Mededeling

Collapse
No announcement yet.

Ik heb spyware op mijn computer en kan het niet verwijderen!

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Ik heb spyware op mijn computer en kan het niet verwijderen!

    Hallo,

    Mijn broertje heeft onlangs een mail geopend en er is toen waarschijnlijk een mail/spyware op mijn computer geinstalleerd. Het gaat om het programma win spyware protect. Ik heb mijn computer gescand met mcafee, ad aware 2008 en spyware doctor maar de mail/spyware staat er nog steeds op.

    Ik hoop dat jullie mij kunnen helpen.

    Met vriendelijke groet,

    Satta

    Dit is mijn Hijack logfile:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0:34:42, on 27-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\McAfee\MBK\MBackMonitor.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE
    D:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\WINDOWS\system32\ctfmona.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vi.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O3 - Toolbar: atfxqogp - {9E6CD9DF-5EF9-40F4-84FA-C4842EB1F283} - C:\WINDOWS\atfxqogp.dll (file missing)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
    O4 - HKLM\..\Run: [advap32] D:\DOCUME~1\Ravish\LOCALS~1\Temp\rbnpsrv.exe/r
    O4 - HKLM\..\Run: [e0fe598a] rundll32.exe "C:\WINDOWS\system32\fulvikpv.dll",b
    O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: HP OfficeJet T Series Opstartmenu.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204449533890
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204455813906
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O21 - SSODL: vregfwlx - {576FC564-1ED1-4E7B-A576-B973414AFF6C} - C:\WINDOWS\vregfwlx.dll
    O21 - SSODL: KernelMon - {0edb91dc-441e-4a6a-bf46-decb18f48990} - C:\WINDOWS\Resources\KernelMon.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

    --
    End of file - 11210 bytes

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Post ook de inhoud van het 2e logje: C:\RVAXO-Vfind.log

    Comment


    • #3
      RVAXO-results

      ---RVAXO.exe Updated: 2008-05-27---first run---
      Uninstallers:

      Files found:
      C:\WINDOWS\system32\oVuFeMoq.ini2
      C:\WINDOWS\boqnrwdmstg.dll
      C:\WINDOWS\edwf.exe
      C:\WINDOWS\xmpstean.exe
      C:\WINDOWS\vregfwlx.dll
      C:\WINDOWS\vltdfabw.dll
      C:\WINDOWS\apunbegy.dll
      C:\WINDOWS\system32\clkcnt.txt
      C:\WINDOWS\system32\ctfmona.exe
      C:\WINDOWS\system32\ctfmonb.bmp
      C:\WINDOWS\system32\blackster.scr
      C:\WINDOWS\system32\WinCtrl32.dll
      C:\WINDOWS\system32\mcrh.tmp
      C:\WINDOWS\system32\WLCtrl32.dll

      Folders Found:

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:
      C:\WINDOWS\system32\WLCtrl32.dll

      --------------RVAXO.exe finished----------------

      RVAXO-Vfind

      ======C:\WINDOWS====
      ----a-w 0 2008-05-27 20:01:59 C:\WINDOWS\0.log
      --s-a-w 2,048 2008-05-27 20:00:00 C:\WINDOWS\bootstat.dat
      ----a-w 307,463 2008-05-14 11:02:46 C:\WINDOWS\comsetup.log
      ----a-w 51,133 2008-05-14 11:02:46 C:\WINDOWS\ehOCGen.log
      ----a-w 925,663 2008-05-14 11:02:45 C:\WINDOWS\FaxSetup.log
      ----a-w 2,334 2008-05-14 17:12:27 C:\WINDOWS\HPOCSS05.INI
      ----a-w 228 2008-05-25 12:56:27 C:\WINDOWS\HPODJC05.INI
      ----a-w 551 2008-05-25 12:56:33 C:\WINDOWS\HPOTBX05.INI
      ----a-w 991,507 2008-05-14 11:02:46 C:\WINDOWS\iis6.log
      ----a-w 1,374 2008-05-14 11:02:46 C:\WINDOWS\imsins.log
      ----a-w 13,651 2008-05-14 11:02:46 C:\WINDOWS\KB950749.log
      ----a-w 111,373 2008-05-14 11:02:46 C:\WINDOWS\MedCtrOC.log
      ----a-w 4,246 2008-05-24 13:16:49 C:\WINDOWS\ModemLog_Sony Ericsson W810 USB WMC Data Modem.txt
      ----a-w 4,472 2008-05-24 13:16:49 C:\WINDOWS\ModemLog_Sony Ericsson W810 USB WMC Modem.txt
      ----a-w 45,676 2008-05-14 11:02:46 C:\WINDOWS\msgsocm.log
      ----a-w 275,886 2008-05-14 11:02:43 C:\WINDOWS\msmqinst.log
      ----a-w 69 2008-05-19 18:56:48 C:\WINDOWS\NeroDigital.ini
      ----a-w 172,867 2008-05-14 11:02:46 C:\WINDOWS\netfxocm.log
      ----a-w 131,724 2008-05-27 19:58:57 C:\WINDOWS\ntbtlog.txt
      ----a-w 184,952 2008-05-14 11:02:46 C:\WINDOWS\ntdtcsetup.log
      ----a-w 437,552 2008-05-14 11:02:46 C:\WINDOWS\ocgen.log
      ----a-w 56,083 2008-05-14 11:02:46 C:\WINDOWS\ocmsn.log
      ----a-w 103,943 2008-05-14 11:02:46 C:\WINDOWS\plusoc.log
      ---ha-w 54,156 2008-05-27 19:38:08 C:\WINDOWS\QTFont.qfn
      ----a-w 32,400 2008-05-27 19:45:34 C:\WINDOWS\SchedLgU.Txt
      ----a-w 413,980 2008-05-25 20:07:36 C:\WINDOWS\setupapi.log
      ----a-w 46,389 2008-05-14 11:02:46 C:\WINDOWS\tabletoc.log
      ----a-w 419,297 2008-05-14 11:02:46 C:\WINDOWS\tsoc.log
      ----a-w 4 2008-05-27 19:40:15 C:\WINDOWS\Twain001.Mtx
      ----a-w 159 2008-05-27 20:01:30 C:\WINDOWS\wiadebug.log
      ----a-w 49 2008-05-27 20:01:19 C:\WINDOWS\wiaservc.log
      ----a-w 1,840,770 2008-05-27 19:45:29 C:\WINDOWS\WindowsUpdate.log
      ----a-w 72,555 2008-05-23 14:45:38 C:\WINDOWS\wmsetup.log

