Mededeling

Collapse
No announcement yet.

Trojan.Vundo

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Trojan.Vundo

    Help.. Veel popups. 9 van de 10 keer, mobiele abbonements diensten. ook regelmatig buffer overrun van internet explorer. ik draai norton 2008 internet security.

  • #2
    Moet ik voor deze kwestie ook een Hijackthis log posten?

    Comment


    • #3
      Hijackthis log

      bij deze mijn Hijackthis logfile.

      Bij voorbaat dank .

      Julian

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 14:24:02, on 8-3-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      D:\WINDOWS\System32\smss.exe
      D:\WINDOWS\system32\winlogon.exe
      D:\WINDOWS\system32\services.exe
      D:\WINDOWS\system32\lsass.exe
      D:\WINDOWS\system32\svchost.exe
      D:\WINDOWS\System32\svchost.exe
      D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      D:\WINDOWS\system32\spoolsv.exe
      D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
      D:\program files\CyberLink\Shared Files\RichVideo.exe
      D:\WINDOWS\system32\svchost.exe
      D:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
      D:\WINDOWS\Explorer.EXE
      D:\WINDOWS\SOUNDMAN.EXE
      D:\Program Files\VIA\RAID\raid_tool.exe
      D:\program files\ASUS\PC Probe II\Probe2.exe
      D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      D:\Program Files\Canon\MyPrinter\BJMyPrt.exe
      D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
      D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      D:\program files\TomTom HOME 2\HOMERunner.exe
      D:\WINDOWS\system32\ctfmon.exe
      D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      D:\program files\Messenger\msmsgs.exe
      D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      E:\setup.exe
      D:\Program Files\Internet Explorer\IEXPLORE.EXE
      D:\program files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skoften.net/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - D:\Program Files\LimewirePlus\tbLim1.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
      O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - D:\Program Files\LimewirePlus\tbLim1.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [RaidTool] D:\Program Files\VIA\RAID\raid_tool.exe
      O4 - HKLM\..\Run: [Launch PC Probe II] "D:\program files\ASUS\PC Probe II\Probe2.exe" 1
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [osCheck] "D:\Program Files\Norton Internet Security\osCheck.exe"
      O4 - HKLM\..\Run: [CanonSolutionMenu] D:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
      O4 - HKLM\..\Run: [CanonMyPrinter] D:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
      O4 - HKLM\..\Run: [SSBkgdUpdate] "D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
      O4 - HKLM\..\Run: [OpwareSE4] "D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
      O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [LanguageShortcut] "D:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
      O4 - HKLM\..\Run: [TomTomHOME.exe] "D:\program files\TomTom HOME 2\HOMERunner.exe" -s
      O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [avp] D:\WINDOWS\system32\winver.exe
      O4 - HKLM\..\Run: [MSDisp32] rundll32.exe D:\WINDOWS\system32\drvral.dll,startup
      O4 - HKLM\..\Run: [10f75bd1] rundll32.exe "D:\WINDOWS\system32\rmybjkps.dll",b
      O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] D:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
      O4 - HKLM\..\RunOnce: [Winnt32RunOnceWarning] user.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [MSMSGS] "D:\program files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [AdobeUpdater] D:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} (Corporate Language Training Interface) - http://www.cltnet.de/login/dplaunch.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
      O23 - Service: Google Updater Service (gusvc) - Google - D:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
      O23 - Service: LiveUpdate - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
      O23 - Service: LiveUpdate Notice - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\program files\CyberLink\Shared Files\RichVideo.exe
      O23 - Service: Symantec Core LC - Unknown owner - D:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

      --
      End of file - 8024 bytes

      Comment


      • #4
        Download: RVAXO.exe
        • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
        • Start de computer in veilige modus.
        • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
          Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
        • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
        • Daarna zal je PC herstarten, laat hem nu naar gewone modus herstarten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
          Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
        • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
        • Post de inhoud van de logfile in je volgende bericht.


        Download Combofix (mirror) naar je Bureaublad.
        Dubbelklik op Combofix.exe
        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
        Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen(je kan hem ook hier vinden: C:\Combofix.txt)
        Plaats deze log in je volgende post.

        NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

        Comment


        • #5
          logs.

          bij deze de 2 logs.

          heb ook spybot geinstaleerd. deze geeft trouwens continue meldingen/vragen of ik wijzigingen wil toestaan. deze melding gaat echt continue door.



          Hier de Logs.

          ---RVAXO.exe Updated: 2008-03-08---first run---
          Uninstallers:

          Files found:
          D:\WINDOWS\system32\acbeg.ini2
          D:\WINDOWS\system32\cbadd.ini2
          D:\WINDOWS\system32\ccbeg.ini2
          D:\WINDOWS\system32\fgjlm.ini2
          D:\WINDOWS\system32\gjllm.ini2
          D:\WINDOWS\system32\qqtss.ini2
          D:\WINDOWS\system32\stutv.ini2
          D:\WINDOWS\system32\vycdd.ini2
          D:\WINDOWS\pskt.ini
          D:\WINDOWS\system32\mcrh.tmp

          Folders Found:
          D:\Program Files\PlayMP3z
          D:\Program Files\FBrowsingAdvisor
          D:\Program Files\BrowsingTool
          D:\Program Files\FBrowserAdvisor

          Hosts-file was reset, If you use a custom hosts file please replace it...

          --------------RVAXO.exe last run---------------
          Not deleted items:
          D:\Documents and Settings\Standaard\Mijn documenten\Mijn ontvangen bestanden\AuctioneerClassic-5.0.PRE.2544.zip
          D:\Documents and Settings\Standaard\Mijn documenten\Mijn ontvangen bestanden\CT_MapMod.zip
          D:\Documents and Settings\Standaard\Mijn documenten\Mijn ontvangen bestanden\TNE_LowHealthWarning2.3.1.zip
          D:\Program Files\FBrowsingAdvisor
          D:\Program Files\FBrowserAdvisor
          D:\Program Files\BrowsingTool

          --------------RVAXO.exe finished----------------

          ComboFix 08-03-07.4 - Standaard 2008-03-08 15:15:16.1 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.395 [GMT 1:00]
          Gestart vanuit: D:\Documents and Settings\Standaard\Bureaublad\ComboFix.exe
          * Nieuw herstelpunt werd aangemaakt

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          D:\Program Files\PlayMP3z
          D:\Program Files\PlayMP3z\PlayMP3.exe
          D:\Program Files\PlayMP3z\uninstall.exe
          D:\WINDOWS\BM7f636d1f.xml
          D:\WINDOWS\cookies.ini
          D:\WINDOWS\pskt.ini
          D:\WINDOWS\system32\acbeg.ini
          D:\WINDOWS\system32\bgubilyy.dll
          D:\WINDOWS\system32\bicrelai.ini
          D:\WINDOWS\system32\cbadd.ini
          D:\WINDOWS\system32\cbadd.ini2
          D:\WINDOWS\system32\ccbeg.ini
          D:\WINDOWS\system32\cruujtgu.ini
          D:\WINDOWS\system32\ddabc.dll
          D:\WINDOWS\system32\ecwneyll.ini
          D:\WINDOWS\system32\fgjlm.ini
          D:\WINDOWS\system32\gjllm.ini
          D:\WINDOWS\system32\hbuujtlm.dll
          D:\WINDOWS\system32\jfjphvfr.dll
          D:\WINDOWS\system32\jnuvkpru.ini
          D:\WINDOWS\system32\lljkjpgu.dll
          D:\WINDOWS\system32\ltjxyerq.dll
          D:\WINDOWS\system32\mcrh.tmp
          D:\WINDOWS\system32\mlljg.dll
          D:\WINDOWS\system32\mltjuubh.ini
          D:\WINDOWS\system32\qqtss.ini
          D:\WINDOWS\system32\qreyxjtl.ini
          D:\WINDOWS\system32\stutv.ini
          D:\WINDOWS\system32\ugpjkjll.ini
          D:\WINDOWS\system32\ugtjuurc.dll

          .
          (((((((((((((((((((( Bestanden Gemaakt van 2008-02-08 to 2008-03-08 ))))))))))))))))))))))))))))))
          .

