Mededeling

Collapse
No announcement yet.

trojan/worm? via msn

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • trojan/worm? via msn

    hey beste helpers
    ik heb een trojan/worm volgens mij binnengekregen. ik deze binnen grkregen via een opgestuurde link via msn. ik had opeens 2 nieuwe bestanden op mijn bureaublad staan ( die heb ik meteen verwijderd ) en mijn msn begon hetzelfde bericht als ik had gekregen naar mijn online contacten te sturen. ik heb me snel afgemeld en live messenger al gedeinstaleerd. ik heb al met panda en met spy doctor gescant maar het probleem deed zich nog steeds voor. ik heb nu pas live messenger gedeinstaleerd. miss dat zo het iedere keer weer opnieuw begon?
    ps panda detecteerde wel meerdere keren dit bestand en heeft het gedesinfecteerd: Trj.Downloader.TDW. ik had hem opgezocht op google maar die kent hem niet.
    hieronder mijn HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:34:03, on 6-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
    C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Lexmark 3300 Series\lxccmon.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Documents and Settings\Frank\Mijn documenten\Ties\Eset\nod32krn.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\lxcccoms.exe
    C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Panda Security\Panda Antivirus 2008\psimreal.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,[email protected]
    O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\%%%.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.paradigit.nl
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://D:\CD\setup\mitm0026.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylomgames.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Documents and Settings\Frank\Mijn documenten\Ties\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)

    --
    End of file - 9210 bytes


    alvast bedank, Ties

  • #2
    Volg deze instructies om ComboFix te downloaden:
    • Voer de instructies op de BleepingComputer pagina uit, inclusief het installeren van de XP Recovery Console
      Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

      OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
      schakel dan deze scanner uit en download Combofix opnieuw.
      Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
      • Dubbelklik op Combofix.exe
        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
        Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.


      Plaats deze log in je volgende post, samen met een vers HijackThis logje.
    Groet,
    Pimmerd

    Comment


    • #3
      alles ging goed alleen krijg ik nu wel:

      Microsoft Visual C++ Runtime Library

      Runtime Error!
      in Program: C:\Windows\system32\%%%.exe
      R6002
      -floating point not loaded

      en hij blijft maar terug komen zelfs als ik op ok druk

      hij is nu tog weg

      Combofix:

      ComboFix 08-04-04.1 - Frank 2008-04-06 15:29:51.1 - NTFSx86
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.189 [GMT 2:00]
      Gestart vanuit: C:\Documents and Settings\Frank\Local Settings\Temporary Internet Files\Content.IE5\Q68KLYML\ComboFix[1].exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\Frank\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-03-06 to 2008-04-06 ))))))))))))))))))))))))))))))
      .

      2008-04-06 14:33 . 2008-04-06 14:33 <DIR> d-------- C:\Program Files\Trend Micro
      2008-04-06 13:42 . 2008-04-06 13:42 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
      2008-04-06 12:44 . 2008-04-06 12:44 <DIR> d-------- C:\Program Files\SurfRight
      2008-04-06 12:44 . 2008-04-06 12:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SurfRight
      2008-04-05 22:53 . 2008-04-05 22:53 <DIR> d-------- C:\Program Files\ESET
      2008-04-05 22:53 . 2008-04-05 22:53 512,096 --a------ C:\WINDOWS\SYSTEM32\drivers\amon.sys
      2008-04-05 22:53 . 2008-04-05 22:53 298,104 --a------ C:\WINDOWS\SYSTEM32\imon.dll
      2008-04-05 22:53 . 2008-04-05 22:53 15,424 --a------ C:\WINDOWS\SYSTEM32\drivers\nod32drv.sys
      2008-04-05 22:52 . 2008-04-05 22:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
      2008-04-05 22:37 . 2008-04-05 22:37 <DIR> d-------- C:\WINDOWS\SYSTEM32\GroupPolicy
      2008-04-05 22:20 . 2008-04-05 22:20 <DIR> d-------- C:\Program Files\Enigma Software Group
      2008-04-05 20:17 . 2008-04-05 22:59 <DIR> d-------- C:\Program Files\Spyware Doctor
      2008-04-05 19:26 . 2008-04-05 19:26 244 --ah----- C:\sqmnoopt00.sqm
      2008-04-05 19:26 . 2008-04-05 19:26 232 --ah----- C:\sqmdata00.sqm
      2008-04-05 18:08 . 2008-04-05 23:00 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
      2008-04-05 16:16 . 2008-04-05 16:16 64,156 --a------ C:\WINDOWS\SYSTEM32\%%%.exe
      2008-04-05 15:46 . 2007-06-20 15:48 18,224 --a------ C:\WINDOWS\SYSTEM32\pfdnnt.exe
      2008-04-04 17:17 . 2008-04-04 17:17 <DIR> d-------- C:\Program Files\Exatech kalender
      2008-03-29 19:37 . 2008-03-29 19:37 <DIR> d-------- C:\Program Files\Belastingdienst