      Entries: 33 (31)
      Directories: 0 Files: 33
      Bytes: 6,704,554 Blocks: 13,111
      ======C:\WINDOWS\system32=====
      ----a-w 107,888 2008-05-08 10:26:53 C:\WINDOWS\System32\CmdLineExt.dll
      ----a-w 32,192 2008-05-27 19:45:32 C:\WINDOWS\System32\Config.MPF
      ----a-w 1,553,344 2008-05-18 12:31:32 C:\WINDOWS\System32\FNTCACHE.DAT
      ----a-w 90,624 2008-05-25 15:37:19 C:\WINDOWS\System32\fulvikpv.dll
      ----a-w 84 2008-05-27 20:01:52 C:\WINDOWS\System32\ikhcore.cfg
      ----a-w 12,632 2008-05-16 09:58:04 C:\WINDOWS\System32\lsdelete.exe
      ----a-w 16,863,864 2008-05-09 21:35:04 C:\WINDOWS\System32\MRT.exe
      --sha-w 4,752 2008-05-27 20:09:44 C:\WINDOWS\System32\oVuFeMoq.ini
      --sha-w 4,752 2008-05-27 20:09:29 C:\WINDOWS\System32\oVuFeMoq.ini2
      ----a-w 72,960 2008-05-26 22:35:21 C:\WINDOWS\System32\perfc009.dat
      ----a-w 93,218 2008-05-26 22:35:21 C:\WINDOWS\System32\perfc013.dat
      ----a-w 446,006 2008-05-26 22:35:21 C:\WINDOWS\System32\perfh009.dat
      ----a-w 514,242 2008-05-26 22:35:21 C:\WINDOWS\System32\perfh013.dat
      ----a-w 1,140,898 2008-05-26 22:35:21 C:\WINDOWS\System32\PerfStringBackup.INI
      ----a-w 318,336 2008-05-25 15:35:41 C:\WINDOWS\System32\qoMeFuVo.dll
      ----a-w 827,634 2008-05-27 06:12:36 C:\WINDOWS\System32\RVAXO.bat
      ----a-w 29,312 2008-05-25 14:30:56 C:\WINDOWS\System32\urqPiIxY.dll
      --sh--w 1,157,178 2008-05-27 19:43:50 C:\WINDOWS\System32\vpkivluf.ini
      ----a-w 14,336 2008-05-27 20:00:00 C:\WINDOWS\System32\WinCtrl32.dllRVAXO
      ----a-w 12,288 2008-05-27 20:00:00 C:\WINDOWS\System32\WLCtrl32.dll
      ----a-w 13,646 2008-05-18 12:31:16 C:\WINDOWS\System32\wpa.dbl

      Entries: 21 (18)
      Directories: 0 Files: 21
      Bytes: 23,310,186 Blocks: 45,538
      ======C:\WINDOWS\system32\drivers=====
      ----a-w 12,960 2008-04-29 09:19:50 C:\WINDOWS\System32\drivers\Awrtpd.sys
      ----a-w 15,648 2008-04-29 09:19:54 C:\WINDOWS\System32\drivers\Awrtrd.sys
      ----a-w 29,056 2008-05-26 20:02:40 C:\WINDOWS\System32\drivers\naA55.sys
      ----a-w 15,648 2008-04-29 09:20:00 C:\WINDOWS\System32\drivers\NSDriver.sys
      ----a-w 27,008 2008-05-26 20:23:04 C:\WINDOWS\System32\drivers\Rem07.sys

      Entries: 5 (5)
      Directories: 0 Files: 5
      Bytes: 100,320 Blocks: 198
      =======C:\Program Files=====
      Entries: 0 (0)
      Directories: 0 Files: 0
      Bytes: 0 Blocks: 0
      =======D:=====
      ----a-w 639 2008-05-27 19:58:21 D:\firstrun6.log

      Entries: 1 (1)
      Directories: 0 Files: 1
      Bytes: 639 Blocks: 2
      ======D:\Documenten en settings\Ravish\Application Data======
      Entries: 0 (0)
      Directories: 0 Files: 0
      Bytes: 0 Blocks: 0
      ======D:\Documenten en settings\Ravish======
      ---ha-w 3,407,872 2008-05-27 19:59:00 D:\Documenten en settings\Ravish\NTUSER.DAT
      ---ha-w 36,864 2008-05-27 20:09:15 D:\Documenten en settings\Ravish\NtUser.dat.LOG
      --sh--w 188 2008-05-27 19:45:27 D:\Documenten en settings\Ravish\ntuser.ini
      ----a-w 600 2008-05-25 15:46:12 D:\Documenten en settings\Ravish\PUTTY.RND

      Entries: 4 (1)
      Directories: 0 Files: 4
      Bytes: 3,445,524 Blocks: 6,731
      ======C:\WINDOWS\Downloaded Program Files====
      Entries: 0 (0)
      Directories: 0 Files: 0
      Bytes: 0 Blocks: 0
      =============

      Comment


      • #4
        Open een kladblokbestand.
        Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

