Mededeling

Collapse
No announcement yet.

virus??

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • virus??

    Hallo,

    kunnen jullie mij helpen ik weet niet zeker of mijn systeem vrij is van een virus die ik gevonden heb, ik heb mijn systeem laten scannen door spyware doctor en die vond het 1 en ander met de waardering hoog hij heeft ze verwijderd van mijn pc geeft hij aan maar als ik na een paar dagen weer scan geeft hij weer vermelding van een besmet bestand met de waardering hoog. ik gebruik avast pro om mijn pc te beveiligen en daar zit een scanner op voor uitgaande mail ik kwam er achter dat hij mails verstuurden via mijn adres zodoende ben ik gaan scannen met spyware docter de pc instalerden ook een 2 tal programma's waar ik niet om had gevraagd deze heb ik kunnen verwijderen ik heb een logje gemaakt en plaats dat hier bij

    met vriendelijke groet gg

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:32:17, on 20-5-2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\IncrediMail\bin\IncMail.exe
    C:\Program Files\IncrediMail\bin\ImApp.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nieuws.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1211021919218
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210965413625
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2A9266C4-FDC5-429C-ADEA-978CE8AE14DA}: NameServer = 62.45.45.45 62.45.46.46
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2A9266C4-FDC5-429C-ADEA-978CE8AE14DA}: NameServer = 62.45.45.45 62.45.46.46
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

    --
    End of file - 6501 bytes

  • #2
    Ik zie geen rare dingen in je log gg.

    Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden
    Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

    Comment


    • #3
      Oorspronkelijk geplaatst door Marckie Bekijk Berichten
      Ik zie geen rare dingen in je log gg.

      Download combofix.exe van deze site: http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden
      Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het.
      Als het tooltje klaar is, opent er een logfile (combofix.txt).
      Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
      hallo, bedankt voor het reageren ik. Ik heb de aanwijzingen opgevolgd maar op de site van microsoft kan ik niet de Windows Recovery Console voor windows xp pro sp3 vinden. Welke moet ik nu kiezen of kan ik deze stap ook overslaan

      Mvg gg

      Comment


      • #4
        Sla die stap maar over dan.

        Comment


        • #5
          hallo ik heb de log van combo fix hier onder staan en daar onder het ander logje

          ComboFix 08-05-20.5 - Administrator 2008-05-21 14:22:53.1 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.659 [GMT 2:00]
          Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe
          * Nieuw herstelpunt werd aangemaakt

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\WINDOWS\system32\ctfmona.exe
          C:\WINDOWS\system32\KernelDrv.exe
          C:\WINDOWS\system32\ksvcl.dll
          C:\WINDOWS\system32\lanmanwrk.exe
          C:\WINDOWS\system32\nvrsma.dll
          C:\WINDOWS\system32\qmopt.dll

          .
          ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          -------\Service_lanmandrv


          (((((((((((((((((((( Bestanden Gemaakt van 2008-04-21 to 2008-05-21 ))))))))))))))))))))))))))))))
          .