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-05 18:20 --------- d-----w C:\Program Files\Google
      2008-04-05 16:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-04-05 14:16 64,156 ----a-w C:\WINDOWS\SYSTEM32\%%%.exe
      2008-04-04 15:35 --------- d-----w C:\Program Files\Lx_cats
      2008-03-28 16:23 --------- d-----w C:\Program Files\LimeWire
      2008-03-28 16:23 --------- d-----w C:\Program Files\Incomplete
      2008-03-05 20:22 --------- d-----w C:\Program Files\Java
      2008-02-11 20:50 --------- d-----w C:\Program Files\Common Files\INCA Shared
      2008-02-09 22:43 --------- d-----w C:\Documents and Settings\Frank\Application Data\Xfire
      2008-02-07 18:01 --------- d-----w C:\Program Files\Common Files\Panda Software
      2008-02-07 15:45 38,968 ----a-w C:\WINDOWS\system32\drivers\ShlDrv51.sys
      2008-02-07 15:45 178,872 ----a-w C:\WINDOWS\system32\drivers\PavProc.sys
      2008-01-31 02:02 54,608 ----a-w C:\WINDOWS\SYSTEM32\xfcodec.dll
      2008-01-11 05:52 44,544 ----a-w C:\WINDOWS\SYSTEM32\dllcache\pngfilt.dll
      2007-12-02 15:29 123,505 ----a-w C:\Program Files\Utrecht.sc3
      2007-04-04 11:34 37,496 ----a-w C:\Documents and Settings\Frank\Application Data\GDIPFONTCACHEV1.DAT
      2006-12-21 22:00 324,856 ----a-w C:\Program Files\Simburg.sc3
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 18:34 68856]
      "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:53 204288]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "C-Media Mixer"="Mixer.exe" [2002-10-15 19:00 1818624 C:\WINDOWS\mixer.exe]
      "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 14:16 5058560]
      "nwiz"="nwiz.exe" [2003-10-06 14:16 741376 C:\WINDOWS\SYSTEM32\nwiz.exe]
      "WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2000-07-12 12:59 24576]
      "Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-12 14:14 311350]
      "Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-29 17:56 28739]
      "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-23 19:34 77824]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
      "LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 15:44 73728]
      "lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2005-07-21 02:16 192512]
      "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 11:36 299008]
      "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
      "NWEReboot"=""
      "APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-10-04 16:14 455984]
      "Flash Media"="C:\WINDOWS\system32\%%%.exe" [2008-04-05 16:16 64156]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-05-22 12:15:13 113664]
      Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
      Herinneringen van Microsoft Works Agenda.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-12 14:14:38 24633]
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
      avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\SYSTEM32\avldr.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=PAVWAIT.DLL

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.MKVC"= KMVIDC32.DLL
      "VIDC.XFR1"= xfcodec.dll

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Team17\\Worms2\\frontend.exe"=
      "C:\\Program Files\\LimeWire\\LimeWire.exe"=
      "C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"=
      "C:\\Program Files\\Chami\\HTML-Kit\\Bin\\HTMLKit.exe"=
      "C:\\Program Files\\Maxis\\SimCity 3000 World Edition\\Apps\\Updater\\UPDATER.EXE"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Documents and Settings\\Frank\\Mijn documenten\\Ties\\mentorles\\Xfire\\xfire.exe"=
      "C:\\WINDOWS\\system32\\%%%.exe"=

      R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 23:52]
      R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-02-07 17:45]
      R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-02-07 17:45]
      S1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\drivers\ctredrv.sys
      S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys
      S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys

      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-06 15:33:57
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      ? [1368]

      scannen van verborgen autostart items ...

      HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      LXCCCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,[email protected]????????????????????????????? ???????????????????????????????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-04-06 15:35:17
      ComboFix-quarantined-files.txt 2008-04-06 13:34:56
      Pre-Run: 32,111,042,560 bytes beschikbaar
      Post-Run: 32,196,677,632 bytes beschikbaar
      .
      2008-03-11 22:57:44 --- E O F ---

      HJT

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 15:44:59, on 6-4-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\SYSTEM32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Mixer.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Lexmark 3300 Series\lxccmon.exe
      C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Windows Media Player\WMPNSCFG.exe
      C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Documents and Settings\Frank\Mijn documenten\Ties\Eset\nod32krn.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
      C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\lxcccoms.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
      C:\WINDOWS\system32\notepad.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%.exe
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
      O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
      O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
      O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,[email protected]
      O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
      O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
      O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\%%%.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O14 - IERESET.INF: START_PAGE_URL=http://www.paradigit.nl
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
      O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://D:\CD\setup\mitm0026.cab
      O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylomgames.com/activex/zylomgamesplayer.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
      O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Documents and Settings\Frank\Mijn documenten\Ties\Eset\nod32krn.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
      O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
      O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
      O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
      O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)

      --
      End of file - 9136 bytes
      Last edited by TBH; 06-04-08, 15:48. Reden: verbetering

      Comment


      • #4
        Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

        File::
        C:\WINDOWS\SYSTEM32\%%%.exe

        Registry::
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "Flash Media"=-
        [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "C:\\WINDOWS\\system32\\%%%.exe"=-

        Driver::
        PavTPK.sys
        PavSRK.sys

        Sla dit op op je Bureaublad als CFScript.txt

        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



        Dit zal ComboFix doen herstarten.
        Start opnieuw op als daarom gevraagd wordt,
        en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
        Groet,
        Pimmerd

        Comment


        • #5
          ging weer goed. ik kreeg wel een detectie van panda over een mogelijk schadelijk programma na afloop. C:\WINDOWS\pse nog wat ik weet niet meer wat. ik heb dit voor de ckerheid verwijderd. dat is hopelijk goed? wat het was niet in de combifix dus ik d8 dat t wel kon.
          weet je miss al wat het probleem is. zoja kan je het me laten weten.
          ps sorry dat ik zo laat reageer, maar ik heb bezoek.

          combofix rapport:

          ComboFix 08-04-04.1 - Frank 2008-04-06 19:59:54.1 - NTFSx86
          Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.194 [GMT 2:00]
          Gestart vanuit: C:\Documents and Settings\Frank\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\Frank\Bureaublad\CFScript.txt
          * Nieuw herstelpunt werd aangemaakt

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

          FILE ::
          C:\WINDOWS\SYSTEM32\%%%.exe
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\WINDOWS\SYSTEM32\%%%.exe

          .
          ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          -------\Legacy_PAVTPK.SYS
          -------\Service_PavTPK.sys


          (((((((((((((((((((( Bestanden Gemaakt van 2008-03-06 to 2008-04-06 ))))))))))))))))))))))))))))))
          .

          2008-04-06 20:03 . 2008-04-06 20:03 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
          2008-04-06 17:12 . 2008-04-06 17:12 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\PC Tools
          2008-04-06 17:12 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\SYSTEM32\drivers\iksyssec.sys
          2008-04-06 17:12 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\SYSTEM32\drivers\iksysflt.sys
          2008-04-06 17:12 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\SYSTEM32\drivers\ikfilesec.sys
          2008-04-06 17:12 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\SYSTEM32\drivers\kcom.sys
          2008-04-06 16:41 . 2008-04-06 16:47 <DIR> d-------- C:\Program Files\Windows Live
          2008-04-06 14:33 . 2008-04-06 14:33 <DIR> d-------- C:\Program Files\Trend Micro
          2008-04-06 13:42 . 2008-04-06 13:42 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
          2008-04-06 12:44 . 2008-04-06 12:44 <DIR> d-------- C:\Program Files\SurfRight
          2008-04-06 12:44 . 2008-04-06 12:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SurfRight
          2008-04-05 22:53 . 2008-04-05 22:53 <DIR> d-------- C:\Program Files\ESET
          2008-04-05 22:53 . 2008-04-05 22:53 512,096 --a------ C:\WINDOWS\SYSTEM32\drivers\amon.sys
          2008-04-05 22:53 . 2008-04-05 22:53 298,104 --a------ C:\WINDOWS\SYSTEM32\imon.dll
          2008-04-05 22:53 . 2008-04-05 22:53 15,424 --a------ C:\WINDOWS\SYSTEM32\drivers\nod32drv.sys
          2008-04-05 22:52 . 2008-04-05 22:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
          2008-04-05 22:37 . 2008-04-05 22:37 <DIR> d-------- C:\WINDOWS\SYSTEM32\GroupPolicy
          2008-04-05 22:20 . 2008-04-05 22:20 <DIR> d-------- C:\Program Files\Enigma Software Group
          2008-04-05 20:17 . 2008-04-06 17:39 <DIR> d-------- C:\Program Files\Spyware Doctor
          2008-04-05 19:26 . 2008-04-05 19:26 244 --ah----- C:\sqmnoopt00.sqm
          2008-04-05 19:26 . 2008-04-05 19:26 232 --ah----- C:\sqmdata00.sqm
          2008-04-05 18:08 . 2008-04-06 20:11 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
          2008-04-05 15:46 . 2007-06-20 15:48 18,224 --a------ C:\WINDOWS\SYSTEM32\pfdnnt.exe
          2008-04-04 17:17 . 2008-04-04 17:17 <DIR> d-------- C:\Program Files\Exatech kalender
          2008-03-29 19:37 . 2008-03-29 19:37 <DIR> d-------- C:\Program Files\Belastingdienst