          2008-03-08 15:03 . 2008-03-08 12:43 728,462 --a------ D:\WINDOWS\system32\RVAXO.bat
          2008-03-08 15:03 . 2001-10-01 14:51 69,632 --a------ D:\WINDOWS\system32\remove.exe
          2008-03-08 15:03 . 2007-07-04 20:32 16,384 --a------ D:\WINDOWS\system32\Restart.exe
          2008-03-08 14:23 . 2008-03-08 14:23 <DIR> d-------- D:\program files\Trend Micro
          2008-03-07 16:45 . 2008-03-07 16:45 294 ---hs---- D:\WINDOWS\system32\hpmqjkcc.ini
          2008-03-04 14:11 . 2008-03-04 14:11 414 ---hs---- D:\WINDOWS\system32\lklwcfuw.ini
          2008-03-04 13:55 . 2007-07-30 19:19 271,224 --a------ D:\WINDOWS\system32\mucltui.dll
          2008-03-04 13:55 . 2007-07-30 19:19 207,736 --a------ D:\WINDOWS\system32\muweb.dll
          2008-03-04 13:55 . 2007-07-30 19:18 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui
          2008-03-02 12:08 . 2008-03-04 14:05 354 ---hs---- D:\WINDOWS\system32\spkjbymr.ini
          2008-03-02 11:34 . 2008-03-02 11:43 <DIR> d--hsc--- D:\program files\Common Files\WindowsLiveInstaller
          2008-03-02 11:33 . 2008-03-02 11:33 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
          2008-02-29 16:35 . 2008-02-29 16:35 294 ---hs---- D:\WINDOWS\system32\macijdnc.ini
          2008-02-28 16:28 . 2008-02-28 17:03 594 ---hs---- D:\WINDOWS\system32\swqehqqi.ini
          2008-02-28 16:26 . 2008-03-02 12:05 82,713 --ahs---- D:\WINDOWS\system32\vycdd.ini
          2008-02-27 19:51 . 2008-02-28 16:22 474 ---hs---- D:\WINDOWS\system32\yiloatbg.ini
          2008-02-26 19:45 . 2008-02-27 19:45 354 ---hs---- D:\WINDOWS\system32\scnbslbp.ini
          2008-02-26 16:45 . 2008-02-26 16:50 474 ---hs---- D:\WINDOWS\system32\qelrxusn.ini
          2008-02-25 16:46 . 2008-02-26 16:36 354 ---hs---- D:\WINDOWS\system32\rdsbnwtt.ini
          2008-02-24 17:39 . 2008-02-24 17:39 294 ---hs---- D:\WINDOWS\system32\yqwcqtuf.ini
          2008-02-21 15:25 . 2008-02-21 18:44 354 ---hs---- D:\WINDOWS\system32\ptkujeuc.ini
          2008-02-20 16:53 . 2008-02-20 22:45 1,194 ---hs---- D:\WINDOWS\system32\txigfyra.ini
          2008-02-19 14:11 . 2005-05-26 15:34 2,297,552 --a------ D:\WINDOWS\system32\d3dx9_26.dll
          2008-02-19 14:08 . 2008-02-19 14:11 <DIR> d--h----- D:\WINDOWS\msdownld.tmp
          2008-02-19 13:48 . 2008-02-19 13:48 <DIR> d-------- D:\program files\Common Files\PocketSoft
          2008-02-19 08:05 . 2008-02-20 16:47 774 ---hs---- D:\WINDOWS\system32\dyicctxk.ini
          2008-02-18 17:05 . 2008-02-18 17:05 9 --a------ D:\WINDOWS\system32\10f7495f
          2008-02-17 18:25 . 2008-02-17 22:42 466 ---hs---- D:\WINDOWS\system32\kifdxeog.ini
          2008-02-15 18:19 . 2008-02-15 18:19 <DIR> d-------- D:\program files\FBrowsingAdvisor
          2008-02-15 18:19 . 2006-04-14 23:05 9,952 --a------ D:\regxpcom.exe
          2008-02-15 18:18 . 2008-02-15 18:19 <DIR> d-------- D:\program files\FBrowserAdvisor
          2008-02-15 18:18 . 2008-03-08 14:58 <DIR> d-------- D:\program files\BrowsingTool
          2008-02-15 18:17 . 2008-02-16 18:18 1,118 ---hs---- D:\WINDOWS\system32\wqwmrtnd.ini
          2008-02-15 18:17 . 2008-02-15 18:17 586 ---hs---- D:\WINDOWS\system32\lxyexsmd.tmp
          2008-02-15 16:54 . 2008-02-15 18:13 586 ---hs---- D:\WINDOWS\system32\lxyexsmd.ini
          2008-02-11 17:33 . 2008-02-12 17:04 414 ---hs---- D:\WINDOWS\system32\dqficdai.ini
          2008-02-10 17:34 . 2008-02-10 17:36 354 ---hs---- D:\WINDOWS\system32\mpvipvjk.ini

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-03-08 14:15 --------- d-----w D:\Program Files\Common Files\Symantec Shared
          2008-03-08 14:11 --------- d-----w D:\Documents and Settings\All Users\Application Data\CanonIJPLM
          2008-03-08 11:03 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec
          2008-03-04 12:53 --------- d-----w D:\Program Files\MSN Messenger
          2008-03-02 10:43 --------- d-----w D:\Program Files\Windows Live
          2008-02-29 14:00 --------- d-----w D:\Program Files\Norton Security Scan
          2008-02-26 18:51 --------- d-----w D:\Documents and Settings\Standaard\Application Data\LimeWirePlus
          2008-02-19 12:48 --------- d--h--w D:\Program Files\InstallShield Installation Information
          2008-02-05 16:25 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2008-02-05 15:46 --------- d-----w D:\Program Files\Spybot - Search & Destroy
          2008-02-04 21:06 --------- d-----w D:\Documents and Settings\All Users\Application Data\Lavasoft
          2008-02-04 21:04 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
          2008-02-03 18:58 39,936 ----a-w D:\WINDOWS\system32\byxwurr.dll
          2008-02-03 18:53 --------- d-----w D:\Program Files\Ahead
          2008-02-03 18:49 --------- d-----w D:\Documents and Settings\All Users\Application Data\DVD Shrink
          2008-01-31 16:42 --------- d-----w D:\Program Files\LimewirePlus
          2008-01-31 16:36 --------- d-----w D:\Program Files\LimeWire Plus
          2008-01-31 15:49 --------- d-----w D:\Program Files\Belastingdienst
          2008-01-15 08:54 10,537 ----a-w D:\WINDOWS\system32\drivers\coh_mon.cat
          2008-01-15 04:28 706 ----a-w D:\WINDOWS\system32\drivers\COH_Mon.inf
          2008-01-13 15:22 --------- d-----w D:\Program Files\TomTom HOME 2
          2008-01-13 15:22 --------- d-----w D:\Documents and Settings\Standaard\Application Data\TomTom
          2008-01-13 15:22 --------- d-----w D:\Documents and Settings\All Users\Application Data\TomTom
          2008-01-13 15:21 --------- d-----w D:\Documents and Settings\Standaard\Application Data\InstallShield
          2008-01-12 17:32 23,904 ----a-w D:\WINDOWS\system32\drivers\COH_Mon.sys
          2008-01-11 16:47 --------- d-----w D:\Documents and Settings\Standaard\Application Data\Ventrilo
          2008-01-10 16:42 --------- d-----w D:\Documents and Settings\Standaard\Application Data\CyberLink
          2008-01-10 16:42 --------- d-----w D:\Documents and Settings\All Users\Application Data\CyberLink
          2008-01-10 16:39 --------- d-----w D:\Program Files\CyberLink
          2007-12-14 10:32 12,632 ----a-w D:\WINDOWS\system32\lsdelete.exe
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19f60c14-0e5a-4074-9589-814d2b22f378}]
          D:\WINDOWS\system32\ateiryhg.dll