          2008-05-21 12:25 . 2008-05-21 12:25 4,096 --a------ C:\WINDOWS\d3dx.dat
          2008-05-21 12:24 . 2008-05-21 13:14 <DIR> d-------- C:\Program Files\Oberon Media
          2008-05-21 12:24 . 2008-05-21 12:24 <DIR> d-------- C:\Program Files\Common Files\Oberon Media
          2008-05-21 11:53 . 2002-12-29 01:14 81,920 --a------ C:\WINDOWS\system32\Startup.cpl
          2008-05-20 17:31 . 2008-05-20 17:31 <DIR> d-------- C:\Program Files\Trend Micro
          2008-05-20 16:26 . 2008-05-20 22:38 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
          2008-05-20 15:25 . 2008-05-20 15:25 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
          2008-05-20 11:42 . 2008-05-20 11:42 <DIR> d-------- C:\Program Files\Teletekstbrowser
          2008-05-20 11:02 . 2008-05-20 11:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
          2008-05-20 11:01 . 2008-05-20 11:02 <DIR> d-------- C:\Program Files\LimeWire
          2008-05-20 02:32 . 2008-05-20 02:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
          2008-05-20 02:32 . 2008-05-20 02:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
          2008-05-20 02:32 . 2008-05-20 02:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Zylom
          2008-05-20 01:44 . 2008-05-20 16:56 <DIR> d-------- C:\My Download Files
          2008-05-20 01:43 . 2008-05-20 01:49 <DIR> d-------- C:\Program Files\Common Files\Real
          2008-05-20 01:43 . 2008-05-20 01:43 774,144 --a------ C:\Program Files\RngInterstitial.dll
          2008-05-19 16:26 . 2008-05-19 16:26 <DIR> d-------- C:\Program Files\TopDesk
          2008-05-19 16:01 . 2008-05-19 16:01 <DIR> d-------- C:\Program Files\Lavalys
          2008-05-19 15:49 . 2008-05-19 15:49 <DIR> d--h----- C:\WINDOWS\PIF
          2008-05-18 21:16 . 2008-05-21 14:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
          2008-05-18 21:03 . 2008-05-18 21:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
          2008-05-18 21:03 . 2008-05-18 21:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ATI
          2008-05-18 18:51 . 2008-05-18 18:51 244 --ah----- C:\sqmnoopt19.sqm
          2008-05-18 18:51 . 2008-05-18 18:51 232 --ah----- C:\sqmdata19.sqm
          2008-05-18 18:36 . 2008-05-18 18:36 244 --ah----- C:\sqmnoopt18.sqm
          2008-05-18 18:36 . 2008-05-18 18:36 232 --ah----- C:\sqmdata18.sqm
          2008-05-18 18:33 . 2008-05-18 18:33 244 --ah----- C:\sqmnoopt17.sqm
          2008-05-18 18:33 . 2008-05-18 18:33 244 --ah----- C:\sqmnoopt16.sqm
          2008-05-18 18:33 . 2008-05-18 18:33 244 --ah----- C:\sqmnoopt15.sqm
          2008-05-18 18:33 . 2008-05-18 18:33 232 --ah----- C:\sqmdata17.sqm
          2008-05-18 18:33 . 2008-05-18 18:33 232 --ah----- C:\sqmdata16.sqm
          2008-05-18 18:33 . 2008-05-18 18:33 232 --ah----- C:\sqmdata15.sqm
          2008-05-18 17:09 . 2008-05-18 17:09 268 --ah----- C:\sqmdata14.sqm
          2008-05-18 17:09 . 2008-05-18 17:09 244 --ah----- C:\sqmnoopt14.sqm
          2008-05-18 17:04 . 2008-05-19 15:11 <DIR> d-------- C:\Program Files\Spyware Doctor
          2008-05-18 17:04 . 2008-05-18 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
          2008-05-18 17:04 . 2007-04-19 15:18 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
          2008-05-18 17:04 . 2007-04-19 15:18 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
          2008-05-18 17:04 . 2007-04-19 15:18 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
          2008-05-18 17:04 . 2007-04-19 15:18 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
          2008-05-18 17:04 . 2007-04-19 15:18 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
          2008-05-18 17:03 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
          2008-05-18 14:22 . 2008-05-18 14:22 <DIR> d-------- C:\WINDOWS\system32\nl
          2008-05-18 14:22 . 2008-05-18 14:22 <DIR> d-------- C:\WINDOWS\system32\bits
          2008-05-18 14:22 . 2008-05-18 14:22 <DIR> d-------- C:\WINDOWS\l2schemas
          2008-05-18 14:18 . 2008-05-18 14:22 <DIR> d-------- C:\WINDOWS\ServicePackFiles
          2008-05-18 14:02 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
          2008-05-18 13:07 . 2008-05-18 13:07 244 --ah----- C:\sqmnoopt13.sqm
          2008-05-18 13:07 . 2008-05-18 13:07 232 --ah----- C:\sqmdata13.sqm
          2008-05-18 12:56 . 2008-05-18 12:56 244 --ah----- C:\sqmnoopt12.sqm
          2008-05-18 12:56 . 2008-05-18 12:56 232 --ah----- C:\sqmdata12.sqm
          2008-05-18 12:55 . 2008-05-18 12:55 244 --ah----- C:\sqmnoopt11.sqm
