Mededeling

Collapse
No announcement yet.

Toolbar met virus en reclames

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Toolbar met virus en reclames

    Ik krijg sinds kort zomaar als ik op iets klik sites met anti virus en heb een toolbar nu zonder dat ik het had geinstalleert

    hierbij mijn log
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0:36:09, on 25-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\phpdev\ftp\Cerberus.exe
    C:\phpdev\Apache\Apache.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\phpdev\Apache\Apache.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\LowRateVoip\LowRateVoip.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\DOCUME~1\PC\LOCALS~1\Temp\msprint.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.musicplace.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
    O2 - BHO: QXK Olive - {B33B96B9-E0C2-4648-9819-A38DDCAFA33C} - C:\WINDOWS\boqnrwdmstg.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
    O3 - Toolbar: atfxqogp - {9E6CD9DF-5EF9-40F4-84FA-C4842EB1F283} - C:\WINDOWS\atfxqogp.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [DelayLoad] C:\DOCUME~1\PC\LOCALS~1\Temp\msprint.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [FreeCall] "C:\program files\freecall.com\freecall\freecall.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [LowRateVoip] "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
    O8 - Extra context menu item: Download with ImTOO Download YouTube Video - C:\Program Files\ImTOO\Download YouTube Video\upod_link.HTM
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.euchannels.net/KooPlayer.ocx
    O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} (SayaTV Control) - http://www.sayatv.com/download/SayaTV.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://66.91.157.140/activex/AxisCamControl.cab
    O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    O21 - SSODL: vltdfabw - {49A42957-65A7-4D82-AF0A-C6B3C570A9FD} - C:\WINDOWS\vltdfabw.dll
    O21 - SSODL: vregfwlx - {57EB77FE-2B89-4D9A-ABB5-E1AB302BBA18} - C:\WINDOWS\vregfwlx.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Cerberus FTP Server - Grant Averett - C:\phpdev\ftp\Cerberus.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: dev4_423 - Unknown owner - C:\phpdev\Apache\Apache.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

    --
    End of file - 10020 bytes

    Alvast bedankt!

  • #2
    Sluit alle open vensters.
    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

    O2 - BHO: QXK Olive - {B33B96B9-E0C2-4648-9819-A38DDCAFA33C} - C:\WINDOWS\boqnrwdmstg.dll
    O3 - Toolbar: atfxqogp - {9E6CD9DF-5EF9-40F4-84FA-C4842EB1F283} - C:\WINDOWS\atfxqogp.dll
    O4 - HKLM\..\Run: [DelayLoad] C:\DOCUME~1\PC\LOCALS~1\Temp\msprint.exe
    O21 - SSODL: vltdfabw - {49A42957-65A7-4D82-AF0A-C6B3C570A9FD} - C:\WINDOWS\vltdfabw.dll
    O21 - SSODL: vregfwlx - {57EB77FE-2B89-4D9A-ABB5-E1AB302BBA18} - C:\WINDOWS\vregfwlx.dll


    Klik daarna op "Fix checked" en sluit HijackThis af.


    Download ATF cleaner (gemaakt door Atribune)
    Dubbelklik op ATF cleaner om het programma te starten.
    In het venster "Main", plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Gebruik je ook Firefox als browser:
    Klik op het tabblad "Firefox" en plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords")
    Klik op de knop Empty Selected.

    Gebruik je ook Opera als browser:
    Klik op het tabblad "Opera" en plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop Empty Selected.

    Ga naar het menu "Main" en klik op de knop Exit om het programma af te sluiten.

    Herstart de computer.

    Start HijackThis opnieuw, maak een nieuwe log en post deze.

    Comment


    • #3
      Taakbeheer is uitgeschakeld lukt niet meer register-editor lukt niet meer er is onderin balk gekomen rechts VIRUS ALERT! kun je aub snel reageren me pc ziet er niet goed uit hierbij mijn log

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 11:47: VIRUS ALERT!, on 25-5-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\VTTimer.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\Eset\nod32kui.exe
      C:\Program Files\Winamp\winampa.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\antiviirus.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\tmp0.exe
      C:\Program Files\LowRateVoip\LowRateVoip.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
      C:\Program Files\tmp1.exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\tmp2.exe
      C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\phpdev\ftp\Cerberus.exe
      C:\phpdev\Apache\Apache.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Eset\nod32krn.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      C:\phpdev\Apache\Apache.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\UStorSrv.exe
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
      C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
      C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
      C:\WINDOWS\system32\cmd.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\WINDOWS\system32\cmd.exe
      C:\WINDOWS\system32\wuauclt.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.musicplace.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
      O2 - BHO: 818646 helper - {54192079-8E8A-43D8-BCBC-3874916159AF} - C:\WINDOWS\system32\818646\818646.dll
      O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
      O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [FreeCall] "C:\program files\freecall.com\freecall\freecall.exe" -nosplash -minimized
      O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
      O4 - HKCU\..\Run: [LowRateVoip] "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized
      O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
      O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
      O4 - Global Startup: hp psc 1000 series.lnk = ?
      O4 - Global Startup: hpoddt01.exe.lnk = ?
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
      O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
      O8 - Extra context menu item: Download with ImTOO Download YouTube Video - C:\Program Files\ImTOO\Download YouTube Video\upod_link.HTM
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
      O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
      O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.euchannels.net/KooPlayer.ocx
      O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} (SayaTV Control) - http://www.sayatv.com/download/SayaTV.cab
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
      O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
      O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://66.91.157.140/activex/AxisCamControl.cab
      O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx
      O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
      O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
      O21 - SSODL: SrvcRunOnce - {c3db4eb1-8e0a-4847-971b-9d995f295838} - C:\WINDOWS\Resources\SrvcRunOnce.dll
      O21 - SSODL: vregfwlx - {A3194D7F-A69D-48E0-BBC6-6B90F4D02B77} - C:\WINDOWS\vregfwlx.dll
      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Cerberus FTP Server - Grant Averett - C:\phpdev\ftp\Cerberus.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: dev4_423 - Unknown owner - C:\phpdev\Apache\Apache.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

      --
      End of file - 10161 bytes

      Alvast Bedankt!!