        @ECHO OFF
        IF EXIST log.txt DEL log.txt
        sc stop naA55
        sc delete naA55
        remove C:\WINDOWS\System32\drivers\naA55.sys C:\RVAXO\naA55.sys
        ECHO Deleting files>>log.txt
        FOR %%g in (
        C:\WINDOWS\System32\fulvikpv.dll
        C:\WINDOWS\System32\ikhcore.cfg
        C:\WINDOWS\System32\oVuFeMoq.ini
        C:\WINDOWS\System32\oVuFeMoq.ini2
        C:\WINDOWS\System32\qoMeFuVo.dll
        C:\WINDOWS\System32\urqPiIxY.dll
        C:\WINDOWS\System32\vpkivluf.ini
        C:\WINDOWS\System32\WinCtrl32.dllRVAXO
        C:\WINDOWS\System32\drivers\naA55.sys
        C:\WINDOWS\System32\WLCtrl32.dl_
        C:\WINDOWS\System32\WLCtrl32.dll) DO (
        DEL /Q %%gNUCIA
        IF EXIST %%g (
        ATTRIB -r -s -h %%g
        DEL %%g
        REN %%g *NUCIA
        IF EXIST %%gNUCIA (
        ECHO renamed to %%gNUCIA>>log.txt)
        IF EXIST %%g (
        ECHO %%g not deleted>>log.txt
        ) ELSE (
        ECHO %%g deleted>>log.txt)
        ) ELSE (
        ECHO %%g not found>>log.txt))
        sc stop naA55
        sc delete naA55
        START NOTEPAD.EXE log.txt

        Ga naar Bestand - Opslaan als.
        Bij "Opslaan in" kies je: Bureaublad
        Bij "Bestandsnaam" zet je: del.bat
        Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
        Klik op de knop Opslaan.

        Dubbelklik op del.bat en post de inhoud van de logfile die opent.
        Last edited by smeenk; 28-05-08, 21:11.

        Comment


        • #5
          del.bat-log

          Deleting files
          C:\WINDOWS\System32\fulvikpv.dll not found
          C:\WINDOWS\System32\ikhcore.cfg deleted
          C:\WINDOWS\System32\MRT.exe deleted
          C:\WINDOWS\System32\oVuFeMoq.ini deleted
          C:\WINDOWS\System32\oVuFeMoq.ini2 deleted
          C:\WINDOWS\System32\qoMeFuVo.dll not deleted
          C:\WINDOWS\System32\urqPiIxY.dll not deleted
          C:\WINDOWS\System32\vpkivluf.ini deleted
          C:\WINDOWS\System32\WinCtrl32.dllRVAXO deleted
          C:\WINDOWS\System32\drivers\naA55.sys not deleted
          C:\WINDOWS\System32\WLCtrl32.dl_ not found
          renamed to C:\WINDOWS\System32\WLCtrl32.dllNUCIA
          C:\WINDOWS\System32\WLCtrl32.dll deleted

          Comment


          • #6
            Download IceSword en unzip het naar je bureaublad in een map.
            - Open die map, dubbelklik op het "Sword icon" om IceSword te starten.
            - Links klik je op file.
            - Kies nu deze computer in icesword en navigeer naar dit bestand:

            C:\WINDOWS\System32\drivers\naA55.sys

            - Rechtsklik er op en kies voor delete.

            - Doe dit ook voor:

            C:\WINDOWS\System32\WLCtrl32.dllNUCIA

            Herstart je PC en post een nieuw logje van Hijackthis

            Comment


            • #7
              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 22:47:46, on 28-5-2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16640)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\csrss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
              C:\Program Files\Bonjour\mDNSResponder.exe
              C:\WINDOWS\eHome\ehRecvr.exe
              C:\WINDOWS\eHome\ehSched.exe
              C:\Program Files\McAfee\MBK\MBackMonitor.exe
              C:\WINDOWS\ehome\ehtray.exe
              C:\WINDOWS\system32\igfxtray.exe
              C:\WINDOWS\system32\hkcmd.exe
              C:\WINDOWS\system32\igfxpers.exe
              C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
              C:\Program Files\McAfee.com\Agent\mcagent.exe
              C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
              C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
              C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
              C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE
              D:\Program Files\iTunes\iTunesHelper.exe
              C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
              C:\Program Files\Spyware Doctor\pctsTray.exe
              C:\WINDOWS\system32\rundll32.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
              C:\Program Files\Messenger\msmsgs.exe
              C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
              c:\program files\common files\mcafee\mna\mcnasvc.exe
              C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
              C:\Program Files\Logitech\SetPoint\KEM.exe
              C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
              c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
              C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              C:\Program Files\McAfee\MPF\MPFSrv.exe
              C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
              C:\Program Files\McAfee\MSK\MskSrver.exe
              C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
              C:\Program Files\Spyware Doctor\pctsAuxs.exe
              C:\Program Files\Spyware Doctor\pctsSvc.exe
              C:\Program Files\SiteAdvisor\6253\SAService.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\ehome\mcrdsvc.exe
              C:\Program Files\Common Files\Teleca Shared\Generic.exe
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\WINDOWS\explorer.exe
              C:\WINDOWS\system32\imapi.exe
              C:\WINDOWS\system32\wscntfy.exe
              C:\WINDOWS\system32\dllhost.exe
              C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
              C:\Program Files\iPod\bin\iPodService.exe
              C:\WINDOWS\eHome\ehmsas.exe
              C:\WINDOWS\System32\alg.exe
              C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
              C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
              C:\WINDOWS\system32\wbem\wmiprvse.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
              O3 - Toolbar: atfxqogp - {9E6CD9DF-5EF9-40F4-84FA-C4842EB1F283} - C:\WINDOWS\atfxqogp.dll (file missing)
              O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
              O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
              O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
              O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
              O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
              O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
              O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
              O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
              O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
              O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
              O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
              O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
              O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
              O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
              O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
              O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
              O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
              O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
              O4 - HKLM\..\Run: [e0fe598a] rundll32.exe "C:\WINDOWS\system32\quxpvodu.dll",b
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
              O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
              O4 - Global Startup: HP OfficeJet T Series Opstartmenu.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
              O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
              O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
              O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
              O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204449533890
              O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204455813906
              O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
              O21 - SSODL: KernelMon - {0edb91dc-441e-4a6a-bf46-decb18f48990} - C:\WINDOWS\Resources\KernelMon.dll
              O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
              O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
              O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
              O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
              O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
              O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
              O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
              O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
              O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
              O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
              O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
              O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
              O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
              O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
              O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
              O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
              O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

              --
              End of file - 10843 bytes

              Comment


              • #8
                Download Malwarebytes' Anti-Malware via hier of hier.