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{260CB3BF-8FBB-44F6-B241-CE259E91E906}]
          D:\WINDOWS\system32\mljgf.dll

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2860C741-8F63-45DA-B029-2B4B148AC499}]
          2008-02-03 19:58 39936 --a------ D:\WINDOWS\system32\byxwurr.dll

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]
          2008-01-31 17:42 1555480 --a------ D:\Program Files\LimewirePlus\tbLim1.dll

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50AEBE36-F51D-42B9-BB86-906E27EE6444}]

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5417D661-01BA-4CAA-865D-BC90DA93F4EF}]

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5630279F-DA89-4065-B9CC-36053F427ECB}]
          D:\WINDOWS\system32\gebca.dll

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
          2007-08-24 20:51 316784 --a------ D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6CFDAEA9-0C79-4C56-82E5-A68A879EDC54}]

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D1977A0-2989-4F08-B0F0-0FF1B98E1FF0}]

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
          2008-01-31 16:59 116088 --a------ D:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74DA7C30-2B4F-454B-9797-DF67BD0A6595}]

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79C96AAB-28F9-41AD-A471-EA02DE7F68E4}]

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FE8FEDE-C254-4436-8B7B-39F624FF4E97}]

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A96600FB-E9B0-486E-BC97-B0B9BCC0445E}]
          D:\WINDOWS\system32\sstqq.dll

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD36D282-ACDF-4C64-905E-0128DB8F22C3}]

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bd7f0e5e-a19d-4a1c-bba1-55f15151bb96}]

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAF0166E-780D-4457-AE9C-7263D1479663}]

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA0FD7CE-4E77-4BD9-A788-A8D8769696E1}]
          D:\WINDOWS\system32\ddcyv.dll

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FBF8BFA3-8748-43CB-9846-92B9FFC44778}]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
          "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 20:51 316784]
          "{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= "D:\Program Files\LimewirePlus\tbLim1.dll" [2008-01-31 17:42 1555480]

          [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
          [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
          [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

          [HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]

          [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
          "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 20:51 316784]
          "{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= D:\Program Files\LimewirePlus\tbLim1.dll [2008-01-31 17:42 1555480]

          [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
          [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
          [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

          [HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
          "swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-04 15:25 68856]
          "MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
          "MSMSGS"="D:\program files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
          "AdobeUpdater"="D:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 09:37 2321600]
          "SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "IMJPMIG8.1"="D:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2006-03-02 13:00 208952]
          "PHIME2002ASync"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-03-02 13:00 455168]
          "PHIME2002A"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-03-02 13:00 455168]
          "SoundMan"="SOUNDMAN.EXE" [2005-07-22 08:00 81920 D:\WINDOWS\SOUNDMAN.EXE]
          "RaidTool"="D:\Program Files\VIA\RAID\raid_tool.exe" [2005-08-12 09:38 1056768]
          "Launch PC Probe II"="D:\program files\ASUS\PC Probe II\Probe2.exe" [2005-07-22 15:05 1901568]
          "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
          "Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
          "ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 13:15 51048]
          "osCheck"="D:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 21:53 714608]
          "CanonSolutionMenu"="D:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 17:01 644696]
          "CanonMyPrinter"="D:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 17:50 1603152]
          "SSBkgdUpdate"="D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
          "OpwareSE4"="D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400]
          "RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 22:26 68640]
          "LanguageShortcut"="D:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17 52256]
          "TomTomHOME.exe"="D:\program files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19 378784]
          "NeroCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
          "10f75bd1"="D:\WINDOWS\system32\rmybjkps.dll" [ ]
          "avp"="D:\WINDOWS\system32\winver.exe" [2006-03-02 13:00 5632]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
          "NoIE4StubProcessing"="D:\WINDOWS\system32\reg.exe" [2006-03-02 13:00 56832]
          "Winnt32RunOnceWarning"="user.exe" [2006-03-02 13:00 47872 D:\WINDOWS\system32\user.exe]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

          [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
          "{2860C741-8F63-45DA-B029-2B4B148AC499}"= D:\WINDOWS\system32\byxwurr.dll [2008-02-03 19:58 39936]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxwurr]
          byxwurr.dll 2008-02-03 19:58 39936 D:\WINDOWS\system32\byxwurr.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
          "DisableMonitoring"=dword:00000001

          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
          "DisableMonitoring"=dword:00000001

          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
          "DisableMonitoring"=dword:00000001

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
          "EnableFirewall"= 0 (0x0)

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
          "%windir%\\system32\\sessmgr.exe"=
          "D:\\program files\\BitLord\\BitLord.exe"=
          "C:\\World of Warcraft\\BackgroundDownloader.exe"=
          "D:\\WINDOWS\\system32\\dpvsetup.exe"=
          "D:\\program files\\Messenger\\msmsgs.exe"=
          "D:\\program files\\LimeWire Plus\\LimeWire.exe"=
          "D:\\WINDOWS\\system32\\winver.exe"=
          "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
          "D:\\program files\\Windows Live\\Messenger\\msnmsgr.exe"=
          "D:\\program files\\Windows Live\\Messenger\\livecall.exe"=

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
          "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

          R2 IJPLMSVC;PIXMA Extended Survey Program;D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 08:20]
          R2 LiveUpdate Notice;LiveUpdate Notice;"D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
          R3 SymIMMP;SymIMMP;D:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
          S3 COH_Mon;COH_Mon;D:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
          S3 SymIM;Symantec Network Security Intermediate Filter Service;D:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]

          *Newly Created Service* - COMHOST
          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-02-25 21:25:26 D:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - Standaard.job"
          - D:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
          "2008-03-01 10:11:33 D:\WINDOWS\Tasks\Norton Security Scan.job"
          - D:\Program Files\Norton Security Scan\Nss.exe
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-03-08 15:24:14
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          --------------------- DLLs Geladen Onder Lopende Processen ---------------------

          PROCESS: D:\WINDOWS\system32\winlogon.exe
          -> D:\WINDOWS\system32\byxwurr.dll

          PROCESS: D:\WINDOWS\explorer.exe [6.00.2900.3156]
          -> D:\WINDOWS\system32\byxwurr.dll
          .
          ------------------------ Other Running Processes ------------------------
          .
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
          D:\program files\CyberLink\Shared Files\RichVideo.exe
          D:\WINDOWS\system32\cmd.exe
          .
          **************************************************************************
          .
          Voltooingstijd: 2008-03-08 15:27:55 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-03-08 14:27:48
          .
          2008-02-13 22:24:07 --- E O F ---

          Comment


          • #6
            Download VirtumundoBegone (mirror)
            Sla dit op op je bureaublad.

            Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
            Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
            Als de fix klaar is, start je de pc opnieuw op.
            Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.

            Draai RVAXO nu ook nog een keer en post ook het nieuwe C:\rvaxo-results.log

            Comment


            • #7
              Bij deze de 2 nieuwe logs.



