Mededeling

Collapse
No announcement yet.

spyware en steeds openende reclame vensters

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • spyware en steeds openende reclame vensters

    Hallo,
    Ik heb sinds een paar dagen last van uit zichzelf openende reclame vensters als ik Internet Explorer opstart. Ook krijg ik steeds meldingen van een virus van mijn virusscanner. ik zal hieronder mijn log plaatsen en hoop dat iemand mij nu kan helpen. alvast bedankt


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:20:26, on 14-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
    C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Panda Security\Panda Antivirus 2008\psimreal.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [08192c29] rundll32.exe "C:\WINDOWS\system32\etbswheu.dll",b
    O4 - HKLM\..\Run: [BM0b2a1fb5] Rundll32.exe "C:\WINDOWS\system32\drlpfbcb.dll",s
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

    --
    End of file - 9069 bytes

  • #2
    Hallo,

    Sluit alle open vensters.
    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

    O4 - HKLM\..\Run: [08192c29] rundll32.exe "C:\WINDOWS\system32\etbswheu.dll",b
    O4 - HKLM\..\Run: [BM0b2a1fb5] Rundll32.exe "C:\WINDOWS\system32\drlpfbcb.dll",s


    Klik daarna op "Fix checked" en sluit HijackThis af.


    Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden
    Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

    Comment


    • #3
      error

      bedankt het helpt.
      maar ik krijg ook steeds deze error:

      Microsoft Visual C++ Runtime Library

      Program: C:\WINDOWS\explorer.exe

      A buffer overrun has been detected wich has corrupted the program's internal state. The program cannot safely continue execution and must now be terminaded



      wat houd dit in?

      Comment


      • #4
        Volg de instructies die ik geef.

        Comment


        • #5
          log

          oke sorry, dit is de uitslag combofix

          ComboFix 08-05-12.1 - Eigenaar 2008-05-14 18:34:03.1 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.516 [GMT 2:00]
          Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\Eigenaar\Bureaublad\WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
          * Nieuw herstelpunt werd aangemaakt
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\WINDOWS\cookies.ini
          C:\WINDOWS\Downloaded Program Files\setup.inf
          C:\WINDOWS\pskt.ini
          C:\WINDOWS\system32\cfrugqwa.dll
          C:\WINDOWS\system32\drlpfbcb.dll
          C:\WINDOWS\system32\etbswheu.dll
          C:\WINDOWS\system32\hgmaajxd.dll
          C:\WINDOWS\system32\ioelucpf.dll
          C:\WINDOWS\system32\mcrh.tmp
          C:\WINDOWS\system32\NTENonmp.ini
          C:\WINDOWS\system32\NTENonmp.ini2
          C:\WINDOWS\system32\pironcnn.dll
          C:\WINDOWS\system32\pmnoNETN.dll
          C:\WINDOWS\system32\rwesrpmd.ini
          C:\WINDOWS\system32\uehwsbte.ini
          C:\WINDOWS\system32\uyxolqbo.dll

          .
          (((((((((((((((((((( Bestanden Gemaakt van 2008-04-14 to 2008-05-14 ))))))))))))))))))))))))))))))
          .

