Mededeling

Collapse
No announcement yet.

Trojan en andere ellende..

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Trojan en andere ellende..

    Beste mensen,

    Het begon maandag met de melding door mijn Norton van een dialer, daarna heb ik Spybot, CC cleaner, Ad ware en AFT cleaner gedraaid. Er blijven echter gekke dingen gebeuren: gister meldde Norton de aanwezigheid van Trojan.Vundo (system32\qbpomicd.dll) en Spybot vond DoubleClick en Virtumunde. Na 'repareer probleem' in Spybot doet zich echter het volgende voor:

    Failed to load C:Program Files/spybot-Search_Destroy\DelZip179.dll

    Wat nu??? Als ik de genoemde foutmelding wegklik zegt Spybot uiteindelijk dat 'alle 12 problemen zijn gerepareerd' maar een dag later staat alle ellende er gewoon weer op en met name IE7 performed nauwelijks!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:19:38, on 23-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [58fd4833] rundll32.exe "C:\WINDOWS\system32\ftnmfiqf.dll",b
    O4 - HKLM\..\Run: [BM5bce7baf] Rundll32.exe "C:\WINDOWS\system32\kfqesutd.dll",s
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9966] command /c del "C:\WINDOWS\system32\awkbkmuv.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2349] cmd /c del "C:\WINDOWS\system32\awkbkmuv.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9776] command /c del "C:\WINDOWS\system32\ftnmfiqf.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC1027] cmd /c del "C:\WINDOWS\system32\ftnmfiqf.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8618] command /c del "C:\WINDOWS\system32\kfqesutd.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2016] cmd /c del "C:\WINDOWS\system32\kfqesutd.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7302] command /c del "C:\WINDOWS\system32\yayxvWMc.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2604] cmd /c del "C:\WINDOWS\system32\yayxvWMc.dll"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5473] command /c del "C:\WINDOWS\system32\awkbkmuv.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4511] cmd /c del "C:\WINDOWS\system32\awkbkmuv.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1082] command /c del "C:\WINDOWS\system32\ftnmfiqf.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5138] cmd /c del "C:\WINDOWS\system32\ftnmfiqf.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4368] command /c del "C:\WINDOWS\system32\kfqesutd.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1340] cmd /c del "C:\WINDOWS\system32\kfqesutd.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8228] command /c del "C:\WINDOWS\system32\yayxvWMc.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1157] cmd /c del "C:\WINDOWS\system32\yayxvWMc.dll"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Servicebeheer.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - http://www.cig.canon-europe.com/ph/nl_NL/st/download/ddup/CNIMGUP_01_210102E.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ctac-allign.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ctac-allign.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ctac-allign.com
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 13694 bytes

  • #2
    Download Malwarebytes' Anti-Malware via hier of hier.

    Dubbelklik mbam-setup.exe om het programma te installeren.
    • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
    • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
    • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
    • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
    • Kopieer en plak de resultaten van de log in je volgend antwoord.

    Extra opmerking:
    Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.
    Herstart de computer en plaats ook een nieuw HJT logje

    Comment


    • #3
      Trojan en andere ellende..

      Hoi Smeenk,

      Onzettend bedankt voor je snelle reactie! Ik heb de acties uitgevoerd, maar houd nog twee problemen over:

      - Iedere keer als ik opstart komt er een foutmelding 'Er is een fout opgetreden tijdens het laden van C:\Windows\system32\ftnmfiqf.dll' Wat moet ik daar mee?
      - Tijdens de opschoonacties van Malware Bytes gaat Spybot steeds mekkeren over aanpassingen in het register. Moet ik de wijzigingen toestaan of niet?? Zet ik de malware op die manier niet gewoon terug???

      Hierbij de HJT log:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:51:12, on 23-4-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
      C:\Program Files\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Canon\CAL\CALMAIN.exe
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxsrvc.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
      C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
      C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Windows Media Player\WMPNSCFG.exe
      C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
      C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
      C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
      C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
      C:\Program Files\HPQ\SHARED\HPQWMI.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
      C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: (no name) - {06A7D1AB-461C-49FC-A302-D786536EC162} - (no file)
      O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: (no name) - {A7700EA0-CC7B-4EB1-813D-D27C7863ACA2} - (no file)
      O2 - BHO: (no name) - {A8473A4D-BD6D-41C0-AE93-181EC7B722C2} - (no file)
      O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O2 - BHO: (no name) - {F5AA7836-15E4-4A21-96A4-FCC60E54A257} - C:\WINDOWS\system32\awtSMEWq.dll (file missing)
      O2 - BHO: (no name) - {F5FE6D0D-8930-4259-AE79-4B9C1A7810EE} - (no file)
      O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
      O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
      O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
      O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [58fd4833] rundll32.exe "C:\WINDOWS\system32\ftnmfiqf.dll",b
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
      O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: BTTray.lnk = ?
      O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: Servicebeheer.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
      O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
      O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
      O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - http://www.cig.canon-europe.com/ph/nl_NL/st/download/ddup/CNIMGUP_01_210102E.cab
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ctac-allign.com
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ctac-allign.com
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ctac-allign.com
      O20 - Winlogon Notify: rqRHaWMe - C:\WINDOWS\
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
      O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
      O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
      O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
      O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

      --
      End of file - 13018 bytes

      Comment


      • #4
        Trojan en andere ellende..

        En hier nog de Malware Bytes logs:

        1. quick scan


        Malwarebytes' Anti-Malware 1.11
        Database versie: 673

        Scan type: Snelle Scan
        Objecten gescand: 36373
        Verstreken tijd: 14 minute(s), 14 second(s)

        Geheugenprocessen geïnfecteerd: 0
        Geheugenmodulen geïnfecteerd: 2
        Registersleutels geïnfecteerd: 12
        Registerwaarden geïnfecteerd: 4
        Registerdata bestanden geïnfecteerd: 2
        Mappen geïnfecteerd: 0
        Bestanden geïnfecteerd: 6

        Geheugenprocessen geïnfecteerd:
        (Geen kwaadaardige items gevonden)

        Geheugenmodulen geïnfecteerd:
        C:\WINDOWS\system32\yayxvWMc.dll (Trojan.Vundo) -> Unloaded module successfully.
        C:\WINDOWS\system32\rqRHaWMe.dll (Trojan.Vundo) -> Unloaded module successfully.