      Comment


      • #4
        Taakbeheer pakken we later wel aan, eerst de infectie(s) uitschakelen.

        Sluit alle open vensters.
        Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

        O2 - BHO: 818646 helper - {54192079-8E8A-43D8-BCBC-3874916159AF} - C:\WINDOWS\system32\818646\818646.dll
        O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
        O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
        O21 - SSODL: SrvcRunOnce - {c3db4eb1-8e0a-4847-971b-9d995f295838} - C:\WINDOWS\Resources\SrvcRunOnce.dll
        O21 - SSODL: vregfwlx - {A3194D7F-A69D-48E0-BBC6-6B90F4D02B77} - C:\WINDOWS\vregfwlx.dll


        Klik daarna op "Fix checked" en sluit HijackThis af.

        Herstart de computer.

        Download MBAM (Malwarebytes' Anti-Malware) hier of hier.
        • Dubbelklik op mbam-setup.exe om het programma te installeren.
          • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
          • Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
          • Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
          • Het scannen kan een tijdje duren, dus wees geduldig.
          • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
          • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
          • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
          • De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.
          • Kopieer en plak de inhoud van het logje in je volgend antwoord, samen met een nieuw HijackThis log.

          Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
          Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

        Comment


        • #5
          Er staat nog steeds VIRUS ALERT! op de balk na de tijd staat het en op msn staat er na de nickname met wie ik praat ook VIRUS ALERT!
          Hierbij mijn logs

          Malwarebytes' Anti-Malware 1.12
          Database versie: 743

          Scan type: Snelle Scan
          Objecten gescand: 39616
          Verstreken tijd: 5 minute(s), 47 second(s)

          Geheugenprocessen geïnfecteerd: 0
          Geheugenmodulen geïnfecteerd: 1
          Registersleutels geïnfecteerd: 2
          Registerwaarden geïnfecteerd: 1
          Registerdata bestanden geïnfecteerd: 0
          Mappen geïnfecteerd: 0
          Bestanden geïnfecteerd: 9

          Geheugenprocessen geïnfecteerd:
          (Geen kwaadaardige items gevonden)

          Geheugenmodulen geïnfecteerd:
          C:\WINDOWS\Resources\SrvcRunOnce.dll (Trojan.Clicker) -> Unloaded module successfully.

          Registersleutels geïnfecteerd:
          HKEY_CLASSES_ROOT\CLSID\{c3db4eb1-8e0a-4847-971b-9d995f295838} (Trojan.Clicker) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.Fakealert) -> Quarantined and deleted successfully.

          Registerwaarden geïnfecteerd:
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SrvcRunOnce (Trojan.Clicker) -> Quarantined and deleted successfully.

          Registerdata bestanden geïnfecteerd:
          (Geen kwaadaardige items gevonden)

          Mappen geïnfecteerd:
          (Geen kwaadaardige items gevonden)

          Bestanden geïnfecteerd:
          C:\WINDOWS\Resources\SrvcRunOnce.dll (Trojan.Clicker) -> Delete on reboot.
          C:\Program Files\antiviirus.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
          C:\Program Files\tmp0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
          C:\Program Files\tmp1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
          C:\Program Files\tmp2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
          C:\Documents and Settings\PC\Local Settings\Temp\setup_526_1_.exe (Trojan.Agent) -> Quarantined and deleted successfully.
          C:\Documents and Settings\PC\Favorieten\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
          C:\Documents and Settings\PC\Favorieten\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
          C:\Documents and Settings\PC\Favorieten\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.



          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 12:21: VIRUS ALERT!, on 25-5-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16640)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\system32\VTTimer.exe
          C:\Program Files\Common Files\Real\Update_OB\realsched.exe
          C:\Program Files\Eset\nod32kui.exe
          C:\Program Files\Winamp\winampa.exe
          C:\WINDOWS\system32\rundll32.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\Program Files\LowRateVoip\LowRateVoip.exe
          C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
          C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
          C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
          C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
          C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
          C:\Program Files\Bonjour\mDNSResponder.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Eset\nod32krn.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\UStorSrv.exe
          C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
          C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
          C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
          C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\WINDOWS\system32\cmd.exe
          C:\WINDOWS\system32\cmd.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\WINDOWS\system32\cmd.exe
          C:\WINDOWS\system32\cmd.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\WINDOWS\system32\cmd.exe
          C:\WINDOWS\system32\cmd.exe
          C:\WINDOWS\system32\cmd.exe
          C:\WINDOWS\system32\cmd.exe
          C:\WINDOWS\system32\cmd.exe
          C:\WINDOWS\system32\cmd.exe
          C:\WINDOWS\system32\cmd.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
          C:\WINDOWS\system32\cmd.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.musicplace.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
          O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
          O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
          O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
          O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
          O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
          O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
          O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
          O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKCU\..\Run: [FreeCall] "C:\program files\freecall.com\freecall\freecall.exe" -nosplash -minimized
          O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
          O4 - HKCU\..\Run: [LowRateVoip] "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized
          O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
          O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
          O4 - Global Startup: hp psc 1000 series.lnk = ?
          O4 - Global Startup: hpoddt01.exe.lnk = ?
          O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
          O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
          O8 - Extra context menu item: Download with ImTOO Download YouTube Video - C:\Program Files\ImTOO\Download YouTube Video\upod_link.HTM
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
          O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
          O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
          O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
          O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.euchannels.net/KooPlayer.ocx
          O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} (SayaTV Control) - http://www.sayatv.com/download/SayaTV.cab
          O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
          O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
          O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://66.91.157.140/activex/AxisCamControl.cab
          O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx
          O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
          O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
          O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
          O21 - SSODL: vregfwlx - {08B23C08-36EA-4E9F-BA62-66E55AB345D7} - C:\WINDOWS\vregfwlx.dll
          O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
          O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
          O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
          O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
          O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
          O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
          O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
          O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
          O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
          O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

          --
          End of file - 9769 bytes


          Alvast Bedankt!!