          2008-05-14 18:33 . 2008-05-14 18:33 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
          2008-05-14 17:19 . 2008-05-14 17:19 <DIR> d-------- C:\Program Files\Trend Micro
          2008-05-13 23:05 . 2008-05-13 23:05 314 --a------ C:\WINDOWS\system32\xnpvqibw.exe
          2008-05-12 23:16 . 2008-05-12 23:16 0 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_69634.LOG
          2008-05-12 23:16 . 2008-05-12 23:16 0 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT_TU_83139.LOG
          2008-05-12 23:16 . 2008-05-12 23:16 0 --ah----- C:\Documents and Settings\Eigenaar\NTUSER.DAT_TU_84744.LOG
          2008-05-12 23:05 . 2008-05-12 23:05 314 --a------ C:\WINDOWS\system32\exawrffq.exe
          2008-05-12 22:50 . 2008-05-12 23:02 <DIR> d-------- C:\Program Files\LimeWire
          2008-05-12 21:49 . 2008-05-12 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2008-05-12 18:24 . 2008-05-12 18:24 100,416 --------- C:\WINDOWS\system32\cappjoqx.dll_old
          2008-05-11 18:23 . 2008-05-11 18:23 98,368 --------- C:\WINDOWS\system32\dyscuanv.dll_old
          2008-05-10 17:11 . 2008-05-13 23:17 109,812 --a------ C:\WINDOWS\BM0b2a1fb5.xml
          2008-05-10 17:11 . 2008-05-10 17:11 100,416 --------- C:\WINDOWS\system32\eeoeoawa.dll_old
          2008-05-09 22:28 . 2008-05-09 22:28 22 --a------ C:\WINDOWS\b999.exe.bin
          2008-05-09 22:23 . 2008-05-09 22:23 22 --a------ C:\WINDOWS\b157.exe.bin
          2008-05-09 22:18 . 2008-05-09 22:18 22 --a------ C:\WINDOWS\b152.exe.bin
          2008-05-09 22:13 . 2008-05-09 22:13 22 --a------ C:\WINDOWS\b155.exe.bin
          2008-05-09 22:08 . 2008-05-09 22:08 22 --a------ C:\WINDOWS\b156.exe.bin
          2008-05-08 21:59 . 2008-05-12 13:01 37,376 --------- C:\WINDOWS\mrofinu1044.exe_old
          2008-05-08 21:47 . 2008-05-08 21:47 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
          2008-05-07 22:54 . 2008-05-07 22:54 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
          2008-05-07 20:25 . 2008-05-07 23:57 <DIR> d-------- C:\Program Files\EA GAMES
          2008-04-19 12:04 . 2008-04-19 12:04 0 --a------ C:\WINDOWS\nsreg.dat
          2008-04-17 21:13 . 2008-05-14 18:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
          2008-04-17 21:13 . 2008-04-17 21:13 1,409 --a------ C:\WINDOWS\QTFont.for
          2008-04-17 21:12 . 2008-04-17 21:12 <DIR> d-------- C:\Program Files\iTunes
          2008-04-17 21:11 . 2008-04-17 21:11 <DIR> d-------- C:\Program Files\QuickTime
          2008-04-17 21:08 . 2008-04-17 21:08 <DIR> d-------- C:\Program Files\Apple Software Update

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-05-12 19:57 --------- d-----w C:\Program Files\Panda Security
          2008-05-09 21:33 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\LimeWire
          2008-05-08 22:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2008-05-08 20:04 --------- d-----w C:\Program Files\BitComet
          2008-05-08 17:33 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\BearShare
          2008-05-07 18:52 --------- d-----w C:\Program Files\BearShare Applications
          2008-04-25 15:34 --------- d-----w C:\Program Files\World of Warcraft
          2008-04-17 19:12 --------- d-----w C:\Program Files\iPod
          2008-04-17 14:01 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
          2008-04-17 14:01 --------- d-----w C:\Program Files\Call of Duty
          2008-04-11 14:31 --------- d-----w C:\Program Files\Activision
          2008-04-09 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
          2008-03-20 17:00 --------- d-----w C:\Program Files\EA SPORTS
          2003-07-31 09:53 147,456 ----a-w C:\WINDOWS\inf\EL2K_XP.sys
          2003-07-31 09:50 448,768 ----a-w C:\WINDOWS\inf\EL2K_N64.sys
          2003-07-31 09:43 147,456 ----a-w C:\WINDOWS\inf\EL2K_2K.sys
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
          "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
          "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28 790528]
          "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]
          "nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe]
          "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07 81920]
          "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
          "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
          "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360]

          C:\Documents and Settings\Eigenaar\Menu Start\Programma's\Opstarten\
          OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
          avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJYpQkj]
          mlJYpQkj.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
          "vidc.3ivx"= 3ivxVfWCodec.dll
          "vidc.3iv2"= 3ivxVfWCodec.dll
          "msacm.divxa32"= divxa32.acm
          "VIDC.HFYU"= huffyuv.dll
          "VIDC.i263"= i263_32.drv
          "VIDC.i420"= i263_32.drv
          "msacm.imc"= imc32.acm
          "VIDC.VP31"= vp31vfw.dll

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
          "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
          "PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
          "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
          "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
          "PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
          "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
          "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
          "EnableFirewall"= 0 (0x0)