        Registersleutels geïnfecteerd:
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a7700ea0-cc7b-4eb1-813d-d27c7863aca2} (Trojan.Vundo) -> Delete on reboot.
        HKEY_CLASSES_ROOT\CLSID\{a7700ea0-cc7b-4eb1-813d-d27c7863aca2} (Trojan.Vundo) -> Delete on reboot.
        HKEY_CLASSES_ROOT\CLSID\{c3f37eca-a8d9-4633-92c6-fe24c7d16aba} (Trojan.Vundo) -> Delete on reboot.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3f37eca-a8d9-4633-92c6-fe24c7d16aba} (Trojan.Vundo) -> Delete on reboot.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrhawme (Trojan.Vundo) -> Delete on reboot.
        HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

        Registerwaarden geïnfecteerd:
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingA7302 (Trojan.Vundo) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingC2604 (Trojan.Vundo) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c3f37eca-a8d9-4633-92c6-fe24c7d16aba} (Trojan.Vundo) -> Delete on reboot.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM5bce7baf (Trojan.Agent) -> Quarantined and deleted successfully.

        Registerdata bestanden geïnfecteerd:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayxvwmc -> Delete on reboot.
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayxvwmc -> Delete on reboot.

        Mappen geïnfecteerd:
        (Geen kwaadaardige items gevonden)

        Bestanden geïnfecteerd:
        C:\WINDOWS\system32\yayxvWMc.dll (Trojan.Vundo) -> Delete on reboot.
        C:\WINDOWS\system32\cMWvxyay.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\cMWvxyay.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\rqRHaWMe.dll (Trojan.Vundo) -> Delete on reboot.
        C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\byXPFyxU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

        2. scan

        Malwarebytes' Anti-Malware 1.11
        Database versie: 673

        Scan type: Volledige Scan (C:\|D:\|)
        Objecten gescand: 108357
        Verstreken tijd: 59 minute(s), 49 second(s)

        Geheugenprocessen geïnfecteerd: 0
        Geheugenmodulen geïnfecteerd: 0
        Registersleutels geïnfecteerd: 1
        Registerwaarden geïnfecteerd: 0
        Registerdata bestanden geïnfecteerd: 0
        Mappen geïnfecteerd: 0
        Bestanden geïnfecteerd: 7

        Geheugenprocessen geïnfecteerd:
        (Geen kwaadaardige items gevonden)

        Geheugenmodulen geïnfecteerd:
        (Geen kwaadaardige items gevonden)

        Registersleutels geïnfecteerd:
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3f37eca-a8d9-4633-92c6-fe24c7d16aba} (Trojan.Vundo) -> Quarantined and deleted successfully.

        Registerwaarden geïnfecteerd:
        (Geen kwaadaardige items gevonden)

        Registerdata bestanden geïnfecteerd:
        (Geen kwaadaardige items gevonden)

        Mappen geïnfecteerd:
        (Geen kwaadaardige items gevonden)

        Bestanden geïnfecteerd:
        C:\WINDOWS\system32\yayxvWMc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\cMWvxyay.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\cMWvxyay.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\System Volume Information\_restore{AF6CD0DB-9666-4CA4-8570-D47738BCECC6}\RP154\A0022741.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\System Volume Information\_restore{AF6CD0DB-9666-4CA4-8570-D47738BCECC6}\RP154\A0022743.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\System Volume Information\_restore{AF6CD0DB-9666-4CA4-8570-D47738BCECC6}\RP155\A0022803.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\rqRHaWMe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

        Comment


        • #5
          Start Hijackthis en vink alleen de volgende regels aan:
          O2 - BHO: (no name) - {06A7D1AB-461C-49FC-A302-D786536EC162} - (no file)
          O2 - BHO: (no name) - {A7700EA0-CC7B-4EB1-813D-D27C7863ACA2} - (no file)
          O2 - BHO: (no name) - {A8473A4D-BD6D-41C0-AE93-181EC7B722C2} - (no file)
          O2 - BHO: (no name) - {F5AA7836-15E4-4A21-96A4-FCC60E54A257} - C:\WINDOWS\system32\awtSMEWq.dll (file missing)
          O2 - BHO: (no name) - {F5FE6D0D-8930-4259-AE79-4B9C1A7810EE} - (no file)
          O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
          O4 - HKLM\..\Run: [58fd4833] rundll32.exe "C:\WINDOWS\system32\ftnmfiqf.dll",b
          O20 - Winlogon Notify: rqRHaWMe - C:\WINDOWS\

          Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked".

          Download: RVAXO.exe
          • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
          • Start de computer in veilige modus.
          • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
            Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
          • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
          • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
            Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
          • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
          • Post de inhoud van de logfile in je volgende bericht.


          Download Deckard's System Scanner naar je Bureaublad.
          • Sluit alle toepassingen en vensters.
          • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
          • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
          • Kopieer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord

          Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
          - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
          Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
          Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

          Comment


          • #6
            Trojan en andere ellende..

            Hoi Smeenk,

            Hierbij mijn RVAXO log:

            ---RVAXO.exe Updated: 2008-04-24---first run---
            Uninstallers:

            Files found:
            C:\WINDOWS\BM5bce7baf.xml
            C:\WINDOWS\BM5bce7baf.txt
            C:\WINDOWS\system32\qWEMStwa.ini2
            C:\WINDOWS\pskt.ini
            C:\WINDOWS\wininit.ini
            C:\WINDOWS\cookies.ini
            C:\WINDOWS\system32\packet.dll
            C:\WINDOWS\system32\wpcap.dll
            C:\WINDOWS\system32\clkcnt.txt
            C:\WINDOWS\system32\mcrh.tmp

            Folders Found:

            Hosts-file was reset, If you use a custom hosts file please replace it...