          Comment


          • #6
            Sluit alle open vensters.
            Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

            O21 - SSODL: vregfwlx - {08B23C08-36EA-4E9F-BA62-66E55AB345D7} - C:\WINDOWS\vregfwlx.dll

            Klik daarna op "Fix checked" en sluit HijackThis af.

            Herstart de computer.

            Start HijackThis opnieuw, maak een nieuwe log en post deze.


            Open een kladblokbestand.
            Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.
            @ECHO OFF
            IF EXIST log.txt DEL log.txt
            ECHO Deleting files>>log.txt
            FOR %%g in (
            C:\WINDOWS\vregfwlx.dll) DO (
            IF EXIST %%g (
            ATTRIB -r -s -h %%g
            DEL %%g
            IF EXIST %%g (
            ECHO %%g not deleted>>log.txt
            ) ELSE (
            ECHO %%g deleted successfully>>log.txt)
            ) ELSE (
            ECHO %%g not found>>log.txt))
            START NOTEPAD.EXE log.txt

            Ga naar Bestand - Opslaan als.
            Bij "Opslaan in" kies je: Bureaublad
            Bij "Bestandsnaam" zet je: del.bat
            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
            Klik op de knop Opslaan.

            Dubbelklik op del.bat en post de inhoud van de logfile die opent.

            Comment


            • #7
              opdrachtprompt is ook uitgeschakeld door de virus:S
              als je wil kan je me toevoegen op msn
              webmaster[at]nlrappers.nl om dit probleem op te lossen

              Comment


              • #8
                Post even een nieuwe hijackthislog.
                (we geraken er hier wel uit hoor)

                Comment


                • #9
                  oke, hierbij mijn log

                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 12:50: VIRUS ALERT!, on 25-5-2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\WINDOWS\system32\VTTimer.exe
                  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                  C:\Program Files\Eset\nod32kui.exe
                  C:\Program Files\Winamp\winampa.exe
                  C:\WINDOWS\system32\rundll32.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
                  C:\Program Files\Messenger\msmsgs.exe
                  C:\Program Files\LowRateVoip\LowRateVoip.exe
                  C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
                  C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
                  C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
                  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
                  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
                  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
                  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                  C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
                  C:\Program Files\Bonjour\mDNSResponder.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Eset\nod32krn.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\system32\UStorSrv.exe
                  C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                  C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
                  C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
                  C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
                  C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\wuauclt.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\Program Files\Windows Live\Messenger\usnsvc.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\WINDOWS\system32\cmd.exe
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
                  C:\WINDOWS\system32\cmd.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.musicplace.nl/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
                  O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
                  O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
                  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                  O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
                  O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
                  O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
                  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
                  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                  O4 - HKCU\..\Run: [FreeCall] "C:\program files\freecall.com\freecall\freecall.exe" -nosplash -minimized
                  O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
                  O4 - HKCU\..\Run: [LowRateVoip] "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized
                  O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
                  O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                  O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
                  O4 - Global Startup: hp psc 1000 series.lnk = ?
                  O4 - Global Startup: hpoddt01.exe.lnk = ?
                  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
                  O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
                  O8 - Extra context menu item: Download with ImTOO Download YouTube Video - C:\Program Files\ImTOO\Download YouTube Video\upod_link.HTM
                  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
                  O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
                  O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                  O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
                  O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.euchannels.net/KooPlayer.ocx
                  O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} (SayaTV Control) - http://www.sayatv.com/download/SayaTV.cab
                  O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
                  O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
                  O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://66.91.157.140/activex/AxisCamControl.cab
                  O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx
                  O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
                  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                  O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
                  O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
                  O21 - SSODL: vregfwlx - {126BD3B9-CF9D-4A56-BFAF-D8C7E1069087} - C:\WINDOWS\vregfwlx.dll
                  O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                  O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
                  O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                  O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
                  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                  O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
                  O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
                  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                  O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

                  --
                  End of file - 13162 bytes

                  Comment


                  • #10
                    Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden
                    Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het.
                    Als het tooltje klaar is, opent er een logfile (combofix.txt).
                    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

                    Comment


                    • #11
                      hierbij mijn logs

                      ComboFix 08-05-24.1 - PC 2008-05-25 13:17:46.1 - NTFSx86
                      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.146 [GMT 2:00]
                      Gestart vanuit: C:\Documents and Settings\PC\Bureaublad\ComboFix.exe
                      Command switches used :: C:\Documents and Settings\PC\Bureaublad\WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
                      * Nieuw herstelpunt werd aangemaakt
                      .

                      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                      .

                      C:\WINDOWS\BM1b7edb61.xml
                      C:\WINDOWS\cookies.ini
                      C:\WINDOWS\pskt.ini
                      C:\WINDOWS\system32\aijhfktt.exe
                      C:\WINDOWS\system32\enqpkift.exe
                      C:\WINDOWS\system32\ggiwftxs.dll
                      C:\WINDOWS\system32\hnfuvyry.dll
                      C:\WINDOWS\system32\jxvorlcc.dll
                      C:\WINDOWS\system32\mcrh.tmp
                      C:\WINDOWS\system32\nwmccimv.dll
                      C:\WINDOWS\system32\pdwssmsg.exe
                      C:\WINDOWS\system32\rduaggsv.dll
                      C:\WINDOWS\system32\rxdtfxkl.dll
                      C:\WINDOWS\system32\smbaxtxh.ini

                      .
                      (((((((((((((((((((( Bestanden Gemaakt van 2008-04-25 to 2008-05-25 ))))))))))))))))))))))))))))))
                      .