              [03/08/2008, 16:25:16] - VirtumundoBeGone v1.5 ( "D:\Documents and Settings\Standaard\Bureaublad\VirtumundoBeGone.exe" )
              [03/08/2008, 16:25:26] - Detected System Information:
              [03/08/2008, 16:25:26] - Windows Version: 5.1.2600, Service Pack 2
              [03/08/2008, 16:25:26] - Current Username: Standaard (Admin)
              [03/08/2008, 16:25:27] - Windows is in NORMAL mode.
              [03/08/2008, 16:25:27] - Searching for Browser Helper Objects:
              [03/08/2008, 16:25:27] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
              [03/08/2008, 16:25:27] - BHO 2: {19f60c14-0e5a-4074-9589-814d2b22f378} ()
              [03/08/2008, 16:25:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [03/08/2008, 16:25:27] - Checking for HKLM\...\Winlogon\Notify\ateiryhg
              [03/08/2008, 16:25:27] - Key not found: HKLM\...\Winlogon\Notify\ateiryhg, continuing.
              [03/08/2008, 16:25:27] - BHO 3: {260CB3BF-8FBB-44F6-B241-CE259E91E906} ()
              [03/08/2008, 16:25:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [03/08/2008, 16:25:27] - Checking for HKLM\...\Winlogon\Notify\mljgf
              [03/08/2008, 16:25:27] - Key not found: HKLM\...\Winlogon\Notify\mljgf, continuing.
              [03/08/2008, 16:25:27] - BHO 4: {2860C741-8F63-45DA-B029-2B4B148AC499} ()
              [03/08/2008, 16:25:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [03/08/2008, 16:25:27] - Checking for HKLM\...\Winlogon\Notify\byxwurr
              [03/08/2008, 16:25:27] - Found: HKLM\...\Winlogon\Notify\byxwurr - This is probably Virtumundo.
              [03/08/2008, 16:25:27] - Assigning {2860C741-8F63-45DA-B029-2B4B148AC499} MSEvents Object
              [03/08/2008, 16:25:27] - BHO list has been changed! Starting over...
              [03/08/2008, 16:25:27] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
              [03/08/2008, 16:25:27] - BHO 2: {19f60c14-0e5a-4074-9589-814d2b22f378} ()
              [03/08/2008, 16:25:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [03/08/2008, 16:25:27] - Checking for HKLM\...\Winlogon\Notify\ateiryhg
              [03/08/2008, 16:25:27] - Key not found: HKLM\...\Winlogon\Notify\ateiryhg, continuing.
              [03/08/2008, 16:25:27] - BHO 3: {260CB3BF-8FBB-44F6-B241-CE259E91E906} ()
              [03/08/2008, 16:25:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [03/08/2008, 16:25:27] - Checking for HKLM\...\Winlogon\Notify\mljgf
              [03/08/2008, 16:25:27] - Key not found: HKLM\...\Winlogon\Notify\mljgf, continuing.
              [03/08/2008, 16:25:27] - BHO 4: {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} (LimewirePlus Toolbar)
              [03/08/2008, 16:25:27] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
              [03/08/2008, 16:25:27] - BHO 6: {54247F00-59B0-40DB-A9B0-D9DBEB70946C} ()
              [03/08/2008, 16:25:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [03/08/2008, 16:25:27] - Checking for HKLM\...\Winlogon\Notify\vtstr
              [03/08/2008, 16:25:28] - Key not found: HKLM\...\Winlogon\Notify\vtstr, continuing.
              [03/08/2008, 16:25:28] - BHO 7: {5630279F-DA89-4065-B9CC-36053F427ECB} ()
              [03/08/2008, 16:25:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [03/08/2008, 16:25:28] - Checking for HKLM\...\Winlogon\Notify\gebca
              [03/08/2008, 16:25:28] - Key not found: HKLM\...\Winlogon\Notify\gebca, continuing.
              [03/08/2008, 16:25:28] - BHO 8: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ()
              [03/08/2008, 16:25:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [03/08/2008, 16:25:28] - Checking for HKLM\...\Winlogon\Notify\coIEPlg
              [03/08/2008, 16:25:28] - Key not found: HKLM\...\Winlogon\Notify\coIEPlg, continuing.
              [03/08/2008, 16:25:28] - BHO 9: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
              [03/08/2008, 16:25:28] - BHO 10: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
              [03/08/2008, 16:25:28] - BHO 11: {A96600FB-E9B0-486E-BC97-B0B9BCC0445E} ()
              [03/08/2008, 16:25:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [03/08/2008, 16:25:28] - Checking for HKLM\...\Winlogon\Notify\sstqq
              [03/08/2008, 16:25:28] - Key not found: HKLM\...\Winlogon\Notify\sstqq, continuing.
              [03/08/2008, 16:25:28] - BHO 12: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
              [03/08/2008, 16:25:28] - BHO 13: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
              [03/08/2008, 16:25:28] - BHO 14: {DA0FD7CE-4E77-4BD9-A788-A8D8769696E1} ()
              [03/08/2008, 16:25:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [03/08/2008, 16:25:28] - Checking for HKLM\...\Winlogon\Notify\ddcyv
              [03/08/2008, 16:25:28] - Key not found: HKLM\...\Winlogon\Notify\ddcyv, continuing.
              [03/08/2008, 16:25:28] - BHO 15: {DA0FD7CE-4E77-4BD9-A788-A8D8769696E1} ()
              [03/08/2008, 16:25:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [03/08/2008, 16:25:28] - Checking for HKLM\...\Winlogon\Notify\ddcyv
              [03/08/2008, 16:25:28] - Key not found: HKLM\...\Winlogon\Notify\ddcyv, continuing.
              [03/08/2008, 16:25:28] - Finished Searching Browser Helper Objects
              [03/08/2008, 16:25:28] - Finishing up...
              [03/08/2008, 16:25:28] - Nothing found! Exiting...