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
          "%windir%\\system32\\sessmgr.exe"=
          "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
          "C:\\Program Files\\MSN Messenger\\livecall.exe"=
          "C:\\Program Files\\Messenger\\msmsgs.exe"=
          "C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
          "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
          "C:\\Program Files\\World of Warcraft\\Repair.exe"=
          "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
          "C:\\Program Files\\LimeWire\\LimeWire.exe"=
          "C:\\Program Files\\Call of Duty\\CoDMP.exe"=
          "C:\\Program Files\\BitComet\\BitComet.exe"=
          "C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
          "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
          "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
          "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
          "C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
          "C:\\Program Files\\iTunes\\iTunes.exe"=

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
          "23797:TCP"= 23797:TCP:BitComet 23797 TCP
          "23797:UDP"= 23797:UDP:BitComet 23797 UDP

          R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-02-07 15:56]
          R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-02-07 15:56]
          S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20:11]

          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-04-17 19:08:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          "2008-04-25 15:16:38 C:\WINDOWS\Tasks\Easy Onderhoud.job"
          - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
          .
          **************************************************************************

          catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-05-14 18:39:06
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          ------------------------ Other Running Processes ------------------------
          .
          C:\Program Files\Panda Security\Panda Antivirus 2008\PAVSRV51.EXE
          C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrlS.exe
          C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
          C:\WINDOWS\system32\PnkBstrA.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
          C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\ApVxdWin.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
          C:\WINDOWS\system32\rundll32.exe
          C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
          C:\Program Files\iPod\bin\iPodService.exe
          C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
          C:\WINDOWS\system32\wscntfy.exe
          .
          **************************************************************************
          .
          Voltooingstijd: 2008-05-14 18:41:48 - machine was rebooted [Eigenaar]
          ComboFix-quarantined-files.txt 2008-05-14 16:41:45

          Pre-Run: 58,771,976,192 bytes beschikbaar
          Post-Run: 58,943,909,888 bytes beschikbaar

          WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
          [boot loader]
          timeout=2
          default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
          [operating systems]
          multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
          C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

          196 --- E O F --- 2008-04-09 20:16:27

          en dit die van Hijackthis

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 18:44:07, on 14-5-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16640)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
          C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
          C:\WINDOWS\system32\PnkBstrA.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
          C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
          C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
          C:\WINDOWS\system32\RUNDLL32.EXE
          C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
          C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
          C:\Program Files\iTunes\iTunesHelper.exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
          C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\Program Files\iPod\bin\iPodService.exe
          C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
          C:\WINDOWS\system32\wscntfy.exe
          C:\WINDOWS\explorer.exe
          C:\WINDOWS\system32\notepad.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\psimreal.exe
          C:\Program Files\internet explorer\iexplore.exe
          C:\Program Files\internet explorer\iexplore.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
          O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
          O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
          O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
          O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
          O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
          O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
          O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
          O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
          O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
          O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
          O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
          O20 - Winlogon Notify: mlJYpQkj - mlJYpQkj.dll (file missing)
          O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
          O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
          O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
          O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
          O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
          O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
          O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
          O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
          O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

          --
          End of file - 8632 bytes

          Comment


          • #6
            Fix deze regel met hijacthis:
            O20 - Winlogon Notify: mlJYpQkj - mlJYpQkj.dll (file missing)

            Open een kladblokbestand.
            Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.
            @ECHO OFF
            IF EXIST log.txt DEL log.txt
            ECHO Deleting files>>log.txt
            FOR %%g in (
            C:\WINDOWS\system32\xnpvqibw.exe
            C:\WINDOWS\system32\exawrffq.exe
            C:\WINDOWS\system32\cappjoqx.dll_old
            C:\WINDOWS\system32\dyscuanv.dll_old
            C:\WINDOWS\system32\eeoeoawa.dll_old
            C:\WINDOWS\b999.exe.bin
            C:\WINDOWS\b157.exe.bin
            C:\WINDOWS\b152.exe.bin
            C:\WINDOWS\b155.exe.bin
            C:\WINDOWS\b156.exe.bin
            C:\WINDOWS\mrofinu1044.exe_old) DO (
            IF EXIST %%g (
            ATTRIB -r -s -h %%g
            DEL %%g
            IF EXIST %%g (
            ECHO %%g not deleted>>log.txt
            ) ELSE (
            ECHO %%g deleted successfully>>log.txt)
            ) ELSE (
            ECHO %%g not found>>log.txt))
            START NOTEPAD.EXE log.txt

            Ga naar Bestand - Opslaan als.
            Bij "Opslaan in" kies je: Bureaublad
            Bij "Bestandsnaam" zet je: del.bat
            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
            Klik op de knop Opslaan.