                      2008-05-25 08:10 . 2008-05-25 12:00 <DIR> d-------- C:\WINDOWS\system32\818646
                      2008-05-25 08:10 . 2008-05-25 08:10 <DIR> d-------- C:\Documents and Settings\PC\Application Data\TmpRecentIcons
                      2008-05-25 00:11 . 2008-05-24 17:19 229,376 --a------ C:\WINDOWS\vltdfabw.dll
                      2008-05-25 00:11 . 2008-05-24 17:19 221,184 --a------ C:\WINDOWS\boqnrwdmstg.dll
                      2008-05-25 00:11 . 2008-05-24 17:19 196,608 --a------ C:\WINDOWS\vregfwlx.dll
                      2008-05-25 00:11 . 2008-05-24 17:19 155,648 --a------ C:\WINDOWS\atfxqogp.dll
                      2008-05-25 00:11 . 2008-05-24 17:19 94,208 --a------ C:\WINDOWS\edwf.exe
                      2008-05-25 00:11 . 2008-05-24 17:20 81,920 --a------ C:\WINDOWS\xmpstean.exe
                      2008-05-17 12:17 . 2008-05-17 12:28 <DIR> d-------- C:\Program Files\uTorrent
                      2008-05-17 12:17 . 2008-05-17 15:44 <DIR> d-------- C:\Documents and Settings\PC\Application Data\uTorrent
                      2008-05-12 22:38 . 2008-05-12 22:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
                      2008-05-12 22:38 . 2008-05-12 22:38 <DIR> d-------- C:\Documents and Settings\PC\Application Data\Malwarebytes
                      2008-05-12 22:38 . 2008-05-12 22:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
                      2008-05-12 22:38 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
                      2008-05-12 22:38 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
                      2008-05-12 19:08 . 2008-05-12 19:08 <DIR> d-------- C:\Program Files\Trend Micro
                      2008-05-11 18:25 . 2008-05-11 18:25 <DIR> d-------- C:\Program Files\SubSync
                      2008-05-11 18:25 . 2008-05-11 18:25 <DIR> d-------- C:\Program Files\Safari
                      2008-05-11 09:06 . 2008-05-11 09:06 <DIR> d-------- C:\Program Files\Lavasoft
                      2008-05-11 09:06 . 2008-05-11 09:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
                      2008-05-10 11:26 . 2008-05-10 11:26 <DIR> d-------- C:\Documents and Settings\PC\Application Data\Nokia Multimedia Player
                      2008-05-07 17:15 . 2008-05-07 17:15 <DIR> dr------- C:\Documents and Settings\LocalService\Mijn documenten
                      2008-05-07 16:49 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
                      2008-05-07 16:49 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
                      2008-05-07 16:48 . 2008-05-07 16:48 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
                      2008-05-07 16:48 . 2008-05-07 16:48 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
                      2008-05-07 12:04 . 2008-05-07 12:04 <DIR> d-------- C:\Program Files\MSXML 6.0
                      2008-05-07 12:04 . 2008-05-07 12:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
                      2008-05-07 12:04 . 2008-02-01 15:17 138,112 --a------ C:\WINDOWS\system32\drivers\nmwcdnsu.sys
                      2008-05-07 12:04 . 2008-02-01 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
                      2008-05-07 12:01 . 2008-05-07 16:38 <DIR> d-------- C:\Documents and Settings\PC\Application Data\PC Suite
                      2008-05-07 12:01 . 2008-05-07 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
                      2008-05-07 12:00 . 2008-05-07 16:47 <DIR> d-------- C:\Documents and Settings\PC\Application Data\Nokia
                      2008-05-07 11:59 . 2008-05-07 11:59 <DIR> d-------- C:\Program Files\Common Files\PCSuite
                      2008-05-07 11:59 . 2008-05-09 15:18 <DIR> d-------- C:\Program Files\Common Files\Nokia
                      2008-05-07 11:58 . 2008-05-07 11:58 <DIR> d-------- C:\Program Files\PC Connectivity Solution
                      2008-05-07 11:58 . 2008-05-09 15:18 <DIR> d-------- C:\Program Files\Nokia
                      2008-05-07 11:58 . 2008-05-07 11:58 <DIR> d-------- C:\Program Files\DIFX
                      2008-05-07 11:58 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
                      2008-05-07 11:58 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
                      2008-05-07 11:58 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll
                      2008-05-07 11:58 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
                      2008-05-07 11:58 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
                      2008-05-07 11:58 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
                      2008-05-07 11:58 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
                      2008-05-07 11:58 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
                      2008-05-07 11:56 . 2008-05-09 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
                      2008-04-29 09:21 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
                      2008-04-29 09:21 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
                      2008-04-27 19:34 . 2008-04-27 19:34 <DIR> d-------- C:\Program Files\Outsim
                      2008-04-27 19:15 . 2008-04-27 19:36 <DIR> d-------- C:\Program Files\Image-Line
                      2008-04-27 19:04 . 2008-05-25 00:24 <DIR> d-------- C:\Temp
                      2008-04-27 19:04 . 2008-04-27 19:04 <DIR> d-------- C:\Documents and Settings\PC\Application Data\Syntrillium
                      2008-04-27 19:03 . 2008-05-25 10:41 <DIR> d-------- C:\Program Files\coolpro2
                      2008-04-26 17:33 . 2008-04-26 17:33 <DIR> d-------- C:\Program Files\Microsoft Silverlight
                      2008-04-26 09:29 . 2008-04-26 09:29 73,216 --a------ C:\WINDOWS\temp.001
                      2008-04-25 23:25 . 2008-04-25 23:26 <DIR> d-------- C:\Program Files\WinAVI Video Converter
                      2008-04-25 23:18 . 2008-04-25 23:18 <DIR> d-------- C:\Program Files\vso
                      2008-04-25 22:18 . 2008-04-30 18:59 <DIR> d-------- C:\Program Files\AviSynth 2.5
                      2008-04-25 22:17 . 2008-04-30 18:59 <DIR> d-------- C:\Program Files\Avi2Dvd

                      .
                      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      2008-05-25 09:44 --------- d-----w C:\Documents and Settings\PC\Application Data\BitTorrent
                      2008-05-11 15:41 --------- d-----w C:\Program Files\ZD Soft
                      2008-04-26 07:29 249,856 ------w C:\WINDOWS\Setup1.exe
                      2008-04-25 19:38 --------- d-----w C:\Program Files\Nero
                      2008-04-25 19:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
                      2008-04-13 19:46 --------- d-----w C:\Program Files\URUSoft
                      2008-04-12 09:47 --------- d-----w C:\Documents and Settings\PC\Application Data\LimeWire
                      2008-04-09 21:46 --------- d-----w C:\Program Files\ElcomSoft
                      2008-04-09 20:06 --------- d-----w C:\Program Files\Intelore
                      2008-04-09 17:03 --------- d-----w C:\Documents and Settings\PC\Application Data\TeamViewer
                      2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
                      2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
                      2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
                      2008-03-06 09:14 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
                      2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
                      .

