20:50 72,680 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
          2008-02-20 17:08 . 2007-10-16 20:50 64,168 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys
          2008-02-20 17:08 . 2007-10-16 20:50 51,944 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfetdik.sys
          2008-02-20 17:08 . 2007-10-16 20:50 33,960 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
          2008-02-20 17:07 . 2008-02-20 17:07 <DIR> d-------- C:\Program Files\McAfee
          2008-02-20 17:07 . 2008-02-20 17:07 <DIR> d-------- C:\Program Files\Common Files\McAfee
          2008-02-19 07:58 . 2008-02-19 07:58 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
          2008-02-17 10:08 . 2004-06-10 05:00 105,984 --a------ C:\WINDOWS\SYSTEM32\CNMLM5m.DLL
          2008-02-17 10:08 . 2004-06-09 10:33 86,016 --a------ C:\WINDOWS\SYSTEM32\CNMCP5m.exe
          2008-02-17 10:08 . 2004-06-10 05:00 6,656 --a------ C:\WINDOWS\SYSTEM32\CNMVS5m.DLL
          2008-02-15 13:06 . 2008-02-08 11:10 1,495,552 --a------ C:\WINDOWS\SYSTEM32\epoPGPsdk.dll
          2008-02-15 13:06 . 2008-02-08 11:10 280 --a------ C:\WINDOWS\SYSTEM32\epoPGPsdk.dll.sig
          2008-02-15 13:05 . 2008-02-08 11:11 3,797,753 --a------ C:\WINDOWS\FramePkg.exe

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-03-01 11:23 --------- d-----w C:\Program Files\Common Files\Symantec Shared
          2008-02-29 14:00 --------- d-----w C:\Program Files\Norton Security Scan
          2008-02-29 10:29 --------- d-----w C:\Program Files\FinePixViewer
          2008-02-27 21:10 642 -c--a-w C:\Program Files\Software.txt
          2008-02-27 20:52 --------- d-----w C:\Program Files\TOPXs
          2008-02-27 09:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
          2008-02-20 16:09 --------- d-----w C:\Program Files\Network Associates
          2008-02-20 16:07 --------- d-----w C:\Program Files\Common Files\Network Associates
          2008-02-18 20:04 --------- d-----w C:\Program Files\Azureus
          2008-01-28 23:10 --------- d-----w C:\Program Files\iTunes
          2008-01-28 23:10 --------- d-----w C:\Program Files\iPod
          2008-01-28 23:08 --------- d-----w C:\Program Files\QuickTime
          2008-01-20 20:04 --------- d-----w C:\Program Files\usbdailer
          2008-01-20 19:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2008-01-20 19:26 --------- d-----w C:\Program Files\Microsoft ActiveSync
          2008-01-18 07:20 --------- d-----w C:\Documents and Settings\renskeh\Application Data\TOPXs
          2008-01-16 15:30 --------- d-----w C:\Program Files\Spark
          2008-01-16 07:49 --------- d-----w C:\Program Files\Zarafa
          2008-01-16 07:48 --------- d-----w C:\Program Files\Common Files\Adobe
          2008-01-10 12:16 159,839 ----a-w C:\WINDOWS\SYSTEM32\xvidvfw.dll
          2008-01-10 12:15 755,027 ----a-w C:\WINDOWS\SYSTEM32\xvidcore.dll
          2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\SYSTEM32\ff_vfw.dll
          2007-12-10 14:34 720,896 -c--a-w C:\WINDOWS\iun6002.exe
          2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\SYSTEM32\divx.dll
          2006-10-13 08:20 21,864 -c--a-w C:\Documents and Settings\renskeh\Application Data\GDIPFONTCACHEV1.DAT
          2006-03-23 20:11 121 -c--a-w C:\Program Files\18188770.PAS
          2005-01-24 09:42 1,601,536 ----a-w C:\Documents and Settings\renskeh\Application Data\SecureTraveler.exe
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29B9C8ED-EA17-4E88-B314-695B26CB3B97}]
          C:\WINDOWS\system32\sstts.dll

