Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

vundo

smeenk
11 antwoorden
  • Daar gaat ie dan. Ik hoop dat iemand mij kan helpen.

    Logfile of HijackThis v1.99.1
    Scan saved at 12:02:01, on 10-6-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\SiteAdvisor\6066\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\McAfee\MSK\MskAgent.exe
    C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Nuria\Nuria.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\ePrompter\ePrompter.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\DOCUME~1\HP_EIG~1\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe
    c:\program files\mcafee\msc\mcuimgr.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.caravankoops.blogspot.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O2 - BHO: (no name) - {1a4ac64a-a361-4838-8dd8-a942fbae910a} - C:\WINDOWS\system32\KBDsrv.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: CPub Object - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
    O2 - BHO: (no name) - {DEBEB52F-CFA6-4647-971F-3EDB75B63AFA} - C:\WINDOWS\system32\tmp4.tmp.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
    O4 - HKLM\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe
    O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: RaptisoftGameLoader - http://www.raptisoft.com/webgames
    aptisoftgameloader.cab
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
    O16 - DPF: {304171C0-65EA-4B51-B5D9-93A311E26EB1} (MxPEG_ActiveX Control) - http://212.182.185.186/cgi-bin/MxPEG_ActiveX.cab?dummy=2422621
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    O16 - DPF: {4C0942C1-C405-4805-B3B6-EA16F2DDD1BD} (innova-Panorama-Viewer Object) - http://www.webplaner-innoplus.de/innova/pano/prog
    undum.7.0.2.0.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com
    esources/MsnPUpld.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O20 - AppInit_DLLs: c:\windows\system32\ssqpmmn.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: KBDsrv - C:\WINDOWS\SYSTEM32\KBDsrv.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe


  • Hier de resultaten van Combofix:

    ComboFix 07-06-09.5 - C:\Documents and Settings\HP_Eigenaar\Bureaublad\ComboFix.exe
    "HP_Eigenaar" - 2007-06-10 13:12:30 - Service Pack 2 NTFS


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\KBDsrv.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *




    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\tmp1AD9.tmp.dll
    C:\WINDOWS\system32\tmp1B86.tmp.dll
    C:\WINDOWS\system32\tmp37B.tmp.dll
    C:\WINDOWS\system32\tmp37C.tmp.dll
    C:\WINDOWS\system32\tmp4.tmp.dll


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    ——-\LEGACY_NPF
    ——-\NPF


    ((((((((((((((((((((((((( Files Created from 2007-05-10 to 2007-06-10 )))))))))))))))))))))))))))))))


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\KBDsrv.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *




    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\tmp1AD9.tmp.dll
    C:\WINDOWS\system32\tmp1B86.tmp.dll
    C:\WINDOWS\system32\tmp37B.tmp.dll
    C:\WINDOWS\system32\tmp37C.tmp.dll
    C:\WINDOWS\system32\tmp4.tmp.dll


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    ——-\LEGACY_NPF
    ——-\NPF


    ((((((((((((((((((((((((( Files Created from 2007-05-10 to 2007-06-10 )))))))))))))))))))))))))))))))


    2007-06-10 13:09 49,152 –a—— C:\WINDOWS
    ircmd.exe
    2007-06-10 13:09 49,152 –a—— C:\WINDOWS
    ircmd.exe
    2007-06-10 13:01 2,560 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp3B2.tmp.exe
    2007-06-10 12:59 252,221 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp381.tmp.exe
    2007-06-10 12:58 50,970 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp37C.tmp.exe
    2007-06-10 12:58 50,970 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp37B.tmp.exe
    2007-06-10 11:24 2,560 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1F.tmp.exe
    2007-06-10 11:22 50,970 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp4.tmp.exe
    2007-06-10 11:22 252,221 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp8.tmp.exe
    2007-06-10 11:20 <DIR> dr-h—– C:\DOCUME~1\HP_EIG~1\Onlangs geopend
    2007-06-10 11:11 47,899 –a—— C:\WINDOWS\system32\ddcyw.exe
    2007-06-10 11:11 47,899 –a—— C:\WINDOWS\system32\ddcyw.exe
    2007-06-10 11:01 <DIR> d——– C:\VundoFix Backups
    2007-06-10 11:01 <DIR> d——– C:\VundoFix Backups
    2007-06-10 10:45 252,221 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmpD26.tmp.exe
    2007-06-10 10:45 2,560 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmpD27.tmp.exe
    2007-06-10 09:46 50,970 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmpC71.tmp.exe
    2007-06-09 12:56 252,221 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1B87.tmp.exe
    2007-06-09 12:56 2,560 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1B88.tmp.exe
    2007-06-09 11:48 252,221 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1ADA.tmp.exe
    2007-06-09 11:48 2,560 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1ADB.tmp.exe
    2007-06-09 10:55 2,560 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1938.tmp.exe
    2007-06-09 10:54 252,221 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1937.tmp.exe
    2007-06-09 10:47 47,899 –a—— C:\WINDOWS\system32\sstqq.exe
    2007-06-09 10:47 47,899 –a—— C:\WINDOWS\system32\sstqq.exe
    2007-06-09 10:42 12,494 ——— C:\WINDOWS\system32\ssqpmmn.dll
    2007-06-09 10:42 12,494 ——— C:\WINDOWS\system32\ssqpmmn.dll
    2007-06-05 22:10 <DIR> d——– C:\Program Files\Weight Watchers FlexiPoints
    2007-06-05 21:52 <DIR> d——– C:\Program Files\utorrent
    2007-06-05 21:52 <DIR> d——– C:\DOCUME~1\HP_EIG~1\APPLIC~1\uTorrent
    2007-05-16 19:51 <DIR> d——– C:\Program Files\Crossword Weaver
    2007-05-11 20:40 <DIR> d——– C:\Program Files\Windows Media Connect 2
    2007-05-11 20:37 <DIR> d——– C:\WINDOWS\system32\drivers\UMDF
    2007-05-11 20:37 <DIR> d——– C:\WINDOWS\system32\drivers\UMDF
    2007-05-10 08:14 <DIR> d——– C:\Program Files\Microsoft CAPICOM 2.1.0.2