              [03/08/2008, 16:25:49] - VirtumundoBeGone v1.5 ( "D:\Documents and Settings\Standaard\Bureaublad\VirtumundoBeGone.exe" )
              [03/08/2008, 16:25:52] - Detected System Information:
              [03/08/2008, 16:25:52] - Windows Version: 5.1.2600, Service Pack 2
              [03/08/2008, 16:25:52] - Current Username: Standaard (Admin)
              [03/08/2008, 16:25:52] - Windows is in NORMAL mode.
              [03/08/2008, 16:25:52] - Searching for Browser Helper Objects:
              [03/08/2008, 16:25:52] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
              [03/08/2008, 16:25:52] - BHO 2: {19f60c14-0e5a-4074-9589-814d2b22f378} ()
              [03/08/2008, 16:25:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [03/08/2008, 16:25:52] - Checking for HKLM\...\Winlogon\Notify\ateiryhg
              [03/08/2008, 16:25:52] - Key not found: HKLM\...\Winlogon\Notify\ateiryhg, continuing.
              [03/08/2008, 16:25:52] - BHO 3: {260CB3BF-8FBB-44F6-B241-CE259E91E906} ()
              [03/08/2008, 16:25:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [03/08/2008, 16:25:52] - Checking for HKLM\...\Winlogon\Notify\mljgf
              [03/08/2008, 16:25:52] - Key not found: HKLM\...\Winlogon\Notify\mljgf, continuing.
              [03/08/2008, 16:25:52] - BHO 4: {2860C741-8F63-45DA-B029-2B4B148AC499} (MSEvents Object)
              [03/08/2008, 16:25:52] - ALERT: Found MSEvents Object!
              [03/08/2008, 16:25:52] - BHO 5: {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} (LimewirePlus Toolbar)
              [03/08/2008, 16:25:52] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
              [03/08/2008, 16:25:52] - BHO 7: {54247F00-59B0-40DB-A9B0-D9DBEB70946C} ()
              [03/08/2008, 16:25:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [03/08/2008, 16:25:52] - Checking for HKLM\...\Winlogon\Notify\vtstr
              [03/08/2008, 16:25:52] - Key not found: HKLM\...\Winlogon\Notify\vtstr, continuing.
              [03/08/2008, 16:25:52] - BHO 8: {5630279F-DA89-4065-B9CC-36053F427ECB} ()
              [03/08/2008, 16:25:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [03/08/2008, 16:25:52] - Checking for HKLM\...\Winlogon\Notify\gebca
              [03/08/2008, 16:25:52] - Key not found: HKLM\...\Winlogon\Notify\gebca, continuing.
              [03/08/2008, 16:25:52] - BHO 9: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ()
              [03/08/2008, 16:25:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [03/08/2008, 16:25:52] - Checking for HKLM\...\Winlogon\Notify\coIEPlg
              [03/08/2008, 16:25:52] - Key not found: HKLM\...\Winlogon\Notify\coIEPlg, continuing.
              [03/08/2008, 16:25:52] - BHO 10: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
              [03/08/2008, 16:25:52] - BHO 11: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
              [03/08/2008, 16:25:52] - BHO 12: {A96600FB-E9B0-486E-BC97-B0B9BCC0445E} ()
              [03/08/2008, 16:25:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [03/08/2008, 16:25:52] - Checking for HKLM\...\Winlogon\Notify\sstqq
              [03/08/2008, 16:25:52] - Key not found: HKLM\...\Winlogon\Notify\sstqq, continuing.
              [03/08/2008, 16:25:52] - BHO 13: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
              [03/08/2008, 16:25:53] - BHO 14: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
              [03/08/2008, 16:25:53] - BHO 15: {DA0FD7CE-4E77-4BD9-A788-A8D8769696E1} ()
              [03/08/2008, 16:25:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [03/08/2008, 16:25:53] - Checking for HKLM\...\Winlogon\Notify\ddcyv
              [03/08/2008, 16:25:53] - Key not found: HKLM\...\Winlogon\Notify\ddcyv, continuing.
              [03/08/2008, 16:25:53] - Finished Searching Browser Helper Objects
              [03/08/2008, 16:25:53] - *** Detected MSEvents Object
              [03/08/2008, 16:25:53] - Trying to remove MSEvents Object...
              [03/08/2008, 16:25:54] - Terminating Process: IEXPLORE.EXE
              [03/08/2008, 16:25:54] - Terminating Process: RUNDLL32.EXE
              [03/08/2008, 16:25:55] - Disabling Automatic Shell Restart
              [03/08/2008, 16:25:55] - Terminating Process: EXPLORER.EXE
              [03/08/2008, 16:25:55] - Suspending the NT Session Manager System Service
              [03/08/2008, 16:25:55] - Terminating Windows NT Logon/Logoff Manager
              [03/08/2008, 16:25:56] - Re-enabling Automatic Shell Restart
              [03/08/2008, 16:25:56] - File to disable: D:\WINDOWS\system32\byxwurr.dll
              [03/08/2008, 16:25:56] - Renaming D:\WINDOWS\system32\byxwurr.dll -> D:\WINDOWS\system32\byxwurr.dll.vir
              [03/08/2008, 16:25:56] - File successfully renamed!
              [03/08/2008, 16:25:56] - Removing HKLM\...\Browser Helper Objects\{2860C741-8F63-45DA-B029-2B4B148AC499}
              [03/08/2008, 16:25:56] - Removing HKCR\CLSID\{2860C741-8F63-45DA-B029-2B4B148AC499}
              [03/08/2008, 16:25:56] - Adding Kill Bit for ActiveX for GUID: {2860C741-8F63-45DA-B029-2B4B148AC499}
              [03/08/2008, 16:25:56] - Deleting ATLEvents/MSEvents Registry entries
              [03/08/2008, 16:25:57] - Removing HKLM\...\Winlogon\Notify\byxwurr
              [03/08/2008, 16:25:57] - Searching for Browser Helper Objects:
              [03/08/2008, 16:25:57] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
              [03/08/2008, 16:25:57] - BHO 2: {19f60c14-0e5a-4074-9589-814d2b22f378} ()
              [03/08/2008, 16:25:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [03/08/2008, 16:25:57] - Checking for HKLM\...\Winlogon\Notify\ateiryhg
              [03/08/2008, 16:25:57] - Key not found: HKLM\...\Winlogon\Notify\ateiryhg, continuing.
              [03/08/2008, 16:25:57] - BHO 3: {260CB3BF-8FBB-44F6-B241-CE259E91E906} ()
              [03/08/2008, 16:25:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [03/08/2008, 16:25:57] - Checking for HKLM\...\Winlogon\Notify\mljgf
              [03/08/2008, 16:25:57] - Key not found: HKLM\...\Winlogon\Notify\mljgf, continuing.
              [03/08/2008, 16:25:57] - BHO 4: {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} (LimewirePlus Toolbar)
              [03/08/2008, 16:25:57] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
              [03/08/2008, 16:25:57] - BHO 6: {5630279F-DA89-4065-B9CC-36053F427ECB} ()
              [03/08/2008, 16:25:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [03/08/2008, 16:25:57] - Checking for HKLM\...\Winlogon\Notify\gebca
              [03/08/2008, 16:25:57] - Key not found: HKLM\...\Winlogon\Notify\gebca, continuing.
              [03/08/2008, 16:25:58] - BHO 7: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ()
              [03/08/2008, 16:25:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [03/08/2008, 16:25:58] - Checking for HKLM\...\Winlogon\Notify\coIEPlg
              [03/08/2008, 16:25:58] - Key not found: HKLM\...\Winlogon\Notify\coIEPlg, continuing.
              [03/08/2008, 16:25:58] - BHO 8: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
              [03/08/2008, 16:25:58] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
              [03/08/2008, 16:25:58] - BHO 10: {A96600FB-E9B0-486E-BC97-B0B9BCC0445E} ()
              [03/08/2008, 16:25:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [03/08/2008, 16:25:58] - Checking for HKLM\...\Winlogon\Notify\sstqq
              [03/08/2008, 16:25:58] - Key not found: HKLM\...\Winlogon\Notify\sstqq, continuing.
              [03/08/2008, 16:25:58] - BHO 11: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
              [03/08/2008, 16:25:58] - BHO 12: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
              [03/08/2008, 16:25:58] - BHO 13: {DA0FD7CE-4E77-4BD9-A788-A8D8769696E1} ()
              [03/08/2008, 16:25:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
              [03/08/2008, 16:25:58] - Checking for HKLM\...\Winlogon\Notify\ddcyv
              [03/08/2008, 16:25:58] - Key not found: HKLM\...\Winlogon\Notify\ddcyv, continuing.
              [03/08/2008, 16:25:58] - Finished Searching Browser Helper Objects
              [03/08/2008, 16:25:58] - Finishing up...
              [03/08/2008, 16:25:58] - A restart is needed.
              [03/08/2008, 16:26:03] - Attempting to Restart via STOP error (Blue Screen!)




              ---RVAXO.exe Updated: 2008-03-08---first run---
              Uninstallers:

              Files found:
              D:\WINDOWS\system32\acbeg.ini2
              D:\WINDOWS\system32\cbadd.ini2
              D:\WINDOWS\system32\ccbeg.ini2
              D:\WINDOWS\system32\fgjlm.ini2
              D:\WINDOWS\system32\gjllm.ini2
              D:\WINDOWS\system32\qqtss.ini2
              D:\WINDOWS\system32\stutv.ini2
              D:\WINDOWS\system32\vycdd.ini2
              D:\WINDOWS\pskt.ini
              D:\WINDOWS\system32\mcrh.tmp

              Folders Found:
              D:\Program Files\PlayMP3z
              D:\Program Files\FBrowsingAdvisor
              D:\Program Files\BrowsingTool
              D:\Program Files\FBrowserAdvisor

              Hosts-file was reset, If you use a custom hosts file please replace it...