          2008-05-18 12:55 . 2008-05-18 12:55 244 --ah----- C:\sqmnoopt10.sqm
          2008-05-18 12:55 . 2008-05-18 12:55 232 --ah----- C:\sqmdata11.sqm
          2008-05-18 12:55 . 2008-05-18 12:55 232 --ah----- C:\sqmdata10.sqm
          2008-05-18 12:54 . 2008-05-18 12:54 244 --ah----- C:\sqmnoopt09.sqm
          2008-05-18 12:54 . 2008-05-18 12:54 244 --ah----- C:\sqmnoopt08.sqm
          2008-05-18 12:54 . 2008-05-18 12:54 232 --ah----- C:\sqmdata09.sqm
          2008-05-18 12:54 . 2008-05-18 12:54 232 --ah----- C:\sqmdata08.sqm
          2008-05-18 12:43 . 2008-05-18 12:43 244 --ah----- C:\sqmnoopt07.sqm
          2008-05-18 12:43 . 2008-05-18 12:43 244 --ah----- C:\sqmnoopt06.sqm
          2008-05-18 12:43 . 2008-05-18 12:43 232 --ah----- C:\sqmdata07.sqm
          2008-05-18 12:43 . 2008-05-18 12:43 232 --ah----- C:\sqmdata06.sqm
          2008-05-18 12:42 . 2008-05-18 12:42 244 --ah----- C:\sqmnoopt05.sqm
          2008-05-18 12:42 . 2008-05-18 12:42 244 --ah----- C:\sqmnoopt04.sqm
          2008-05-18 12:42 . 2008-05-18 12:42 244 --ah----- C:\sqmnoopt03.sqm
          2008-05-18 12:42 . 2008-05-18 12:42 244 --ah----- C:\sqmnoopt02.sqm
          2008-05-18 12:42 . 2008-05-18 12:42 244 --ah----- C:\sqmnoopt01.sqm
          2008-05-18 12:42 . 2008-05-18 12:42 232 --ah----- C:\sqmdata05.sqm
          2008-05-18 12:42 . 2008-05-18 12:42 232 --ah----- C:\sqmdata04.sqm
          2008-05-18 12:42 . 2008-05-18 12:42 232 --ah----- C:\sqmdata03.sqm
          2008-05-18 12:42 . 2008-05-18 12:42 232 --ah----- C:\sqmdata02.sqm
          2008-05-18 12:42 . 2008-05-18 12:42 232 --ah----- C:\sqmdata01.sqm
          2008-05-18 12:28 . 2008-05-20 16:10 <DIR> d-------- C:\Program Files\CCleaner
          2008-05-18 10:47 . 2008-05-18 11:18 <DIR> d-------- C:\Program Files\Spinach AntiSpyware
          2008-05-18 10:33 . 2008-05-18 10:34 26,990 --a------ C:\WINDOWS\system32\kcopt.dll
          2008-05-18 10:32 . 2008-05-18 10:36 269,334 --a------ C:\WINDOWS\system32\ctfmonb.bmp
          2008-05-18 10:32 . 2008-05-18 10:36 160,256 --a------ C:\WINDOWS\system32\blackster.scr
          2008-05-18 10:32 . 2008-05-18 10:32 135,168 --a------ C:\WINDOWS\system32\ntpl.bin
          2008-05-18 10:32 . 2008-05-18 10:32 54,784 --a------ C:\WINDOWS\system32\lght.ln
          2008-05-18 10:32 . 2008-05-18 10:32 32,768 --a------ C:\WINDOWS\system32\pryx.ln
          2008-05-18 01:54 . 2008-05-18 01:54 <DIR> d-------- C:\Program Files\MSXML 6.0
          2008-05-18 01:52 . 2008-05-18 01:52 <DIR> d-------- C:\Program Files\MSXML 4.0
          2008-05-17 20:58 . 2008-05-17 20:58 268 --ah----- C:\sqmdata00.sqm
          2008-05-17 20:58 . 2008-05-17 20:58 244 --ah----- C:\sqmnoopt00.sqm
          2008-05-17 13:08 . 2008-05-17 13:08 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
          2008-05-17 13:08 . 2008-05-19 16:49 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
          2008-05-17 13:00 . 2008-05-17 13:08 <DIR> d-------- C:\Program Files\Windows Live
          2008-05-17 13:00 . 2008-05-17 13:07 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
          2008-05-17 13:00 . 2008-05-17 13:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
          2008-05-17 12:43 . 2008-05-17 12:43 <DIR> d-------- C:\WINDOWS\Performance
          2008-05-17 12:43 . 2008-05-18 12:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
          2008-05-17 11:58 . 2006-11-15 11:29 1,712,128 --a------ C:\WINDOWS\system32\GDIPLUS.DLL
          2008-05-17 11:57 . 2006-04-11 15:03 184,320 --------- C:\WINDOWS\system32\RALMain.dll
          2008-05-17 11:57 . 2005-12-12 15:57 32,768 --------- C:\WINDOWS\system32\MLPagAx.dll
          2008-05-17 11:53 . 2004-07-02 17:28 89,088 --a------ C:\WINDOWS\system32\atl71.dll
          2008-05-17 11:53 . 2004-07-02 17:28 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
          2008-05-17 11:52 . 2005-02-09 12:59 14,165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys
          2008-05-17 11:39 . 2008-05-17 11:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
          2008-05-17 11:36 . 2008-05-17 11:37 <DIR> d-------- C:\Program Files\QuickTime
          2008-05-17 11:36 . 2008-05-17 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
          2008-05-17 11:03 . 2008-05-17 11:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
          2008-05-17 11:00 . 2008-05-17 11:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
          2008-05-17 10:41 . 2008-05-20 01:21 69 --a------ C:\WINDOWS\NeroDigital.ini
          2008-05-17 10:41 . 2008-05-17 10:41 0 --a------ C:\dump_dvd.vob
          2008-05-17 10:33 . 2008-05-17 11:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