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-10 11:27:01 ——– d—–w C:\DOCUME~1\HP_EIG~1\APPLIC~1\SiteAdvisor
    2007-06-10 11:26:18 37,437 —-a-w C:\WINDOWS\system32\igfprf.dll
    2007-06-10 11:26:04 47,899 —-a-w C:\WINDOWS\system32\vtuts.exe
    2007-06-10 11:22:58 12 —-a-w C:\WINDOWS\bthservsdp.dat
    2007-06-10 11:20:22 ——– d—–w C:\Program Files\ePrompter
    2007-06-09 16:42:55 ——– d—–w C:\Program Files\WinAce
    2007-06-05 20:11:29 ——– d–h–w C:\Program Files\Zero G Registry
    2007-06-03 18:03:25 ——– d—–w C:\Program Files\MSN Messenger
    2007-05-10 13:41:03 75,954 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-05-10 13:41:03 454,786 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 22:03:55 ——– d—–w C:\Program Files\SiteAdvisor
    2007-04-15 15:10:38 ——– d—–w C:\Program Files\curso muzzy BBC multilingual cd-rom nivel 1 parte 4 (el pais)
    2007-04-12 18:54:12 ——– d—–w C:\DOCUME~1\HP_EIG~1\APPLIC~1\Nokia Multimedia Player
    2007-03-20 19:17:16 87,608 -c–a-w C:\DOCUME~1\HP_EIG~1\APPLIC~1\ezpinst.exe
    2007-03-20 19:17:16 47,360 -c–a-w C:\DOCUME~1\HP_EIG~1\APPLIC~1\pcouffin.sys
    2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
    2006-09-29 16:56:33 88 -csh–r C:\WINDOWS\system32\A8B8572603.sys
    2006-09-30 21:00:27 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {089FD14D-132B-48FC-8861-0048AE113215}=C:\Program Files\SiteAdvisor\6066\SiteAdv.dll [2007-03-30 17:41]
    {15836d5f-4c4b-4a4b-90f3-5798866b46f4}=C:\WINDOWS\system32\igfprf.dll [2007-06-10 13:26]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
    {7DB2D5A0-7241-4E79-B68D-6309F01C5231}=c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll [2006-12-22 17:02]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 13:32]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar4.dll [2006-10-17 16:04]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
    "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30]
    "SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2006-10-02 21:09]
    "HP Software Update"="C1\Program Files\HP\HP Software Update\HPwuSchd2.exe" []
    "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 01:35]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "AlcWzrd"="ALCWZRD.EXE" [2005-05-04 12:01 C:\WINDOWS\ALCWZRD.EXE]
    "Alcmtr"="ALCMTR.EXE" [2005-05-03 20:43 C:\WINDOWS\ALCMTR.EXE]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-31 22:33]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27]
    "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 12:22]
    "Nuria"="C:\Program Files\Nuria\Nuria.exe" [2006-04-23 14:24]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 19:34]
    "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-04-13 19:26]
    "Nuria"="C:\Program Files\Nuria\Nuria.exe" [2006-04-23 14:24]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    No new files created in this timespan


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\igfprf]
    igfprf.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=c:\windows\system32\ssqpmmn.dll
    2007-06-10 11:28:57 ——– d—–w C:\DOCUME~1\HP_EIG~1\APPLIC~1\SiteAdvisor
    2007-06-10 11:28:28 ——– d—–w C:\Program Files\ePrompter
    2007-06-10 11:26:18 37,437 —-a-w C:\WINDOWS\system32\igfprf.dll
    2007-06-10 11:26:04 47,899 —-a-w C:\WINDOWS\system32\vtuts.exe
    2007-06-10 11:22:58 12 —-a-w C:\WINDOWS\bthservsdp.dat
    2007-06-09 16:42:55 ——– d—–w C:\Program Files\WinAce
    2007-06-05 20:11:29 ——– d–h–w C:\Program Files\Zero G Registry
    2007-06-03 18:03:25 ——– d—–w C:\Program Files\MSN Messenger
    2007-05-10 13:41:03 75,954 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-05-10 13:41:03 454,786 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 22:03:55 ——– d—–w C:\Program Files\SiteAdvisor
    2007-04-15 15:10:38 ——– d—–w C:\Program Files\curso muzzy BBC multilingual cd-rom nivel 1 parte 4 (el pais)
    2007-04-12 18:54:12 ——– d—–w C:\DOCUME~1\HP_EIG~1\APPLIC~1\Nokia Multimedia Player
    2007-03-20 19:17:16 87,608 -c–a-w C:\DOCUME~1\HP_EIG~1\APPLIC~1\ezpinst.exe
    2007-03-20 19:17:16 47,360 -c–a-w C:\DOCUME~1\HP_EIG~1\APPLIC~1\pcouffin.sys
    2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