            --------------RVAXO.exe last run---------------
            Not deleted items:

            --------------RVAXO.exe finished----------------

            Comment


            • #7
              Trojan en andere ellende..

              En de log van Deckard's System Scanner! (het zijn er blijkbaar twee..)

              Deckard's System Scanner v20071014.68
              Run by Administrator on 2008-04-24 17:33:27
              Computer is in Normal Mode.
              --------------------------------------------------------------------------------

              -- System Restore --------------------------------------------------------------

              Successfully created a Deckard's System Scanner Restore Point.


              -- Last 5 Restore Point(s) --
              50: 2008-04-24 15:34:44 UTC - RP156 - Deckard's System Scanner Restore Point
              49: 2008-04-23 06:41:11 UTC - RP155 - Controlepunt van systeem
              48: 2008-04-21 17:47:05 UTC - RP154 - Last known good configuration
              47: 2008-04-21 17:46:41 UTC - RP153 - Controlepunt van systeem
              46: 2008-04-21 17:46:40 UTC - RP152 - Controlepunt van systeem


              -- First Restore Point --
              1: 2008-04-21 17:45:42 UTC - RP107 - Controlepunt van systeem


              Backed up registry hives.
              Performed disk cleanup.

              Percentage of Memory in Use: 79% (more than 75%).
              Total Physical Memory: 504 MiB (512 MiB recommended).


              -- HijackThis (run as Administrator.exe) ---------------------------------------

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 17:36:57, on 24-4-2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16640)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
              C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
              C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
              C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
              C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
              C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
              C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
              C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
              C:\Program Files\Norton AntiVirus\navapsvc.exe
              C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
              C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
              C:\WINDOWS\system32\HPZipm12.exe
              C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Canon\CAL\CALMAIN.exe
              C:\WINDOWS\system32\igfxtray.exe
              C:\WINDOWS\system32\hkcmd.exe
              C:\WINDOWS\system32\igfxpers.exe
              C:\WINDOWS\system32\igfxsrvc.exe
              C:\WINDOWS\AGRSMMSG.exe
              C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
              C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
              C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
              C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
              C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
              C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
              C:\Program Files\Common Files\Symantec Shared\ccApp.exe
              C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
              C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
              C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
              C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
              C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
              C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
              C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
              C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              C:\Program Files\Windows Media Player\WMPNSCFG.exe
              C:\Program Files\HPQ\SHARED\HPQWMI.exe
              C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
              C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
              C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
              C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
              C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
              C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
              C:\Program Files\Norton AntiVirus\NAVW32.EXE
              C:\Documents and Settings\Administrator\Bureaublad\dss.exe
              C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
              O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
              O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
              O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
              O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
              O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
              O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
              O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
              O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
              O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
              O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
              O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
              O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
              O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
              O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
              O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
              O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
              O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
              O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
              O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
              O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
              O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
              O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
              O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
              O4 - Startup: Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
              O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
              O4 - Global Startup: BTTray.lnk = ?
              O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
              O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
              O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
              O4 - Global Startup: Servicebeheer.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
              O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
              O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
              O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
              O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - http://www.cig.canon-europe.com/ph/nl_NL/st/download/ddup/CNIMGUP_01_210102E.cab
              O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ctac-allign.com
              O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ctac-allign.com
              O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ctac-allign.com
              O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
              O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
              O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
              O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
              O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
              O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
              O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
              O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
              O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
              O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
              O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
              O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
              O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
              O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
              O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
              O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
              O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
              O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
              O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

              --
              End of file - 12494 bytes

              -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

              backup-20080424-171435-646 O2 - BHO: (no name) - {06A7D1AB-461C-49FC-A302-D786536EC162} - (no file)
              backup-20080424-171435-690 O2 - BHO: (no name) - {A7700EA0-CC7B-4EB1-813D-D27C7863ACA2} - (no file)
              backup-20080424-171436-255 O2 - BHO: (no name) - {F5AA7836-15E4-4A21-96A4-FCC60E54A257} - C:\WINDOWS\system32\awtSMEWq.dll (file missing)
              backup-20080424-171436-330 O20 - Winlogon Notify: rqRHaWMe - C:\WINDOWS\
              backup-20080424-171436-337 O4 - HKLM\..\Run: [58fd4833] rundll32.exe "C:\WINDOWS\system32\ftnmfiqf.dll",b
              backup-20080424-171436-345 O2 - BHO: (no name) - {F5FE6D0D-8930-4259-AE79-4B9C1A7810EE} - (no file)
              backup-20080424-171436-441 O2 - BHO: (no name) - {A8473A4D-BD6D-41C0-AE93-181EC7B722C2} - (no file)
              backup-20080424-171436-544 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

              -- File Associations -----------------------------------------------------------

              .reg - regfile - shell\open\command - regedit.exe "%1" %*
              .scr - scrfile - shell\open\command - "%1" %*


              -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

              R1 ClntMgmt.sys - c:\windows\system32\drivers\clntmgmt.sys <Not Verified; Hewlett-Packard; Client Management Driver>
              R3 Bonifay - c:\windows\system32\drivers\bonifay.sys <Not Verified; Freecom; Bonifay>
              R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

              S3 catchme - c:\docume~1\admini~1\locals~1\temp\catchme.sys (file missing)
              S3 Gonzales - c:\windows\system32\drivers\gonzales.sys <Not Verified; Freecom; Gonzales>
              S3 hSONYPVh - c:\docume~1\admini~1\locals~1\temp\hsonypvh.sys (file missing)
              S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>


              -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

              R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
              R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
              R3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>


              -- Device Manager: Disabled ----------------------------------------------------

              No disabled devices found.