          2008-05-17 10:31 . 2008-05-17 10:31 <DIR> d-------- C:\Program Files\Nero
          2008-05-17 10:31 . 2008-05-17 11:03 <DIR> d-------- C:\Program Files\Common Files\Ahead
          2008-05-17 01:57 . 2008-05-20 19:52 <DIR> d-------- C:\Program Files\Microsoft Silverlight
          2008-05-17 01:56 . 2008-05-17 01:56 <DIR> d-------- C:\Program Files\Microsoft.NET
          2008-05-17 01:53 . 2008-05-17 01:53 <DIR> d-------- C:\Program Files\MSBuild
          2008-05-17 01:49 . 2008-05-17 01:55 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
          2008-05-17 01:48 . 2008-05-17 01:48 <DIR> d-------- C:\Program Files\Reference Assemblies
          2008-05-17 01:48 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
          2008-05-17 01:47 . 2008-05-17 01:47 <DIR> d-------- C:\22cab8a14a809911ed194b
          2008-05-17 01:41 . 2008-05-17 01:42 <DIR> d-------- C:\WINDOWS\system32\URTTemp
          2008-05-17 01:41 . 2008-05-17 01:43 <DIR> d-------- C:\Program Files\uTorrent
          2008-05-17 01:41 . 2008-05-21 14:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
          2008-05-17 01:23 . 2008-05-17 01:23 <DIR> d-------- C:\Program Files\MSECache
          2008-05-17 01:04 . 2008-05-17 01:04 395 --a------ C:\WINDOWS\ODBC.INI
          2008-05-17 01:03 . 2008-05-17 01:03 <DIR> d-------- C:\WINDOWS\SHELLNEW
          2008-05-17 01:00 . 2008-05-17 01:00 <DIR> dr-h----- C:\MSOCache
          2008-05-17 00:51 . 2008-05-17 00:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
          2008-05-17 00:51 . 2008-05-17 00:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
          2008-05-17 00:51 . 2008-05-17 00:51 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-05-06 17:42 --------- d-----w C:\Program Files\microsoft frontpage
          2008-04-14 17:03 70,144 ----a-w C:\WINDOWS\notepad.exe
          2008-04-14 17:03 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
          2008-04-14 17:03 32,866 ------w C:\WINDOWS\slrundll.exe
          2008-04-14 17:03 287,232 ----a-w C:\WINDOWS\winhlp32.exe
          2008-04-14 17:03 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
          2008-04-14 17:03 153,088 ----a-w C:\WINDOWS\regedit.exe
          2008-04-14 17:03 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
          2008-04-14 17:03 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
          2008-04-14 17:03 10,752 ----a-w C:\WINDOWS\hh.exe
          2008-04-14 16:43 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
          2008-04-14 16:43 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
          2008-04-14 16:43 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys
          2008-04-14 16:43 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
          2008-04-14 16:43 120,448 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
          2008-04-14 16:40 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
          2008-04-14 16:40 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
          2008-04-14 16:39 25,088 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
          2008-04-14 16:38 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
          2008-04-14 16:38 37,760 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
          2008-04-14 16:37 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys
          2008-04-14 16:37 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
          2008-04-14 16:36 65,536 ----a-w C:\WINDOWS\system32\drivers\serial.sys
          2008-04-14 16:35 53,504 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
          2008-04-14 16:34 58,112 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
          2008-04-14 16:34 273,536 ------w C:\WINDOWS\system32\drivers\bthport.sys
          2008-04-14 16:34 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys
          2008-04-14 16:33 53,504 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
          2008-04-14 16:32 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
          2008-04-14 16:32 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
          2008-04-14 16:31 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
          2008-04-14 16:31 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
          2008-04-14 16:30 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys
          2008-04-14 16:30 23,552 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
          2008-04-14 16:30 188,544 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
          2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