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-04-06 16:20 --------- d-----w C:\Program Files\Incomplete
          2008-04-06 15:53 --------- d-----w C:\Program Files\LimeWire
          2008-04-06 15:22 --------- d-----w C:\Program Files\Google
          2008-04-06 14:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
          2008-04-04 15:35 --------- d-----w C:\Program Files\Lx_cats
          2008-03-05 20:22 --------- d-----w C:\Program Files\Java
          2008-02-11 20:50 --------- d-----w C:\Program Files\Common Files\INCA Shared
          2008-02-09 22:43 --------- d-----w C:\Documents and Settings\Frank\Application Data\Xfire
          2008-02-07 18:01 --------- d-----w C:\Program Files\Common Files\Panda Software
          2008-02-07 15:45 38,968 ----a-w C:\WINDOWS\system32\drivers\ShlDrv51.sys
          2008-02-07 15:45 178,872 ----a-w C:\WINDOWS\system32\drivers\PavProc.sys
          2007-12-02 15:29 123,505 ----a-w C:\Program Files\Utrecht.sc3
          2007-04-04 11:34 37,496 ----a-w C:\Documents and Settings\Frank\Application Data\GDIPFONTCACHEV1.DAT
          2006-12-21 22:00 324,856 ----a-w C:\Program Files\Simburg.sc3
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]
          "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 18:34 68856]
          "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:53 204288]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "C-Media Mixer"="Mixer.exe" [2002-10-15 19:00 1818624 C:\WINDOWS\mixer.exe]
          "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 14:16 5058560]
          "nwiz"="nwiz.exe" [2003-10-06 14:16 741376 C:\WINDOWS\SYSTEM32\nwiz.exe]
          "WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2000-07-12 12:59 24576]
          "Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-12 14:14 311350]
          "Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-29 17:56 28739]
          "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-23 19:34 77824]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
          "LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 15:44 73728]
          "lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2005-07-21 02:16 192512]
          "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 11:36 299008]
          "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
          "NWEReboot"=""
          "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-05-22 12:15:13 113664]
          Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
          Herinneringen van Microsoft Works Agenda.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-12 14:14:38 24633]
          Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
          "AppInit_DLLs"=PAVWAIT.DLL

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
          "VIDC.MKVC"= KMVIDC32.DLL
          "VIDC.XFR1"= xfcodec.dll

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
          "%windir%\\system32\\sessmgr.exe"=
          "C:\\Team17\\Worms2\\frontend.exe"=
          "C:\\Program Files\\LimeWire\\LimeWire.exe"=
          "C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"=
          "C:\\Program Files\\Chami\\HTML-Kit\\Bin\\HTMLKit.exe"=
          "C:\\Program Files\\Maxis\\SimCity 3000 World Edition\\Apps\\Updater\\UPDATER.EXE"=
          "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
          "C:\\Documents and Settings\\Frank\\Mijn documenten\\Ties\\mentorles\\Xfire\\xfire.exe"=
          "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
          "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
          "C:\\WINDOWS\\system32\\%%%.exe"=

          R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 23:52]
          R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-02-07 17:45]
          R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-02-07 17:45]
          S1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\drivers\ctredrv.sys
          S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys

          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-04-06 20:11:18
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          ? [1348]

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          ------------------------ Other Running Processes ------------------------
          .
          C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
          C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
          C:\Documents and Settings\Frank\Mijn documenten\Ties\Eset\nod32krn.exe
          C:\WINDOWS\System32\nvsvc32.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
          C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
          C:\Program Files\Spyware Doctor\pctsAuxs.exe
          C:\Program Files\Spyware Doctor\pctsSvc.exe
          C:\Program Files\Windows Media Player\WMPNetwk.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
          C:\WINDOWS\system32\lxcccoms.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
          .
          **************************************************************************
          .
          Voltooingstijd: 2008-04-06 20:18:48 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-04-06 18:18:38
          ComboFix2.txt 2008-04-06 13:35:19
          Pre-Run: 32,371,544,064 bytes beschikbaar
          Post-Run: 32,309,874,688 bytes beschikbaar
          .
          2008-04-06 18:06:45 --- E O F ---

          HJT rapport:

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 20:25:32, on 6-4-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16608)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\csrss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
          C:\WINDOWS\Mixer.exe
          C:\Program Files\QuickTime\qttask.exe
          C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
          C:\Program Files\Lexmark 3300 Series\lxccmon.exe
          C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
          C:\Program Files\Spyware Doctor\pctsTray.exe
          C:\Documents and Settings\Frank\Mijn documenten\Ties\Eset\nod32krn.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\WINDOWS\System32\nvsvc32.exe
          C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
          C:\Program Files\Windows Media Player\WMPNSCFG.exe
          C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
          C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
          C:\Program Files\Spyware Doctor\pctsAuxs.exe
          C:\Program Files\Spyware Doctor\pctsSvc.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Windows Media Player\WMPNetwk.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
          C:\WINDOWS\system32\lxcccoms.exe
          C:\WINDOWS\System32\alg.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
          C:\WINDOWS\explorer.exe
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
          C:\WINDOWS\System32\wbem\wmiprvse.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%.exe
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
          O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
          O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
          O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
          O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
          O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
          O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,[email protected]
          O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
          O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
          O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
          O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
          O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
          O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O14 - IERESET.INF: START_PAGE_URL=http://www.paradigit.nl
          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
          O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
          O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
          O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
          O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
          O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://D:\CD\setup\mitm0026.cab
          O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
          O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylomgames.com/activex/zylomgamesplayer.cab
          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
          O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
          O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
          O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
          O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Documents and Settings\Frank\Mijn documenten\Ties\Eset\nod32krn.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
          O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
          O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
          O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
          O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
          O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
          O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

          --
          End of file - 9700 bytes

          Comment


          • #6
            Er waren enkele malware bestanden aanwezig, die zijn nu verwijderd.

            Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:

            F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%.exe

            Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.

            Herstart je PC en post een nieuw Hijackthis logje ter controle.
            Nog problemen?
            Groet,
            Pimmerd

            Comment


            • #7
              ging weer goed geen enkel probleem dit keer.

              was het trouwens niet erg dat ik dat bestand had verwijderd of kon je er niks van maken? ik heb nog geen problemen daardoor ondervonden.

              ik ga nu even mijn msn weer downloaden en laat hem dan een tijdje aanstaan waarschuw natuurlijk wel eerst mijn contactpersonen:P als ik niks meer heb close ik de topic anders hoor je t wel.

              iig heel erg bedankt Ties

              HJT rapport:

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 21:10:49, on 6-4-2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16608)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\csrss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
              C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\Explorer.EXE
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\WINDOWS\Mixer.exe
              C:\Program Files\QuickTime\qttask.exe
              C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
              C:\Program Files\Lexmark 3300 Series\lxccmon.exe
              C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
              C:\Program Files\Spyware Doctor\pctsTray.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
              C:\Program Files\Windows Media Player\WMPNSCFG.exe
              C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
              C:\Documents and Settings\Frank\Mijn documenten\Ties\Eset\nod32krn.exe
              C:\WINDOWS\System32\nvsvc32.exe
              C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
              C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
              C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
              C:\Program Files\Spyware Doctor\pctsAuxs.exe
              C:\Program Files\Spyware Doctor\pctsSvc.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Windows Media Player\WMPNetwk.exe
              C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
              C:\WINDOWS\system32\lxcccoms.exe
              C:\WINDOWS\System32\alg.exe
              C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
              C:\WINDOWS\System32\wbem\wmiprvse.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%.exe
              O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
              O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
              O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
              O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
              O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
              O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
              O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
              O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,[email protected]
              O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
              O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
              O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
              O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
              O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
              O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
              O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
              O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
              O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
              O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O14 - IERESET.INF: START_PAGE_URL=http://www.paradigit.nl
              O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
              O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
              O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
              O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
              O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
              O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://D:\CD\setup\mitm0026.cab
              O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
              O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylomgames.com/activex/zylomgamesplayer.cab
              O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
              O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
              O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
              O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
              O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Documents and Settings\Frank\Mijn documenten\Ties\Eset\nod32krn.exe
              O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
              O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
              O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
              O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
              O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
              O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
              O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

