Mededeling

Collapse
No announcement yet.

advert-ware geinstaleerd :(

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • advert-ware geinstaleerd :(

    hoi, ik heb sinds gister bezoek gekregen van een trojan welke ik niet kwijtraak...

    ik heb op dit moment avast! lopen en Superantispyware (free version)
    met avast! heeft hij -voor windows opstart- een aantal besmette files verwijderd, maar zodra ik windows XP opgestart heb, krijg ik meteen weer een irritante background die blijkbaar nog steeds ergens vandaan geladen wordt.

    als ik dan vervolgens met uperantispyware een scan doe, vindt hij 3 adware files, die er na verwijdering net zo hard weer terugkomen

    problemen die ik op dit moment ondervind zijn o.a dat mijn automatische update uit worden gezet (windows firewall) -als hij al draait- , mijn browser-instellingen worden aangepast om automatisch cookies te accepteren (zet ik telkens op vragen, maar wordt om de zoveel tijd gereset naar accepteren) mijn bureau-blad wordt aangepast, zodat ik geen achtergrond/theme kan aanpassen.

    ik heb een hijack-log gemaakt, en een aantal dingen vallen me op (bold) Niet dat ik er verstand van heb, maar ik heb iig geen idee wat deze dingen doen, de rest is zo mogelijk een nog groter raadsel

    oh, en als ik probeer in de folder Documents & setings/application data/ te komen, draait er blijkbaar een scriptje die de verkenner afsluit, de verbinding met internet checkt, en de desktop weer aanpast...

    Kan iemand mij plz helpen met dit zeer iritante gebeuren ??

    BIG Thx!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:50:13, on 17-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\Cisco Systems\cvpnd.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\ARPWRMSG.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\CmWatch.exe
    C:\WINDOWS\vsnpstd3.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\HP\KBD\KBD.EXE
    c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: mysidesearch browser optimizer - {4a7cd4b7-242c-2462-32a3-607be24b6c3a} - C:\WINDOWS\system32\{35f18892-7aaa-0f19-a4e9-b63e6c7fbd7c}.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CmCardRun] C:\WINDOWS\system32\CmWatch.exe
    O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [{0c5f3623-8c4f-ffae-3c4f-c89ed7e374b2}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{49c78f94-da7d-2772-baf8-a277ae638084}.dll" DllInit
    O4 - HKLM\..\Run: [903efc2a] rundll32.exe "C:\WINDOWS\system32\iqijvawn.dll",b
    O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: UvA - Informatiseringscentrum CISCO VPN Client.lnk = C:\Program Files\Cisco Systems\vpngui.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
    O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\cvpnd.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
    O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe


    --
    End of file - 11366 bytes
    Last edited by kwakkel01; 17-05-08, 11:18. Reden: toevoeging verkenner-issue

  • #2
    Hallo kwakkel01,

    Sluit alle open vensters.
    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

    O2 - BHO: mysidesearch browser optimizer - {4a7cd4b7-242c-2462-32a3-607be24b6c3a} - C:\WINDOWS\system32\{35f18892-7aaa-0f19-a4e9-b63e6c7fbd7c}.dll
    O4 - HKLM\..\Run: [{0c5f3623-8c4f-ffae-3c4f-c89ed7e374b2}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{49c78f94-da7d-2772-baf8-a277ae638084}.dll" DllInit
    O4 - HKLM\..\Run: [903efc2a] rundll32.exe "C:\WINDOWS\system32\iqijvawn.dll",b
    O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN


    Klik daarna op "Fix checked" en sluit HijackThis af.


    Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden
    Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

    Comment


    • #3
      Oorspronkelijk geplaatst door Marckie Bekijk Berichten
      Hallo kwakkel01,

      Sluit alle open vensters.
      Start HijackThis nog een keer en plaats een vinkje bij de volgende items:
      ...
      Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
      ok, heb een nieuw sp gedownload, gesleept over combofix, en het log staat hieronder; daarna HJT gedraaid, met onderstaand resultaat:

      did it work??!?

      ComboFix 08-05-15.3 - hans 2008-05-17 12:13:53.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.539 [GMT 2:00]
      Gestart vanuit: C:\downloads\ComboFix.exe
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
      C:\Documents and Settings\Gast\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
      C:\Documents and Settings\hans\Local Settings\Temporary Internet Files\CSC2.5U-EN-690-F.sbr.sgn
      C:\Documents and Settings\hans\Local Settings\Temporary Internet Files\ENCSC-Download.com.2.5.1040.0.exe
      C:\Temp\1cb
      C:\Temp\1cb\syscheck.log
      C:\WINDOWS\cookies.ini
      C:\WINDOWS\Fonts\acrsecB.fon
      C:\WINDOWS\Fonts\acrsecI.fon
      C:\WINDOWS\IA
      C:\WINDOWS\system32\adeLonmp.ini
      C:\WINDOWS\system32\adeLonmp.ini2
      C:\WINDOWS\system32\dFrnx05
      C:\WINDOWS\system32\dFrnx05\dFrnx051080.exe
      C:\WINDOWS\system32\mcrh.tmp
      C:\WINDOWS\system32\MSINET.oca
      C:\WINDOWS\system32\nwavjiqi.ini
      C:\WINDOWS\system32\pac.txt
      D:\Autorun.inf

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))
      .