          2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
          2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
          2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
          2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
          2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
          2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
          2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
          2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
          2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
          2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
          2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
          2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
          2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
          2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
          2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
          2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
          2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
          2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
          2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
          2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
          2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
          2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
          2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
          2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
          2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
          2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
          2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
          2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
          2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
          2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
          2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
          2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
          2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
          2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
          2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
          2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
          2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
          2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
          2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
          2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
          2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
          2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
          2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
          2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
          2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
          2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
          2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
          2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
          2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
          2008-04-13 18:46 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys
          2008-04-13 18:46 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys
          2008-04-13 18:46 53,376 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys
          2008-04-13 18:46 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys
          2008-04-13 18:46 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys
          2008-04-13 18:46 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
          2008-04-13 18:46 18,944 ------w C:\WINDOWS\system32\drivers\bthusb.sys
          2008-04-13 18:46 17,024 ------w C:\WINDOWS\system32\drivers\bthenum.sys
          2008-04-13 18:46 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys
          2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
          2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
          2008-04-13 18:43 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys
          2008-04-13 18:43 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys
          2008-04-13 18:39 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
          2008-04-13 18:39 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:02 15360]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "SoundMan"="SOUNDMAN.EXE" [2004-01-09 03:54 65536 C:\WINDOWS\soundman.exe]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:02 15360]