            Dubbelklik op del.bat en post de inhoud van de logfile die opent.

            Comment


            • #7
              kan dit kloppen?

              Deleting files
              C:\WINDOWS\system32\xnpvqibw.exe deleted successfully
              C:\WINDOWS\system32\exawrffq.exe deleted successfully
              C:\WINDOWS\system32\cappjoqx.dll_old deleted successfully
              C:\WINDOWS\system32\dyscuanv.dll_old deleted successfully
              C:\WINDOWS\system32\eeoeoawa.dll_old not deleted
              C:\WINDOWS\b999.exe.bin deleted successfully
              C:\WINDOWS\b157.exe.bin deleted successfully
              C:\WINDOWS\b152.exe.bin deleted successfully
              C:\WINDOWS\b155.exe.bin deleted successfully
              C:\WINDOWS\b156.exe.bin deleted successfully
              C:\WINDOWS\mrofinu1044.exe_old deleted successfully

              Comment


              • #8
                Herstart de computer, en run del.bat nog een keer.

                Comment


                • #9
                  denk dat het nu goed is?

                  Deleting files
                  C:\WINDOWS\system32\xnpvqibw.exe not found
                  C:\WINDOWS\system32\exawrffq.exe not found
                  C:\WINDOWS\system32\cappjoqx.dll_old not found
                  C:\WINDOWS\system32\dyscuanv.dll_old not found
                  C:\WINDOWS\system32\eeoeoawa.dll_old not found
                  C:\WINDOWS\b999.exe.bin not found
                  C:\WINDOWS\b157.exe.bin not found
                  C:\WINDOWS\b152.exe.bin not found
                  C:\WINDOWS\b155.exe.bin not found
                  C:\WINDOWS\b156.exe.bin not found
                  C:\WINDOWS\mrofinu1044.exe_old not found

                  Comment


                  • #10
                    Zijn er nog problemen?

                    Comment


                    • #11
                      nope, bedankt he

                      Comment


                      • #12
                        Graag gedaan.

                        Best dat je dit nog even doet:
                        Ga naar Start - Uitvoeren en tik in: ComboFix /u
                        Druk op Enter.


                        Ga naar Kaspersky Online Scanner en klik onderaan op Accept.
                        Deze scanner werkt uitsluitend met Internet Explorer 6 en hoger !!
                        Het zou kunnen dat je aan de bovenkant van je scherm op een gele balk moet klikken om ActiveX bestanden die Kaspersky nodig heeft om te kunnen scannen te downloaden. Sta dit toe.
                        • Het programma begint nu met het downloaden van de laatste definitie files. Hierna klik je op Next.
                        • Klik vervolgens op de toets Scan Settings.
                          Onder de tekst Scan using the following antivirus database: kies je de tweede mogelijkheid: extended - protect your .....
                          Onder de tekst Scan options: zet je de twee vinkjes: Scan Archives .... en Scan Mail Bases ....
                        • Klik dan op de toets OK.
                        • Start nu het scannen door op de tekst My Computer te klikken.


                          Hou er rekening mee dat deze scan een tijdje in beslag neemt.
                        • Eenmaal de scan volledig is krijg je de gelegenheid om het scanrapport op te slaan.
                          Klik op de toets Save Report As te klikken. Sla het rapport op je Bureaublad op met als naam kavscan.txt

                        Post dit rapport in je volgende bericht.

                        Comment


                        • #13
                          Zo


                          -------------------------------------------------------------------------------
                          KASPERSKY ONLINE SCANNER REPORT
                          Thursday, May 15, 2008 12:35:12 AM
                          Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
                          Kaspersky Online Scanner version: 5.0.98.0
                          Kaspersky Anti-Virus database last update: 14/05/2008
                          Kaspersky Anti-Virus database records: 773829
                          -------------------------------------------------------------------------------

                          Scan Settings:
                          Scan using the following antivirus database: extended
                          Scan Archives: true
                          Scan Mail Bases: true

                          Scan Target - My Computer:
                          A:\
                          C:\
                          D:\
                          E:\
                          F:\
                          G:\

                          Scan Statistics:
                          Total number of scanned objects: 89084
                          Number of viruses found: 11
                          Number of infected objects: 16
                          Number of suspicious objects: 0
                          Duration of the scan process: 01:20:03