      2008-05-17 10:49 . 2008-05-17 10:49 <DIR> d-------- C:\Program Files\Trend Micro
      2008-05-17 04:49 . 2008-05-17 04:49 <DIR> d-------- C:\Program Files\Alwil Software
      2008-05-17 03:56 . 2008-05-17 03:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\logs
      2008-05-17 02:41 . 2008-05-17 03:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
      2008-05-17 02:41 . 2008-05-17 02:41 <DIR> d-------- C:\Documents and Settings\hans\Application Data\SUPERAntiSpyware.com
      2008-05-17 02:41 . 2008-05-17 02:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
      2008-05-17 01:23 . 2008-05-17 01:23 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
      2008-05-17 01:22 . 2008-05-17 01:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
      2008-05-17 01:20 . 2008-05-17 01:20 <DIR> d-------- C:\Program Files\Sunbelt Software
      2008-05-17 01:16 . 2008-05-17 01:16 10,240 --ahs---- C:\WINDOWS\system32\Thumbs.db
      2008-05-17 00:30 . 2008-05-17 00:30 93,696 --a------ C:\WINDOWS\system32\iqijvawn.dll
      2008-05-17 00:18 . 2008-05-17 00:18 95,833 --a------ C:\WINDOWS\system32\{35f18892-7aaa-0f19-a4e9-b63e6c7fbd7c}.dll-uninst.exe
      2008-05-17 00:18 . 2008-05-17 00:18 88,961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
      2008-05-17 00:17 . 2008-05-17 00:17 298,311 --a------ C:\WINDOWS\system32\gside.exe
      2008-05-17 00:13 . 2008-05-17 00:13 859 --a------ C:\WINDOWS\system32\winpfz33.sys
      2008-05-17 00:08 . 2008-05-17 00:08 63,902 --a------ C:\WINDOWS\system32\{49c78f94-da7d-2772-baf8-a277ae638084}.dll-uninst.exe
      2008-05-17 00:07 . 2008-05-17 00:07 <DIR> d--hs---- C:\Documents and Settings\hans\!
      2008-05-17 00:07 . 2008-05-17 00:07 401,972 --a------ C:\WINDOWS\system32\g54.exe
      2008-05-17 00:06 . 2008-05-17 03:22 <DIR> d-------- C:\WINDOWS\system32\rDA
      2008-05-17 00:06 . 2008-05-17 00:06 <DIR> d-------- C:\WINDOWS\system32\emL1
      2008-05-17 00:06 . 2008-05-17 00:06 <DIR> d-------- C:\WINDOWS\system32\dbW
      2008-05-17 00:06 . 2008-05-17 03:22 <DIR> d-------- C:\WINDOWS\system32\3056v
      2008-05-17 00:06 . 2008-05-17 00:52 <DIR> d-------- C:\Program Files\winvi
      2008-05-17 00:05 . 2008-05-17 00:06 <DIR> d-------- C:\temp\tmpvc14
      2008-05-09 00:36 . 2008-05-15 01:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
      2008-05-09 00:36 . 2008-05-09 00:36 1,409 --a------ C:\WINDOWS\QTFont.for

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-05-17 01:24 45,604 ----a-w C:\Documents and Settings\hans\Application Data\wklnhst.dat
      2008-05-17 00:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
      2008-05-16 22:30 --------- d-----w C:\Program Files\KCeasy
      2008-05-15 17:15 --------- d-----w C:\Program Files\PokerStars
      2008-05-14 18:36 --------- d-----w C:\Documents and Settings\hans\Application Data\Hamachi
      2008-03-31 22:05 --------- d-----w C:\Documents and Settings\hans\Application Data\CoreFTP
      2008-03-31 20:39 --------- d-----w C:\Program Files\Belastingdienst
      2008-03-19 20:13 --------- d-----w C:\Program Files\Java
      2007-11-20 22:52 72,736 ----a-w C:\Documents and Settings\hans\Application Data\GDIPFONTCACHEV1.DAT
      2006-09-16 09:59 4,584 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
      2006-09-16 05:33 71 ----a-w C:\Documents and Settings\HP_Administrator\chars.dat
      2006-09-16 05:33 28 ----a-w C:\Documents and Settings\HP_Administrator\settings.dat
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
      2007-10-04 22:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 22:06 1135968]