                      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      REGEDIT4
                      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B33B96B9-E0C2-4648-9819-A38DDCAFA33C}]
                      2008-05-24 17:19 221184 --a------ C:\WINDOWS\boqnrwdmstg.dll

                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
                      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]
                      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2008-03-09 12:58 5724184]
                      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
                      "FreeCall"="C:\program files\freecall.com\freecall\freecall.exe" [ ]
                      "VoipBuster"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" [ ]
                      "LowRateVoip"="C:\Program Files\LowRateVoip\LowRateVoip.exe" [2008-01-25 17:36 8897848]
                      "CSRSS (Services)"=""
                      "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
                      "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "VTTimer"="VTTimer.exe" [2004-10-22 12:53 53248 C:\WINDOWS\system32\VTTimer.exe]
                      "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-13 20:52 185896]
                      "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-08 17:47 949376]
                      "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-04-23 19:57 35328]
                      "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
                      "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 110592 C:\WINDOWS\system32\bthprops.cpl]

                      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360]

                      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                      Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
                      BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-08-31 13:04:14 1196032]
                      hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 02:17:18 147456]
                      hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 02:06:58 28672]

                      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
                      "DisableClock"= 0 (0x0)

                      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
                      "NoMultiIE"= 0 (0x0)
                      "LWA"= 0 (0x0)
                      "LWB"= 0 (0x0)
                      "LWC"= 0 (0x0)
                      "LWD"= 0 (0x0)
                      "LWE"= 0 (0x0)
                      "LWF"= 0 (0x0)
                      "LWG"= 0 (0x0)
                      "LWH"= 0 (0x0)
                      "LWI"= 0 (0x0)
                      "LWJ"= 0 (0x0)
                      "LWK"= 0 (0x0)
                      "LWL"= 0 (0x0)
                      "LWM"= 0 (0x0)
                      "LWN"= 0 (0x0)
                      "LWO"= 0 (0x0)
                      "LWP"= 0 (0x0)
                      "LWQ"= 0 (0x0)
                      "LWR"= 0 (0x0)
                      "LWS"= 0 (0x0)
                      "LWT"= 0 (0x0)
                      "LWU"= 0 (0x0)
                      "LWV"= 0 (0x0)
                      "LWW"= 0 (0x0)
                      "LWX"= 0 (0x0)
                      "LWY"= 0 (0x0)
                      "LWZ"= 0 (0x0)
                      "NoToolbarCustomize"= 1 (0x1)
                      "NoStartMenuMorePrograms"= 1 (0x1)

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
                      "vregfwlx"= {126BD3B9-CF9D-4A56-BFAF-D8C7E1069087} - C:\WINDOWS\vregfwlx.dll [2008-05-24 17:19 196608]

                      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
                      "VIDC.CSCD"= camcodec.dll
                      "VIDC.ZDSV"= scrvid.dll

                      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
                      "AntiVirusDisableNotify"=dword:00000001

                      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
                      "DisableMonitoring"=dword:00000001

                      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
                      "DisableMonitoring"=dword:00000001

                      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
                      "DisableMonitoring"=dword:00000001

                      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                      "%windir%\\system32\\sessmgr.exe"=
                      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                      "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
                      "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
                      "C:\\Program Files\\Winamp\\winamp.exe"=
                      "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
                      "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
                      "C:\\Documents and Settings\\PC\\Application Data\\SopCast\\adv\\SopAdver.exe"=
                      "C:\\Program Files\\SopCast\\SopCast.exe"=
                      "C:\\Program Files\\LowRateVoip\\LowRateVoip.exe"=
                      "C:\\Program Files\\TVAnts\\Tvants.exe"=
                      "C:\\Program Files\\LimeWire\\LimeWire.exe"=
                      "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
                      "C:\\Program Files\\SopCast\\sopvod.exe"=
                      "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
                      "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
                      "C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
                      "C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP1.exe"=
                      "C:\\Program Files\\uTorrent\\uTorrent.exe"=
                      "C:\\phpdev\\mysql\\bin\\mysqld-nt.exe"=
                      "C:\\phpdev\\Apache\\Apache.exe"=
                      "C:\\phpdev\\ftp\\Cerberus.exe"=
                      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
                      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
                      "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
                      "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
                      "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

                      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
                      "3389:TCP"= 3389:TCPxpsp2res.dll,-22009

                      R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys [2007-07-07 15:12]
                      R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);C:\WINDOWS\system32\DRIVERS\vacs2xkd.sys [2007-11-01 18:53]
                      R3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [2006-12-27 16:47]
                      S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
                      S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17]
                      S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17]
                      S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
                      S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
                      S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]
                      S4 Cerberus FTP Server;Cerberus FTP Server;C:\phpdev\ftp\Cerberus.exe [2008-02-24 11:24]
                      S4 dev4_423;dev4_423;"C:\phpdev\Apache\Apache.exe" --ntservice

                      .
                      Inhoud van de 'Gedeelde Taken' map
                      "2008-05-20 07:32:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
                      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
                      "2007-06-15 14:41:32 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1173884826.job"
                      - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
                      .
                      **************************************************************************

                      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                      Rootkit scan 2008-05-25 13:23:47
                      Windows 5.1.2600 Service Pack 2 NTFS

                      scannen van verborgen processen ...

                      scannen van verborgen autostart items ...

                      scannen van verborgen bestanden ...