              --------------RVAXO.exe last run---------------
              Not deleted items:
              D:\Documents and Settings\Standaard\Mijn documenten\Mijn ontvangen bestanden\AuctioneerClassic-5.0.PRE.2544.zip
              D:\Documents and Settings\Standaard\Mijn documenten\Mijn ontvangen bestanden\CT_MapMod.zip
              D:\Documents and Settings\Standaard\Mijn documenten\Mijn ontvangen bestanden\TNE_LowHealthWarning2.3.1.zip
              D:\Program Files\FBrowsingAdvisor
              D:\Program Files\FBrowserAdvisor
              D:\Program Files\BrowsingTool

              --------------RVAXO.exe finished----------------

              Comment


              • #8
                Open een kladblokbestand.
                Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                @ECHO OFF
                IF EXIST log.txt DEL log.txt
                ECHO Deleting folders>>log.txt
                FOR %%I in (
                C:\Qoobox
                "D:\Program Files\FBrowsingAdvisor"
                "D:\Program Files\FBrowserAdvisor"
                "D:\Program Files\BrowsingTool") DO (
                IF EXIST %%I (
                RD /S /Q %%I
                IF EXIST %%I (
                ECHO %%I not deleted>>log.txt
                ) ELSE (
                ECHO %%I deleted>>log.txt)
                ) ELSE (
                ECHO %%I not found>>log.txt))
                ECHO.>>log.txt
                ECHO Deleting files>>log.txt
                FOR %%G in (
                D:\WINDOWS\system32\hpmqjkcc.ini
                D:\WINDOWS\system32\lklwcfuw.ini
                D:\WINDOWS\system32\spkjbymr.ini
                D:\WINDOWS\system32\macijdnc.ini
                D:\WINDOWS\system32\swqehqqi.ini
                D:\WINDOWS\system32\vycdd.ini
                D:\WINDOWS\system32\yiloatbg.ini
                D:\WINDOWS\system32\scnbslbp.ini
                D:\WINDOWS\system32\qelrxusn.ini
                D:\WINDOWS\system32\rdsbnwtt.ini
                D:\WINDOWS\system32\yqwcqtuf.ini
                D:\WINDOWS\system32\ptkujeuc.ini
                D:\WINDOWS\system32\txigfyra.ini
                D:\WINDOWS\system32\d3dx9_26.dll
                D:\WINDOWS\msdownld.tmp
                D:\WINDOWS\system32\dyicctxk.ini
                D:\WINDOWS\system32\10f7495f
                D:\WINDOWS\system32\kifdxeog.ini
                D:\WINDOWS\system32\wqwmrtnd.ini
                D:\WINDOWS\system32\lxyexsmd.tmp
                D:\WINDOWS\system32\lxyexsmd.ini
                D:\WINDOWS\system32\dqficdai.ini
                D:\WINDOWS\system32\mpvipvjk.ini) DO (
                IF EXIST %%G (
                DEL /Q %%G
                IF EXIST %%G (
                ECHO %%G not deleted>>log.txt
                ) ELSE (
                ECHO %%G deleted>>log.txt)
                ) ELSE (
                ECHO %%G not found>>log.txt))
                START NOTEPAD.EXE log.txt

                Ga naar Bestand - Opslaan als.
                Bij "Opslaan in" kies je: Bureaublad
                Bij "Bestandsnaam" zet je: del.bat
                Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                Klik op de knop Opslaan.

                Dubbelklik op del.bat en post de inhoud van de logfile die opent.

                Comment


                • #9
                  Deleting folders
                  C:\Qoobox not found
                  "D:\Program Files\FBrowsingAdvisor" deleted
                  "D:\Program Files\FBrowserAdvisor" deleted
                  "D:\Program Files\BrowsingTool" deleted

                  Deleting files
                  D:\WINDOWS\system32\hpmqjkcc.ini not deleted
                  D:\WINDOWS\system32\lklwcfuw.ini not deleted
                  D:\WINDOWS\system32\spkjbymr.ini not deleted
                  D:\WINDOWS\system32\macijdnc.ini not deleted
                  D:\WINDOWS\system32\swqehqqi.ini not deleted
                  D:\WINDOWS\system32\vycdd.ini not deleted
                  D:\WINDOWS\system32\yiloatbg.ini not deleted
                  D:\WINDOWS\system32\scnbslbp.ini not deleted
                  D:\WINDOWS\system32\qelrxusn.ini not deleted
                  D:\WINDOWS\system32\rdsbnwtt.ini not deleted
                  D:\WINDOWS\system32\yqwcqtuf.ini not deleted
                  D:\WINDOWS\system32\ptkujeuc.ini not deleted
                  D:\WINDOWS\system32\txigfyra.ini not deleted
                  D:\WINDOWS\system32\d3dx9_26.dll deleted
                  D:\WINDOWS\msdownld.tmp not deleted
                  D:\WINDOWS\system32\dyicctxk.ini not deleted
                  D:\WINDOWS\system32\10f7495f deleted
                  D:\WINDOWS\system32\kifdxeog.ini not deleted
                  D:\WINDOWS\system32\wqwmrtnd.ini not deleted
                  D:\WINDOWS\system32\lxyexsmd.tmp not deleted
                  D:\WINDOWS\system32\lxyexsmd.ini not deleted
                  D:\WINDOWS\system32\dqficdai.ini not deleted
                  D:\WINDOWS\system32\mpvipvjk.ini not deleted

                  Comment


                  • #10
                    Maak even een nieuwe, ik heb hem iets aangepast

                    Open een kladblokbestand.
                    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                    @ECHO OFF
                    IF EXIST log.txt DEL log.txt
                    ECHO Deleting folders>>log.txt
                    FOR %%G in (
                    D:\WINDOWS\system32\hpmqjkcc.ini
                    D:\WINDOWS\system32\lklwcfuw.ini
                    D:\WINDOWS\system32\spkjbymr.ini
                    D:\WINDOWS\system32\macijdnc.ini
                    D:\WINDOWS\system32\swqehqqi.ini
                    D:\WINDOWS\system32\vycdd.ini
                    D:\WINDOWS\system32\yiloatbg.ini
                    D:\WINDOWS\system32\scnbslbp.ini
                    D:\WINDOWS\system32\qelrxusn.ini
                    D:\WINDOWS\system32\rdsbnwtt.ini
                    D:\WINDOWS\system32\yqwcqtuf.ini
                    D:\WINDOWS\system32\ptkujeuc.ini
                    D:\WINDOWS\system32\txigfyra.ini
                    D:\WINDOWS\msdownld.tmp
                    D:\WINDOWS\system32\dyicctxk.ini
                    D:\WINDOWS\system32\10f7495f
                    D:\WINDOWS\system32\kifdxeog.ini
                    D:\WINDOWS\system32\wqwmrtnd.ini
                    D:\WINDOWS\system32\lxyexsmd.tmp
                    D:\WINDOWS\system32\lxyexsmd.ini
                    D:\WINDOWS\system32\dqficdai.ini
                    D:\WINDOWS\system32\mpvipvjk.ini) DO (
                    IF EXIST %%G (
                    ATTRIB -r -s -h %%G
                    DEL /Q %%G
                    IF EXIST %%G (
                    ECHO %%G not deleted>>log.txt
                    ) ELSE (
                    ECHO %%G deleted>>log.txt)
                    ) ELSE (
                    ECHO %%G not found>>log.txt))
                    START NOTEPAD.EXE log.txt

                    Ga naar Bestand - Opslaan als.
                    Bij "Opslaan in" kies je: Bureaublad
                    Bij "Bestandsnaam" zet je: del.bat
                    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                    Klik op de knop Opslaan.

                    Dubbelklik op del.bat en post de inhoud van de logfile die opent.

                    Comment


                    • #11
                      Okeej


                      Deleting folders
                      D:\WINDOWS\system32\hpmqjkcc.ini deleted
                      D:\WINDOWS\system32\lklwcfuw.ini deleted
                      D:\WINDOWS\system32\spkjbymr.ini deleted
                      D:\WINDOWS\system32\macijdnc.ini deleted
                      D:\WINDOWS\system32\swqehqqi.ini deleted
                      D:\WINDOWS\system32\vycdd.ini deleted
                      D:\WINDOWS\system32\yiloatbg.ini deleted
                      D:\WINDOWS\system32\scnbslbp.ini deleted
                      D:\WINDOWS\system32\qelrxusn.ini deleted
                      D:\WINDOWS\system32\rdsbnwtt.ini deleted
                      D:\WINDOWS\system32\yqwcqtuf.ini deleted
                      D:\WINDOWS\system32\ptkujeuc.ini deleted
                      D:\WINDOWS\system32\txigfyra.ini deleted
                      D:\WINDOWS\msdownld.tmp not deleted
                      D:\WINDOWS\system32\dyicctxk.ini deleted
                      D:\WINDOWS\system32\10f7495f not found
                      D:\WINDOWS\system32\kifdxeog.ini deleted
                      D:\WINDOWS\system32\wqwmrtnd.ini deleted
                      D:\WINDOWS\system32\lxyexsmd.tmp deleted
                      D:\WINDOWS\system32\lxyexsmd.ini deleted
                      D:\WINDOWS\system32\dqficdai.ini deleted
                      D:\WINDOWS\system32\mpvipvjk.ini deleted

                      Comment


                      • #12
                        Prima

                        Post nu maar even een nieuw logje van Hijackthis

                        Comment


                        • #13
                          Okeej Hijackthis log..