              -- Scheduled Tasks -------------------------------------------------------------

              2008-04-18 22:03:59 544 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - Administrator.job
              2008-04-10 12:21:09 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


              -- Files created between 2008-03-24 and 2008-04-24 -----------------------------

              2008-04-24 17:23:43 0 d-------- C:\RVAXO
              2008-04-24 17:21:55 800916 --a------ C:\WINDOWS\system32\RVAXO.bat
              2008-04-24 17:21:55 69632 --a------ C:\WINDOWS\system32\remove.exe
              2008-04-23 17:46:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
              2008-04-23 17:45:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
              2008-04-23 17:45:25 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
              2008-04-22 12:34:25 0 dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
              2008-04-22 12:00:09 0 d-------- C:\Program Files\Incomplete
              2008-04-21 19:39:28 0 d--hs---- C:\Documents and Settings\Administrator\!
              2008-04-21 19:37:19 0 d-------- C:\WINDOWS\system32\xcsDd05
              2008-04-04 11:29:29 0 d-------- C:\Program Files\MegauploadToolbar
              2008-04-04 11:29:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\MegauploadToolbar


              -- Find3M Report ---------------------------------------------------------------

              2008-04-24 08:58:01 0 d-------- C:\Program Files\Common Files\Symantec Shared
              2008-04-23 16:21:58 0 d-------- C:\Program Files\Replay AV 8
              2008-04-22 17:30:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
              2008-04-22 17:30:19 0 d-------- C:\Program Files\LimeWire
              2008-04-19 10:41:26 0 d-------- C:\Program Files\Java
              2008-04-16 19:59:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\ZoomBrowser EX
              2008-04-06 18:16:08 0 d--h----- C:\Program Files\InstallShield Installation Information
              2008-04-01 08:40:13 463342 --a----c- C:\WINDOWS\system32\perfh013.dat
              2008-04-01 08:40:13 78610 --a----c- C:\WINDOWS\system32\perfc013.dat
              2008-03-03 09:33:59 28 --a------ C:\Program Files\test.html.txt
              2008-03-01 20:10:24 0 d-------- C:\Program Files\Canon
              2008-03-01 20:10:17 0 d-------- C:\Program Files\Common Files\Canon
              2008-03-01 19:39:42 2359350 --a------ C:\Documents and Settings\Administrator\Application Data\ZBWallpaper.bmp
              2008-03-01 18:51:47 0 d-------- C:\Program Files\Common Files
              2008-02-29 13:43:36 0 d-------- C:\Program Files\Common Files\ESRI
              2008-02-29 13:43:26 0 d-------- C:\Program Files\Common Files\SAP Shared
              2008-02-29 13:40:32 0 d-------- C:\Program Files\SAP
              2008-02-29 13:01:18 102400 --a------ C:\WINDOWS\system32\libsapu16vc80.dll <Not Verified; SAP AG; mySAP.com>
              2008-02-29 13:01:18 4251648 --a------ C:\WINDOWS\system32\librfc32u.dll <Not Verified; SAP AG; SAP R/3>
              2008-02-29 13:01:17 835584 --a------ C:\WINDOWS\system32\icuuc34.dll <Not Verified; IBM Corporation and others; International Components for Unicode>
              2008-02-29 13:01:17 733184 --a------ C:\WINDOWS\system32\icuin34.dll <Not Verified; IBM Corporation and others; International Components for Unicode>
              2008-02-29 13:01:17 8847360 --a------ C:\WINDOWS\system32\icudt34.dll <Not Verified; IBM Corporation and others; International Components for Unicode>
              2008-02-29 13:01:15 15872 --a------ C:\WINDOWS\system32\vtssm32.dll
              2008-02-29 13:01:15 533504 --a------ C:\WINDOWS\system32\vtssdl32.dll <Not Verified; VisualTools Inc.; Formula One>
              2008-02-29 13:01:14 721168 --a------ C:\WINDOWS\system32\vb40032.dll <Not Verified; Microsoft Corporation; Visual Basic 4.0>
              2008-02-29 13:01:14 153600 --a------ C:\WINDOWS\system32\tlbinf32.dll <Not Verified; Microsoft Corporation; Object Navigator, Visual Basic>
              2008-02-29 13:01:14 1650688 --a------ C:\WINDOWS\system32\SAPbtmp.dll <Not Verified; SAP AG, Walldorf; SAP Frontend for Windows>
              2008-02-29 13:01:14 640512 --a------ C:\WINDOWS\system32\oc30.dll <Not Verified; Microsoft Corporation; Microsoft® OLE Controls Development Kit>
              2008-02-29 13:00:18 253952 --a------ C:\WINDOWS\system32\vrfc32.dll <Not Verified; SAP AG, Walldorf; VRFC32>
              2008-02-29 13:00:17 3100672 --a------ C:\Program Files\Common Files\sapxlhelper.dll <Not Verified; SAP Technology,Inc; SAP Excel Helper ActiveXServer>
              2008-02-29 13:00:16 415504 --a----c- C:\WINDOWS\system32\MSREPL35.DLL <Not Verified; Microsoft Corporation; Microsoft® Access>
              2008-02-29 13:00:16 192512 --a------ C:\Program Files\Common Files\sapconsr3.dll <Not Verified; SAP Tech Inc.; Consolidation ActiveX Server>
              2008-02-29 13:00:16 626688 --a------ C:\Program Files\Common Files\sapconsaccess.dll <Not Verified; SAP AG; Active Excel>
              2008-02-29 13:00:16 1124864 --a------ C:\Program Files\Common Files\SAPActiveXL_nosig.xlt
              2008-02-29 13:00:16 1129984 --a------ C:\Program Files\Common Files\SAPActiveXL.xlt
              2008-02-29 13:00:16 40960 --a------ C:\Program Files\Common Files\DigitalSignature.ocx <Not Verified; SAP-TECHNOLOGY; DigitalSignature>
              2008-02-29 13:00:00 34816 --a------ C:\WINDOWS\system32\grsapx32.dll <Not Verified; Graphitti; Graphitti GRSAPX32>
              2008-02-29 13:00:00 56832 --a------ C:\WINDOWS\system32\grfcxl32.dll <Not Verified; Graphitti; Graphitti GrFcxl32>
              2008-02-29 12:59:08 51200 --a------ C:\WINDOWS\system32\h5tool32.dll
              2008-02-29 12:59:08 95744 --a------ C:\WINDOWS\system32\h5rtf32.dll
              2008-02-29 12:59:08 175616 --a------ C:\WINDOWS\system32\h5menu32.dll
              2008-02-29 12:59:08 1064960 --a------ C:\WINDOWS\system32\h5krnl32.dll
              2008-02-29 12:59:08 188928 --a------ C:\WINDOWS\system32\h5icon32.dll
              2008-02-29 12:59:07 114688 --a------ C:\WINDOWS\system32\h5dlg32.dll <Not Verified; heilerSoftware; HighEdit Pro SDK 32bit>
              2008-02-29 12:58:22 1146880 --a------ C:\WINDOWS\system32\wdba.dll <Not Verified; SAP AG, Walldorf; SAP BW Business Explorer>
              2008-02-25 09:19:46 0 d-------- C:\Program Files\Belastingdienst
              2008-02-17 16:31:24 2617323 --a----c- C:\Program Files\Pazera_Free_FLV_to_AVI_Converter.zip
              2008-02-16 17:43:26 737280 --a----c- C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
              2008-02-14 13:53:50 68977 --a------ C:\WINDOWS\hpoins05.dat
              2008-02-13 00:07:40 3768320 --a------ C:\WINDOWS\system32\librfc32.dll <Not Verified; SAP AG; SAP R/3>
              2008-02-10 16:47:27 2338 --a------ C:\Documents and Settings\Administrator\Application Data\HPCOM_48BitScanUpdate.log
              2008-02-08 16:42:39 173 --a----c- C:\Program Files\Adapter.txt
              2008-02-08 16:42:32 561 --a----c- C:\Program Files\Adapters.txt
              2008-02-08 16:42:28 1509 --a----c- C:\Program Files\urlswmr.txt
              2008-02-08 16:42:28 476 --a----c- C:\Program Files\urlsrmr.txt
              2008-02-08 16:42:28 476 --a----c- C:\Program Files\urlsquick.txt
              2008-02-07 20:15:50 3455 --a----c- C:\WINDOWS\unins000.dat
              2008-02-07 20:11:46 691545 --a------ C:\WINDOWS\unins000.exe