              --
              End of file - 9481 bytes

              Comment


              • #8
                Download SDFix naar je Bureaublad.

                Dubbelklik om te openen, selecteer alle bestanden en pak ze uit naar een eigen map met de naam SDFix.
                Start je computer op in veilige modus.
                Open de map SDfix en dubbelklik op runthis.bat om de tool te starten.
                Computer laten herstarten wanneer dit gevraagd wordt.
                SDfix loopt verder en opent na afloop een rapportje!
                Post dit rapport in je volgende antwoord.
                Groet,
                Pimmerd

                Comment


                • #9
                  ik heb tot nu toe nergens meer last van gehad maar ik zal het morgenochtend wel even voor je doen. heb er nu geen tijd voor aangezien t in veilige modus is en t dan wel een tijdje kan duren.
                  grtjes ties

                  Comment


                  • #10
                    Prima Ties, hij staat namelijk nog steeds in je log
                    Groet,
                    Pimmerd

                    Comment


                    • #11
                      hey goeiemorgen pimmerd. ik heb SDfix er ff daar gegooit en hier is het rapport en natuurlijk een nieuwe HJT:


                      SDFix: Version 1.167
                      Run by Frank on ma 07-04-2008 at 07:33

                      Microsoft Windows XP [versie 5.1.2600]
                      Running From: C:\DOCUME~1\Frank\BUREAU~1\Ties\SDfix\SDFix

                      Checking Services :


                      Restoring Windows Registry Values
                      Restoring Windows Default Hosts File

                      Rebooting


                      Checking Files :

                      Trojan Files Found:

                      C:\WINDOWS\SYSTEM32\FTPUPD.EXE - Deleted
                      C:\WINDOWS\system32\11.tmp - Deleted
                      C:\WINDOWS\system32\TFTP308 - Deleted
                      C:\WINDOWS\system32\TFTP5728 - Deleted
                      C:\WINDOWS\system32\real.txt - Deleted





                      Removing Temp Files

                      ADS Check :



                      Final Check :

                      catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                      Rootkit scan 2008-04-07 07:43:29
                      Windows 5.1.2600 Service Pack 2 NTFS

                      scanning hidden processes ...

                      scanning hidden services & system hive ...

                      scanning hidden registry entries ...

                      scanning hidden files ...

                      scan completed successfully
                      hidden processes: 0
                      hidden services: 0
                      hidden files: 0


                      Remaining Services :



                      Authorized Application Key Export:

                      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
                      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
                      "C:\\Team17\\Worms2\\frontend.exe"="C:\\Team17\\Worms2\\frontend.exe:*:Enabled:Worms 2 Frontend"
                      "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
                      "C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"="C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe:*:Enabled:sol dierfront"
                      "C:\\Program Files\\Chami\\HTML-Kit\\Bin\\HTMLKit.exe"="C:\\Program Files\\Chami\\HTML-Kit\\Bin\\HTMLKit.exe:*:Enabled:HTML-Kit"
                      "C:\\Program Files\\Maxis\\SimCity 3000 World Edition\\Apps\\Updater\\UPDATER.EXE"="C:\\Program Files\\Maxis\\SimCity 3000 World Edition\\Apps\\Updater\\UPDATER.EXE:*isabled:SC3UpdaterMFC"
                      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
                      "C:\\Documents and Settings\\Frank\\Mijn documenten\\Ties\\mentorles\\Xfire\\xfire.exe"="C:\\Documents and Settings\\Frank\\Mijn documenten\\Ties\\mentorles\\Xfire\\xfire.exe:*:Enabled:Xfire"
                      "C:\\WINDOWS\\system32\\%%%.exe"="C:\\WINDOWS\\system32\\%%%.exe:*:Enabled:Flash Media"
                      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
                      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