                Dubbelklik mbam-setup.exe om het programma te installeren.
                • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
                • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
                • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
                • Het scannen kan een tijdje duren, dus wees geduldig.
                • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
                • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
                • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
                • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
                • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw logje van Hijackthis.

                Extra opmerking:
                Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

                Comment


                • #9
                  Malwarebytes' Anti-Malware 1.12
                  Database versie: 795

                  Scan type: Snelle Scan
                  Objecten gescand: 46761
                  Verstreken tijd: 1 hour(s), 2 minute(s), 9 second(s)

                  Geheugenprocessen geïnfecteerd: 0
                  Geheugenmodulen geïnfecteerd: 6
                  Registersleutels geïnfecteerd: 32
                  Registerwaarden geïnfecteerd: 8
                  Registerdata bestanden geïnfecteerd: 2
                  Mappen geïnfecteerd: 6
                  Bestanden geïnfecteerd: 16

                  Geheugenprocessen geïnfecteerd:
                  (Geen kwaadaardige items gevonden)

                  Geheugenmodulen geïnfecteerd:
                  C:\WINDOWS\system32\qoMeFuVo.dll (Trojan.Vundo) -> Unloaded module successfully.
                  C:\WINDOWS\system32\quxpvodu.dll (Trojan.Vundo) -> Unloaded module successfully.
                  C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Unloaded module successfully.
                  C:\WINDOWS\Resources\KernelMon.dll (Trojan.Clicker) -> Unloaded module successfully.
                  C:\WINDOWS\system32\WLCtrl32.dll (Trojan.Agent) -> Unloaded module successfully.
                  C:\WINDOWS\system32\urqPiIxY.dll (Trojan.Vundo) -> Unloaded module successfully.

                  Registersleutels geïnfecteerd:
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cab0a5f4-2a25-4972-8abf-3885d2b67db4} (Trojan.Vundo) -> Delete on reboot.
                  HKEY_CLASSES_ROOT\CLSID\{cab0a5f4-2a25-4972-8abf-3885d2b67db4} (Trojan.Vundo) -> Delete on reboot.
                  HKEY_CLASSES_ROOT\Interface\{e18c3daf-9841-4340-afe9-27ab400650ab} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                  HKEY_CLASSES_ROOT\Typelib\{e48c3daf-9841-4345-afe9-27ab400650ab} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                  HKEY_CLASSES_ROOT\atfxqogp.bsog (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                  HKEY_CLASSES_ROOT\atfxqogp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                  HKEY_CLASSES_ROOT\CLSID\{9e6cd9df-5ef9-40f4-84fa-c4842eb1f283} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                  HKEY_CLASSES_ROOT\CLSID\{b33b96b9-e0c2-4648-9819-a38ddcafa33c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b33b96b9-e0c2-4648-9819-a38ddcafa33c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                  HKEY_CLASSES_ROOT\Interface\{de4a7692-b2cb-4d1a-9956-76a8a028caa0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                  HKEY_CLASSES_ROOT\Typelib\{1c2a0cbe-9c8b-49f3-9e56-bd989db7e8c3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                  HKEY_CLASSES_ROOT\Interface\{14a9da84-0c80-4520-8452-f5c7c911a003} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                  HKEY_CLASSES_ROOT\Interface\{3177b0aa-7c67-46b4-ba02-574d7e368d4f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                  HKEY_CLASSES_ROOT\Typelib\{890f3f83-dca0-42a9-935e-dd01e78970b8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                  HKEY_CLASSES_ROOT\bho.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                  HKEY_CLASSES_ROOT\AppID\{616d534c-3ca8-43ab-b439-618f850f1d2b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\e405.e405mgr (Trojan.BHO) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\e405.e405mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winctrl32 (Trojan.Agent) -> Delete on reboot.
                  HKEY_CLASSES_ROOT\CLSID\{0edb91dc-441e-4a6a-bf46-decb18f48990} (Trojan.Clicker) -> Delete on reboot.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WLCtrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
                  HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
                  HKEY_CURRENT_USER\Software\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
                  HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
                  HKEY_CLASSES_ROOT\CLSID\{48f0b738-34a6-4113-b966-33c4ef85bcd9} (Trojan.Vundo) -> Delete on reboot.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48f0b738-34a6-4113-b966-33c4ef85bcd9} (Trojan.Vundo) -> Delete on reboot.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqpiixy (Trojan.Vundo) -> Delete on reboot.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

                  Registerwaarden geïnfecteerd:
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e0fe598a (Trojan.Vundo) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9e6cd9df-5ef9-40f4-84fa-c4842eb1f283} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                  HKEY_CURRENT_USER\Control Panel\Desktop\Wallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                  HKEY_CURRENT_USER\Control Panel\Desktop\OriginalWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                  HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                  HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\KernelMon (Trojan.Clicker) -> Delete on reboot.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{48f0b738-34a6-4113-b966-33c4ef85bcd9} (Trojan.Vundo) -> Delete on reboot.

                  Registerdata bestanden geïnfecteerd:
                  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomefuvo -> Delete on reboot.
                  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomefuvo -> Delete on reboot.