                          Logfile of Trend Micro HijackThis v2.0.2
                          Scan saved at 18:34:18, on 8-3-2008
                          Platform: Windows XP SP2 (WinNT 5.01.2600)
                          MSIE: Internet Explorer v7.00 (7.00.6000.16608)
                          Boot mode: Normal

                          Running processes:
                          D:\WINDOWS\System32\smss.exe
                          D:\WINDOWS\system32\winlogon.exe
                          D:\WINDOWS\system32\services.exe
                          D:\WINDOWS\system32\lsass.exe
                          D:\WINDOWS\system32\svchost.exe
                          D:\WINDOWS\System32\svchost.exe
                          D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                          D:\WINDOWS\Explorer.EXE
                          D:\WINDOWS\system32\spoolsv.exe
                          D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
                          D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
                          D:\program files\CyberLink\Shared Files\RichVideo.exe
                          D:\WINDOWS\system32\svchost.exe
                          D:\WINDOWS\system32\ntvdm.exe
                          D:\WINDOWS\SOUNDMAN.EXE
                          D:\Program Files\VIA\RAID\raid_tool.exe
                          D:\program files\ASUS\PC Probe II\Probe2.exe
                          D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                          D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                          D:\Program Files\Canon\MyPrinter\BJMyPrt.exe
                          D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
                          D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                          D:\WINDOWS\system32\ctfmon.exe
                          D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                          D:\program files\Messenger\msmsgs.exe
                          D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                          D:\Program Files\Internet Explorer\IEXPLORE.EXE
                          D:\program files\Windows Live\Messenger\msnmsgr.exe
                          D:\Program Files\Windows Live\Messenger\usnsvc.exe
                          D:\WINDOWS\system32\NOTEPAD.EXE
                          D:\program files\Trend Micro\HijackThis\HijackThis.exe

                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skoften.net/
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                          R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - D:\Program Files\LimewirePlus\tbLim1.dll
                          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
                          O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
                          O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - D:\Program Files\LimewirePlus\tbLim1.dll
                          O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
                          O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
                          O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
                          O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                          O4 - HKLM\..\Run: [RaidTool] D:\Program Files\VIA\RAID\raid_tool.exe
                          O4 - HKLM\..\Run: [Launch PC Probe II] "D:\program files\ASUS\PC Probe II\Probe2.exe" 1
                          O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                          O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                          O4 - HKLM\..\Run: [osCheck] "D:\Program Files\Norton Internet Security\osCheck.exe"
                          O4 - HKLM\..\Run: [CanonSolutionMenu] D:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
                          O4 - HKLM\..\Run: [CanonMyPrinter] D:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
                          O4 - HKLM\..\Run: [SSBkgdUpdate] "D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
                          O4 - HKLM\..\Run: [OpwareSE4] "D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
                          O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
                          O4 - HKLM\..\Run: [LanguageShortcut] "D:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
                          O4 - HKLM\..\Run: [TomTomHOME.exe] "D:\program files\TomTom HOME 2\HOMERunner.exe" -s
                          O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
                          O4 - HKLM\..\Run: [10f75bd1] rundll32.exe "D:\WINDOWS\system32\rmybjkps.dll",b
                          O4 - HKLM\..\Run: [avp] D:\WINDOWS\system32\winver.exe
                          O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] D:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
                          O4 - HKLM\..\RunOnce: [Winnt32RunOnceWarning] user.exe
                          O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
                          O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                          O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
                          O4 - HKCU\..\Run: [MSMSGS] "D:\program files\Messenger\msmsgs.exe" /background
                          O4 - HKCU\..\Run: [AdobeUpdater] D:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
                          O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
                          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
                          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
                          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
                          O16 - DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} (Corporate Language Training Interface) - http://www.cltnet.de/login/dplaunch.cab
                          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                          O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
                          O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                          O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                          O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                          O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
                          O23 - Service: Google Updater Service (gusvc) - Google - D:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
                          O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
                          O23 - Service: LiveUpdate - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
                          O23 - Service: LiveUpdate Notice - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                          O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\program files\CyberLink\Shared Files\RichVideo.exe
                          O23 - Service: Symantec Core LC - Unknown owner - D:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

                          --
                          End of file - 7998 bytes

                          Comment


                          • #14
                            Start HijackThis nog een keer, kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
                            O4 - HKLM\..\Run: [10f75bd1] rundll32.exe "D:\WINDOWS\system32\rmybjkps.dll",b
                            O4 - HKLM\..\Run: [avp] D:\WINDOWS\system32\winver.exe
                            O4 - HKLM\..\RunOnce: [Winnt32RunOnceWarning] user.exe

                            Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

                            Maak dan een nieuw logje met Combofix

                            Comment


                            • #15
                              okeej.. combo fix log gemaakt.



                              ComboFix 08-03-07.4 - Standaard 2008-03-08 18:42:13.2 - NTFSx86
                              Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.397 [GMT 1:00]
                              Gestart vanuit: D:\Documents and Settings\Standaard\Bureaublad\ComboFix.exe

                              WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
                              .

                              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                              .

                              D:\WINDOWS\system32\rtstv.ini
                              D:\WINDOWS\system32\rtstv.ini2
                              D:\WINDOWS\system32\vtstr.dll

                              .
                              (((((((((((((((((((( Bestanden Gemaakt van 2008-02-08 to 2008-03-08 ))))))))))))))))))))))))))))))
                              .

                              2008-03-08 15:03 . 2008-03-08 12:43 728,462 --a------ D:\WINDOWS\system32\RVAXO.bat
                              2008-03-08 15:03 . 2001-10-01 14:51 69,632 --a------ D:\WINDOWS\system32\remove.exe
                              2008-03-08 15:03 . 2007-07-04 20:32 16,384 --a------ D:\WINDOWS\system32\Restart.exe
                              2008-03-08 14:23 . 2008-03-08 14:23 <DIR> d-------- D:\program files\Trend Micro
                              2008-03-04 13:55 . 2007-07-30 19:19 271,224 --a------ D:\WINDOWS\system32\mucltui.dll
                              2008-03-04 13:55 . 2007-07-30 19:19 207,736 --a------ D:\WINDOWS\system32\muweb.dll
                              2008-03-04 13:55 . 2007-07-30 19:18 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui
                              2008-03-02 11:34 . 2008-03-02 11:43 <DIR> d--hsc--- D:\program files\Common Files\WindowsLiveInstaller
                              2008-03-02 11:33 . 2008-03-02 11:33 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
                              2008-02-19 14:08 . 2008-02-19 14:11 <DIR> d-------- D:\WINDOWS\msdownld.tmp
                              2008-02-19 13:48 . 2008-02-19 13:48 <DIR> d-------- D:\program files\Common Files\PocketSoft
                              2008-02-15 18:19 . 2006-04-14 23:05 9,952 --a------ D:\regxpcom.exe