      [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
      [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
      [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
      [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
      "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 22:06 1135968]

      [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
      [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
      [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
      [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 05:00 15360]
      "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 23:06 68856]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
      "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-18 06:40 64512]
      "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 00:19 77312 C:\WINDOWS\arpwrmsg.exe]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-31 15:35 7634944]
      "nwiz"="nwiz.exe" [2006-10-31 15:35 1622016 C:\WINDOWS\system32\nwiz.exe]
      "RTHDCPL"="RTHDCPL.EXE" [2006-01-23 19:53 15969280 C:\WINDOWS\RTHDCPL.EXE]
      "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 08:35 49152]
      "DMAScheduler"="c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 10:01 90112]
      "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 23:14 237568]
      "PCDrProfiler"=""
      "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 02:29 249856]
      "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 07:12 49152]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
      "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-16 22:41 185896]
      "CmCardRun"="C:\WINDOWS\system32\CmWatch.exe" [2003-09-16 17:50 229376]
      "snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2004-12-16 19:55 339968]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25 257088]
      "WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" [ ]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
      "SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-06-15 15:17 699120]

      C:\Documents and Settings\Gast\Menu Start\Programma's\Opstarten\
      Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-01-01 15:49:13 27136]

      C:\Documents and Settings\hans\Menu Start\Programma's\Opstarten\
      Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-01-01 15:49:13 27136]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 07:23:26 282624]
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
      UvA - Informatiseringscentrum CISCO VPN Client.lnk - C:\Program Files\Cisco Systems\vpngui.exe [2006-11-14 22:14:06 1445904]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
      "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
      C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusDisableNotify"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=
      "C:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
      "C:\\games\\-backup- 2nd diablo\\Diablo II\\medion2008.exe"=
      "C:\\Program Files\\Hamachi\\hamachi.exe"=
      "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "8080:TCP"= 8080:TCP:Windows Media Format SDK (VideoMail.exe)

      R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-05-17 01:23]
      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
      R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-10-03 22:57]
      R3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 19:44]
      S3 CXFALCON;Conexant Falcon II NTSC Video Capture;C:\WINDOWS\system32\drivers\cxfalcon.sys [2005-08-17 00:24]
      S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
      S3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys
      S3 UMSSSTOR;C-Media Storage;C:\WINDOWS\system32\DRIVERS\UMSS.SYS [2004-07-13 12:40]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
      \Shell\AutoRun\command - F:\SETUP.EXE

      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-05-17 10:04:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2008-05-17 10:26:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
      - C:\Program Files\Windows Defender\MpCmdRun.exe
      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-17 12:24:20
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\arservice.exe
      C:\Program Files\Cisco Systems\cvpnd.exe
      C:\WINDOWS\ehome\ehrecvr.exe
      C:\WINDOWS\ehome\ehSched.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\PAStiSvc.exe
      C:\WINDOWS\ehome\mcrdsvc.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\ehome\ehmsas.exe
      C:\hp\KBD\kbd.exe
      C:\WINDOWS\system\hpsysdrv.exe
      .
      **************************************************************************
      .
      Voltooingstijd: 2008-05-17 12:33:02 - machine was rebooted [hans]
      ComboFix-quarantined-files.txt 2008-05-17 10:32:58

      Pre-Run: 190,817,349,632 bytes beschikbaar
      Post-Run: 192,669,667,328 bytes beschikbaar

      221 --- E O F --- 2008-05-15 07:28:14



      Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:36:02, on 17-5-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\arservice.exe
      C:\Program Files\Cisco Systems\cvpnd.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\WINDOWS\ARPWRMSG.EXE
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
      C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\WINDOWS\system32\CmWatch.exe
      C:\WINDOWS\vsnpstd3.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\WINDOWS\System32\PAStiSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\HP\KBD\KBD.EXE
      c:\windows\system\hpsysdrv.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
      O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [CmCardRun] C:\WINDOWS\system32\CmWatch.exe
      O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
      O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: UvA - Informatiseringscentrum CISCO VPN Client.lnk = C:\Program Files\Cisco Systems\vpngui.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
      O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\cvpnd.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
      O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
      O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
      O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

      --
      End of file - 10663 bytes

      Comment


      • #4
        Ziet er al stukken beter uit.


