Jouw computer is geinfecteerd door een virus dat via USB-memorysticks of USB disk wordt verspreid.
Maar ook via een MP3 speler of digitale camera is het mogelijk om het virus over te dragen.

Download het volgende programma en start het.
Flash_Disinfector.exe

Het programma sluit Internet Explorer en de Windows Verkenner.
Er wordt gevraagd om de USB-disk aan te sluiten. Herhaal dit als je meerdere USB apparaten hebt.




Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.



Verwijder op iedere USB-disk mogelijk de volgende foute bestanden:
c:\autorun.inf
C:\n1deiect.com
C:\nideiect.com
C:\utdetect.com
C:\80avp08.com
C:\semo2x.exe


Volg de instructies zoals beschreven op de volgende pagina: hoe-dient-combofix-gebruikt-te-worden

Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
Is er iets niet duidelijk, dan vraag je het.
Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

succes

Iig bedankt alvast.

Overgens misschien slim om te zeggen, het 2de item die ik moest verwijderen stond er al niet meer, [O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe]
Misschien is dat omdat ik die log gisterochtend gemaakt heb, en sinds toen Ad-aware en Superantispyware een keer heb laten scannen.

Jaap

Wie weet,

Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

• 
  File::
  C:\t.com
  C:\ranvrgn.exe
  C:\xyw9tmdj.com
  
  
  
  

Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

vertel even of je verbetering ziet.

ComboFix 08-04-08.7 - Meijvogel 2008-04-09 12:20:58.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.516 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Meijvogel\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Meijvogel\Bureaublad\CFScript.txt.txt
* Nieuw herstelpunt werd aangemaakt



FILE ::
C:\ranvrgn.exe
C:\t.com
C:\xyw9tmdj.com
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ranvrgn.exe
C:\t.com
C:\xyw9tmdj.com

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))
.