                      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
                      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
                      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
                      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
                      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

                      Remaining Files :


                      File Backups: - C:\DOCUME~1\Frank\BUREAU~1\Ties\SDfix\SDFix\backups\backups.zip

                      Files with Hidden Attributes :

                      Tue 29 Jun 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
                      Tue 29 Jun 2004 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv16.bak"
                      Thu 1 Jul 2004 400 A.SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
                      Thu 1 Jul 2004 48 A.SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
                      Thu 1 Jul 2004 400 A.SH. --- "C:\Documents and Settings\All Users\DRM\v3ks.bla.bak"
                      Thu 22 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
                      Fri 25 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT2.tmp"

                      Finished!



                      HJT:


                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 7:58:09, on 7-4-2008
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
                      Boot mode: Normal

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\csrss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
                      C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\Explorer.EXE
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                      C:\Documents and Settings\Frank\Mijn documenten\Ties\Eset\nod32krn.exe
                      C:\WINDOWS\System32\nvsvc32.exe
                      C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
                      C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
                      C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
                      C:\Program Files\Spyware Doctor\pctsAuxs.exe
                      C:\Program Files\Spyware Doctor\pctsSvc.exe
                      C:\Program Files\Spyware Doctor\pctsTray.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\Program Files\Windows Media Player\WMPNetwk.exe
                      C:\WINDOWS\System32\alg.exe
                      C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
                      C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
                      C:\WINDOWS\Mixer.exe
                      C:\Program Files\QuickTime\qttask.exe
                      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                      C:\Program Files\Lexmark 3300 Series\lxccmon.exe
                      C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
                      C:\WINDOWS\system32\ctfmon.exe
                      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                      C:\Program Files\Windows Media Player\WMPNSCFG.exe
                      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                      C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
                      C:\WINDOWS\system32\lxcccoms.exe
                      C:\Program Files\Internet Explorer\IEXPLORE.EXE
                      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
                      C:\WINDOWS\System32\wbem\wmiprvse.exe

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%.exe
                      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
                      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
                      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
                      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
                      O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
                      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                      O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
                      O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
                      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
                      O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
                      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                      O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,[email protected]
                      O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
                      O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
                      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
                      O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
                      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
                      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                      O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
                      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O14 - IERESET.INF: START_PAGE_URL=http://www.paradigit.nl
                      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
                      O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
                      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
                      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
                      O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://D:\CD\setup\mitm0026.cab
                      O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
                      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylomgames.com/activex/zylomgamesplayer.cab
                      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                      O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
                      O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
                      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                      O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
                      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Documents and Settings\Frank\Mijn documenten\Ties\Eset\nod32krn.exe
                      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
                      O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
                      O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
                      O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
                      O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
                      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
                      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

                      --
                      End of file - 9830 bytes

                      Comment


                      • #12
                        en ziet t der al beter uit of is t een taaie?
                        grtjes ties

                        Comment


                        • #13
                          Het is een hardnekkige

                          Download The Avanger en plaats het op je bureaublad: http://swandog46.geekstogo.com/avenger2/download.php
                          Unzip het.
                          Start het programma door op avenger.exe te klikken.
                          In het venster "Input Script here", plak je het volgende (vetgedrukte):

                          Files to delete:
                          C:\WINDOWS\system32\%%%.exe


                          Klik daarna op de knop "Execute".
                          Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.
                          Na reboot opent een logfile (avenger .txt). Post de inhoud van de logfile.
                          Groet,
                          Pimmerd

                          Comment


                          • #14
                            logfile avanger.exe

                            Logfile of The Avenger Version 2.0, (c) by Swandog46
                            http://swandog46.geekstogo.com

                            Platform: Windows XP

                            *******************

                            Script file opened successfully.
                            Script file read successfully.

                            Backups directory opened successfully at C:\Avenger

                            *******************

                            Beginning to process script file:

                            Rootkit scan active.
                            No rootkits found!


                            Error: file "C:\WINDOWS\system32\%%%.exe" not found!
                            Deletion of file "C:\WINDOWS\system32\%%%.exe" failed!
                            Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
                            --> the object does not exist


                            Completed script processing.

                            *******************

                            Finished! Terminate.