        Open een kladblokbestand.
        Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

        @ECHO OFF
        IF EXIST log.txt DEL log.txt
        ECHO Deleting files>>log.txt
        FOR %%g in (
        "C:\WINDOWS\system32\iqijvawn.dll"
        "C:\WINDOWS\system32\{35f18892-7aaa-0f19-a4e9-b63e6c7fbd7c}.dll-uninst.exe"
        "C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe"
        "C:\WINDOWS\system32\gside.exe"
        "C:\WINDOWS\system32\winpfz33.sys"
        "C:\WINDOWS\system32\{49c78f94-da7d-2772-baf8-a277ae638084}.dll-uninst.exe"
        "C:\WINDOWS\system32\g54.exe") DO (
        IF EXIST %%g (
        ATTRIB -r -s -h %%g
        DEL %%g
        IF EXIST %%g (
        ECHO %%g not deleted>>log.txt
        ) ELSE (
        ECHO %%g deleted successfully>>log.txt)
        ) ELSE (
        ECHO %%g not found>>log.txt))
        >>log.txt (
        ECHO.
        ECHO Deleting folders)
        FOR %%I in (
        "C:\Documents and Settings\hans\!"
        C:\WINDOWS\system32\rDA
        C:\WINDOWS\system32\emL1
        C:\WINDOWS\system32\dbW
        C:\WINDOWS\system32\3056v) DO (
        IF EXIST %%I (
        RD /S /Q %%I
        IF EXIST %%I (
        ECHO %%I not deleted>>log.txt
        ) ELSE (
        ECHO %%I deleted successfully>>log.txt)
        ) ELSE (
        ECHO %%I not found>>log.txt))
        START NOTEPAD.EXE log.txt

        Ga naar Bestand - Opslaan als.
        Bij "Opslaan in" kies je: Bureaublad
        Bij "Bestandsnaam" zet je: del.bat
        Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
        Klik op de knop Opslaan.

        Dubbelklik op del.bat en post de inhoud van de logfile die opent.
        Last edited by Marckie; 17-05-08, 13:11.

        Comment


        • #5
          Oorspronkelijk geplaatst door Marckie Bekijk Berichten
          Ziet er al stukken beter uit.


          Open een kladblokbestand.
          Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.
          ...
          Dubbelklik op del.bat en post de inhoud van de logfile die opent.
          gedaan; onderstaande log kreeg ik terug:

          Deleting files
          "C:\WINDOWS\system32\iqijvawn.dll" deleted successfully
          "C:\WINDOWS\system32\{35f18892-7aaa-0f19-a4e9-b63e6c7fbd7c}.dll-uninst.exe" deleted successfully
          "C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe" deleted successfully
          "C:\WINDOWS\system32\gside.exe" deleted successfully
          "C:\WINDOWS\system32\winpfz33.sys" deleted successfully
          "C:\WINDOWS\system32\{49c78f94-da7d-2772-baf8-a277ae638084}.dll-uninst.exe" deleted successfully
          "C:\WINDOWS\system32\g54.exe" deleted successfully

          Deleting folders
          C:\Documents not found
          and not found
          Settings\hans\! not found
          C:\WINDOWS\system32\rDA deleted successfully
          C:\WINDOWS\system32\emL1 deleted successfully
          C:\WINDOWS\system32\dbW deleted successfully
          C:\WINDOWS\system32\3056v deleted successfully


          c'est tout?

          Thx in ieder geval zover; zonder je hulp was ik nog steeds aan het scannen geweest, met telkens hetzelfde resultaat

          Comment


          • #6
            Zat een foutje in de batfile.
            Maak del.bat even opnieuw aan (de code is aangepast), dubbelklik er op en post de inhoud van de logfile die opent.

            Comment


            • #7
              Oorspronkelijk geplaatst door Marckie Bekijk Berichten
              Zat een foutje in de batfile.
              Maak del.bat even opnieuw aan (de code is aangepast), dubbelklik er op en post de inhoud van de logfile die opent.
              was me niet opgevallen, dat foutje

              Deleting files
              "C:\WINDOWS\system32\iqijvawn.dll" not found
              "C:\WINDOWS\system32\{35f18892-7aaa-0f19-a4e9-b63e6c7fbd7c}.dll-uninst.exe" not found
              "C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe" not found
              "C:\WINDOWS\system32\gside.exe" not found
              "C:\WINDOWS\system32\winpfz33.sys" not found
              "C:\WINDOWS\system32\{49c78f94-da7d-2772-baf8-a277ae638084}.dll-uninst.exe" not found
              "C:\WINDOWS\system32\g54.exe" not found

              Deleting folders
              C:\Documents not found
              and not found
              Settings\hans\! not found
              C:\WINDOWS\system32\rDA not found
              C:\WINDOWS\system32\emL1 not found
              C:\WINDOWS\system32\dbW not found
              C:\WINDOWS\system32\3056v not found

              zo te zien staan alle files die je hebt aangegeven niet meer in de folders; opnieuw opstarten nu??

              Comment


              • #8
                Je moet de batfile opnieuw aanmaken, en dat heb je niet gedaan.

