Hallo,

Sluit alle open vensters.
Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

O4 - HKLM\..\Run: [08192c29] rundll32.exe "C:\WINDOWS\system32\etbswheu.dll",b
O4 - HKLM\..\Run: [BM0b2a1fb5] Rundll32.exe "C:\WINDOWS\system32\drlpfbcb.dll",s

Klik daarna op "Fix checked" en sluit HijackThis af.


Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden
Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het.
Als het tooltje klaar is, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

error

bedankt het helpt.
maar ik krijg ook steeds deze error:

Microsoft Visual C++ Runtime Library

Program: C:\WINDOWS\explorer.exe

A buffer overrun has been detected wich has corrupted the program's internal state. The program cannot safely continue execution and must now be terminaded



wat houd dit in?

Volg de instructies die ik geef.

log

oke sorry, dit is de uitslag combofix

ComboFix 08-05-12.1 - Eigenaar 2008-05-14 18:34:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.516 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Eigenaar\Bureaublad\WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cfrugqwa.dll
C:\WINDOWS\system32\drlpfbcb.dll
C:\WINDOWS\system32\etbswheu.dll
C:\WINDOWS\system32\hgmaajxd.dll
C:\WINDOWS\system32\ioelucpf.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\NTENonmp.ini
C:\WINDOWS\system32\NTENonmp.ini2
C:\WINDOWS\system32\pironcnn.dll
C:\WINDOWS\system32\pmnoNETN.dll
C:\WINDOWS\system32\rwesrpmd.ini
C:\WINDOWS\system32\uehwsbte.ini
C:\WINDOWS\system32\uyxolqbo.dll

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-04-14 to 2008-05-14 ))))))))))))))))))))))))))))))
.

2008-05-14 18:33 . 2008-05-14 18:33 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-14 17:19 . 2008-05-14 17:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-13 23:05 . 2008-05-13 23:05 314 --a------ C:\WINDOWS\system32\xnpvqibw.exe
2008-05-12 23:16 . 2008-05-12 23:16 0 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_69634.LOG
2008-05-12 23:16 . 2008-05-12 23:16 0 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT_TU_83139.LOG
2008-05-12 23:16 . 2008-05-12 23:16 0 --ah----- C:\Documents and Settings\Eigenaar\NTUSER.DAT_TU_84744.LOG
2008-05-12 23:05 . 2008-05-12 23:05 314 --a------ C:\WINDOWS\system32\exawrffq.exe
2008-05-12 22:50 . 2008-05-12 23:02 <DIR> d-------- C:\Program Files\LimeWire
2008-05-12 21:49 . 2008-05-12 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-12 18:24 . 2008-05-12 18:24 100,416 --------- C:\WINDOWS\system32\cappjoqx.dll_old
2008-05-11 18:23 . 2008-05-11 18:23 98,368 --------- C:\WINDOWS\system32\dyscuanv.dll_old
2008-05-10 17:11 . 2008-05-13 23:17 109,812 --a------ C:\WINDOWS\BM0b2a1fb5.xml
2008-05-10 17:11 . 2008-05-10 17:11 100,416 --------- C:\WINDOWS\system32\eeoeoawa.dll_old
2008-05-09 22:28 . 2008-05-09 22:28 22 --a------ C:\WINDOWS\b999.exe.bin
2008-05-09 22:23 . 2008-05-09 22:23 22 --a------ C:\WINDOWS\b157.exe.bin
2008-05-09 22:18 . 2008-05-09 22:18 22 --a------ C:\WINDOWS\b152.exe.bin
2008-05-09 22:13 . 2008-05-09 22:13 22 --a------ C:\WINDOWS\b155.exe.bin
2008-05-09 22:08 . 2008-05-09 22:08 22 --a------ C:\WINDOWS\b156.exe.bin
2008-05-08 21:59 . 2008-05-12 13:01 37,376 --------- C:\WINDOWS\mrofinu1044.exe_old
2008-05-08 21:47 . 2008-05-08 21:47 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-05-07 22:54 . 2008-05-07 22:54 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-07 20:25 . 2008-05-07 23:57 <DIR> d-------- C:\Program Files\EA GAMES
2008-04-19 12:04 . 2008-04-19 12:04 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-17 21:13 . 2008-05-14 18:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-17 21:13 . 2008-04-17 21:13 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-17 21:12 . 2008-04-17 21:12 <DIR> d-------- C:\Program Files\iTunes
2008-04-17 21:11 . 2008-04-17 21:11 <DIR> d-------- C:\Program Files\QuickTime
2008-04-17 21:08 . 2008-04-17 21:08 <DIR> d-------- C:\Program Files\Apple Software Update