2008-04-08 10:31 . 2008-04-08 10:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-08 10:13 . 2008-04-08 16:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-08 10:13 . 2008-04-08 10:13 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-02 18:52 . 2008-04-02 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-02 17:29 . 2008-04-02 17:29 <DIR> d-------- C:\Program Files\Bonjour
2008-04-02 17:21 . 2008-04-02 17:21 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-29 14:52 . 2008-03-29 14:52 <DIR> d-------- C:\Documents and Settings\Meijvogel\Application Data\Nexon
2008-03-29 14:51 . 2008-03-29 14:51 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-03-26 23:50 . 2008-03-26 23:51 <DIR> d-------- C:\Program Files\GameShadow
2008-03-24 15:54 . 2008-02-25 22:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-03-24 15:48 . 2008-03-24 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-03-24 13:41 . 2008-03-24 13:41 <DIR> d-------- C:\Program Files\MultiRes
2008-03-23 22:28 . 2008-03-24 15:55 <DIR> d-------- C:\Program Files\ATI Technologies
2008-03-23 22:21 . 2008-03-24 15:50 10 --a------ C:\WINDOWS\WININIT.INI
2008-03-23 15:41 . 2008-03-23 15:41 <DIR> d-------- C:\Documents and Settings\Meijvogel\Application Data\Uniblue
2008-03-22 16:17 . 2008-03-22 16:17 <DIR> d-------- C:\Program Files\Activision
2008-03-22 12:18 . 2008-03-22 12:18 <DIR> d-------- C:\WINDOWS\system32\SuperAdBlocker.com
2008-03-20 17:38 . 2008-03-20 17:38 <DIR> d-------- C:\Program Files\DIFX
2008-03-20 17:35 . 2006-08-18 11:28 208,896 --------- C:\WINDOWS\system32\nvuide.exe
2008-03-20 17:35 . 2006-06-01 16:32 1,570 --------- C:\WINDOWS\system32\nvide.nvu
2008-03-20 17:34 . 2006-08-14 13:09 1,428 --a------ C:\WINDOWS\system32\drivers\nvphy.bin
2008-03-20 17:28 . 2008-03-20 17:35 <DIR> d-------- C:\Program Files\Setup Files
2008-03-20 17:27 . 2008-03-20 17:27 <DIR> d-------- C:\Program Files\MSI
2008-03-20 16:54 . 2008-03-20 16:54 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-03-20 16:54 . 2008-03-20 16:54 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-03-19 19:53 . 2008-03-19 19:53 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2008-03-19 19:53 . 2007-09-07 15:55 27,672 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2008-03-19 19:53 . 2007-09-07 15:55 12,744 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2008-03-19 19:53 . 2001-11-19 21:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 06:29 --------- d-----w C:\Program Files\Jaap
2008-04-08 08:31 --------- d-----w C:\Program Files\Lavasoft
2008-04-08 08:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-08 06:50 --------- d-----w C:\Documents and Settings\Arie\Application Data\Azureus
2008-04-07 13:55 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-04-06 16:22 --------- d-----w C:\Documents and Settings\Meijvogel\Application Data\Skype
2008-04-05 12:24 --------- d--h--w C:\Documents and Settings\Meijvogel\Application Data\GrabIt
2008-04-03 12:56 --------- d--h--w C:\Documents and Settings\Meijvogel\Application Data\Azureus
2008-04-02 15:29 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-30 20:50 --------- d-----w C:\Program Files\Limewire
2008-03-30 20:32 --------- d-----w C:\Documents and Settings\Meijvogel\Application Data\LimeWire
2008-03-28 07:18 --------- d-----w C:\Program Files\vghd
2008-03-24 13:58 --------- d--h--w C:\Documents and Settings\Meijvogel\Application Data\ATI
2008-03-24 13:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-24 11:41 472,576 ----a-w C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
2008-03-21 17:01 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-13 12:23 --------- d-----w C:\Program Files\Java
2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ------w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ------w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ------w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ------w C:\WINDOWS\system32\ati2cqag.dll
2008-02-21 14:48 --------- d-----w C:\Program Files\Server Map Pack
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-17 15:21 --------- d-----w C:\Documents and Settings\Arie\Application Data\vlc
2008-02-17 13:47 --------- d-----w C:\Documents and Settings\Arie\Application Data\dvdcss
2008-02-15 14:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-02-10 12:19 --------- d-----w C:\Documents and Settings\Arie\Application Data\ATI
2008-02-09 21:56 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ATI
2008-02-09 11:24 --------- d-----w C:\Documents and Settings\Meijvogel\Application Data\Xfire
2008-02-01 16:07 18,487 ----a-w C:\WINDOWS\system32\Ntaccess.sys
2008-01-31 02:02 54,608 ----a-w C:\WINDOWS\system32\xfcodec.dll
2007-12-12 19:22 22,328 ---ha-w C:\Documents and Settings\Meijvogel\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((( [email protected]_ 8.25.59,18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-07 02:18:00 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-19 22:57:24 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-07 02:18:00 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:18:00 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:18:00 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-06 11:04:23 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:18:00 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:18:00 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-12-07 02:18:01 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:18:01 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:18:03 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:18:03 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:18:03 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:04:44 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:18:04 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:18:04 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:18:04 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-08 05:18:08 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-07 02:18:06 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:18:06 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:18:06 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:18:07 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:52:55 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:58:27 216,800 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:59:37 389,856 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:18:07 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:18:07 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:18:07 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:18:08 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
- 2007-12-07 02:18:00 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 13:05:10 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-12-07 02:18:00 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-01 13:05:10 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2006-06-26 17:45:39 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:39:05 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2002-12-31 12:00:00 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
+ 2008-02-20 05:39:05 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2007-12-19 22:57:24 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 13:05:10 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-12-07 02:18:00 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 13:05:10 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-12-07 02:18:00 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 13:05:10 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-19 13:33:12 282,112 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:51:59 282,624 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2007-12-07 02:18:00 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-03-01 13:05:10 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-12-06 11:04:23 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-02-29 08:58:12 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-12-07 02:18:00 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 13:05:10 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-12-07 02:18:00 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 13:05:10 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-12-07 02:18:01 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-03-01 13:05:11 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-12-07 02:18:01 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 13:05:11 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-12-07 02:18:03 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-03-01 13:05:13 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-12-07 02:18:03 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 13:05:13 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-12-07 02:18:03 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-03-01 13:05:13 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2007-12-06 11:04:44 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-02-29 08:58:53 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-12-07 02:18:04 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 13:05:13 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-12-07 02:18:04 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-03-01 13:05:13 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2007-12-07 02:18:04 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-03-01 13:05:13 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-12-08 05:18:08 3,592,192 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-03-01 16:35:16 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-12-07 02:18:06 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 13:05:15 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-12-07 02:18:06 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 13:05:16 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-12-07 02:18:06 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 13:05:16 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-12-07 02:18:07 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-01 13:05:16 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-01-11 05:52:55 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 13:05:16 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-12-07 02:18:07 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-01 13:05:16 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2007-12-07 02:18:07 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 13:05:17 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-12-07 02:18:07 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-01 13:05:17 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-03-08 15:37:59 1,843,712 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-03-20 08:10:47 1,845,376 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
- 2007-12-07 02:18:08 824,832 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-01 13:05:17 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-06-26 17:45:39 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:39:05 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2007-12-19 22:57:24 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 13:05:10 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-12-07 02:18:00 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 13:05:10 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-12-07 02:18:00 133,120 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 13:05:10 133,120 ------w C:\WINDOWS\system32\extmgr.dll
- 2008-01-25 11:35:42 220,040 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-09 10:16:26 220,040 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-12-07 02:18:00 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-03-01 13:05:10 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-12-06 11:04:23 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:58:12 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2007-12-07 02:18:00 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 13:05:10 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2007-12-07 02:18:00 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 13:05:10 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2007-12-06 04:59:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\ieakui.dll
- 2007-12-07 02:18:01 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-03-01 13:05:11 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-12-07 02:18:01 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 13:05:11 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2007-12-07 02:18:03 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-03-01 13:05:13 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-12-07 02:18:03 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 13:05:13 44,544 ------w C:\WINDOWS\system32\iernonce.dll
- 2007-12-07 02:18:03 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-03-01 13:05:13 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-12-07 02:18:04 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 13:05:13 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
- 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-12-07 02:18:04 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-01 13:05:13 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-12-07 02:18:04 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-03-01 13:05:13 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-12-08 05:18:08 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-01 16:35:16 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-12-07 02:18:06 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 13:05:15 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-12-07 02:18:06 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 13:05:16 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-12-07 02:18:06 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 13:05:16 671,232 ------w C:\WINDOWS\system32\mstime.dll
- 2007-12-07 02:18:07 102,912 ------w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 13:05:16 102,912 ------w C:\WINDOWS\system32\occache.dll
- 2008-04-09 06:07:33 62,344 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-09 10:20:58 62,344 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-09 06:07:33 81,146 ----a-w C:\WINDOWS\system32\perfc013.dat
+ 2008-04-09 10:20:58 81,146 ----a-w C:\WINDOWS\system32\perfc013.dat
- 2008-04-09 06:07:33 401,064 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-09 10:20:58 401,064 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-04-09 06:07:33 465,612 ----a-w C:\WINDOWS\system32\perfh013.dat
+ 2008-04-09 10:20:58 465,612 ----a-w C:\WINDOWS\system32\perfh013.dat
- 2008-01-11 05:52:55 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 13:05:16 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-12-07 02:18:07 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-01 13:05:16 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-12-07 02:18:07 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-01 13:05:17 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-12-07 02:18:07 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 13:05:17 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 14:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 19:25 1961984]
"DriverUpdaterPro"="C:\Program Files\jaap\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe" [ ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 05:04 59392]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [ ]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 05:44 16262656 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-04-26 02:18 90112]
"DXDllRegExe"="dxdllreg.exe"
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"WMAAD"="C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe" [2007-02-16 18:41 110592]
"SetIcon"="\Program Files\SMSC\Seticon.exe" [2004-01-30 09:03 46080]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 13:17 61440]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2002-12-31 14:00 15360]