                  Mappen geïnfecteerd:
                  D:\Documenten en settings\All Users\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
                  D:\Documenten en settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect (Rogue.MalWarrior) -> Quarantined and deleted successfully.
                  D:\Documenten en settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\BASE (Rogue.MalWarrior) -> Quarantined and deleted successfully.
                  D:\Documenten en settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\DELETED (Rogue.MalWarrior) -> Quarantined and deleted successfully.
                  D:\Documenten en settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG (Rogue.MalWarrior) -> Quarantined and deleted successfully.
                  D:\Documenten en settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\SAVED (Rogue.MalWarrior) -> Quarantined and deleted successfully.

                  Bestanden geïnfecteerd:
                  C:\WINDOWS\system32\qoMeFuVo.dll (Trojan.Vundo) -> Delete on reboot.
                  C:\WINDOWS\system32\oVuFeMoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
                  C:\WINDOWS\system32\oVuFeMoq.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
                  C:\WINDOWS\system32\quxpvodu.dll (Trojan.Vundo) -> Delete on reboot.
                  C:\WINDOWS\system32\udovpxuq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
                  D:\Documenten en settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe (Rogue.MalWarrior) -> Quarantined and deleted successfully.
                  D:\Documenten en settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080525173153453.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
                  D:\Documenten en settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080525194413515.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
                  D:\Documenten en settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080526092925781.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
                  D:\Documenten en settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080526185418500.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
                  D:\Documenten en settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080526213156578.log (Rogue.MalWarrior) -> Quarantined and deleted successfully.
                  C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.
                  C:\WINDOWS\Resources\KernelMon.dll (Trojan.Clicker) -> Delete on reboot.
                  C:\WINDOWS\system32\WLCtrl32.dl_ (Trojan.Downloader) -> Quarantined and deleted successfully.
                  C:\WINDOWS\system32\WLCtrl32.dll (Trojan.Agent) -> Delete on reboot.
                  C:\WINDOWS\system32\urqPiIxY.dll (Trojan.Vundo) -> Delete on reboot.


                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 0:48:26, on 29-5-2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\csrss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                  C:\Program Files\Bonjour\mDNSResponder.exe
                  C:\WINDOWS\eHome\ehRecvr.exe
                  C:\WINDOWS\eHome\ehSched.exe
                  C:\WINDOWS\ehome\ehtray.exe
                  C:\WINDOWS\system32\igfxtray.exe
                  C:\WINDOWS\system32\hkcmd.exe
                  C:\WINDOWS\system32\igfxpers.exe
                  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                  C:\Program Files\McAfee.com\Agent\mcagent.exe
                  C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
                  C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
                  C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                  C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE
                  D:\Program Files\iTunes\iTunesHelper.exe
                  C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
                  C:\Program Files\Spyware Doctor\pctsTray.exe
                  C:\Program Files\McAfee\MBK\MBackMonitor.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
                  C:\Program Files\Messenger\msmsgs.exe
                  C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
                  C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
                  C:\Program Files\Logitech\SetPoint\KEM.exe
                  C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                  C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
                  c:\program files\common files\mcafee\mna\mcnasvc.exe
                  c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                  C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
                  C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                  C:\Program Files\McAfee\MPF\MPFSrv.exe
                  C:\Program Files\McAfee\MSK\MskSrver.exe
                  C:\Program Files\Spyware Doctor\pctsAuxs.exe
                  C:\Program Files\Spyware Doctor\pctsSvc.exe
                  C:\Program Files\SiteAdvisor\6253\SAService.exe
                  C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\ehome\mcrdsvc.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\Program Files\Common Files\Teleca Shared\Generic.exe
                  C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
                  C:\WINDOWS\system32\wscntfy.exe
                  C:\WINDOWS\system32\dllhost.exe
                  C:\Program Files\iPod\bin\iPodService.exe
                  C:\WINDOWS\System32\alg.exe
                  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                  C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
                  C:\WINDOWS\eHome\ehmsas.exe
                  C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
                  c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
                  C:\WINDOWS\system32\wbem\wmiprvse.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                  O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                  O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
                  O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
                  O2 - BHO: 818646 helper - {54192079-8E8A-43D8-BCBC-3874916159AF} - (no file)
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
                  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                  O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                  O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
                  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
                  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
                  O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
                  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
                  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                  O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
                  O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
                  O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
                  O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
                  O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
                  O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
                  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                  O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                  O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                  O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
                  O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
                  O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
                  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                  O4 - Global Startup: HP OfficeJet T Series Opstartmenu.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
                  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
                  O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
                  O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
                  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                  O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
                  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204449533890
                  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204455813906
                  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                  O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
                  O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
                  O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                  O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                  O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                  O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
                  O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                  O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
                  O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
                  O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                  O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                  O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                  O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
                  O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
                  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
                  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
                  O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

                  --
                  End of file - 11749 bytes

                  Comment


                  • #10
                    Download dit bestand: zoek.exe
                    Dubbelklik het, na een tijdje opent er een logje.
                    Post de inhoud van dit logje in je volgende bericht