                      Scan succesvol afgerond
                      verborgen bestanden: 0

                      **************************************************************************
                      .
                      ------------------------ Other Running Processes ------------------------
                      .
                      C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
                      C:\WINDOWS\system32\rundll32.exe
                      C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
                      C:\Program Files\Bonjour\mDNSResponder.exe
                      C:\Program Files\ESET\nod32krn.exe
                      C:\WINDOWS\system32\UStorSrv.exe
                      C:\Program Files\Windows Media Player\wmpnetwk.exe
                      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                      C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
                      C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
                      C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
                      .
                      **************************************************************************
                      .
                      Voltooingstijd: 2008-05-25 13:34:36 - machine was rebooted
                      ComboFix-quarantined-files.txt 2008-05-25 11:34:15

                      Pre-Run: 20,439,343,104 bytes beschikbaar
                      Post-Run: 21,175,603,200 bytes beschikbaar

                      WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
                      [boot loader]
                      timeout=2
                      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
                      [operating systems]
                      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
                      C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

                      267 --- E O F --- 2008-05-17 22:36:57



                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 13:35: VIRUS ALERT!, on 25-5-2008
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                      Boot mode: Normal

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                      C:\WINDOWS\system32\VTTimer.exe
                      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                      C:\WINDOWS\system32\rundll32.exe
                      C:\WINDOWS\system32\ctfmon.exe
                      C:\Program Files\Messenger\msmsgs.exe
                      C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
                      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
                      C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
                      C:\Program Files\Bonjour\mDNSResponder.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\Program Files\Eset\nod32krn.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\system32\UStorSrv.exe
                      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                      C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
                      C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
                      C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
                      C:\WINDOWS\system32\wuauclt.exe
                      C:\WINDOWS\explorer.exe
                      C:\Program Files\Mozilla Firefox\firefox.exe
                      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.musicplace.nl/
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                      O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
                      O2 - BHO: QXK Olive - {B33B96B9-E0C2-4648-9819-A38DDCAFA33C} - C:\WINDOWS\boqnrwdmstg.dll
                      O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
                      O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
                      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
                      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
                      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
                      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
                      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
                      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                      O4 - HKCU\..\Run: [FreeCall] "C:\program files\freecall.com\freecall\freecall.exe" -nosplash -minimized
                      O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
                      O4 - HKCU\..\Run: [LowRateVoip] "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized
                      O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
                      O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
                      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                      O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                      O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
                      O4 - Global Startup: hp psc 1000 series.lnk = ?
                      O4 - Global Startup: hpoddt01.exe.lnk = ?
                      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
                      O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
                      O8 - Extra context menu item: Download with ImTOO Download YouTube Video - C:\Program Files\ImTOO\Download YouTube Video\upod_link.HTM
                      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
                      O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
                      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                      O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
                      O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.euchannels.net/KooPlayer.ocx
                      O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} (SayaTV Control) - http://www.sayatv.com/download/SayaTV.cab
                      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
                      O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
                      O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://66.91.157.140/activex/AxisCamControl.cab
                      O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx
                      O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
                      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                      O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
                      O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
                      O21 - SSODL: vregfwlx - {126BD3B9-CF9D-4A56-BFAF-D8C7E1069087} - C:\WINDOWS\vregfwlx.dll
                      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                      O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
                      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
                      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                      O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
                      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
                      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                      O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

                      --
                      End of file - 8933 bytes

                      Comment


                      • #12
                        Open een kladblokbestand.
                        Kopieer de ondestaande code, en plak deze in het kladblokbestand.
                        Sla het kladblokbestand op als CFScript.txt
                        Code:
                        File::
                        C:\WINDOWS\boqnrwdmstg.dll
                        C:\WINDOWS\vltdfabw.dll
                        C:\WINDOWS\vregfwlx.dll
                        C:\WINDOWS\atfxqogp.dll
                        C:\WINDOWS\edwf.exe
                        
                        Registry::
                        [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B33B96B9-E0C2-4648-9819-A38DDCAFA33C}]
                        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                        "CSRSS (Services)"=-
                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
                        "vregfwlx"=-
                        Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

                        ComboFix zal opnieuw starten.
                        Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
                        Post de inhoud van de logfile.
                        Last edited by Marckie; 25-05-08, 14:00.

                        Comment


                        • #13
                          hierbij de log van combofix

                          ComboFix 08-05-24.1 - PC 2008-05-25 14:40:26.2 - NTFSx86
                          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.120 [GMT 2:00]
                          Gestart vanuit: C:\Documents and Settings\PC\Bureaublad\ComboFix.exe
                          Command switches used :: C:\Documents and Settings\PC\Bureaublad\CFScript.txt
                          * Nieuw herstelpunt werd aangemaakt

                          FILE ::
                          C:\WINDOWS\atfxqogp.dll
                          C:\WINDOWS\boqnrwdmstg.dll
                          C:\WINDOWS\edwf.exe
                          C:\WINDOWS\vltdfabw.dll
                          C:\WINDOWS\vregfwlx.dll
                          .

                          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                          .

                          C:\WINDOWS\atfxqogp.dll
                          C:\WINDOWS\boqnrwdmstg.dll
                          C:\WINDOWS\edwf.exe
                          C:\WINDOWS\vltdfabw.dll
                          C:\WINDOWS\vregfwlx.dll

                          .
                          (((((((((((((((((((( Bestanden Gemaakt van 2008-04-25 to 2008-05-25 ))))))))))))))))))))))))))))))
                          .