                Comment


                • #9
                  Oorspronkelijk geplaatst door Marckie Bekijk Berichten
                  Je moet de batfile opnieuw aanmaken, en dat heb je niet gedaan.
                  dacht dat in de file plakken van de nieuwe text hetzelfde effect gaf

                  Deleting files
                  "C:\WINDOWS\system32\iqijvawn.dll" not found
                  "C:\WINDOWS\system32\{35f18892-7aaa-0f19-a4e9-b63e6c7fbd7c}.dll-uninst.exe" not found
                  "C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe" not found
                  "C:\WINDOWS\system32\gside.exe" not found
                  "C:\WINDOWS\system32\winpfz33.sys" not found
                  "C:\WINDOWS\system32\{49c78f94-da7d-2772-baf8-a277ae638084}.dll-uninst.exe" not found
                  "C:\WINDOWS\system32\g54.exe" not found

                  Deleting folders
                  "C:\Documents and Settings\hans\!" deleted successfully
                  C:\WINDOWS\system32\rDA not found
                  C:\WINDOWS\system32\emL1 not found
                  C:\WINDOWS\system32\dbW not found
                  C:\WINDOWS\system32\3056v not found

                  nieuwe log ziet er nu zo uit

                  Comment


                  • #10
                    Dat is beter. Alle problemen zijn opgelost?

                    Comment


                    • #11
                      QUOTE=Marckie;344369]Dat is beter. Alle problemen zijn opgelost?[/QUOTE]

                      problemen met de desktop/theme zijn nu opgelost. Echter, als ik de folder C:\Documents and Settings\hans\application data\ probeer te benaderen, dan krijg ik een foutmelding van IE, en wordt de verkenner eruit gegooid. Vervolgens krijg ik een pop-up dat de internetverbinding goed werkt.

                      M.i. is er dus nog steeds een progje wat die folder 'beschermd' en probeert internet te bereiken als ik in de folder wil komen en en passant probeert m'n desktop weer aan te passen (wat overigens dus niet meer lukt!)...

                      deze file wordt aan het IE-logbestand toegevoegd op het einde van de foutmelding --> C:\DOCUME~1\hans\LOCALS~1\Temp\abe8_appcompat.txt

                      geen idee wat het betekend, maar misschien kun je er iets mee.

                      (opnieuw opstarten heeft geen baat gehad om dit te verhelpen)

                      ik heb nu een full-scan van superantivirusscan lopen, en er wordt nog steeds 1 geinfecteerde file gevonden met adware (adware.unknown origin) geheugen & register zijn nu volgens de scanner wel schoon...

                      nog suggesties wat ik zou kunnen proberen?

                      Ik ben in ieder geval blij dat de verbinding met internet lijkt te mislukken. Het zou natuurlijk mooi zijn als ik alle geinfecteerde bestanden kwijt ben
                      Last edited by kwakkel01; 17-05-08, 19:21.

                      Comment


                      • #12
                        Download ATF cleaner (gemaakt door Atribune)
                        Dubbelklik op ATF cleaner om het programma te starten.
                        In het venster "Main", plaats je een vinkje bij Select All.
                        Klik op de knop Empty Selected.

                        Gebruik je ook Firefox als browser:
                        Klik op het tabblad "Firefox" en plaats een vinkje bij Select All.
                        Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                        (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                        Klik op de knop Empty Selected.

                        Gebruik je ook Opera als browser:
                        Klik op het tabblad "Opera" en plaats een vinkje bij Select All.
                        Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                        Klik op de knop Empty Selected.

                        Ga naar het menu "Main" en klik op de knop Exit om het programma af te sluiten.


                        Ga naar Kaspersky Online Scanner en klik onderaan op Accept.
                        Deze scanner werkt uitsluitend met Internet Explorer 6 en hoger !!
                        Het zou kunnen dat je aan de bovenkant van je scherm op een gele balk moet klikken om ActiveX bestanden die Kaspersky nodig heeft om te kunnen scannen te downloaden. Sta dit toe.
                        • Het programma begint nu met het downloaden van de laatste definitie files. Hierna klik je op Next.
                        • Klik vervolgens op de toets Scan Settings.
                          Onder de tekst Scan using the following antivirus database: kies je de tweede mogelijkheid: extended - protect your .....
                          Onder de tekst Scan options: zet je de twee vinkjes: Scan Archives .... en Scan Mail Bases ....
                        • Klik dan op de toets OK.
                        • Start nu het scannen door op de tekst My Computer te klikken.


                          Hou er rekening mee dat deze scan een tijdje in beslag neemt.
                        • Eenmaal de scan volledig is krijg je de gelegenheid om het scanrapport op te slaan.
                          Klik op de toets Save Report As te klikken. Sla het rapport op je Bureaublad op met als naam kavscan.txt

                        Post dit rapport in je volgende bericht.