                    Comment


                    • #11
                      Zoek-log

                      ======C:\WINDOWS====
                      ----a-w 0 2008-05-29 16:30:25 C:\WINDOWS\0.log
                      --s-a-w 2,048 2008-05-29 16:28:57 C:\WINDOWS\bootstat.dat
                      ----a-w 307,463 2008-05-14 11:02:46 C:\WINDOWS\comsetup.log
                      ----a-w 51,133 2008-05-14 11:02:46 C:\WINDOWS\ehOCGen.log
                      ----a-w 925,663 2008-05-14 11:02:45 C:\WINDOWS\FaxSetup.log
                      ----a-w 2,334 2008-05-14 17:12:27 C:\WINDOWS\HPOCSS05.INI
                      ----a-w 228 2008-05-25 12:56:27 C:\WINDOWS\HPODJC05.INI
                      ----a-w 551 2008-05-25 12:56:33 C:\WINDOWS\HPOTBX05.INI
                      ----a-w 991,507 2008-05-14 11:02:46 C:\WINDOWS\iis6.log
                      ----a-w 1,374 2008-05-14 11:02:46 C:\WINDOWS\imsins.log
                      ----a-w 13,651 2008-05-14 11:02:46 C:\WINDOWS\KB950749.log
                      ----a-w 111,373 2008-05-14 11:02:46 C:\WINDOWS\MedCtrOC.log
                      ----a-w 4,246 2008-05-24 13:16:49 C:\WINDOWS\ModemLog_Sony Ericsson W810 USB WMC Data Modem.txt
                      ----a-w 4,472 2008-05-24 13:16:49 C:\WINDOWS\ModemLog_Sony Ericsson W810 USB WMC Modem.txt
                      ----a-w 45,676 2008-05-14 11:02:46 C:\WINDOWS\msgsocm.log
                      ----a-w 275,886 2008-05-14 11:02:43 C:\WINDOWS\msmqinst.log
                      ----a-w 69 2008-05-19 18:56:48 C:\WINDOWS\NeroDigital.ini
                      ----a-w 172,867 2008-05-14 11:02:46 C:\WINDOWS\netfxocm.log
                      ----a-w 131,724 2008-05-27 19:58:57 C:\WINDOWS\ntbtlog.txt
                      ----a-w 184,952 2008-05-14 11:02:46 C:\WINDOWS\ntdtcsetup.log
                      ----a-w 437,552 2008-05-14 11:02:46 C:\WINDOWS\ocgen.log
                      ----a-w 56,083 2008-05-14 11:02:46 C:\WINDOWS\ocmsn.log
                      ----a-w 103,943 2008-05-14 11:02:46 C:\WINDOWS\plusoc.log
                      ---ha-w 54,156 2008-05-29 16:29:35 C:\WINDOWS\QTFont.qfn
                      ----a-w 32,400 2008-05-27 19:45:34 C:\WINDOWS\SchedLgU.Txt
                      ----a-w 416,959 2008-05-28 05:44:00 C:\WINDOWS\setupapi.log
                      ----a-w 46,389 2008-05-14 11:02:46 C:\WINDOWS\tabletoc.log
                      ----a-w 419,297 2008-05-14 11:02:46 C:\WINDOWS\tsoc.log
                      ----a-w 4 2008-05-29 16:29:55 C:\WINDOWS\Twain001.Mtx
                      ----a-w 159 2008-05-29 16:29:49 C:\WINDOWS\wiadebug.log
                      ----a-w 49 2008-05-29 16:29:43 C:\WINDOWS\wiaservc.log
                      ----a-w 1,881,623 2008-05-29 16:31:23 C:\WINDOWS\WindowsUpdate.log
                      ----a-w 72,555 2008-05-23 14:45:38 C:\WINDOWS\wmsetup.log

                      Entries: 33 (31)
                      Directories: 0 Files: 33
                      Bytes: 6,748,386 Blocks: 13,197
                      ======C:\WINDOWS\system32=====
                      ----a-w 0 2008-05-28 05:19:16 C:\WINDOWS\System32\clkcnt.txt
                      ----a-w 107,888 2008-05-08 10:26:53 C:\WINDOWS\System32\CmdLineExt.dll
                      ----a-w 33,198 2008-05-29 16:31:11 C:\WINDOWS\System32\Config.MPF
                      ----a-w 1,553,344 2008-05-18 12:31:32 C:\WINDOWS\System32\FNTCACHE.DAT
                      ----a-w 84 2008-05-29 16:30:20 C:\WINDOWS\System32\ikhcore.cfg
                      ----a-w 12,632 2008-05-16 09:58:04 C:\WINDOWS\System32\lsdelete.exe
                      ----a-w 143 2008-05-28 22:41:08 C:\WINDOWS\System32\mcrh.tmp
                      --sha-w 182,512 2008-05-28 22:41:03 C:\WINDOWS\System32\oVuFeMoq.ini
                      ----a-w 72,960 2008-05-28 05:43:36 C:\WINDOWS\System32\perfc009.dat
                      ----a-w 93,218 2008-05-28 05:43:36 C:\WINDOWS\System32\perfc013.dat
                      ----a-w 446,006 2008-05-28 05:43:36 C:\WINDOWS\System32\perfh009.dat
                      ----a-w 514,242 2008-05-28 05:43:36 C:\WINDOWS\System32\perfh013.dat
                      ----a-w 1,140,898 2008-05-28 05:43:35 C:\WINDOWS\System32\PerfStringBackup.INI
                      ------w 318,336 2008-05-28 22:39:12 C:\WINDOWS\System32\qoMeFuVo.dll
                      ------w 96,256 2008-05-28 22:39:12 C:\WINDOWS\System32\quxpvodu.dll
                      ----a-w 827,634 2008-05-27 06:12:36 C:\WINDOWS\System32\RVAXO.bat
                      ------w 29,312 2008-05-28 22:39:13 C:\WINDOWS\System32\urqPiIxY.dll
                      ----a-w 14,336 2008-05-29 16:28:56 C:\WINDOWS\System32\WinCtrl32.dll
                      ----a-w 12,288 2008-05-29 16:28:56 C:\WINDOWS\System32\WLCtrl32.dll
                      ----a-w 13,646 2008-05-18 12:31:16 C:\WINDOWS\System32\wpa.dbl

                      Entries: 20 (19)
                      Directories: 0 Files: 20
                      Bytes: 5,468,933 Blocks: 10,690
                      ======C:\WINDOWS\system32\drivers=====
                      ----a-w 12,960 2008-04-29 09:19:50 C:\WINDOWS\System32\drivers\Awrtpd.sys
                      ----a-w 15,648 2008-04-29 09:19:54 C:\WINDOWS\System32\drivers\Awrtrd.sys
                      ----a-w 29,056 2008-05-28 22:56:22 C:\WINDOWS\System32\drivers\kfN07.sys
                      ----a-w 15,864 2008-05-05 18:46:32 C:\WINDOWS\System32\drivers\mbam.sys
                      ----a-w 27,048 2008-05-05 18:46:36 C:\WINDOWS\System32\drivers\mbamcatchme.sys
                      ----a-w 15,648 2008-04-29 09:20:00 C:\WINDOWS\System32\drivers\NSDriver.sys
                      ----a-w 27,008 2008-05-28 22:10:14 C:\WINDOWS\System32\drivers\Rem07.sys