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 19:57 --------- d-----w C:\Program Files\Panda Security
2008-05-09 21:33 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\LimeWire
2008-05-08 22:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-08 20:04 --------- d-----w C:\Program Files\BitComet
2008-05-08 17:33 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\BearShare
2008-05-07 18:52 --------- d-----w C:\Program Files\BearShare Applications
2008-04-25 15:34 --------- d-----w C:\Program Files\World of Warcraft
2008-04-17 19:12 --------- d-----w C:\Program Files\iPod
2008-04-17 14:01 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-17 14:01 --------- d-----w C:\Program Files\Call of Duty
2008-04-11 14:31 --------- d-----w C:\Program Files\Activision
2008-04-09 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-20 17:00 --------- d-----w C:\Program Files\EA SPORTS
2003-07-31 09:53 147,456 ----a-w C:\WINDOWS\inf\EL2K_XP.sys
2003-07-31 09:50 448,768 ----a-w C:\WINDOWS\inf\EL2K_N64.sys
2003-07-31 09:43 147,456 ----a-w C:\WINDOWS\inf\EL2K_2K.sys
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28 790528]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]
"nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07 81920]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360]

C:\Documents and Settings\Eigenaar\Menu Start\Programma's\Opstarten\
OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJYpQkj]
mlJYpQkj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"VIDC.i420"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
"PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Call of Duty\\CoDMP.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23797:TCP"= 23797:TCP:BitComet 23797 TCP
"23797:UDP"= 23797:UDP:BitComet 23797 UDP

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-02-07 15:56]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-02-07 15:56]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20:11]

.
Inhoud van de 'Gedeelde Taken' map
"2008-04-17 19:08:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-25 15:16:38 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 18:39:06
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Panda Security\Panda Antivirus 2008\PAVSRV51.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrlS.exe
C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApVxdWin.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Voltooingstijd: 2008-05-14 18:41:48 - machine was rebooted [Eigenaar]
ComboFix-quarantined-files.txt 2008-05-14 16:41:45

Pre-Run: 58,771,976,192 bytes beschikbaar
Post-Run: 58,943,909,888 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

196 --- E O F --- 2008-04-09 20:16:27

en dit die van Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:44:07, on 14-5-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\psimreal.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: mlJYpQkj - mlJYpQkj.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 8632 bytes

Fix deze regel met hijacthis:
O20 - Winlogon Notify: mlJYpQkj - mlJYpQkj.dll (file missing)

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.
@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\WINDOWS\system32\xnpvqibw.exe
C:\WINDOWS\system32\exawrffq.exe
C:\WINDOWS\system32\cappjoqx.dll_old
C:\WINDOWS\system32\dyscuanv.dll_old
C:\WINDOWS\system32\eeoeoawa.dll_old
C:\WINDOWS\b999.exe.bin
C:\WINDOWS\b157.exe.bin
C:\WINDOWS\b152.exe.bin
C:\WINDOWS\b155.exe.bin
C:\WINDOWS\b156.exe.bin
C:\WINDOWS\mrofinu1044.exe_old) DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted successfully>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.

kan dit kloppen?

Deleting files
C:\WINDOWS\system32\xnpvqibw.exe deleted successfully
C:\WINDOWS\system32\exawrffq.exe deleted successfully
C:\WINDOWS\system32\cappjoqx.dll_old deleted successfully
C:\WINDOWS\system32\dyscuanv.dll_old deleted successfully
C:\WINDOWS\system32\eeoeoawa.dll_old not deleted
C:\WINDOWS\b999.exe.bin deleted successfully
C:\WINDOWS\b157.exe.bin deleted successfully
C:\WINDOWS\b152.exe.bin deleted successfully
C:\WINDOWS\b155.exe.bin deleted successfully
C:\WINDOWS\b156.exe.bin deleted successfully
C:\WINDOWS\mrofinu1044.exe_old deleted successfully

Herstart de computer, en run del.bat nog een keer.

denk dat het nu goed is?