              -- Registry Dump ---------------------------------------------------------------

              *Note* empty entries & legit default entries are not shown


              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [25-04-2005 12:32]
              "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [25-04-2005 12:29]
              "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [25-04-2005 12:32]
              "AGRSMMSG"="AGRSMMSG.exe" [24-08-2004 13:20 C:\WINDOWS\AGRSMMSG.exe]
              "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [14-10-2004 09:11]
              "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [23-09-2004 12:41]
              "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 04:25]
              "PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [08-04-2005 11:08]
              "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [20-06-2005 13:50]
              "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [04-05-2005 10:59]
              "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [03-12-2004 13:24]
              "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [07-09-2004 16:28]
              "WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [09-03-2005 15:54]
              "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07-03-2008 23:01]
              "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [17-02-2005 00:11]
              "DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [21-05-2003 18:37]
              "DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [06-09-2005 14:45]
              "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [29-06-2005 15:29]
              "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [08-12-2003 17:35]
              "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12-03-2007 10:22]

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 10:00]
              "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [26-08-2005 15:49]
              "PowerBar"=""
              "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28-01-2008 12:43]
              "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02-11-2006 23:53]

              C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\
              Freecom Personal Media Suite.lnk - C:\Program Files\Freecom Personal Media Suite\FCPMS.exe [19-10-2006 21:04:09]

              C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
              Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23-9-2005 23:05:26]
              BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [29-3-2005 16:37:28]
              DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [3-3-2006 18:03:21]
              HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [4-11-2004 20:28:24]
              HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [4-11-2004 20:50:52]
              Servicebeheer.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [3-5-2005 23:07:32]

              [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
              SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
              @="Service"




              -- End of Deckard's System Scanner: finished at 2008-04-24 17:38:12 ------------

              Deckard's System Scanner v20071014.68
              Extra logfile - please post this as an attachment with your post.
              --------------------------------------------------------------------------------

              -- System Information ----------------------------------------------------------

              Microsoft Windows XP Professional (build 2600) SP 2.0
              Architecture: X86; Language: Dutch

              CPU 0: Intel(R) Pentium(R) M processor 1.73GHz
              Percentage of Memory in Use: 84%
              Physical Memory (total/avail): 503.36 MiB / 79.51 MiB
              Pagefile Memory (total/avail): 1228.41 MiB / 670.73 MiB
              Virtual Memory (total/avail): 2047.88 MiB / 1921.54 MiB

              C: is Fixed (NTFS) - 55.89 GiB total, 16.71 GiB free.
              D: is CDROM (No Media)

              \\.\PHYSICALDRIVE0 - FUJITSU MHV2060AH - 55.89 GiB - 1 partition
              \PARTITION0 (bootable) - Installable File System - 55.89 GiB - C:



              -- Security Center -------------------------------------------------------------

              AUOptions is scheduled to auto-install.
              Windows Internal Firewall is disabled.

              FirstRunDisabled is set.