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
          "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
          "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
          "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
          "ATICustomerCare"="C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
          "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
          "EnableFirewall"= 0 (0x0)

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
          "%windir%\\system32\\sessmgr.exe"=
          "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
          "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
          "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
          "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
          "C:\\Program Files\\uTorrent\\uTorrent.exe"=
          "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
          "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
          "C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
          "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
          "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
          "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

          R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
          R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
          R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2008-04-14 19:03]
          S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-17 00:51]

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
          UxTuneUp

          .
          **************************************************************************

          catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-05-21 14:27:21
          Windows 5.1.2600 Service Pack 3 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          ------------------------ Other Running Processes ------------------------
          .
          C:\WINDOWS\system32\ati2evxx.exe
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          C:\Program Files\Alwil Software\Avast4\ashServ.exe
          C:\WINDOWS\system32\ati2evxx.exe
          C:\Program Files\Bonjour\mDNSResponder.exe
          C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          C:\WINDOWS\system32\wscntfy.exe
          .
          **************************************************************************
          .
          Voltooingstijd: 2008-05-21 14:32:17 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-05-21 12:32:08

          Pre-Run: 68,633,952,256 bytes beschikbaar
          Post-Run: 71,878,074,368 bytes beschikbaar

          319 --- E O F --- 2008-05-20 17:52:45



          en hier het HijackThis logje

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 14:38:35, on 21-5-2008
          Platform: Windows XP SP3 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16640)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          C:\Program Files\Alwil Software\Avast4\ashServ.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Bonjour\mDNSResponder.exe
          C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          C:\WINDOWS\SOUNDMAN.EXE
          C:\WINDOWS\system32\ctfmon.exe
          C:\WINDOWS\explorer.exe
          C:\WINDOWS\system32\notepad.exe
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nieuws.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1211021919218
          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210965413625
          O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
          O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
          O17 - HKLM\System\CCS\Services\Tcpip\..\{2A9266C4-FDC5-429C-ADEA-978CE8AE14DA}: NameServer = 62.45.45.45 62.45.46.46
          O17 - HKLM\System\CS1\Services\Tcpip\..\{2A9266C4-FDC5-429C-ADEA-978CE8AE14DA}: NameServer = 62.45.45.45 62.45.46.46
          O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
          O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
          O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
          O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
          O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
          O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
          O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
          O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
          O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
          O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
          O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

          --
          End of file - 5983 bytes

          Mvg gg

          Comment


          • #6
            Zijn er nog problemen?

            Comment


            • #7
              Oorspronkelijk geplaatst door Marckie Bekijk Berichten
              Zijn er nog problemen?
              nee als het logje goed was bevonden is het voor mij ook goed, alleen zie ik mijn virus scanner niet meer staan in het opstart menu en in de pictogrammen rechts onder in mijn werk balk. kan dit kloppen?

              Comment


              • #8
                Deïnstalleren dan en na een reboot opnieuw installeren.

                Comment


                • #9
                  ok bedankt voor de medewerking verder werkt alles na mijn inzicht goed.

                  mvg gg

                  Comment


                  • #10
                    Mooi zo.

                    Ga naar Start - Uitvoeren en tik in: ComboFix /u
                    Druk op Enter.



                    Ga naar Kaspersky Online Scanner en klik onderaan op Accept.
                    Deze scanner werkt uitsluitend met Internet Explorer 6 en hoger !!
                    Het zou kunnen dat je aan de bovenkant van je scherm op een gele balk moet klikken om ActiveX bestanden die Kaspersky nodig heeft om te kunnen scannen te downloaden. Sta dit toe.
                    • Het programma begint nu met het downloaden van de laatste definitie files. Hierna klik je op Next.
                    • Klik vervolgens op de toets Scan Settings.
                      Onder de tekst Scan using the following antivirus database: kies je de tweede mogelijkheid: extended - protect your .....
                      Onder de tekst Scan options: zet je de twee vinkjes: Scan Archives .... en Scan Mail Bases ....
                    • Klik dan op de toets OK.
                    • Start nu het scannen door op de tekst My Computer te klikken.


                      Hou er rekening mee dat deze scan een tijdje in beslag neemt.
                    • Eenmaal de scan volledig is krijg je de gelegenheid om het scanrapport op te slaan.
                      Klik op de toets Save Report As te klikken. Sla het rapport op je Bureaublad op met als naam kavscan.txt

                    Post dit rapport in je volgende bericht.

                    Comment


                    • #11
                      hallo ik dacht dat het klaar was haha nou hier het log bestand van de online scanner

                      -------------------------------------------------------------------------------
                      KASPERSKY ONLINE SCANNER REPORT
                      Thursday, May 22, 2008 2:50:37 PM
                      Operating System: Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
                      Kaspersky Online Scanner version: 5.0.98.0
                      Kaspersky Anti-Virus database last update: 22/05/2008
                      Kaspersky Anti-Virus database records: 793934
                      -------------------------------------------------------------------------------

                      Scan Settings:
                      Scan using the following antivirus database: extended
                      Scan Archives: true
                      Scan Mail Bases: true

                      Scan Target - Folders:
                      A:\
                      C:\
                      D:\
                      E:\
                      H:\
                      I:\
                      J:\
                      K:\
                      M:\

                      Scan Statistics:
                      Total number of scanned objects: 69632
                      Number of viruses found: 3
                      Number of infected objects: 4
                      Number of suspicious objects: 0
                      Duration of the scan process: 00:39:46