                        Comment


                        • #13
                          Oorspronkelijk geplaatst door Marckie Bekijk Berichten
                          Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF cleaner (gemaakt door Atribune)
                          Dubbelklik op ATF cleaner om het programma te starten.
                          In het venster "Main", plaats je een vinkje bij Select All.
                          Klik op de knop Empty Selected.
                          ...Ga naar [url=http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html]Kaspersky Online Scanner en klik onderaan op Accept.
                          ....
                          Klik op de toets Save Report As te klikken. Sla het rapport op je Bureaublad op met als naam kavscan.txt[/list]
                          Post dit rapport in je volgende bericht.
                          ok, heb bovenstaande stappen gevolgd met onderstaande resultaat:

                          ik hoop dat je me er mee verder kan helpen.

                          KASPERSKY ONLINE SCANNER REPORT
                          Saturday, May 17, 2008 9:34:35 PM
                          Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
                          Kaspersky Online Scanner version: 5.0.98.0
                          Kaspersky Anti-Virus database last update: 17/05/2008
                          Kaspersky Anti-Virus database records: 781180


                          Scan Settings
                          Scan using the following antivirus database extended
                          Scan Archives true
                          Scan Mail Bases true

                          Scan Target My Computer
                          C:\
                          D:\
                          E:\
                          F:\
                          G:\
                          H:\
                          I:\
                          J:\
                          L:\

                          Scan Statistics
                          Total number of scanned objects 107502
                          Number of viruses found 10
                          Number of infected objects 21
                          Number of suspicious objects 0
                          Duration of the scan process 01:33:23

                          Infected Object Name Virus Name Last Action
                          C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

                          C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

                          C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

                          C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-03012007-230742.log Object is locked skipped

                          C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\537B18F4.wmf Infected: Exploit.Win32.IMG-WMF.v skipped

                          C:\Documents and Settings\All Users\Documenten\Tv-opnamen\TempRec\TempSBE\MSDVRMM_2420046981_11534336_25945 Object is locked skipped

                          C:\Documents and Settings\All Users\Documenten\Tv-opnamen\TempRec\TempSBE\MSDVRMM_2420046981_4521984_25936 Object is locked skipped

                          C:\Documents and Settings\All Users\Documenten\Tv-opnamen\TempRec\TempSBE\SBE4.tmp Object is locked skipped

                          C:\Documents and Settings\All Users\Documenten\Tv-opnamen\TempRec\TempSBE\SBE5.tmp Object is locked skipped

                          C:\Documents and Settings\All Users\Documenten\Tv-opnamen\TempRec\{76631A64-3BE7-434D-8F63-505B28E1F83A}.TmpSBE Object is locked skipped

                          C:\Documents and Settings\All Users\Documenten\Tv-opnamen\TempRec\{B8D99AEE-57C5-457B-80E2-BFA29B1CB25D}.TmpSBE Object is locked skipped

                          C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped

                          C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped

                          C:\Documents and Settings\hans\Application Data\Sun\Java\Deployment\cache\6.0\56\43f905f8-73d916ec/BaaaaBaa.class Infected: Exploit.Java.Gimsh.a skipped

                          C:\Documents and Settings\hans\Application Data\Sun\Java\Deployment\cache\6.0\56\43f905f8-73d916ec ZIP: infected - 1 skipped

                          C:\Documents and Settings\hans\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-5-17-2008( 19-38-45 ).LOG Object is locked skipped

                          C:\Documents and Settings\hans\Cookies\index.dat Object is locked skipped

                          C:\Documents and Settings\hans\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

                          C:\Documents and Settings\hans\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

                          C:\Documents and Settings\hans\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{95CD1E5E-CE05-4B63-9400-C74594EE8D33} Object is locked skipped

                          C:\Documents and Settings\hans\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped

                          C:\Documents and Settings\hans\Local Settings\Geschiedenis\History.IE5\MSHist012008051720080518\index.dat Object is locked skipped

                          C:\Documents and Settings\hans\Local Settings\Temp\_hphtra07.log Object is locked skipped

                          C:\Documents and Settings\hans\Local Settings\Temp\~ROMFN_000002E0 Object is locked skipped

                          C:\Documents and Settings\hans\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

                          C:\Documents and Settings\hans\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

                          C:\Documents and Settings\hans\NTUSER.DAT Object is locked skipped

                          C:\Documents and Settings\hans\ntuser.dat.LOG Object is locked skipped

                          C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

                          C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

                          C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

                          C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

                          C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

                          C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

                          C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

                          C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

                          C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

                          C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

                          C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

                          C:\downloads\utilities_invdump.zip/invdump.exe Infected: Trojan-Proxy.Win32.Agent.ada skipped

                          C:\downloads\utilities_invdump.zip ZIP: infected - 1 skipped

                          C:\games\inv-dump\invdump.exe Infected: Trojan-Proxy.Win32.Agent.ada skipped

                          C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

                          C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

                          C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

                          C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

                          C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

                          C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

                          C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked skipped

                          C:\Program Files\Alwil Software\Avast4\DATA\report\Interne bescherming.txt Object is locked skipped