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
          "NetMsg"="C:\Program Files\NetMsg\NetMsg.exe" [ ]
          "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
          "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 12:39 1289000]
          "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 11:25 68856]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 11:33 155648]
          "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-15 09:02 155648]
          "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-15 09:02 126976]
          "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
          "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 11:26 606208]
          "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 08:04 53248]
          "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01 110592]
          "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]
          "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" [2008-02-08 11:10 136512]
          "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 12:00 144384]
          "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744]
          "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
          "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
          "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
          "ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2007-10-16 20:50 111952]
          "AdVantage Setup"="C:\Program Files\Webteh\BSplayer\AdVantageSetup.exe" [ ]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-07-23 14:11:21 24576]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
          "NoWelcomeScreen"= 1 (0x1)

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
          "DisablePersonalDirChange"= 1 (0x1)
          "EditLevel"= 0 (0x0)
          "NoCommonGroups"= 0 (0x0)
          "NoSMBalloonTip"= 1 (0x1)
          "NoSMConfigurePrograms"= 1 (0x1)
          "NoStartMenuMyMusic"= 1 (0x1)
          "NoSMMyPictures"= 1 (0x1)
          "NoWelcomeScreen"= 1 (0x1)
          "NoOnlinePrintsWizard"= 1 (0x1)

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
          C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-616813238-485989776-2992251252-1774\Scripts\Logoff\0\0]
          "Script"=\\tis.local\NETLOGON\KIX32.EXE

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-616813238-485989776-2992251252-1774\Scripts\Logon\0\0]
          "Script"=\\tis.local\NETLOGON\KIX32.EXE

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-616813238-485989776-2992251252-1817\Scripts\Logon\0\0]
          "Script"=\\tis.local\NETLOGON\KIX32.EXE

          [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
          SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
          "%windir%\\system32\\sessmgr.exe"=
          "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
          "C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
          "C:\\Program Files\\Azureus\\Azureus.exe"=
          "C:\\Program Files\\iTunes\\iTunes.exe"=

          R2 IDS Server;IDS Server;C:\IDSServer\idss.exe [1999-11-01 08:13]
          R2 msftesql$SQLEXPRESS;SQL Server FullText Search (SQLEXPRESS);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1
          S3 ADM8511;PA090 USB ETHERNET 10/100 ;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2002-01-16 15:02]
          S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2006-04-14 09:04]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
          HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
          \Shell\AutoRun\command - F:\LaunchU3.exe -a

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a6e1548-e763-11dc-b484-0013ce19e757}]
          \Shell\AutoRun\command - F:\LaunchU3.exe -a

          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-02-25 21:30:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          "2008-02-29 21:53:55 C:\WINDOWS\Tasks\Norton Security Scan.job"
          - C:\Program Files\Norton Security Scan\Nss.exe
          "2008-03-03 04:00:00 C:\WINDOWS\Tasks\toppak.job"
          - C:\Program Files\TOPdesk\TOPdesk Professional IS\toppak.exe
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-03-04 18:57:27
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************

          [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql$SQLEXPRESS]
          "ImagePath"="\"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:SQLEXPRESS"
          .
          Voltooingstijd: 2008-03-04 18:58:49
          ComboFix-quarantined-files.txt 2008-03-04 17:58:33
          ComboFix2.txt 2008-03-01 11:49:42