    *Newly Created Service* - 0200401181471829MCINSTCLEANUP

    Contents of the 'Scheduled Tasks' folder
    2007-05-14 23:11:25 C:\WINDOWS\tasks\McDefragTask.job
    2007-05-31 23:00:27 C:\WINDOWS\tasks\McQcTask.job

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-10 13:25:00
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    HP Software Update = C1\Program Files\HP\HP Software Update\HPwuSchd2.exe?

    scanning hidden files …

    C:\WINDOWS\system32\igfprf.dll
    C:\WINDOWS\system32\vtuts.exe
    C:\WINDOWS\system32\vtuts.exe

    scan completed successfully
    hidden files: 2


    scan completed successfully
    hidden files: 2

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\0200401181471829mcinstcleanup]
    "ImagePath"="C:\WINDOWS\TEMP\020040~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00000001-0000-1000-8000-0002ee000002}]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001105-0000-1000-8000-00805f9b34fb}]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


    Completion time: 2007-06-10 13:30:18 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-06-10 13:29

    — E O F —
    2006-09-29 16:56:33 88 -csh–r C:\WINDOWS\system32\A8B8572603.sys
    2006-09-30 21:00:27 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {089FD14D-132B-48FC-8861-0048AE113215}=C:\Program Files\SiteAdvisor\6066\SiteAdv.dll [30-03-2007 17:41]
    {15836d5f-4c4b-4a4b-90f3-5798866b46f4}=C:\WINDOWS\system32\igfprf.dll [10-06-2007 13:26]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [14-03-2007 03:43]
    {7DB2D5A0-7241-4E79-B68D-6309F01C5231}=c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll [22-12-2006 17:02]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [17-04-2006 13:32]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar4.dll [17-10-2006 16:04]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [07-01-2005 17:07 C:\WINDOWS\system32\HdAShCut.exe]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [27-07-2004 16:50]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [27-07-2004 16:50]
    "KBD"="C:\HP\KBD\KBD.EXE" [02-02-2005 16:44]
    "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [17-01-2007 18:30]
    "SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [02-10-2006 21:09]
    "HP Software Update"="C1\Program Files\HP\HP Software Update\HPwuSchd2.exe" []
    "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [02-06-2005 01:35]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [14-03-2007 03:43]
    "AlcWzrd"="ALCWZRD.EXE" [04-05-2005 12:01 C:\WINDOWS\ALCWZRD.EXE]
    "Alcmtr"="ALCMTR.EXE" [03-05-2005 20:43 C:\WINDOWS\ALCMTR.EXE]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [31-07-2006 22:33]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [08-11-2006 14:27]
    "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [08-01-2007 12:22]
    "Nuria"="C:\Program Files\Nuria\Nuria.exe" [23-04-2006 14:24]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 06:00]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [13-11-2006 19:34]
    "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [13-04-2007 19:26]
    "Nuria"="C:\Program Files\Nuria\Nuria.exe" [23-04-2006 14:24]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\igfprf]
    igfprf.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=c:\windows\system32\ssqpmmn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

    *Newly Created Service* - 0200401181471829MCINSTCLEANUP

    Contents of the 'Scheduled Tasks' folder
    2007-05-14 23:11:25 C:\WINDOWS\tasks\McDefragTask.job
    2007-05-31 23:00:27 C:\WINDOWS\tasks\McQcTask.job

    **************************************************************************
    scanning hidden processes …

    scanning hidden autostart entries …

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    HP Software Update = C1\Program Files\HP\HP Software Update\HPwuSchd2.exe?

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\0200401181471829mcinstcleanup]
    "ImagePath"="C:\WINDOWS\TEMP\020040~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00000001-0000-1000-8000-0002ee000002}]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001105-0000-1000-8000-00805f9b34fb}]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\0200401181471829mcinstcleanup]
    "ImagePath"="C:\WINDOWS\TEMP\020040~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00000001-0000-1000-8000-0002ee000002}]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001105-0000-1000-8000-00805f9b34fb}]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


    Completion time: 10-06-2007 13:32:50 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 10-06-2007 13:32

    — E O F —



  • Doe de volgende stappen:

    1. Download ATF cleaner (gemaakt door Atribune)
    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij [b:c7d03d73c3]Select All[/b:c7d03d73c3].
    Klik op de knop [b:c7d03d73c3]Empty Selected[/b:c7d03d73c3].