                          2008-05-25 08:10 . 2008-05-25 12:00 <DIR> d-------- C:\WINDOWS\system32\818646
                          2008-05-25 08:10 . 2008-05-25 08:10 <DIR> d-------- C:\Documents and Settings\PC\Application Data\TmpRecentIcons
                          2008-05-25 00:11 . 2008-05-24 17:20 81,920 --a------ C:\WINDOWS\xmpstean.exe
                          2008-05-17 12:17 . 2008-05-17 12:28 <DIR> d-------- C:\Program Files\uTorrent
                          2008-05-17 12:17 . 2008-05-17 15:44 <DIR> d-------- C:\Documents and Settings\PC\Application Data\uTorrent
                          2008-05-12 22:38 . 2008-05-12 22:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
                          2008-05-12 22:38 . 2008-05-12 22:38 <DIR> d-------- C:\Documents and Settings\PC\Application Data\Malwarebytes
                          2008-05-12 22:38 . 2008-05-12 22:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
                          2008-05-12 22:38 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
                          2008-05-12 22:38 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
                          2008-05-12 19:08 . 2008-05-12 19:08 <DIR> d-------- C:\Program Files\Trend Micro
                          2008-05-11 18:25 . 2008-05-11 18:25 <DIR> d-------- C:\Program Files\SubSync
                          2008-05-11 18:25 . 2008-05-11 18:25 <DIR> d-------- C:\Program Files\Safari
                          2008-05-11 09:06 . 2008-05-11 09:06 <DIR> d-------- C:\Program Files\Lavasoft
                          2008-05-11 09:06 . 2008-05-11 09:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
                          2008-05-10 11:26 . 2008-05-10 11:26 <DIR> d-------- C:\Documents and Settings\PC\Application Data\Nokia Multimedia Player
                          2008-05-07 17:15 . 2008-05-07 17:15 <DIR> dr------- C:\Documents and Settings\LocalService\Mijn documenten
                          2008-05-07 16:49 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
                          2008-05-07 16:49 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
                          2008-05-07 16:48 . 2008-05-07 16:48 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
                          2008-05-07 16:48 . 2008-05-07 16:48 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
                          2008-05-07 12:04 . 2008-05-07 12:04 <DIR> d-------- C:\Program Files\MSXML 6.0
                          2008-05-07 12:04 . 2008-05-07 12:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
                          2008-05-07 12:04 . 2008-02-01 15:17 138,112 --a------ C:\WINDOWS\system32\drivers\nmwcdnsu.sys
                          2008-05-07 12:04 . 2008-02-01 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
                          2008-05-07 12:01 . 2008-05-07 16:38 <DIR> d-------- C:\Documents and Settings\PC\Application Data\PC Suite
                          2008-05-07 12:01 . 2008-05-07 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
                          2008-05-07 12:00 . 2008-05-07 16:47 <DIR> d-------- C:\Documents and Settings\PC\Application Data\Nokia
                          2008-05-07 11:59 . 2008-05-07 11:59 <DIR> d-------- C:\Program Files\Common Files\PCSuite
                          2008-05-07 11:59 . 2008-05-09 15:18 <DIR> d-------- C:\Program Files\Common Files\Nokia
                          2008-05-07 11:58 . 2008-05-07 11:58 <DIR> d-------- C:\Program Files\PC Connectivity Solution
                          2008-05-07 11:58 . 2008-05-09 15:18 <DIR> d-------- C:\Program Files\Nokia
                          2008-05-07 11:58 . 2008-05-07 11:58 <DIR> d-------- C:\Program Files\DIFX
                          2008-05-07 11:58 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
                          2008-05-07 11:58 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
                          2008-05-07 11:58 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll
                          2008-05-07 11:58 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
                          2008-05-07 11:58 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
                          2008-05-07 11:58 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
                          2008-05-07 11:58 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
                          2008-05-07 11:58 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
                          2008-05-07 11:56 . 2008-05-09 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
                          2008-04-29 09:21 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
                          2008-04-29 09:21 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
                          2008-04-27 19:34 . 2008-04-27 19:34 <DIR> d-------- C:\Program Files\Outsim
                          2008-04-27 19:15 . 2008-04-27 19:36 <DIR> d-------- C:\Program Files\Image-Line
                          2008-04-27 19:04 . 2008-05-25 00:24 <DIR> d-------- C:\Temp
                          2008-04-27 19:04 . 2008-04-27 19:04 <DIR> d-------- C:\Documents and Settings\PC\Application Data\Syntrillium
                          2008-04-27 19:03 . 2008-05-25 10:41 <DIR> d-------- C:\Program Files\coolpro2
                          2008-04-26 17:33 . 2008-04-26 17:33 <DIR> d-------- C:\Program Files\Microsoft Silverlight
                          2008-04-26 09:29 . 2008-04-26 09:29 73,216 --a------ C:\WINDOWS\temp.001
                          2008-04-25 23:25 . 2008-04-25 23:26 <DIR> d-------- C:\Program Files\WinAVI Video Converter
                          2008-04-25 23:18 . 2008-04-25 23:18 <DIR> d-------- C:\Program Files\vso
                          2008-04-25 22:18 . 2008-04-30 18:59 <DIR> d-------- C:\Program Files\AviSynth 2.5
                          2008-04-25 22:17 . 2008-04-30 18:59 <DIR> d-------- C:\Program Files\Avi2Dvd

                          .
                          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          2008-05-25 09:44 --------- d-----w C:\Documents and Settings\PC\Application Data\BitTorrent
                          2008-05-11 15:41 --------- d-----w C:\Program Files\ZD Soft
                          2008-04-26 07:29 249,856 ------w C:\WINDOWS\Setup1.exe
                          2008-04-25 19:38 --------- d-----w C:\Program Files\Nero
                          2008-04-25 19:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
                          2008-04-13 19:46 --------- d-----w C:\Program Files\URUSoft
                          2008-04-12 09:47 --------- d-----w C:\Documents and Settings\PC\Application Data\LimeWire
                          2008-04-09 21:46 --------- d-----w C:\Program Files\ElcomSoft
                          2008-04-09 20:06 --------- d-----w C:\Program Files\Intelore
                          2008-04-09 17:03 --------- d-----w C:\Documents and Settings\PC\Application Data\TeamViewer
                          2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
                          2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
                          2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
                          2008-03-06 09:14 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
                          2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
                          .