                            HJT:

                            Logfile of Trend Micro HijackThis v2.0.2
                            Scan saved at 9:17:31, on 8-4-2008
                            Platform: Windows XP SP2 (WinNT 5.01.2600)
                            MSIE: Internet Explorer v7.00 (7.00.6000.16608)
                            Boot mode: Normal

                            Running processes:
                            C:\WINDOWS\System32\smss.exe
                            C:\WINDOWS\system32\winlogon.exe
                            C:\WINDOWS\system32\services.exe
                            C:\WINDOWS\system32\lsass.exe
                            C:\WINDOWS\system32\svchost.exe
                            C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
                            C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
                            C:\WINDOWS\System32\svchost.exe
                            C:\WINDOWS\Explorer.EXE
                            C:\WINDOWS\system32\spoolsv.exe
                            C:\WINDOWS\Mixer.exe
                            C:\Program Files\QuickTime\qttask.exe
                            C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                            C:\Program Files\Lexmark 3300 Series\lxccmon.exe
                            C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
                            C:\WINDOWS\system32\ctfmon.exe
                            C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                            C:\Program Files\Windows Media Player\WMPNSCFG.exe
                            C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                            C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                            C:\Documents and Settings\Frank\Mijn documenten\Ties\Eset\nod32krn.exe
                            C:\WINDOWS\System32\nvsvc32.exe
                            C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
                            C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
                            C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\WINDOWS\system32\lxcccoms.exe
                            C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
                            C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
                            C:\WINDOWS\system32\wuauclt.exe
                            C:\Program Files\Internet Explorer\IEXPLORE.EXE
                            C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                            C:\Program Files\Panda Security\Panda Antivirus 2008\psimreal.exe
                            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                            F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%.exe
                            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
                            O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
                            O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
                            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
                            O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
                            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                            O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
                            O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
                            O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
                            O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
                            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                            O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,[email protected]
                            O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
                            O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
                            O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
                            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                            O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                            O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
                            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                            O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                            O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                            O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
                            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
                            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                            O14 - IERESET.INF: START_PAGE_URL=http://www.paradigit.nl
                            O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                            O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
                            O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
                            O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
                            O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
                            O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://D:\CD\setup\mitm0026.cab
                            O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
                            O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylomgames.com/activex/zylomgamesplayer.cab
                            O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                            O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
                            O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
                            O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                            O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
                            O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Documents and Settings\Frank\Mijn documenten\Ties\Eset\nod32krn.exe
                            O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
                            O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
                            O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
                            O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
                            O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
                            O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
                            O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

                            --
                            End of file - 9468 bytes

                            Comment


                            • #15
                              1. Print deze instructies even uit of sla ze op in een tekstbestandje dat je makkelijk terug kan vinden,
                              je moet dadelijk in veilige modus gaan werken en daar kan je hier niet terug komen kijken.

                              2. Deinstalleer Combofix:
                              Ga naar start --> uitvoeren en typ daar: combofix /u

                              3. Download Combofix opnieuw via onderstaande link:


                              4. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

                              File::
                              C:\WINDOWS\SYSTEM32\%%%.exe

                              Registry::
                              [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
                              "Userinit"="C:\\Windows\\system32\\userinit.exe,"
                              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                              "C:\\WINDOWS\\system32\\%%%.exe"=-


                              Sla dit op op je Bureaublad als CFScript.txt
                              (Doe er nog even niks mee!)

                              5. Start je computer op in veilige modus:


                              6.
                              * Clean de Cache and Cookies in IE:

                              * Sluit Internet Explorer.
                              * Ga naar Configuratiescherm > Internet Opties > tab Algemeen
                              * Klik de Cookies verwijderen knop
                              * Klik op de Bestanden verwijderen knop ernaast
                              * Vink aan: Ook alle off line items verwijderen, klik OK

                              * Clean de Cache and Cookies in Firefox (In geval Firefox geïnstalleerd is):

                              * Go to Extra > Opties.
                              * Klik Privacy in het menu.
                              * Klik op de knop wissen (Geschiedenis, Cookies, Cache).
                              * Klik OK om het venster opnieuw te sluiten.

                              * Clean andere Temporary files + Prullenbak

                              * Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
                              * Laat het je systeem scannen op bestanden die moeten verwijderd worden
                              * Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
                              * Klik daarna op OK.


                              7.Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



                              Dit zal ComboFix doen herstarten.
                              Start opnieuw op als daarom gevraagd wordt,
                              en post de inhoud van de Combofix.txt in je volgende antwoord.

                              Post ook een nieuw Hijackthis logje.
                              Groet,
                              Pimmerd

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X