    Het volgende doen als je ook FireFox als browser hebt:
    Klik op tabblad "Firefox", plaats een vinkje bij [b:c7d03d73c3]Select All[/b:c7d03d73c3].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords";)
    Klik op de knop [b:c7d03d73c3]Empty Selected[/b:c7d03d73c3].

    Het volgende doen als je ook Opera als browser hebt:
    Klik op tabblad "Opera", plaats een vinkje bij [b:c7d03d73c3]Select All[/b:c7d03d73c3].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:c7d03d73c3]Empty Selected[/b:c7d03d73c3].
    Ga naar het tabblad "Main" en klik op de knop [b:c7d03d73c3]Exit[/b:c7d03d73c3] om het programma af te sluiten.

    2. Download [b:c7d03d73c3]Dr.Web CureIt[/b:c7d03d73c3] naar je bureaublad:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

    3. Start de computer in veilige modus.

    4. Dubbelklik [b:c7d03d73c3]drweb-cureit.exe[/b:c7d03d73c3] en sta het toe om de express scan te starten.
    Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
    Eenmaal de korte scan is beeïndigd, Klik [b:c7d03d73c3]Options[/b:c7d03d73c3] > Change Settings
    Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
    Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
    Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
    Klik daarna de [b:c7d03d73c3]groene pijl[/b:c7d03d73c3] rechts om de scan te starten.
    Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
    Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:c7d03d73c3]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:c7d03d73c3]
    Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:c7d03d73c3]Move incurable[/b:c7d03d73c3] zoals je zal zien in volgende afbeelding:
    [img:c7d03d73c3]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:c7d03d73c3]
    Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
    Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:c7d03d73c3]file[/b:c7d03d73c3] en kies [b:c7d03d73c3]save report list[/b:c7d03d73c3]. Bewaar de log op je bureaublad.
    Sluit daarna Dr.Web Cureit.

    5. [b:c7d03d73c3]Herstart[/b:c7d03d73c3] je computer in normale modus!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
    Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post tesamen met een nieuw logje van Combofix ;)
  • verwijderd
  • Ik heb alles doorlopen. Hierbij nieuwe log van combofix. Er is geen log van Dr Webcureit omdat die niks gevonden heeft!


    ComboFix 07-06-09.5 - C:\Documents and Settings\HP_Eigenaar\Bureaublad\ComboFix.exe
    "HP_Eigenaar" - 2007-06-10 14:31:12 - Service Pack 2 NTFS


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\igfprf.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\tmp1A.tmp.dll


    ((((((((((((((((((((((((( Files Created from 2007-05-10 to 2007-06-10 )))))))))))))))))))))))))))))))


    2007-06-10 14:47 47,899 –a—— C:\WINDOWS\system32\awtsp.exe
    2007-06-10 14:47 37,437 –a—— C:\WINDOWS\system32\eudmgr.dll
    2007-06-10 14:29 <DIR> dr-h—– C:\DOCUME~1\HP_EIG~1\Onlangs geopend
    2007-06-10 14:12 <DIR> d——– C:\DOCUME~1\HP_EIG~1\DoctorWeb
    2007-06-10 13:34 252,221 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp23.tmp.exe
    2007-06-10 13:34 2,560 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp25.tmp.exe
    2007-06-10 13:33 50,970 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1A.tmp.exe
    2007-06-10 13:26 47,899 –a—— C:\WINDOWS\system32\vtuts.exe
    2007-06-10 13:09 49,152 –a—— C:\WINDOWS
    ircmd.exe
    2007-06-10 13:01 2,560 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp3B2.tmp.exe
    2007-06-10 12:59 252,221 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp381.tmp.exe
    2007-06-10 12:58 50,970 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp37C.tmp.exe
    2007-06-10 12:58 50,970 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp37B.tmp.exe
    2007-06-10 11:24 2,560 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1F.tmp.exe
    2007-06-10 11:22 50,970 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp4.tmp.exe
    2007-06-10 11:22 252,221 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp8.tmp.exe
    2007-06-10 11:11 47,899 –a—— C:\WINDOWS\system32\ddcyw.exe
    2007-06-10 11:01 <DIR> d——– C:\VundoFix Backups
    2007-06-10 10:45 252,221 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmpD26.tmp.exe
    2007-06-10 10:45 2,560 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmpD27.tmp.exe
    2007-06-10 09:46 50,970 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmpC71.tmp.exe
    2007-06-09 12:56 252,221 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1B87.tmp.exe
    2007-06-09 12:56 2,560 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1B88.tmp.exe
    2007-06-09 11:48 252,221 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1ADA.tmp.exe
    2007-06-09 11:48 2,560 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1ADB.tmp.exe
    2007-06-09 10:55 2,560 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1938.tmp.exe
    2007-06-09 10:54 252,221 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1937.tmp.exe
    2007-06-09 10:47 47,899 –a—— C:\WINDOWS\system32\sstqq.exe
    2007-06-09 10:42 12,494 ——— C:\WINDOWS\system32\ssqpmmn.dll
    2007-06-05 22:10 <DIR> d——– C:\Program Files\Weight Watchers FlexiPoints
    2007-06-05 21:52 <DIR> d——– C:\Program Files\utorrent
    2007-06-05 21:52 <DIR> d——– C:\DOCUME~1\HP_EIG~1\APPLIC~1\uTorrent
    2007-05-16 19:51 <DIR> d——– C:\Program Files\Crossword Weaver
    2007-05-11 20:40 <DIR> d——– C:\Program Files\Windows Media Connect 2
    2007-05-11 20:37 <DIR> d——– C:\WINDOWS\system32\drivers\UMDF
    2007-05-10 08:14 <DIR> d——– C:\Program Files\Microsoft CAPICOM 2.1.0.2