              FW: Norton Internet Worm Protection v2006 (Symantec)
              AV: Norton AntiVirus 2006 v2005 (Symantec Corporation)

              [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]

              [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
              "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"


              -- Environment Variables -------------------------------------------------------

              ALLUSERSPROFILE=C:\Documents and Settings\All Users
              APPDATA=C:\Documents and Settings\Administrator\Application Data
              CLIENTNAME=Console
              COLLECTIONID=COL8143
              CommonProgramFiles=C:\Program Files\Common Files
              COMPUTERNAME=FRENSKE
              ComSpec=C:\WINDOWS\system32\cmd.exe
              FP_NO_HOST_CHECK=NO
              HMSERVER=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet
              HOMEDRIVE=C:
              HOMEPATH=\Documents and Settings\Administrator
              ITEMID=dj-22741-15
              LANG=1043
              LOGONSERVER=\\FRENSKE
              NUMBER_OF_PROCESSORS=1
              OS=Windows_NT
              OSVER=winXPP
              Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\
              PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
              PROCESSOR_ARCHITECTURE=x86
              PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
              PROCESSOR_LEVEL=6
              PROCESSOR_REVISION=0d08
              ProgramFiles=C:\Program Files
              PROMPT=$P$G
              SESSIONID=1165941057583htx60561a22e94:10f84d3bf78:-4b5a
              SESSIONNAME=Console
              SWUTVER=1.0.18.30716
              SystemDrive=C:
              SystemRoot=C:\WINDOWS
              TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
              TIMEOUT=0
              TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
              TOOLPATH=/C:\Program%20Files\Hewlett-Packard\HP%20Software%20Update\install.htm
              UPDATEDIR=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rad04CFC.tmp
              USERDOMAIN=FRENSKE
              USERNAME=Administrator
              USERPROFILE=C:\Documents and Settings\Administrator
              VERSION=3.0.5.001
              windir=C:\WINDOWS
              __COMPAT_LAYER=EnableNXShowUI


              -- User Profiles ---------------------------------------------------------------

              Administrator (admin)


              -- Add/Remove Programs ---------------------------------------------------------

              Aangifte inkomstenbelasting 2007 --> C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\2007\ib2007u.exe
              Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
              Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
              Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
              Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
              Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
              Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
              Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
              Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
              Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
              CANON iMAGE GATEWAY Drag And Drop Upload Plugin --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\DDUP\Uninst.ini"
              CANON iMAGE GATEWAY Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
              Canon Internet Library for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
              Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
              Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
              Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
              Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
              Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
              Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
              CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
              HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
              HP Driver Diagnostics --> MsiExec.exe /I{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}
              HP Extended Capabilities 4.7 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
              HP Image Zone 4.7 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
              HP Product Detection --> MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
              HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
              Huffyuv AVI lossless video codec (Remove Only) --> rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF
              Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
              LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
              Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
              Megaupload Toolbar --> C:\Program Files\MegauploadToolbar\uninstall.exe
              Microsoft redistributable runtime DLLs VS2005 SP1(x86) --> MsiExec.exe /I{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}
              Microsoft redistributable runtime DLLs VS2005(x86) --> MsiExec.exe /I{C0DB380B-97B5-4BB8-AC8D-1835E61439B6}
              Replay AV 8 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Replay AV 8\uninstallRAV8.ini"
              Replay Converter 2.8 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Replay AV 8\iruninRCV.ini"
              SAP GUI 7.10 --> "C:\Program Files\SAP\SAPsetup\setup\NwSapSetup.exe" /product="SAPGUI710" /uninstall
              Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
              Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
              VobSub v2.05 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
              WinPcap 4.0 --> C:\Program Files\WinPcap\uninstall.exe
              YouSendIt Application Plug-in SDK --> C:\Program Files\InstallShield Installation Information\{3AE00DF4-ADF1-479E-834C-D1B2E71570BD}\setup.exe -runfromtemp -l0x0409


              -- Application Event Log -------------------------------------------------------

              Event Record #/Type20165 / Warning
              Event Submitted/Written: 04/24/2008 05:24:09 PM
              Event ID/Source: 19011 / MSSQL$MICROSOFTSMLBIZ
              Event Description:
              (SpnRegister) : Error 1355

              Event Record #/Type20145 / Warning
              Event Submitted/Written: 04/24/2008 04:07:48 PM
              Event ID/Source: 19011 / MSSQL$MICROSOFTSMLBIZ
              Event Description:
              (SpnRegister) : Error 1355

              Event Record #/Type20122 / Warning
              Event Submitted/Written: 04/24/2008 08:47:00 AM
              Event ID/Source: 19011 / MSSQL$MICROSOFTSMLBIZ
              Event Description:
              (SpnRegister) : Error 1355

              Event Record #/Type20101 / Success
              Event Submitted/Written: 04/23/2008 10:37:38 PM
              Event ID/Source: 12001 / usnjsvc
              Event Description:
              The Messenger Sharing USN Journal Reader service started successfully.

              Event Record #/Type20093 / Warning
              Event Submitted/Written: 04/23/2008 07:39:40 PM
              Event ID/Source: 19011 / MSSQL$MICROSOFTSMLBIZ
              Event Description:
              (SpnRegister) : Error 1355



              -- Security Event Log ----------------------------------------------------------

              No Errors/Warnings found.


              -- System Event Log ------------------------------------------------------------

              Event Record #/Type64381 / Warning
              Event Submitted/Written: 04/24/2008 04:07:05 PM / 04/24/2008 04:07:33 PM
              Event ID/Source: 4 / b57w2k
              Event Description:
              Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

              Event Record #/Type64343 / Warning
              Event Submitted/Written: 04/24/2008 08:45:57 AM / 04/24/2008 08:46:24 AM
              Event ID/Source: 4 / b57w2k
              Event Description:
              Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

              Event Record #/Type64003 / Warning
              Event Submitted/Written: 04/23/2008 07:39:13 PM / 04/23/2008 07:39:40 PM
              Event ID/Source: 4 / b57w2k
              Event Description:
              Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

              Event Record #/Type63905 / Warning
              Event Submitted/Written: 04/23/2008 06:32:49 PM / 04/23/2008 06:33:16 PM
              Event ID/Source: 4 / b57w2k
              Event Description:
              Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

              Event Record #/Type63859 / Error
              Event Submitted/Written: 04/23/2008 06:13:10 PM
              Event ID/Source: 7009 / Service Control Manager
              Event Description:
              Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: Norton Protection Center Service.