Deleting files
C:\WINDOWS\system32\xnpvqibw.exe not found
C:\WINDOWS\system32\exawrffq.exe not found
C:\WINDOWS\system32\cappjoqx.dll_old not found
C:\WINDOWS\system32\dyscuanv.dll_old not found
C:\WINDOWS\system32\eeoeoawa.dll_old not found
C:\WINDOWS\b999.exe.bin not found
C:\WINDOWS\b157.exe.bin not found
C:\WINDOWS\b152.exe.bin not found
C:\WINDOWS\b155.exe.bin not found
C:\WINDOWS\b156.exe.bin not found
C:\WINDOWS\mrofinu1044.exe_old not found

Zijn er nog problemen?

nope, bedankt he

Graag gedaan.

Best dat je dit nog even doet:
Ga naar Start - Uitvoeren en tik in: ComboFix /u
Druk op Enter.


Ga naar Kaspersky Online Scanner en klik onderaan op Accept.
Deze scanner werkt uitsluitend met Internet Explorer 6 en hoger !!
Het zou kunnen dat je aan de bovenkant van je scherm op een gele balk moet klikken om ActiveX bestanden die Kaspersky nodig heeft om te kunnen scannen te downloaden. Sta dit toe.

• Het programma begint nu met het downloaden van de laatste definitie files. Hierna klik je op Next.
  
• Klik vervolgens op de toets Scan Settings.
  Onder de tekst Scan using the following antivirus database: kies je de tweede mogelijkheid: extended - protect your .....
  Onder de tekst Scan options: zet je de twee vinkjes: Scan Archives .... en Scan Mail Bases ....
  
• Klik dan op de toets OK.
  
• Start nu het scannen door op de tekst My Computer te klikken.
  
  
  Hou er rekening mee dat deze scan een tijdje in beslag neemt.
  
• Eenmaal de scan volledig is krijg je de gelegenheid om het scanrapport op te slaan.
  Klik op de toets Save Report As te klikken. Sla het rapport op je Bureaublad op met als naam kavscan.txt

Post dit rapport in je volgende bericht.

Zo


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 15, 2008 12:35:12 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/05/2008
Kaspersky Anti-Virus database records: 773829
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 89084
Number of viruses found: 11
Number of infected objects: 16
Number of suspicious objects: 0
Duration of the scan process: 01:20:03

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\sentinel\2.1\gwhashs.dat Object is locked skipped
C:\Documents and Settings\Eigenaar\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Eigenaar\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Eigenaar\Mijn documenten\My Music\Limewire\18 Years Old - Cadence Caliber.avi Infected: Trojan-Downloader.WMA.GetCodec.a skipped
C:\Documents and Settings\Eigenaar\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Eigenaar\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Panda Security\Panda Antivirus 2008\cace2423dfb97c58fe7dd9f120557063PSK_NAMES Object is locked skipped
C:\Program Files\Panda Security\Panda Antivirus 2008\cace2423dfb97c58fe7dd9f120557063PSK_NAMES2 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP183\A0027848.dll Infected: Trojan.Win32.Monder.dm skipped
C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP183\A0027856.exe Infected: Trojan-Downloader.Win32.Homles.bm skipped
C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP184\A0027877.exe Infected: Trojan-Downloader.Win32.Homles.bl skipped
C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP184\A0027878.dll Infected: Trojan.Win32.Monder.di skipped
C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP184\A0027898.dll Infected: Trojan.Win32.Monder.dk skipped
C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP184\A0027899.dll Infected: Trojan.Win32.Monder.dl skipped
C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP185\A0027989.dll Infected: Trojan.Win32.Monder.dj skipped
C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP185\A0028001.exe Infected: Trojan-Downloader.Win32.Homles.bl skipped
C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP186\A0028053.exe Infected: Trojan-Downloader.Win32.Homles.bm skipped
C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP186\A0028129.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP186\A0028150.dll Infected: Trojan.Win32.Monder.dj skipped
C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP188\A0028227.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP188\A0028228.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP188\A0028229.dll Infected: Trojan.Win32.Monder.do skipped
C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP188\A0028231.dll Infected: Trojan.Win32.Monder.di skipped
C:\System Volume Information\_restore{E8190872-20DD-46D6-A913-43CB193B9F44}\RP189\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{A381B770-CA05-499A-B8B6-D93A6DB9B822}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Had je de instructies met ComboFix opgevolgd?
Zo ja, is er wat misgelopen?

ja hij heeft combofix uninstalled