C:\Documents and Settings\Arie\Menu Start\Programma's\Opstarten\
PowerReg Scheduler.exe [2007-02-16 17:33:14 256000]
VirtuaGirl HD.LNK - C:\Program Files\vghd\vghd.exe [2008-01-03 19:53:46 11769152]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Sweex WiFi LAN 140 Nitro XM Utility.lnk - C:\Program Files\Sweex WiFi LAN 140 Nitro XM Utility\WlanUtl.exe [2007-02-08 22:48:44 794624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.scg726"= scg726.acm
"msacm.alf2cd"= alf2cd.acm
"msacm.ac3acm"= AC3ACM.acm
"vidc.dvsd"= mcdvd_32.dll
"msacm.lameacm"= LameACM.acm
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Arie^Menu Start^Programma's^Opstarten^Xfire.lnk]
path=C:\Documents and Settings\Arie\Menu Start\Programma's\Opstarten\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-07-14 15:09 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashIcon]
--a------ 2004-07-21 14:48 40960 C:\Program Files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 15:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-08-04 18:28 49152 C:\Program Files\HP\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIDEBAR]
C:\Program Files\Desktop Sidebar\dsidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-03-08 10:07 1481968 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YeppStudioAgent]
C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enGB-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-enGB-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Arie\\Azureus.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Jaap\\Nexon\\Maplestory\\MapleStory.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"62454:TCP"= 62454:TCP:azureus
"3724:TCP"= 3724:TCP:wow
"8080:TCP"= 8080:TCP:wow
"8085:TCP"= 8085:TCP:wow

R3 SWXG7031;Sweex 802.11g XG703 SP3 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2006-01-19 16:18]
S3 filter;filter;C:\WINDOWS\system32\drivers\filter.sys [2004-07-05 08:21]
S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 11:39]
S3 IcVzMonLauncher;IcVzMonLauncher;"C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe" [2007-01-26 11:38]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe [2007-01-26 11:38]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS

*Newly Created Service* - PCANDIS5
.
Inhoud van de 'Gedeelde Taken' map
"2008-02-27 06:26:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-15 14:00:16 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-04-03 15:11:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-12-05 16:11:15 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 12:26:28
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
.
Voltooingstijd: 2008-04-09 12:27:10
ComboFix-quarantined-files.txt 2008-04-09 10:27:01
ComboFix2.txt 2008-04-09 06:26:15
Pre-Run: 19,685,498,880 bytes beschikbaar
Post-Run: 19,672,465,408 bytes beschikbaar
.
2008-04-09 07:21:53 --- E O F ---


Heb zeker verbetering gemerkt. :')
Bedankt alvast.

Dat is mooi, kijk het nog even aan en meld je weer eens over een paar dagen of het nog steeds goed gaat.