              -- End of Deckard's System Scanner: finished at 2008-04-24 17:38:12 ------------

              Comment


              • #8
                Download dit bestand: zoek.exe
                Dubbelklik het, na een tijdje opent er een logje.
                Post de inhoud van dit logje in je volgende bericht

                Comment


                • #9
                  Trojan en andere ellende..

                  ======C:\WINDOWS====
                  ----a-w 0 2008-04-24 15:23:41 C:\WINDOWS\0.log
                  --s-a-w 2,048 2008-04-24 15:23:37 C:\WINDOWS\bootstat.dat
                  ----a-w 50 2008-04-06 16:15:44 C:\WINDOWS\MegaManager.INI
                  ----a-w 1,948 2008-04-16 12:24:10 C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt
                  ----a-w 233,078 2008-04-24 15:20:08 C:\WINDOWS\ntbtlog.txt
                  ---ha-w 54,156 2008-03-27 13:06:58 C:\WINDOWS\QTFont.qfn
                  ----a-w 32,588 2008-04-24 15:18:15 C:\WINDOWS\SchedLgU.Txt
                  ----a-w 2,141 2008-04-23 20:05:05 C:\WINDOWS\setupapi.log
                  ----a-w 159 2008-04-24 15:24:12 C:\WINDOWS\wiadebug.log
                  ----a-w 49 2008-04-24 15:24:11 C:\WINDOWS\wiaservc.log
                  ----a-w 1,474,930 2008-04-24 15:24:56 C:\WINDOWS\WindowsUpdate.log
                  ----a-w 806 2008-04-22 18:34:36 C:\WINDOWS\wmsetup.log

                  Entries: 12 (10)
                  Directories: 0 Files: 12
                  Bytes: 1,801,953 Blocks: 3,525
                  ======C:\WINDOWS\system32=====
                  --sh--w 1,541,433 2008-04-22 16:39:20 C:\WINDOWS\System32\blwnwswj.ini
                  ----a-w 253,472 2008-04-09 10:53:14 C:\WINDOWS\System32\FNTCACHE.DAT
                  --sh--w 1,541,030 2008-04-23 15:54:21 C:\WINDOWS\System32\fqifmntf.ini
                  ----a-w 6,242 2008-04-19 08:41:26 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log
                  ----a-w 12,632 2008-04-22 10:42:14 C:\WINDOWS\System32\lsdelete.exe
                  ----a-w 19,836,024 2008-04-06 05:56:20 C:\WINDOWS\System32\MRT.exe
                  ----a-w 61,694 2008-04-01 06:40:11 C:\WINDOWS\System32\perfc009.dat
                  ----a-w 78,610 2008-04-01 06:40:13 C:\WINDOWS\System32\perfc013.dat
                  ----a-w 401,418 2008-04-01 06:40:12 C:\WINDOWS\System32\perfh009.dat
                  ----a-w 463,342 2008-04-01 06:40:13 C:\WINDOWS\System32\perfh013.dat
                  -c--a-w 1,015,028 2008-04-01 06:40:05 C:\WINDOWS\System32\PerfStringBackup.INI
                  --sha-w 202,354 2008-04-22 16:45:04 C:\WINDOWS\System32\qWEMStwa.ini
                  ----a-w 800,916 2008-04-24 07:43:46 C:\WINDOWS\System32\RVAXO.bat
                  ----a-w 1,845,376 2008-03-20 08:10:47 C:\WINDOWS\System32\win32k.sys
                  ----a-w 1,158 2008-04-24 15:24:15 C:\WINDOWS\System32\wpa.dbl

                  Entries: 15 (12)
                  Directories: 0 Files: 15
                  Bytes: 28,060,729 Blocks: 54,815
                  ======C:\WINDOWS\system32\drivers=====
                  Entries: 0 (0)
                  Directories: 0 Files: 0
                  Bytes: 0 Blocks: 0
                  =======C:\Program Files=====
                  Entries: 0 (0)
                  Directories: 0 Files: 0
                  Bytes: 0 Blocks: 0
                  =======C:=====
                  ----a-w 501 2008-04-24 15:22:44 C:\firstrun5.log
                  ----a-w 280,068 2008-04-21 14:20:18 C:\HCPSTool.log
                  --sha-w 527,880,192 2008-04-24 15:23:35 C:\hiberfil.sys
                  --sha-w 792,723,456 2008-04-24 15:23:33 C:\pagefile.sys
                  ----a-w 636 2008-04-24 15:24:43 C:\RVAXO-results.log
                  ----a-w 17,654 2008-04-24 15:26:52 C:\RVAXO-Vfind.log

                  Entries: 6 (4)
                  Directories: 0 Files: 6
                  Bytes: 1,320,902,507 Blocks: 2,579,890
                  ======C:\Documents and Settings\Administrator\Application Data======
                  Entries: 0 (0)
                  Directories: 0 Files: 0
                  Bytes: 0 Blocks: 0
                  ======C:\Temp======
                  Entries: 0 (0)
                  Directories: 0 Files: 0
                  Bytes: 0 Blocks: 0
                  ======C:\Documents and Settings\Administrator======
                  ----a-w 539 2008-04-24 18:19:11 C:\Documents and Settings\Administrator\intlname.ols
                  ---ha-w 7,340,032 2008-04-24 15:22:56 C:\Documents and Settings\Administrator\NTUSER.DAT
                  ---ha-w 40,960 2008-04-24 21:13:20 C:\Documents and Settings\Administrator\ntuser.dat.LOG
                  --sh--w 288 2008-04-24 15:17:56 C:\Documents and Settings\Administrator\ntuser.ini

                  Entries: 4 (1)
                  Directories: 0 Files: 4
                  Bytes: 7,381,819 Blocks: 14,419
                  ======C:\WINDOWS\Downloaded Program Files====
                  Entries: 0 (0)
                  Directories: 0 Files: 0
                  Bytes: 0 Blocks: 0
                  =============