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-10 12:44:57 12 —-a-w C:\WINDOWS\bthservsdp.dat
    2007-06-10 12:43:35 ——– d—–w C:\Program Files\ePrompter
    2007-06-10 12:04:42 ——– d—–w C:\DOCUME~1\HP_EIG~1\APPLIC~1\SiteAdvisor
    2007-06-09 16:42:55 ——– d—–w C:\Program Files\WinAce
    2007-06-05 20:11:29 ——– d–h–w C:\Program Files\Zero G Registry
    2007-06-03 18:03:25 ——– d—–w C:\Program Files\MSN Messenger
    2007-05-10 13:41:03 75,954 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-05-10 13:41:03 454,786 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 22:03:55 ——– d—–w C:\Program Files\SiteAdvisor
    2007-04-15 15:10:38 ——– d—–w C:\Program Files\curso muzzy BBC multilingual cd-rom nivel 1 parte 4 (el pais)
    2007-04-12 18:54:12 ——– d—–w C:\DOCUME~1\HP_EIG~1\APPLIC~1\Nokia Multimedia Player
    2007-03-20 19:17:16 87,608 -c–a-w C:\DOCUME~1\HP_EIG~1\APPLIC~1\ezpinst.exe
    2007-03-20 19:17:16 47,360 -c–a-w C:\DOCUME~1\HP_EIG~1\APPLIC~1\pcouffin.sys
    2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
    2006-09-29 16:56:33 88 -csh–r C:\WINDOWS\system32\A8B8572603.sys
    2006-09-30 21:00:27 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {089FD14D-132B-48FC-8861-0048AE113215}=C:\Program Files\SiteAdvisor\6066\SiteAdv.dll [2007-03-30 17:41]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
    {7DB2D5A0-7241-4E79-B68D-6309F01C5231}=c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll [2006-12-22 17:02]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 13:32]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar4.dll [2006-10-17 16:04]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
    "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30]
    "SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2006-10-02 21:09]
    "HP Software Update"="C1\Program Files\HP\HP Software Update\HPwuSchd2.exe" []
    "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 01:35]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "AlcWzrd"="ALCWZRD.EXE" [2005-05-04 12:01 C:\WINDOWS\ALCWZRD.EXE]
    "Alcmtr"="ALCMTR.EXE" [2005-05-03 20:43 C:\WINDOWS\ALCMTR.EXE]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-31 22:33]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27]
    "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 12:22]
    "Nuria"="C:\Program Files\Nuria\Nuria.exe" [2006-04-23 14:24]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 19:34]
    "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-04-13 19:26]
    "Nuria"="C:\Program Files\Nuria\Nuria.exe" [2006-04-23 14:24]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\eudmgr]
    eudmgr.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=c:\windows\system32\ssqpmmn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


    Contents of the 'Scheduled Tasks' folder
    2007-05-14 23:11:25 C:\WINDOWS\tasks\McDefragTask.job
    2007-05-31 23:00:27 C:\WINDOWS\tasks\McQcTask.job

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-10 14:47:27
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    HP Software Update = C1\Program Files\HP\HP Software Update\HPwuSchd2.exe?

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\0200401181471829mcinstcleanup]
    "ImagePath"="C:\WINDOWS\TEMP\020040~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00000001-0000-1000-8000-0002ee000002}]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001105-0000-1000-8000-00805f9b34fb}]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


    Completion time: 2007-06-10 14:52:54 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-06-10 14:52
    C:\ComboFix2.txt … 2007-06-10 13:32

    — E O F —

  • Download:
    Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.

    Er zal een schermpje openen, daarin zullen snel enkele regels voorbijkomen, daarna zal dit scherm vanzelf sluiten, dit is normaal.
    [b:9f0349d895]Mogelijk[/b:9f0349d895] start er ook een uninstaller van een rogue scanner op, [b:9f0349d895]sluit deze niet af[/b:9f0349d895] maar volg eventuele aanwijzingen en laat deze zijn werk doen.