          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 18:59, on 2008-03-04
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
          C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
          C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          C:\WINDOWS\SYSTEM32\bgsvcgen.exe
          C:\IDSServer\idss.exe
          C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
          C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
          C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
          C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
          C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
          C:\Program Files\Apoint\Apoint.exe
          C:\WINDOWS\system32\hkcmd.exe
          C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
          C:\Program Files\Dell\QuickSet\quickset.exe
          C:\Program Files\Apoint\Apntex.exe
          C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
          C:\WINDOWS\system32\dla\tfswctrl.exe
          C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
          C:\Program Files\Network Associates\Common Framework\McTray.exe
          C:\Program Files\iTunes\iTunesHelper.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
          C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          C:\Program Files\Digital Line Detect\DLG.exe
          C:\Program Files\WorkPace\WorkPace.exe
          C:\PROGRA~1\MICROS~4\rapimgr.exe
          C:\Program Files\iPod\bin\iPodService.exe
          C:\Program Files\WorkPace\sv32_240.exe
          C:\WINDOWS\explorer.exe
          D:\Temp\hijackthis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://webmail.topdesk.com/
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
          R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://las:8089/lift/lift?modulenaam=urenmodule&kaarttype=uur
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {29B9C8ED-EA17-4E88-B314-695B26CB3B97} - C:\WINDOWS\system32\sstts.dll (file missing)
          O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
          O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
          O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
          O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
          O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
          O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
          O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
          O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
          O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
          O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
          O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
          O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
          O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
          O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
          O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
          O4 - HKLM\..\Run: [AdVantage Setup] C:\Program Files\Webteh\BSplayer\AdVantageSetup.exe
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [NetMsg] C:\Program Files\NetMsg\NetMsg.exe -Systray
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - Startup: Snelkoppeling naar Network Starter.lnk = Network Mirror\Laptop-tools\Networkstarter\Network Starter.exe
          O4 - Startup: WorkPace.lnk = C:\Program Files\WorkPace\WorkPace.exe
          O4 - Global Startup: Digital Line Detect.lnk = ?
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
          O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
          O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
          O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O14 - IERESET.INF: START_PAGE_URL=https://webmail.topdesk.com/
          O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tis.local
          O17 - HKLM\Software\..\Telephony: DomainName = tis.local
          O17 - HKLM\System\CCS\Services\Tcpip\..\{004E8920-F202-44E3-B7C5-6EA881006D14}: NameServer = 192.168.0.1
          O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tis.local
          O17 - HKLM\System\CS1\Services\Tcpip\..\{004E8920-F202-44E3-B7C5-6EA881006D14}: NameServer = 192.168.0.1
          O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SYSTEM32\bgsvcgen.exe
          O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: IDS Server - Unknown owner - C:\IDSServer\idss.exe
          O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
          O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
          O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
          O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
          O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
          O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
          O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

          --
          End of file - 9217 bytes

          Comment


          • #6
            Hi,

            Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF cleaner (by Atribune)

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad 'Main', plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Gebruik je ook Firefox als browser:
            Klik op tabblad 'Firefox', plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op 'No'.
            (dit verwijdert het vinkje bij 'Firefox saved passwords')
            Klik op de knop Empty Selected.

            Gebruik je ook Opera als browser:
            Klik op tabblad Opera', plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op 'No'.
            Klik op de knop Empty Selected.
            Ga naar het tabblad 'Main'en klik op de knop Exit om het programma af te sluiten.

            Download [url=http://www.besttechie.net/tools/mbam-setup.exe]MalwareBytes' Anti-Malware en sla het op je bureaublad op.
            Dubbelklik op mbam-setup.exe om het programma te installeren.

            Zorg dat er na de installatie een vinkje is geplaatst bij:
            • Update MalwareBytes' Anti-Malware
            • Start MalwareBytes' Anti-Malware
            Klik daarna op "Voltooien".
            Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
            • Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
            • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
            • Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
            • Druk vervolgens op "Scannen" om de scan te starten.
            • Het scannen kan een tijdje duren, dus wees geduldig.
            • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
            • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
            • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
            Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma. Kopieer en plak de inhoud van het logje in je volgend antwoord, samen met een nieuw HijackThis log.

            - Daniël

            Comment


            • #7
              Bijdeze

              Malwarebytes' Anti-Malware 1.06
              Database versie: 459

              Scan type: Snelle Scan
              Objecten gescand: 32324
              Verstreken tijd: 14 minute(s), 3 second(s)

              Geheugenprocessen geïnfecteerd: 0
              Geheugenmodulen geïnfecteerd: 0
              Registersleutels geïnfecteerd: 1
              Registerwaarden geïnfecteerd: 0
              Registerdata bestanden geïnfecteerd: 0
              Mappen geïnfecteerd: 0
              Bestanden geïnfecteerd: 0

              Geheugenprocessen geïnfecteerd:
              (Geen kwaadaardige items gevonden)

              Geheugenmodulen geïnfecteerd:
              (Geen kwaadaardige items gevonden)

              Registersleutels geïnfecteerd:
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

              Registerwaarden geïnfecteerd:
              (Geen kwaadaardige items gevonden)

              Registerdata bestanden geïnfecteerd:
              (Geen kwaadaardige items gevonden)

              Mappen geïnfecteerd:
              (Geen kwaadaardige items gevonden)

              Bestanden geïnfecteerd:
              (Geen kwaadaardige items gevonden)