                          C:\Program Files\KCeasy\My Shared Folder\not without my daughter.wm Infected: Trojan-Downloader.WMA.Wimad.m skipped

                          C:\Program Files\Trend Micro\HijackThis\backups\backup-20080517-112214-980.dll Infected: Trojan.Win32.BHO.cgy skipped

                          C:\QooBox\Quarantine\C\WINDOWS\system32\dFrnx05\dFrnx051080.exe.vir Infected: Trojan-Downloader.Win32.VB.ehl skipped

                          C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

                          C:\System Volume Information\_restore{DFB1D6B4-B48A-447C-9289-6356097299FF}\RP603\A0135319.dll Infected: Trojan.Win32.BHO.cgy skipped

                          C:\System Volume Information\_restore{DFB1D6B4-B48A-447C-9289-6356097299FF}\RP604\A0135384.exe Infected: Trojan-Downloader.Win32.VB.ehl skipped

                          C:\System Volume Information\_restore{DFB1D6B4-B48A-447C-9289-6356097299FF}\RP604\A0135458.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Agent.byy skipped

                          C:\System Volume Information\_restore{DFB1D6B4-B48A-447C-9289-6356097299FF}\RP604\A0135458.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.byy skipped

                          C:\System Volume Information\_restore{DFB1D6B4-B48A-447C-9289-6356097299FF}\RP604\A0135458.exe NSIS: infected - 2 skipped

                          C:\System Volume Information\_restore{DFB1D6B4-B48A-447C-9289-6356097299FF}\RP604\A0135459.exe/stream/data0007/stream/Script Infected: Trojan.NSIS.StartPage.c skipped

                          C:\System Volume Information\_restore{DFB1D6B4-B48A-447C-9289-6356097299FF}\RP604\A0135459.exe/stream/data0007/stream Infected: Trojan.NSIS.StartPage.c skipped

                          C:\System Volume Information\_restore{DFB1D6B4-B48A-447C-9289-6356097299FF}\RP604\A0135459.exe/stream/data0007 Infected: Trojan.NSIS.StartPage.c skipped

                          C:\System Volume Information\_restore{DFB1D6B4-B48A-447C-9289-6356097299FF}\RP604\A0135459.exe/stream Infected: Trojan.NSIS.StartPage.c skipped

                          C:\System Volume Information\_restore{DFB1D6B4-B48A-447C-9289-6356097299FF}\RP604\A0135459.exe NSIS: infected - 4 skipped

                          C:\System Volume Information\_restore{DFB1D6B4-B48A-447C-9289-6356097299FF}\RP604\A0135460.exe Infected: Trojan-Downloader.Win32.Small.vrq skipped

                          C:\System Volume Information\_restore{DFB1D6B4-B48A-447C-9289-6356097299FF}\RP604\change.log Object is locked skipped

                          C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

                          C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{9ABE4A82-CED5-4902-ABF5-712BD2B12530}.crmlog Object is locked skipped

                          C:\WINDOWS\SchedLgU.Txt Object is locked skipped

                          C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

                          C:\WINDOWS\Sti_Trace.log Object is locked skipped

                          C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

                          C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

                          C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

                          C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

                          C:\WINDOWS\system32\config\default Object is locked skipped

                          C:\WINDOWS\system32\config\default.LOG Object is locked skipped

                          C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

                          C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

                          C:\WINDOWS\system32\config\SAM Object is locked skipped

                          C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

                          C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

                          C:\WINDOWS\system32\config\SECURITY Object is locked skipped

                          C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

                          C:\WINDOWS\system32\config\software Object is locked skipped

                          C:\WINDOWS\system32\config\software.LOG Object is locked skipped

                          C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

                          C:\WINDOWS\system32\config\system Object is locked skipped

                          C:\WINDOWS\system32\config\system.LOG Object is locked skipped

                          C:\WINDOWS\system32\h323log.txt Object is locked skipped

                          C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

                          C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

                          C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

                          C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

                          C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

                          C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

                          C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

                          C:\WINDOWS\Temp\Perflib_Perfdata_320.dat Object is locked skipped

                          C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

                          C:\WINDOWS\wiadebug.log Object is locked skipped

                          C:\WINDOWS\wiaservc.log Object is locked skipped

                          C:\WINDOWS\WindowsUpdate.log Object is locked skipped

                          D:\System Volume Information\_restore{DFB1D6B4-B48A-447C-9289-6356097299FF}\RP604\change.log Object is locked skipped

                          L:\games\2nd diablo\Diablo II\bncache-1412.dat Object is locked skipped

                          L:\games\2nd diablo\Diablo II\BnetLog.txt Object is locked skipped

                          L:\games\ATMA_Installer\ATMA V\Setup.exe Infected: not-a-virus:AdWare.Win32.DealHelper.ah skipped

                          L:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

                          L:\System Volume Information\_restore{DFB1D6B4-B48A-447C-9289-6356097299FF}\RP604\change.log Object is locked skipped

                          Scan process completed.