    Daarna de [b:9f0349d895]PC herstarten[/b:9f0349d895] en nogmaals RemoveVideoActiveXObject.exe dubbelklikken.
    Zoek daarna even het volgende bestand op C:\[b:9f0349d895]RVAXO-results.log[/b:9f0349d895]
    Dubbelklik dit bestand, het zal als een logje openen, post de inhoud in je volgende bericht tesamen met een nieuw logje van Combofix ;)
  • —————-RemoveVideoActiveXObject.exe first run————-

    Files found:


    Uninstallers Rogue scanners:


    Folders Found:


    ————–RemoveVideoActiveXObject.exe last run—————

    Files found:


    Uninstallers Rogue scanners:


    Folders Found:
  • en hier het combofix logje:

    ComboFix 07-06-09.5 - C:\Documents and Settings\HP_Eigenaar\Bureaublad\ComboFix.exe
    "HP_Eigenaar" - 2007-06-10 21:55:00 - Service Pack 2 NTFS


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\mfcntf.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((( Files Created from 2007-05-10 to 2007-06-10 )))))))))))))))))))))))))))))))


    2007-06-10 22:06 <DIR> dr-h—– C:\DOCUME~1\HP_EIG~1\Onlangs geopend
    2007-06-10 22:05 47,899 –a—— C:\WINDOWS\system32\awtqp.exe
    2007-06-10 22:05 37,437 –a—— C:\WINDOWS\system32\mapc71.dll
    2007-06-10 21:51 32,888 –a—— C:\WINDOWS\system32\RemoveVideoActiveXObject.reg
    2007-06-10 21:51 <DIR> d——– C:\WINDOWS\system32\RVAXO
    2007-06-10 21:43 47,899 –a—— C:\WINDOWS\system32\geedc.exe
    2007-06-10 19:59 4,112,760 –a—— C:\WINDOWS\system32\SpoonUninstall.exe
    2007-06-10 19:59 <DIR> d——– C:\Program Files\Illustrate
    2007-06-10 14:47 47,899 –a—— C:\WINDOWS\system32\awtsp.exe
    2007-06-10 14:12 <DIR> d——– C:\DOCUME~1\HP_EIG~1\DoctorWeb
    2007-06-10 13:34 252,221 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp23.tmp.exe
    2007-06-10 13:34 2,560 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp25.tmp.exe
    2007-06-10 13:33 50,970 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1A.tmp.exe
    2007-06-10 13:26 47,899 –a—— C:\WINDOWS\system32\vtuts.exe
    2007-06-10 13:09 49,152 –a—— C:\WINDOWS
    ircmd.exe
    2007-06-10 13:01 2,560 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp3B2.tmp.exe
    2007-06-10 12:59 252,221 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp381.tmp.exe
    2007-06-10 12:58 50,970 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp37C.tmp.exe
    2007-06-10 12:58 50,970 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp37B.tmp.exe
    2007-06-10 11:24 2,560 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1F.tmp.exe
    2007-06-10 11:22 50,970 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp4.tmp.exe
    2007-06-10 11:22 252,221 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp8.tmp.exe
    2007-06-10 11:11 47,899 –a—— C:\WINDOWS\system32\ddcyw.exe
    2007-06-10 11:01 <DIR> d——– C:\VundoFix Backups
    2007-06-10 10:45 252,221 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmpD26.tmp.exe
    2007-06-10 10:45 2,560 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmpD27.tmp.exe
    2007-06-10 09:46 50,970 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmpC71.tmp.exe
    2007-06-09 12:56 252,221 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1B87.tmp.exe
    2007-06-09 12:56 2,560 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1B88.tmp.exe
    2007-06-09 11:48 252,221 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1ADA.tmp.exe
    2007-06-09 11:48 2,560 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1ADB.tmp.exe
    2007-06-09 10:55 2,560 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1938.tmp.exe
    2007-06-09 10:54 252,221 –a—— C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1937.tmp.exe
    2007-06-09 10:47 47,899 –a—— C:\WINDOWS\system32\sstqq.exe
    2007-06-09 10:42 12,494 ——— C:\WINDOWS\system32\ssqpmmn.dll
    2007-06-05 22:10 <DIR> d——– C:\Program Files\Weight Watchers FlexiPoints
    2007-06-05 21:52 <DIR> d——– C:\Program Files\utorrent
    2007-06-05 21:52 <DIR> d——– C:\DOCUME~1\HP_EIG~1\APPLIC~1\uTorrent
    2007-05-16 19:51 <DIR> d——– C:\Program Files\Crossword Weaver
    2007-05-11 20:40 <DIR> d——– C:\Program Files\Windows Media Connect 2
    2007-05-11 20:37 <DIR> d——– C:\WINDOWS\system32\drivers\UMDF
    2007-05-10 08:14 <DIR> d——– C:\Program Files\Microsoft CAPICOM 2.1.0.2