              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 08:01, on 2008-03-06
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
              C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
              C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
              C:\WINDOWS\SYSTEM32\bgsvcgen.exe
              C:\IDSServer\idss.exe
              C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
              C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
              C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
              C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Apoint\Apoint.exe
              C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
              C:\WINDOWS\system32\hkcmd.exe
              C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
              C:\Program Files\Dell\QuickSet\quickset.exe
              C:\Program Files\Apoint\Apntex.exe
              C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
              C:\WINDOWS\system32\dla\tfswctrl.exe
              C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
              C:\Program Files\Network Associates\Common Framework\McTray.exe
              C:\Program Files\iTunes\iTunesHelper.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
              C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
              C:\PROGRA~1\MICROS~4\rapimgr.exe
              C:\Program Files\Digital Line Detect\DLG.exe
              C:\Program Files\WorkPace\WorkPace.exe
              C:\Program Files\WorkPace\sv32_240.exe
              C:\Program Files\iPod\bin\iPodService.exe
              c:\progra~1\azureus\Azureus.exe
              D:\Temp\hijackthis\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://webmail.topdesk.com/
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
              R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://las:8089/lift/lift?modulenaam=urenmodule&kaarttype=uur
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: (no name) - {29B9C8ED-EA17-4E88-B314-695B26CB3B97} - C:\WINDOWS\system32\sstts.dll (file missing)
              O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
              O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
              O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
              O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
              O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
              O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
              O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
              O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
              O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
              O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
              O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
              O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
              O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
              O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
              O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
              O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
              O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
              O4 - HKLM\..\Run: [AdVantage Setup] C:\Program Files\Webteh\BSplayer\AdVantageSetup.exe
              O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [NetMsg] C:\Program Files\NetMsg\NetMsg.exe -Systray
              O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
              O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
              O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-21-616813238-485989776-2992251252-1134\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
              O4 - HKUS\S-1-5-21-616813238-485989776-2992251252-1285\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
              O4 - Startup: Snelkoppeling naar Network Starter.lnk = Network Mirror\Laptop-tools\Networkstarter\Network Starter.exe
              O4 - Startup: WorkPace.lnk = C:\Program Files\WorkPace\WorkPace.exe
              O4 - Global Startup: Digital Line Detect.lnk = ?
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
              O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
              O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
              O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O14 - IERESET.INF: START_PAGE_URL=https://webmail.topdesk.com/
              O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tis.local
              O17 - HKLM\Software\..\Telephony: DomainName = tis.local
              O17 - HKLM\System\CCS\Services\Tcpip\..\{004E8920-F202-44E3-B7C5-6EA881006D14}: NameServer = 192.168.0.1
              O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tis.local
              O17 - HKLM\System\CS1\Services\Tcpip\..\{004E8920-F202-44E3-B7C5-6EA881006D14}: NameServer = 192.168.0.1
              O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
              O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SYSTEM32\bgsvcgen.exe
              O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              O23 - Service: IDS Server - Unknown owner - C:\IDSServer\idss.exe
              O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
              O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
              O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
              O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
              O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
              O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
              O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
              O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

              --
              End of file - 9488 bytes

              Comment


              • #8
                lijkt o.k.

                Hee Daniël

                Trouwens, nog gefeliciteerd!!!

                Het probleem lijkt opgelost (daarvoor alvast bedankt). Ik heb geen last meer van die irritante popups. Kun je misschien nog 1 keer door mijn logfiles lopen om te checken of ik echt genezen ben?

                Alvast bedankt
                Edwin

                Comment


                • #9
                  Hoi ik neem het even over

                  Je logjes zien er goed uit

                  Doe dit nog even:

                  Dit bestand mag je nog verwijderen:
                  C:\WINDOWS\BM9b89ddcf.xml

                  Maak daarna je prullenbak leeg.

                  Je Java software is verouderd.
                  Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                  Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                  • Download Java Runtime Environment (JRE) 6u5 en bewaar het naar je Bureaublad.
                  • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                  • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                  • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                  • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                  • Herhaal dit tot alle oudere versies verdwenen zijn.
                  • Na het verwijderen van alle oudere versies, herstart je pc.
                  • Dubbelklik vervolgens op jre-6u5-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                  Ga naar Start - Uitvoeren en geef hier het volgende in:
                  Combofix /U
                  Druk daarna op OK.
                  Let op: Er moet een spatie tussen Combofix en /U zitten.

                  Dit zal Combofix deïnstalleren.