                      Entries: 7 (7)
                      Directories: 0 Files: 7
                      Bytes: 143,232 Blocks: 282
                      =======C:\Program Files=====
                      Entries: 0 (0)
                      Directories: 0 Files: 0
                      Bytes: 0 Blocks: 0
                      =======D:=====
                      ----a-w 639 2008-05-27 19:58:21 D:\firstrun6.log

                      Entries: 1 (1)
                      Directories: 0 Files: 1
                      Bytes: 639 Blocks: 2
                      ======D:\Documenten en settings\Ravish\Application Data======
                      Entries: 0 (0)
                      Directories: 0 Files: 0
                      Bytes: 0 Blocks: 0
                      ======D:\Temp======
                      Entries: 0 (0)
                      Directories: 0 Files: 0
                      Bytes: 0 Blocks: 0
                      ======D:\Documenten en settings\Ravish======
                      ---ha-w 3,407,872 2008-05-28 23:24:38 D:\Documenten en settings\Ravish\NTUSER.DAT
                      ---ha-w 114,688 2008-05-29 16:33:49 D:\Documenten en settings\Ravish\NtUser.dat.LOG
                      --sh--w 188 2008-05-28 23:24:14 D:\Documenten en settings\Ravish\ntuser.ini
                      ----a-w 600 2008-05-25 15:46:12 D:\Documenten en settings\Ravish\PUTTY.RND

                      Entries: 4 (1)
                      Directories: 0 Files: 4
                      Bytes: 3,523,348 Blocks: 6,883
                      ======C:\WINDOWS\Downloaded Program Files====
                      Entries: 0 (0)
                      Directories: 0 Files: 0
                      Bytes: 0 Blocks: 0
                      =============

                      Comment


                      • #12
                        Ik heb ad-Aware een scan laten uitvoeren en die heeft de volgende trojan gevonden.
                        WIN32.TrojanDownloader.Mutant.
                        Ik heb Ad-Aware het laten verwijderen maar telkens als ik mijn computer opnieuw opstart is die trojan er nog steeds.

                        Comment


                        • #13
                          Door de acties met Ad-aware kan er wat gewijzigd zijn.
                          Maak daarom een nieuw logje met zoek.exe en post dat in je volgende bericht.

                          Comment


                          • #14
                            ======C:\WINDOWS====
                            ----a-w 0 2008-05-29 18:43:57 C:\WINDOWS\0.log
                            --s-a-w 2,048 2008-05-29 18:42:20 C:\WINDOWS\bootstat.dat
                            ----a-w 309,520 2008-05-29 17:38:30 C:\WINDOWS\comsetup.log
                            ----a-w 51,471 2008-05-29 17:38:30 C:\WINDOWS\ehOCGen.log
                            ----a-w 931,822 2008-05-29 17:38:29 C:\WINDOWS\FaxSetup.log
                            ----a-w 2,334 2008-05-14 17:12:27 C:\WINDOWS\HPOCSS05.INI
                            ----a-w 228 2008-05-25 12:56:27 C:\WINDOWS\HPODJC05.INI
                            ----a-w 551 2008-05-25 12:56:33 C:\WINDOWS\HPOTBX05.INI
                            ----a-w 998,344 2008-05-29 17:38:30 C:\WINDOWS\iis6.log
                            ----a-w 1,374 2008-05-14 11:02:46 C:\WINDOWS\imsins.BAK
                            ----a-w 1,374 2008-05-29 17:38:30 C:\WINDOWS\imsins.log
                            ----a-w 11,096 2008-05-29 17:38:30 C:\WINDOWS\KB932823-v3.log
                            ----a-w 13,651 2008-05-14 11:02:46 C:\WINDOWS\KB950749.log
                            ----a-w 111,803 2008-05-29 17:38:30 C:\WINDOWS\MedCtrOC.log
                            ----a-w 4,246 2008-05-24 13:16:49 C:\WINDOWS\ModemLog_Sony Ericsson W810 USB WMC Data Modem.txt
                            ----a-w 4,472 2008-05-24 13:16:49 C:\WINDOWS\ModemLog_Sony Ericsson W810 USB WMC Modem.txt
                            ----a-w 45,985 2008-05-29 17:38:30 C:\WINDOWS\msgsocm.log
                            ----a-w 277,790 2008-05-29 17:38:27 C:\WINDOWS\msmqinst.log
                            ----a-w 69 2008-05-19 18:56:48 C:\WINDOWS\NeroDigital.ini
                            ----a-w 173,950 2008-05-29 17:38:30 C:\WINDOWS\netfxocm.log
                            ----a-w 131,724 2008-05-27 19:58:57 C:\WINDOWS\ntbtlog.txt
                            ----a-w 186,199 2008-05-29 17:38:30 C:\WINDOWS\ntdtcsetup.log
                            ----a-w 440,468 2008-05-29 17:38:30 C:\WINDOWS\ocgen.log
                            ----a-w 56,469 2008-05-29 17:38:30 C:\WINDOWS\ocmsn.log
                            ----a-w 104,632 2008-05-29 17:38:30 C:\WINDOWS\plusoc.log
                            ---ha-w 54,156 2008-05-29 18:42:58 C:\WINDOWS\QTFont.qfn
                            ----a-w 32,400 2008-05-27 19:45:34 C:\WINDOWS\SchedLgU.Txt
                            ----a-w 416,959 2008-05-28 05:44:00 C:\WINDOWS\setupapi.log
                            ----a-w 46,700 2008-05-29 17:38:30 C:\WINDOWS\tabletoc.log
                            ----a-w 422,118 2008-05-29 17:38:30 C:\WINDOWS\tsoc.log
                            ----a-w 4 2008-05-29 18:43:10 C:\WINDOWS\Twain001.Mtx
                            ----a-w 159 2008-05-29 18:43:21 C:\WINDOWS\wiadebug.log
                            ----a-w 49 2008-05-29 18:43:12 C:\WINDOWS\wiaservc.log
                            ----a-w 1,946,447 2008-05-29 18:44:41 C:\WINDOWS\WindowsUpdate.log
                            ----a-w 72,555 2008-05-23 14:45:38 C:\WINDOWS\wmsetup.log