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-10 20:02:58 12 —-a-w C:\WINDOWS\bthservsdp.dat
    2007-06-10 20:01:50 ——– d—–w C:\Program Files\ePrompter
    2007-06-10 12:04:42 ——– d—–w C:\DOCUME~1\HP_EIG~1\APPLIC~1\SiteAdvisor
    2007-06-09 16:42:55 ——– d—–w C:\Program Files\WinAce
    2007-06-05 20:11:29 ——– d–h–w C:\Program Files\Zero G Registry
    2007-06-03 18:03:25 ——– d—–w C:\Program Files\MSN Messenger
    2007-05-10 13:41:03 75,954 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-05-10 13:41:03 454,786 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 22:03:55 ——– d—–w C:\Program Files\SiteAdvisor
    2007-04-15 15:10:38 ——– d—–w C:\Program Files\curso muzzy BBC multilingual cd-rom nivel 1 parte 4 (el pais)
    2007-04-12 18:54:12 ——– d—–w C:\DOCUME~1\HP_EIG~1\APPLIC~1\Nokia Multimedia Player
    2007-03-20 19:17:16 87,608 -c–a-w C:\DOCUME~1\HP_EIG~1\APPLIC~1\ezpinst.exe
    2007-03-20 19:17:16 47,360 -c–a-w C:\DOCUME~1\HP_EIG~1\APPLIC~1\pcouffin.sys
    2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
    2006-09-29 16:56:33 88 -csh–r C:\WINDOWS\system32\A8B8572603.sys
    2006-09-30 21:00:27 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {089FD14D-132B-48FC-8861-0048AE113215}=C:\Program Files\SiteAdvisor\6066\SiteAdv.dll [2007-03-30 17:41]
    {44d0270a-d806-4b6e-a220-c1e2c041fa02}=C:\WINDOWS\system32\mapc71.dll [2007-06-10 22:05]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
    {7DB2D5A0-7241-4E79-B68D-6309F01C5231}=c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll [2006-12-22 17:02]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 13:32]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar4.dll [2006-10-17 16:04]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
    "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30]
    "SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2006-10-02 21:09]
    "HP Software Update"="C1\Program Files\HP\HP Software Update\HPwuSchd2.exe" []
    "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 01:35]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "AlcWzrd"="ALCWZRD.EXE" [2005-05-04 12:01 C:\WINDOWS\ALCWZRD.EXE]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-31 22:33]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27]
    "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 12:22]
    "Nuria"="C:\Program Files\Nuria\Nuria.exe" [2006-04-23 14:24]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 19:34]
    "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-04-13 19:26]
    "Nuria"="C:\Program Files\Nuria\Nuria.exe" [2006-04-23 14:24]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\mapc71]
    mapc71.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=c:\windows\system32\ssqpmmn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


    Contents of the 'Scheduled Tasks' folder
    2007-05-14 23:11:25 C:\WINDOWS\tasks\McDefragTask.job
    2007-05-31 23:00:27 C:\WINDOWS\tasks\McQcTask.job

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-10 22:05:14
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    HP Software Update = C1\Program Files\HP\HP Software Update\HPwuSchd2.exe?

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\0200401181471829mcinstcleanup]
    "ImagePath"="C:\WINDOWS\TEMP\020040~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00000001-0000-1000-8000-0002ee000002}]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001105-0000-1000-8000-00805f9b34fb}]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


    Completion time: 2007-06-10 22:10:37 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-06-10 22:10
    C:\ComboFix2.txt … 2007-06-10 21:46
    C:\ComboFix3.txt … 2007-06-10 14:52

    — E O F —

  • Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:5265492b29][b:5265492b29]
  • ComboFix 07-06-09.5 - C:\Documents and Settings\HP_Eigenaar\Bureaublad\ComboFix.exe
    "HP_Eigenaar" - 2007-06-10 22:33:53 - Service Pack 2 NTFS
    Command switches used :: C:\Documents and Settings\HP_Eigenaar\Bureaublad\ComboFix-Do.txt


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\mapc71.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1937.tmp.exe
    C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1938.tmp.exe
    C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1A.tmp.exe
    C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1ADA.tmp.exe
    C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1ADB.tmp.exe
    C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1B87.tmp.exe
    C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1B88.tmp.exe
    C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp1F.tmp.exe
    C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp23.tmp.exe
    C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp25.tmp.exe
    C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp37B.tmp.exe
    C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp37C.tmp.exe
    C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp381.tmp.exe
    C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp3B2.tmp.exe
    C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp4.tmp.exe
    C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmp8.tmp.exe
    C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmpC71.tmp.exe
    C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmpD26.tmp.exe
    C:\DOCUME~1\HP_EIG~1\APPLIC~1\tmpD27.tmp.exe
    C:\VundoFix Backups
    C:\VundoFix Backups\$winJPN.dll.bad
    C:\VundoFix Backups\addmorefiles.txt
    C:\VundoFix Backups\ssqpmmn.dll.bad
    C:\VundoFix Backups\tmpC71.tmp.dll.bad
    C:\WINDOWS\system32\awtqp.exe
    C:\WINDOWS\system32\awtsp.exe
    C:\WINDOWS\system32\ddcyw.exe
    C:\WINDOWS\system32\geedc.exe
    C:\WINDOWS\system32\mapc71.dll
    C:\WINDOWS\system32\RemoveVideoActiveXObject.reg
    C:\WINDOWS\system32\RVAXO
    C:\WINDOWS\system32\ssqpmmn.dll
    C:\WINDOWS\system32\sstqq.exe
    C:\WINDOWS\system32\vtuts.exe


    ((((((((((((((((((((((((( Files Created from 2007-05-10 to 2007-06-10 )))))))))))))))))))))))))))))))