                          Comment


                          • #14
                            Open een kladblokbestand.
                            Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.
                            @ECHO OFF
                            IF EXIST log.txt DEL log.txt
                            ECHO Deleting files>>log.txt
                            FOR %%g in (
                            C:\downloads\utilities_invdump.zip
                            C:\games\inv-dump\invdump.exe
                            "C:\Program Files\KCeasy\My Shared Folder\not without my daughter.wm"
                            "C:\Program Files\Trend Micro\HijackThis\backups\backup-20080517-112214-980.dll"
                            "L:\games\ATMA_Installer\ATMA V\Setup.exe"
                            ) DO (
                            IF EXIST %%g (
                            ATTRIB -r -s -h %%g
                            DEL %%g
                            IF EXIST %%g (
                            ECHO %%g not deleted>>log.txt
                            ) ELSE (
                            ECHO %%g deleted successfully>>log.txt)
                            ) ELSE (
                            ECHO %%g not found>>log.txt))
                            START NOTEPAD.EXE log.txt

                            Ga naar Bestand - Opslaan als.
                            Bij "Opslaan in" kies je: Bureaublad
                            Bij "Bestandsnaam" zet je: del.bat
                            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                            Klik op de knop Opslaan.

                            Dubbelklik op del.bat en post de inhoud van de logfile die opent.

                            Download ATF cleaner (gemaakt door Atribune)
                            Dubbelklik op ATF cleaner om het programma te starten.
                            In het venster "Main", plaats je een vinkje bij Select All.
                            Klik op de knop Empty Selected.

                            Gebruik je ook Firefox als browser:
                            Klik op het tabblad "Firefox" en plaats een vinkje bij Select All.
                            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                            Klik op de knop Empty Selected.

                            Gebruik je ook Opera als browser:
                            Klik op het tabblad "Opera" en plaats een vinkje bij Select All.
                            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                            Klik op de knop Empty Selected.

                            Ga naar het menu "Main" en klik op de knop Exit om het programma af te sluiten.

                            Comment


                            • #15
                              Oorspronkelijk geplaatst door Marckie Bekijk Berichten
                              Open een kladblokbestand.
                              Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.
                              @ECHO OFF
                              IF EXIST log.txt DEL log.txt
                              ECHO Deleting files>>log.txt
                              FOR %%g in (
                              C:\downloads\utilities_invdump.zip
                              C:\games\inv-dump\invdump.exe
                              "C:\Program Files\KCeasy\My Shared Folder\not without my daughter.wm"
                              "C:\Program Files\Trend Micro\HijackThis\backups\backup-20080517-112214-980.dll"
                              "L:\games\ATMA_Installer\ATMA V\Setup.exe"
                              ) DO (
                              IF EXIST %%g (
                              ATTRIB -r -s -h %%g
                              DEL %%g
                              IF EXIST %%g (
                              ECHO %%g not deleted>>log.txt
                              ) ELSE (
                              ECHO %%g deleted successfully>>log.txt)
                              ) ELSE (
                              ECHO %%g not found>>log.txt))
                              START NOTEPAD.EXE log.txt
                              Thx; degenen die bold zijn had ik al gedelete nadat ik zag dat die voor problemen zouden kunnen zorgen (die files warer overignes niet degenen die tot de problemen leidden die ik gister had, maar dat terzijde)
                              de file in de HJT folder kan dus niet (meer) gevonden worden; ik heb Kaspersky gedownload (de trial-version) en die is op dit moment m'n pc binnenstebuiten aan het keren (all files ). die is dus nog wel even aan het stampen... vannacht heb ik hem de gewone scan laten doen, en toen vond ie nog 5 files die gedelete zijn... hoop dat dit de laatste stuiptrekkingen zijn van een behoorlijk iritant virus.

                              btw, wat zou het gevaar kunnne zijn van zo'n virus; moet ik tot nader order bv geen betalingen doen via de pc?? of is dit meer een spam-virus war hoofdzakelijk iritant is?


                              Deleting files
                              C:\downloads\utilities_invdump.zip not found
                              C:\games\inv-dump\invdump.exe not found
                              "C:\Program Files\KCeasy\My Shared Folder\not without my daughter.wm" not found
                              "
                              C:\Program Files\Trend Micro\HijackThis\backups\backup-20080517-112214-980.dll" not found
                              "L:\games\ATMA_Installer\ATMA V\Setup.exe" deleted successfully

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X