                          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          .
                          REGEDIT4
                          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
                          "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]
                          "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2008-03-09 12:58 5724184]
                          "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
                          "FreeCall"="C:\program files\freecall.com\freecall\freecall.exe" [ ]
                          "VoipBuster"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" [ ]
                          "LowRateVoip"="C:\Program Files\LowRateVoip\LowRateVoip.exe" [2008-01-25 17:36 8897848]
                          "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
                          "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]

                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "VTTimer"="VTTimer.exe" [2004-10-22 12:53 53248 C:\WINDOWS\system32\VTTimer.exe]
                          "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-13 20:52 185896]
                          "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-08 17:47 949376]
                          "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-04-23 19:57 35328]
                          "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
                          "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 110592 C:\WINDOWS\system32\bthprops.cpl]

                          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360]

                          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                          Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
                          BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-08-31 13:04:14 1196032]
                          hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 02:17:18 147456]
                          hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 02:06:58 28672]

                          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
                          "DisableClock"= 0 (0x0)

                          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
                          "NoMultiIE"= 0 (0x0)
                          "LWA"= 0 (0x0)
                          "LWB"= 0 (0x0)
                          "LWC"= 0 (0x0)
                          "LWD"= 0 (0x0)
                          "LWE"= 0 (0x0)
                          "LWF"= 0 (0x0)
                          "LWG"= 0 (0x0)
                          "LWH"= 0 (0x0)
                          "LWI"= 0 (0x0)
                          "LWJ"= 0 (0x0)
                          "LWK"= 0 (0x0)
                          "LWL"= 0 (0x0)
                          "LWM"= 0 (0x0)
                          "LWN"= 0 (0x0)
                          "LWO"= 0 (0x0)
                          "LWP"= 0 (0x0)
                          "LWQ"= 0 (0x0)
                          "LWR"= 0 (0x0)
                          "LWS"= 0 (0x0)
                          "LWT"= 0 (0x0)
                          "LWU"= 0 (0x0)
                          "LWV"= 0 (0x0)
                          "LWW"= 0 (0x0)
                          "LWX"= 0 (0x0)
                          "LWY"= 0 (0x0)
                          "LWZ"= 0 (0x0)
                          "NoToolbarCustomize"= 1 (0x1)
                          "NoStartMenuMorePrograms"= 1 (0x1)

                          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
                          "VIDC.CSCD"= camcodec.dll
                          "VIDC.ZDSV"= scrvid.dll

                          [HKEY_LOCAL_MACHINE\software\microsoft\security center]
                          "AntiVirusDisableNotify"=dword:00000001

                          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
                          "DisableMonitoring"=dword:00000001

                          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
                          "DisableMonitoring"=dword:00000001

                          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
                          "DisableMonitoring"=dword:00000001

                          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                          "%windir%\\system32\\sessmgr.exe"=
                          "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                          "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
                          "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
                          "C:\\Program Files\\Winamp\\winamp.exe"=
                          "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
                          "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
                          "C:\\Documents and Settings\\PC\\Application Data\\SopCast\\adv\\SopAdver.exe"=
                          "C:\\Program Files\\SopCast\\SopCast.exe"=
                          "C:\\Program Files\\LowRateVoip\\LowRateVoip.exe"=
                          "C:\\Program Files\\TVAnts\\Tvants.exe"=
                          "C:\\Program Files\\LimeWire\\LimeWire.exe"=
                          "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
                          "C:\\Program Files\\SopCast\\sopvod.exe"=
                          "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
                          "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
                          "C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
                          "C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP1.exe"=
                          "C:\\Program Files\\uTorrent\\uTorrent.exe"=
                          "C:\\phpdev\\mysql\\bin\\mysqld-nt.exe"=
                          "C:\\phpdev\\Apache\\Apache.exe"=
                          "C:\\phpdev\\ftp\\Cerberus.exe"=
                          "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
                          "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
                          "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
                          "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
                          "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

                          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
                          "3389:TCP"= 3389:TCPxpsp2res.dll,-22009

                          R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys [2007-07-07 15:12]
                          R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);C:\WINDOWS\system32\DRIVERS\vacs2xkd.sys [2007-11-01 18:53]
                          R3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [2006-12-27 16:47]
                          S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
                          S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17]
                          S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17]
                          S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
                          S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
                          S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]
                          S4 Cerberus FTP Server;Cerberus FTP Server;C:\phpdev\ftp\Cerberus.exe [2008-02-24 11:24]
                          S4 dev4_423;dev4_423;"C:\phpdev\Apache\Apache.exe" --ntservice

                          .
                          Inhoud van de 'Gedeelde Taken' map
                          "2008-05-20 07:32:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
                          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
                          "2007-06-15 14:41:32 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1173884826.job"
                          - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
                          .
                          **************************************************************************

                          catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                          Rootkit scan 2008-05-25 14:43:36
                          Windows 5.1.2600 Service Pack 2 NTFS

                          scannen van verborgen processen ...

                          scannen van verborgen autostart items ...

                          scannen van verborgen bestanden ...

                          Scan succesvol afgerond
                          verborgen bestanden: 0

                          **************************************************************************
                          .
                          Voltooingstijd: 2008-05-25 14:50:35
                          ComboFix-quarantined-files.txt 2008-05-25 12:49:57
                          ComboFix2.txt 2008-05-25 11:34:36

                          Pre-Run: 21,161,889,792 bytes beschikbaar
                          Post-Run: 21,150,928,896 bytes beschikbaar

                          232 --- E O F --- 2008-05-17 22:36:57

                          Comment


                          • #14
                            Dat lijkt me beter.

                            Ga naar deze website: http://www.virustotal.com/en/indexf.html
                            Laat volgend bestandje scannen: C:\WINDOWS\xmpstean.exe
                            Post het resultaat van de scan.

                            Comment


                            • #15
                              ik kan niet op C schijf alles is dood bijna overal staat VIRUS ALERT! ik kon het bestand niet vinden dus het ik gwn de link getypt C:\WINDOWS\xmpstean.exe
                              het lukte hier de resultaten
                              http://www.virustotal.com/nl/analisi...ae4fca7686a517

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X