                  Comment


                  • #10
                    Open een kladblokbestand.
                    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                    @ECHO OFF
                    IF EXIST log.txt DEL log.txt
                    RD /S /Q C:\WINDOWS\system32\xcsDd05
                    ECHO Deleting files>>log.txt
                    FOR %%g in (
                    C:\WINDOWS\system32\xcsDd05
                    C:\WINDOWS\System32\blwnwswj.ini
                    C:\WINDOWS\System32\fqifmntf.ini
                    C:\WINDOWS\System32\qWEMStwa.ini) DO (
                    del /q %%gNUCIA
                    IF EXIST %%g (
                    ATTRIB -r -s -h %%g
                    DEL %%g
                    REN %%g *NUCIA
                    IF EXIST %%gNUCIA (
                    ECHO renamed to %%gNUCIA>>log.txt)
                    IF EXIST %%g (
                    ECHO %%g not deleted>>log.txt
                    ) ELSE (
                    ECHO %%g deleted>>log.txt)
                    ) ELSE (
                    ECHO %%g not found>>log.txt))
                    START NOTEPAD.EXE log.txt

                    Ga naar Bestand - Opslaan als.
                    Bij "Opslaan in" kies je: Bureaublad
                    Bij "Bestandsnaam" zet je: del.bat
                    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                    Klik op de knop Opslaan.

                    Dubbelklik op del.bat en post het logje van del.bat

                    Comment


                    • #11
                      Trojan en andere ellende..

                      Deleting files
                      C:\WINDOWS\system32\xcsDd05 not found
                      C:\WINDOWS\System32\blwnwswj.ini deleted
                      C:\WINDOWS\System32\fqifmntf.ini deleted
                      C:\WINDOWS\System32\qWEMStwa.ini deleted

                      Comment


                      • #12
                        Doe dit nog:

                        Download ATF cleaner (mirror)(gemaakt door Atribune)

                        Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                        Dubbelklik op ATF cleaner om het programma te starten.
                        Op het tabblad "Main", plaats je een vinkje bij Select All.
                        Klik op de knop Empty Selected.

                        Het volgende doen als je ook FireFox als browser hebt:
                        Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                        Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                        (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                        Klik op de knop Empty Selected.

                        Het volgende doen als je ook Opera als browser hebt:
                        Klik op tabblad "Opera", plaats een vinkje bij Select All.
                        Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                        Klik op de knop Empty Selected.
                        Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                        Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                        Kijk hier hoe je je systeemherstel moet uitschakelen.
                        Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                        Zijn alle problemen nu voorbij?

                        Comment


                        • #13
                          Trojan en andere ellende..

                          Hoi Smeenk,

                          Alle acties zijn uitgevoerd! Omdat ik het nog niet helemaal vertrouw hierbij een Hijack logje. Is alles nu schoon?

                          Logfile of Trend Micro HijackThis v2.0.2
                          Scan saved at 9:51:35, on 25-4-2008
                          Platform: Windows XP SP2 (WinNT 5.01.2600)
                          MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                          Boot mode: Normal

                          Running processes:
                          C:\WINDOWS\System32\smss.exe
                          C:\WINDOWS\system32\winlogon.exe
                          C:\WINDOWS\system32\services.exe
                          C:\WINDOWS\system32\lsass.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                          C:\WINDOWS\Explorer.EXE
                          C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                          C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
                          C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
                          C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
                          C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                          C:\WINDOWS\system32\spoolsv.exe
                          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                          C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
                          C:\Program Files\Norton AntiVirus\navapsvc.exe
                          C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
                          C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                          C:\WINDOWS\system32\HPZipm12.exe
                          C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\Program Files\Canon\CAL\CALMAIN.exe
                          C:\WINDOWS\system32\igfxtray.exe
                          C:\WINDOWS\system32\hkcmd.exe
                          C:\WINDOWS\system32\igfxpers.exe
                          C:\WINDOWS\AGRSMMSG.exe
                          C:\WINDOWS\system32\igfxsrvc.exe
                          C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
                          C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                          C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
                          C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                          C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
                          C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
                          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                          C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
                          C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
                          C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
                          C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
                          C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
                          C:\WINDOWS\system32\ctfmon.exe
                          C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
                          C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                          C:\Program Files\Windows Media Player\WMPNSCFG.exe
                          C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
                          C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                          C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
                          C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
                          C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
                          C:\WINDOWS\system32\wuauclt.exe
                          C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
                          C:\Program Files\HPQ\SHARED\HPQWMI.exe
                          C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
                          C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
                          C:\Program Files\Internet Explorer\IEXPLORE.EXE
                          C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
                          C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                          O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
                          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                          O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                          O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
                          O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
                          O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
                          O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
                          O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
                          O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
                          O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
                          O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
                          O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
                          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                          O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
                          O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                          O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
                          O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
                          O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
                          O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
                          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                          O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
                          O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
                          O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
                          O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
                          O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
                          O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
                          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                          O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
                          O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                          O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
                          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                          O4 - Startup: Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
                          O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                          O4 - Global Startup: BTTray.lnk = ?
                          O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
                          O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                          O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
                          O4 - Global Startup: Servicebeheer.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
                          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                          O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
                          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                          O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
                          O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
                          O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
                          O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - http://www.cig.canon-europe.com/ph/nl_NL/st/download/ddup/CNIMGUP_01_210102E.cab
                          O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ctac-allign.com
                          O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ctac-allign.com
                          O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ctac-allign.com
                          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                          O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                          O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
                          O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
                          O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                          O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                          O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
                          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                          O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                          O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
                          O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
                          O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
                          O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
                          O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                          O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
                          O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
                          O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
                          O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                          O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
                          O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

                          --
                          End of file - 12570 bytes

                          Comment


                          • #14
                            Je logje ziet er schoon uit

                            Zijn er nog problemen dan?

                            Comment


                            • #15
                              Trojan en andere ellende..

                              Op zich zijn er geen problemen meer, maar omdat zowel de scans van mijn Norton, Spybot en CC Cleaner eerder deze week aangaven dat er niets aan de hand was, terwijl dat wel degelijk het geval was, twijfel ik nu toch of alle rommel echt weg is.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X