                          Infected Object Name / Virus Name / Last Action
                          C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
                          C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
                          C:\Documents and Settings\All Users\Application Data\sentinel\2.1\gwhashs.dat Object is locked skipped
                          C:\Documents and Settings\Eigenaar\Cookies\index.dat Object is locked skipped
                          C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
                          C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
                          C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
                          C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
                          C:\Documents and Settings\Eigenaar\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
                          C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
                          C:\Documents and Settings\Eigenaar\Mijn documenten\My Music\Limewire\18 Years Old - Cadence Caliber.avi Infected: Trojan-Downloader.WMA.GetCodec.a skipped
                          C:\Documents and Settings\Eigenaar\NTUSER.DAT Object is locked skipped
                          C:\Documents and Settings\Eigenaar\ntuser.dat.LOG Object is locked skipped
                          C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
                          C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
                          C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
                          C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
                          C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
                          C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
                          C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
                          C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
                          C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
                          C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
                          C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
                          C:\Program Files\Panda Security\Panda Antivirus 2008\cace2423dfb97c58fe7dd9f120557063PSK_NAMES Object is locked skipped
                          C:\Program Files\Panda Security\Panda Antivirus 2008\cace2423dfb97c58fe7dd9f120557063PSK_NAMES2 Object is locked skipped
                          C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
                          C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP183\A0027848.dll Infected: Trojan.Win32.Monder.dm skipped
                          C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP183\A0027856.exe Infected: Trojan-Downloader.Win32.Homles.bm skipped
                          C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP184\A0027877.exe Infected: Trojan-Downloader.Win32.Homles.bl skipped
                          C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP184\A0027878.dll Infected: Trojan.Win32.Monder.di skipped
                          C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP184\A0027898.dll Infected: Trojan.Win32.Monder.dk skipped
                          C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP184\A0027899.dll Infected: Trojan.Win32.Monder.dl skipped
                          C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP185\A0027989.dll Infected: Trojan.Win32.Monder.dj skipped
                          C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP185\A0028001.exe Infected: Trojan-Downloader.Win32.Homles.bl skipped
                          C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP186\A0028053.exe Infected: Trojan-Downloader.Win32.Homles.bm skipped
                          C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP186\A0028129.dll Infected: Trojan.Win32.Monder.gen skipped
                          C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP186\A0028150.dll Infected: Trojan.Win32.Monder.dj skipped
                          C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP188\A0028227.dll Infected: Trojan.Win32.KillAV.rf skipped
                          C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP188\A0028228.dll Infected: Trojan.Win32.KillAV.rf skipped
                          C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP188\A0028229.dll Infected: Trojan.Win32.Monder.do skipped
                          C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP188\A0028231.dll Infected: Trojan.Win32.Monder.di skipped
                          C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP189\change.log Object is locked skipped
                          C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
                          C:\WINDOWS\SchedLgU.Txt Object is locked skipped
                          C:\WINDOWS\SoftwareDistribution\EventCache\{A381B770-CA05-499A-B8B6-D93A6DB9B822}.bin Object is locked skipped
                          C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
                          C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
                          C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
                          C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
                          C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
                          C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
                          C:\WINDOWS\system32\config\default Object is locked skipped
                          C:\WINDOWS\system32\config\default.LOG Object is locked skipped
                          C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
                          C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
                          C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
                          C:\WINDOWS\system32\config\SAM Object is locked skipped
                          C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
                          C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
                          C:\WINDOWS\system32\config\SECURITY Object is locked skipped
                          C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
                          C:\WINDOWS\system32\config\software Object is locked skipped
                          C:\WINDOWS\system32\config\software.LOG Object is locked skipped
                          C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
                          C:\WINDOWS\system32\config\system Object is locked skipped
                          C:\WINDOWS\system32\config\system.LOG Object is locked skipped
                          C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
                          C:\WINDOWS\system32\h323log.txt Object is locked skipped
                          C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
                          C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
                          C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
                          C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
                          C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
                          C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
                          C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
                          C:\WINDOWS\WindowsUpdate.log Object is locked skipped

                          Scan process completed.

                          Comment


                          • #14
                            Had je de instructies met ComboFix opgevolgd?
                            Zo ja, is er wat misgelopen?

                            Comment


                            • #15
                              ja hij heeft combofix uninstalled

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X