                            Entries: 35 (33)
                            Directories: 0 Files: 35
                            Bytes: 6,853,167 Blocks: 13,402
                            ======C:\WINDOWS\system32=====
                            ----a-w 0 2008-05-28 05:19:16 C:\WINDOWS\System32\clkcnt.txt
                            ----a-w 107,888 2008-05-08 10:26:53 C:\WINDOWS\System32\CmdLineExt.dll
                            ----a-w 33,324 2008-05-29 18:44:21 C:\WINDOWS\System32\Config.MPF
                            ----a-w 1,553,344 2008-05-18 12:31:32 C:\WINDOWS\System32\FNTCACHE.DAT
                            ----a-w 84 2008-05-29 18:43:51 C:\WINDOWS\System32\ikhcore.cfg
                            ----a-w 12,632 2008-05-16 09:58:04 C:\WINDOWS\System32\lsdelete.exe
                            ----a-w 143 2008-05-28 22:41:08 C:\WINDOWS\System32\mcrh.tmp
                            ----a-w 72,960 2008-05-28 05:43:36 C:\WINDOWS\System32\perfc009.dat
                            ----a-w 93,218 2008-05-28 05:43:36 C:\WINDOWS\System32\perfc013.dat
                            ----a-w 446,006 2008-05-28 05:43:36 C:\WINDOWS\System32\perfh009.dat
                            ----a-w 514,242 2008-05-28 05:43:36 C:\WINDOWS\System32\perfh013.dat
                            ----a-w 1,140,898 2008-05-28 05:43:35 C:\WINDOWS\System32\PerfStringBackup.INI
                            ------w 96,256 2008-05-28 22:39:12 C:\WINDOWS\System32\quxpvodu.dll
                            ----a-w 827,634 2008-05-27 06:12:36 C:\WINDOWS\System32\RVAXO.bat
                            ------w 29,312 2008-05-28 22:39:13 C:\WINDOWS\System32\urqPiIxY.dll
                            ----a-w 14,336 2008-05-29 18:42:19 C:\WINDOWS\System32\WinCtrl32.dll
                            ----a-w 12,288 2008-05-29 18:42:19 C:\WINDOWS\System32\WLCtrl32.dll
                            ----a-w 13,646 2008-05-18 12:31:16 C:\WINDOWS\System32\wpa.dbl

                            Entries: 18 (18)
                            Directories: 0 Files: 18
                            Bytes: 4,968,211 Blocks: 9,712
                            ======C:\WINDOWS\system32\drivers=====
                            ----a-w 12,960 2008-04-29 09:19:50 C:\WINDOWS\System32\drivers\Awrtpd.sys
                            ----a-w 15,648 2008-04-29 09:19:54 C:\WINDOWS\System32\drivers\Awrtrd.sys
                            ----a-w 29,056 2008-05-28 22:56:22 C:\WINDOWS\System32\drivers\kfN07.sys
                            ----a-w 15,864 2008-05-05 18:46:32 C:\WINDOWS\System32\drivers\mbam.sys
                            ----a-w 27,048 2008-05-05 18:46:36 C:\WINDOWS\System32\drivers\mbamcatchme.sys
                            ----a-w 15,648 2008-04-29 09:20:00 C:\WINDOWS\System32\drivers\NSDriver.sys
                            ----a-w 27,008 2008-05-28 22:10:14 C:\WINDOWS\System32\drivers\Rem07.sys

                            Entries: 7 (7)
                            Directories: 0 Files: 7
                            Bytes: 143,232 Blocks: 282
                            =======C:\Program Files=====
                            Entries: 0 (0)
                            Directories: 0 Files: 0
                            Bytes: 0 Blocks: 0
                            =======D:=====
                            ----a-w 639 2008-05-27 19:58:21 D:\firstrun6.log

                            Entries: 1 (1)
                            Directories: 0 Files: 1
                            Bytes: 639 Blocks: 2
                            ======D:\Documenten en settings\Ravish\Application Data======
                            Entries: 0 (0)
                            Directories: 0 Files: 0
                            Bytes: 0 Blocks: 0
                            ======D:\Temp======
                            Entries: 0 (0)
                            Directories: 0 Files: 0
                            Bytes: 0 Blocks: 0
                            ======D:\Documenten en settings\Ravish======
                            ---ha-w 3,407,872 2008-05-29 18:41:31 D:\Documenten en settings\Ravish\NTUSER.DAT
                            ---ha-w 32,768 2008-05-29 18:49:34 D:\Documenten en settings\Ravish\NtUser.dat.LOG
                            --sh--w 188 2008-05-29 18:41:07 D:\Documenten en settings\Ravish\ntuser.ini
                            ----a-w 600 2008-05-25 15:46:12 D:\Documenten en settings\Ravish\PUTTY.RND

                            Entries: 4 (1)
                            Directories: 0 Files: 4
                            Bytes: 3,441,428 Blocks: 6,723
                            ======C:\WINDOWS\Downloaded Program Files====
                            Entries: 0 (0)
                            Directories: 0 Files: 0
                            Bytes: 0 Blocks: 0
                            =============

                            Comment


                            • #15
                              Dit hoort nog eigelijk bij mijn vorige post het gaat om de file C:\WINDOWS\system32\wlctrl32.dll

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X