                  Post als laatste nog een nieuw logje van Hijackthis ter controle

                  Comment


                  • #10
                    log

                    Hallo Smeenk,
                    Bedankt voor alle hulp!
                    Het duurde even, maar ik moest even goed controleren of de applicaties die ik heb ook draaien onder JRE 6. Ik heb inmiddels alle oude versies verwijderd en de laatste versie geinstalleerd.
                    Bij deze het logbestand:

                    Logfile of Trend Micro HijackThis v2.0.2
                    Scan saved at 22:27, on 2008-03-20
                    Platform: Windows XP SP2 (WinNT 5.01.2600)
                    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                    Boot mode: Normal

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
                    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
                    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                    C:\WINDOWS\SYSTEM32\bgsvcgen.exe
                    C:\IDSServer\idss.exe
                    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
                    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
                    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
                    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
                    C:\WINDOWS\Explorer.EXE
                    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
                    C:\Program Files\Apoint\Apoint.exe
                    C:\WINDOWS\system32\hkcmd.exe
                    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
                    C:\Program Files\Dell\QuickSet\quickset.exe
                    C:\Program Files\Apoint\Apntex.exe
                    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
                    C:\WINDOWS\system32\dla\tfswctrl.exe
                    C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
                    C:\Program Files\Network Associates\Common Framework\McTray.exe
                    C:\Program Files\iTunes\iTunesHelper.exe
                    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                    C:\WINDOWS\system32\ctfmon.exe
                    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
                    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                    C:\Program Files\Digital Line Detect\DLG.exe
                    C:\PROGRA~1\MICROS~4\rapimgr.exe
                    C:\Program Files\iPod\bin\iPodService.exe
                    C:\Program Files\internet explorer\iexplore.exe
                    D:\Temp\hijackthis\HijackThis.exe

                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://webmail.topdesk.com/
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
                    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://las:8089/lift/lift?modulenaam=urenmodule&kaarttype=uur
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                    O2 - BHO: (no name) - {29B9C8ED-EA17-4E88-B314-695B26CB3B97} - C:\WINDOWS\system32\sstts.dll (file missing)
                    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
                    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
                    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
                    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
                    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
                    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
                    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
                    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
                    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
                    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
                    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
                    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
                    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
                    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
                    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
                    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
                    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
                    O4 - HKLM\..\Run: [AdVantage Setup] C:\Program Files\Webteh\BSplayer\AdVantageSetup.exe
                    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                    O4 - HKCU\..\Run: [NetMsg] C:\Program Files\NetMsg\NetMsg.exe -Systray
                    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
                    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                    O4 - Startup: Snelkoppeling naar Network Starter.lnk = D:\Network Mirror\Laptop-tools\Networkstarter\Network Starter.exe
                    O4 - Startup: WorkPace.lnk = C:\Program Files\WorkPace\WorkPace.exe
                    O4 - Global Startup: Digital Line Detect.lnk = ?
                    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
                    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
                    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
                    O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
                    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O14 - IERESET.INF: START_PAGE_URL=https://webmail.topdesk.com/
                    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tis.local
                    O17 - HKLM\Software\..\Telephony: DomainName = tis.local
                    O17 - HKLM\System\CCS\Services\Tcpip\..\{004E8920-F202-44E3-B7C5-6EA881006D14}: NameServer = 192.168.0.1
                    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tis.local
                    O17 - HKLM\System\CS1\Services\Tcpip\..\{004E8920-F202-44E3-B7C5-6EA881006D14}: NameServer = 192.168.0.1
                    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SYSTEM32\bgsvcgen.exe
                    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
                    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                    O23 - Service: IDS Server - Unknown owner - C:\IDSServer\idss.exe
                    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
                    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
                    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
                    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
                    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
                    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
                    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

                    --
                    End of file - 9332 bytes

                    Comment


                    • #11
                      Deze regel mag je nog weghalen met Hijackthis:
                      O2 - BHO: (no name) - {29B9C8ED-EA17-4E88-B314-695B26CB3B97} - C:\WINDOWS\system32\sstts.dll (file missing)

                      Voor de rest ziet het er goed uit

                      Comment


                      • #12
                        Bedankt! Alles lijkt nu weer goed te werken!

                        Comment


                        • #13
                          Graag gedaan hoor

                          Als ik me niet vergis mag dit bestand ook nog weg:
                          C:\WINDOWS\BM9b89ddcf.txt

                          Deze is niet zichtbaar in een Combofix log, maar is volgens mij wel aanwezig.

                          Comment

                          Sorry, you are not authorized to view this page
                          Working...
                          X