                              .
                              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              2008-03-08 17:39 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec
                              2008-03-08 15:31 --------- d-----w D:\Documents and Settings\All Users\Application Data\CanonIJPLM
                              2008-03-08 14:15 --------- d-----w D:\Program Files\Common Files\Symantec Shared
                              2008-03-04 12:53 --------- d-----w D:\Program Files\MSN Messenger
                              2008-03-02 10:43 --------- d-----w D:\Program Files\Windows Live
                              2008-02-29 14:00 --------- d-----w D:\Program Files\Norton Security Scan
                              2008-02-26 18:51 --------- d-----w D:\Documents and Settings\Standaard\Application Data\LimeWirePlus
                              2008-02-19 12:48 --------- d--h--w D:\Program Files\InstallShield Installation Information
                              2008-02-05 16:25 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                              2008-02-05 15:46 --------- d-----w D:\Program Files\Spybot - Search & Destroy
                              2008-02-04 21:06 --------- d-----w D:\Documents and Settings\All Users\Application Data\Lavasoft
                              2008-02-04 21:04 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
                              2008-02-03 18:53 --------- d-----w D:\Program Files\Ahead
                              2008-02-03 18:49 --------- d-----w D:\Documents and Settings\All Users\Application Data\DVD Shrink
                              2008-01-31 16:42 --------- d-----w D:\Program Files\LimewirePlus
                              2008-01-31 16:36 --------- d-----w D:\Program Files\LimeWire Plus
                              2008-01-31 15:49 --------- d-----w D:\Program Files\Belastingdienst
                              2008-01-15 08:54 10,537 ----a-w D:\WINDOWS\system32\drivers\coh_mon.cat
                              2008-01-15 04:28 706 ----a-w D:\WINDOWS\system32\drivers\COH_Mon.inf
                              2008-01-13 15:22 --------- d-----w D:\Program Files\TomTom HOME 2
                              2008-01-13 15:22 --------- d-----w D:\Documents and Settings\Standaard\Application Data\TomTom
                              2008-01-13 15:22 --------- d-----w D:\Documents and Settings\All Users\Application Data\TomTom
                              2008-01-13 15:21 --------- d-----w D:\Documents and Settings\Standaard\Application Data\InstallShield
                              2008-01-12 17:32 23,904 ----a-w D:\WINDOWS\system32\drivers\COH_Mon.sys
                              2008-01-11 16:47 --------- d-----w D:\Documents and Settings\Standaard\Application Data\Ventrilo
                              2008-01-10 16:42 --------- d-----w D:\Documents and Settings\Standaard\Application Data\CyberLink
                              2008-01-10 16:42 --------- d-----w D:\Documents and Settings\All Users\Application Data\CyberLink
                              2008-01-10 16:39 --------- d-----w D:\Program Files\CyberLink
                              .

                              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              .
                              REGEDIT4
                              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                              [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19f60c14-0e5a-4074-9589-814d2b22f378}]
                              D:\WINDOWS\system32\ateiryhg.dll

                              [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{260CB3BF-8FBB-44F6-B241-CE259E91E906}]
                              D:\WINDOWS\system32\mljgf.dll

                              [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{364CBAA5-17CF-4117-8E4A-7C36814581C6}]

                              [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]
                              2008-01-31 17:42 1555480 --a------ D:\Program Files\LimewirePlus\tbLim1.dll

                              [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5630279F-DA89-4065-B9CC-36053F427ECB}]
                              D:\WINDOWS\system32\gebca.dll

                              [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
                              2007-08-24 20:51 316784 --a------ D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

                              [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
                              2008-01-31 16:59 116088 --a------ D:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

                              [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A96600FB-E9B0-486E-BC97-B0B9BCC0445E}]
                              D:\WINDOWS\system32\sstqq.dll

                              [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA0FD7CE-4E77-4BD9-A788-A8D8769696E1}]
                              D:\WINDOWS\system32\ddcyv.dll

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
                              "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 20:51 316784]
                              "{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= "D:\Program Files\LimewirePlus\tbLim1.dll" [2008-01-31 17:42 1555480]

                              [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
                              [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
                              [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

                              [HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]

                              [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
                              "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 20:51 316784]
                              "{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= D:\Program Files\LimewirePlus\tbLim1.dll [2008-01-31 17:42 1555480]

                              [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
                              [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
                              [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

                              [HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]

                              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                              "CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
                              "swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-04 15:25 68856]
                              "MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
                              "MSMSGS"="D:\program files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
                              "AdobeUpdater"="D:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 09:37 2321600]
                              "SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                              "IMJPMIG8.1"="D:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2006-03-02 13:00 208952]
                              "PHIME2002ASync"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-03-02 13:00 455168]
                              "PHIME2002A"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-03-02 13:00 455168]
                              "SoundMan"="SOUNDMAN.EXE" [2005-07-22 08:00 81920 D:\WINDOWS\SOUNDMAN.EXE]
                              "RaidTool"="D:\Program Files\VIA\RAID\raid_tool.exe" [2005-08-12 09:38 1056768]
                              "Launch PC Probe II"="D:\program files\ASUS\PC Probe II\Probe2.exe" [2005-07-22 15:05 1901568]
                              "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
                              "Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
                              "ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 13:15 51048]
                              "osCheck"="D:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 21:53 714608]
                              "CanonSolutionMenu"="D:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 17:01 644696]
                              "CanonMyPrinter"="D:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 17:50 1603152]
                              "SSBkgdUpdate"="D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
                              "OpwareSE4"="D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400]
                              "RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 22:26 68640]
                              "LanguageShortcut"="D:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17 52256]
                              "TomTomHOME.exe"="D:\program files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19 378784]
                              "NeroCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
                              "10f75bd1"="D:\WINDOWS\system32\rmybjkps.dll" [ ]
                              "avp"="D:\WINDOWS\system32\winver.exe" [2006-03-02 13:00 5632]

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
                              "NoIE4StubProcessing"="D:\WINDOWS\system32\reg.exe" [2006-03-02 13:00 56832]
                              "Winnt32RunOnceWarning"="user.exe" [2006-03-02 13:00 47872 D:\WINDOWS\system32\user.exe]

                              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                              "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

                              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
                              "DisableMonitoring"=dword:00000001

                              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
                              "DisableMonitoring"=dword:00000001

                              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
                              "DisableMonitoring"=dword:00000001

                              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
                              "EnableFirewall"= 0 (0x0)

                              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                              "%windir%\\system32\\sessmgr.exe"=
                              "D:\\program files\\BitLord\\BitLord.exe"=
                              "C:\\World of Warcraft\\BackgroundDownloader.exe"=
                              "D:\\WINDOWS\\system32\\dpvsetup.exe"=
                              "D:\\program files\\Messenger\\msmsgs.exe"=
                              "D:\\program files\\LimeWire Plus\\LimeWire.exe"=
                              "D:\\WINDOWS\\system32\\winver.exe"=
                              "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                              "D:\\program files\\Windows Live\\Messenger\\msnmsgr.exe"=
                              "D:\\program files\\Windows Live\\Messenger\\livecall.exe"=

                              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
                              "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

                              R2 IJPLMSVC;PIXMA Extended Survey Program;D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 08:20]
                              R2 LiveUpdate Notice;LiveUpdate Notice;"D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
                              R3 SymIMMP;SymIMMP;D:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
                              S3 COH_Mon;COH_Mon;D:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
                              S3 SymIM;Symantec Network Security Intermediate Filter Service;D:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]

                              *Newly Created Service* - COMHOST
                              .
                              Inhoud van de 'Gedeelde Taken' map
                              "2008-02-25 21:25:26 D:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - Standaard.job"
                              - D:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
                              "2008-03-01 10:11:33 D:\WINDOWS\Tasks\Norton Security Scan.job"
                              - D:\Program Files\Norton Security Scan\Nss.exe
                              .
                              **************************************************************************

                              catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                              Rootkit scan 2008-03-08 18:51:15
                              Windows 5.1.2600 Service Pack 2 NTFS

                              scannen van verborgen processen ...

                              scannen van verborgen autostart items ...

                              scannen van verborgen bestanden ...

                              Scan succesvol afgerond
                              verborgen bestanden: 0

                              **************************************************************************
                              .
                              ------------------------ Other Running Processes ------------------------
                              .
                              C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                              D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
                              D:\program files\CyberLink\Shared Files\RichVideo.exe
                              .
                              **************************************************************************
                              .
                              Voltooingstijd: 2008-03-08 18:53:46 - machine was rebooted
                              ComboFix-quarantined-files.txt 2008-03-08 17:53:42
                              ComboFix2.txt 2008-03-08 14:27:57
                              .
                              2008-02-13 22:24:07 --- E O F ---

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X