                      Infected Object Name / Virus Name / Last Action
                      C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
                      C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
                      C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
                      C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
                      C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
                      C:\Documents and Settings\Administrator\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
                      C:\Documents and Settings\Administrator\Local Settings\Geschiedenis\History.IE5\MSHist012008052220080523\index.dat Object is locked skipped
                      C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
                      C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
                      C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
                      C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
                      C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
                      C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
                      C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
                      C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
                      C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
                      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
                      C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
                      C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
                      C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
                      C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
                      C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
                      C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
                      C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
                      C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
                      C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
                      C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
                      C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
                      C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
                      C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked skipped
                      C:\Program Files\Alwil Software\Avast4\DATA\report\Interne bescherming.txt Object is locked skipped
                      C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
                      C:\System Volume Information\_restore{C336DDDE-E8A6-4BC4-91F8-DCE0949F79CE}\RP8\change.log Object is locked skipped
                      C:\WINDOWS\$NtServicePackUninstall$\user32.dll Infected: Trojan.Win32.Patched.bb skipped
                      C:\WINDOWS\CSC\00000001 Object is locked skipped
                      C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
                      C:\WINDOWS\SchedLgU.Txt Object is locked skipped
                      C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
                      C:\WINDOWS\Sti_Trace.log Object is locked skipped
                      C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
                      C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
                      C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
                      C:\WINDOWS\system32\config\default Object is locked skipped
                      C:\WINDOWS\system32\config\default.LOG Object is locked skipped
                      C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
                      C:\WINDOWS\system32\config\SAM Object is locked skipped
                      C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
                      C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
                      C:\WINDOWS\system32\config\SECURITY Object is locked skipped
                      C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
                      C:\WINDOWS\system32\config\software Object is locked skipped
                      C:\WINDOWS\system32\config\software.LOG Object is locked skipped
                      C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
                      C:\WINDOWS\system32\config\system Object is locked skipped
                      C:\WINDOWS\system32\config\system.LOG Object is locked skipped
                      C:\WINDOWS\system32\h323log.txt Object is locked skipped
                      C:\WINDOWS\system32\lght.ln Infected: Trojan-Spy.Win32.Agent.cad skipped
                      C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
                      C:\WINDOWS\system32\ntpl.bin Infected: Trojan-Spy.Win32.Agent.clk skipped
                      C:\WINDOWS\system32\pryx.ln Infected: Trojan-Spy.Win32.Agent.cad skipped
                      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
                      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
                      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
                      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
                      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
                      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
                      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
                      C:\WINDOWS\Temp\Perflib_Perfdata_4f4.dat Object is locked skipped
                      C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
                      C:\WINDOWS\wiadebug.log Object is locked skipped
                      C:\WINDOWS\wiaservc.log Object is locked skipped
                      C:\WINDOWS\WindowsUpdate.log Object is locked skipped

                      Scan process completed.

                      Comment


                      • #12
                        Restjes van de infecties opruimen.

                        Open een kladblokbestand.
                        Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.
                        @ECHO OFF
                        IF EXIST log.txt DEL log.txt
                        ECHO Deleting files>>log.txt
                        FOR %%g in (
                        "C:\WINDOWS\$NtServicePackUninstall$\user32.dll"
                        "C:\WINDOWS\system32\lght.ln"
                        "C:\WINDOWS\system32\ntpl.bin"
                        "C:\WINDOWS\system32\pryx.ln") DO (
                        IF EXIST %%g (
                        ATTRIB -r -s -h %%g
                        DEL %%g
                        IF EXIST %%g (
                        ECHO %%g not deleted>>log.txt
                        ) ELSE (
                        ECHO %%g deleted successfully>>log.txt)
                        ) ELSE (
                        ECHO %%g not found>>log.txt))
                        START NOTEPAD.EXE log.txt

                        Ga naar Bestand - Opslaan als.
                        Bij "Opslaan in" kies je: Bureaublad
                        Bij "Bestandsnaam" zet je: del.bat
                        Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                        Klik op de knop Opslaan.

                        Dubbelklik op del.bat en post de inhoud van de logfile die opent.

                        Comment


                        • #13
                          Deleting files
                          "C:\WINDOWS\$NtServicePackUninstall$\user32.dll" deleted successfully
                          "C:\WINDOWS\system32\lght.ln" deleted successfully
                          "C:\WINDOWS\system32\ntpl.bin" deleted successfully
                          "C:\WINDOWS\system32\pryx.ln" deleted successfully

                          Comment


                          • #14
                            Mooi.
                            Alle problemen zijn opgelost?

                            Comment


                            • #15
                              ok bedankt voor de hulp.

                              mvg gg

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X