    2007-06-10 22:06 <DIR> dr-h—– C:\DOCUME~1\HP_EIG~1\Onlangs geopend
    2007-06-10 19:59 4,112,760 –a—— C:\WINDOWS\system32\SpoonUninstall.exe
    2007-06-10 19:59 <DIR> d——– C:\Program Files\Illustrate
    2007-06-10 14:12 <DIR> d——– C:\DOCUME~1\HP_EIG~1\DoctorWeb
    2007-06-10 13:09 49,152 –a—— C:\WINDOWS
    ircmd.exe
    2007-06-05 22:10 <DIR> d——– C:\Program Files\Weight Watchers FlexiPoints
    2007-06-05 21:52 <DIR> d——– C:\Program Files\utorrent
    2007-06-05 21:52 <DIR> d——– C:\DOCUME~1\HP_EIG~1\APPLIC~1\uTorrent
    2007-05-16 19:51 <DIR> d——– C:\Program Files\Crossword Weaver
    2007-05-11 20:40 <DIR> d——– C:\Program Files\Windows Media Connect 2
    2007-05-11 20:37 <DIR> d——– C:\WINDOWS\system32\drivers\UMDF
    2007-05-10 08:14 <DIR> d——– C:\Program Files\Microsoft CAPICOM 2.1.0.2


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-10 20:42:08 12 —-a-w C:\WINDOWS\bthservsdp.dat
    2007-06-10 20:40:21 ——– d—–w C:\Program Files\ePrompter
    2007-06-10 12:04:42 ——– d—–w C:\DOCUME~1\HP_EIG~1\APPLIC~1\SiteAdvisor
    2007-06-09 16:42:55 ——– d—–w C:\Program Files\WinAce
    2007-06-05 20:11:29 ——– d–h–w C:\Program Files\Zero G Registry
    2007-06-03 18:03:25 ——– d—–w C:\Program Files\MSN Messenger
    2007-05-10 13:41:03 75,954 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-05-10 13:41:03 454,786 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 22:03:55 ——– d—–w C:\Program Files\SiteAdvisor
    2007-04-15 15:10:38 ——– d—–w C:\Program Files\curso muzzy BBC multilingual cd-rom nivel 1 parte 4 (el pais)
    2007-04-12 18:54:12 ——– d—–w C:\DOCUME~1\HP_EIG~1\APPLIC~1\Nokia Multimedia Player
    2007-03-20 19:17:16 87,608 -c–a-w C:\DOCUME~1\HP_EIG~1\APPLIC~1\ezpinst.exe
    2007-03-20 19:17:16 47,360 -c–a-w C:\DOCUME~1\HP_EIG~1\APPLIC~1\pcouffin.sys
    2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
    2006-09-29 16:56:33 88 -csh–r C:\WINDOWS\system32\A8B8572603.sys
    2006-09-30 21:00:27 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {089FD14D-132B-48FC-8861-0048AE113215}=C:\Program Files\SiteAdvisor\6066\SiteAdv.dll [2007-03-30 17:41]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
    {7DB2D5A0-7241-4E79-B68D-6309F01C5231}=c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll [2006-12-22 17:02]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 13:32]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar4.dll [2006-10-17 16:04]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
    "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30]
    "SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2006-10-02 21:09]
    "HP Software Update"="C1\Program Files\HP\HP Software Update\HPwuSchd2.exe" []
    "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 01:35]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "AlcWzrd"="ALCWZRD.EXE" [2005-05-04 12:01 C:\WINDOWS\ALCWZRD.EXE]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-31 22:33]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27]
    "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 12:22]
    "Nuria"="C:\Program Files\Nuria\Nuria.exe" [2006-04-23 14:24]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 19:34]
    "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-04-13 19:26]
    "Nuria"="C:\Program Files\Nuria\Nuria.exe" [2006-04-23 14:24]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


    Contents of the 'Scheduled Tasks' folder
    2007-05-14 23:11:25 C:\WINDOWS\tasks\McDefragTask.job
    2007-05-31 23:00:27 C:\WINDOWS\tasks\McQcTask.job

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-10 22:43:37
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    HP Software Update = C1\Program Files\HP\HP Software Update\HPwuSchd2.exe?

    scanning hidden files …

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\0200401181471829mcinstcleanup]
    "ImagePath"="C:\WINDOWS\TEMP\020040~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00000001-0000-1000-8000-0002ee000002}]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001105-0000-1000-8000-00805f9b34fb}]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


    Completion time: 2007-06-10 22:48:35 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-06-10 22:47
    C:\ComboFix2.txt … 2007-06-10 22:10
    C:\ComboFix3.txt … 2007-06-10 21:46

    — E O F —
  • Logfile of HijackThis v1.99.1
    Scan saved at 22:52:27, on 10-6-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\cmd.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\SiteAdvisor\6066\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\McAfee\MSK\MskAgent.exe
    C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Nuria\Nuria.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\ePrompter\ePrompter.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\WINDOWS\system32\cmd.exe
    C:\ComboFix\vfind.cfexe
    C:\DOCUME~1\HP_EIG~1\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.caravankoops.blogspot.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
    O4 - HKLM\..\Run: [HP Software Update] C1\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
    O4 - HKLM\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe
    O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: RaptisoftGameLoader - http://www.raptisoft.com/webgames
    aptisoftgameloader.cab
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
    O16 - DPF: {304171C0-65EA-4B51-B5D9-93A311E26EB1} (MxPEG_ActiveX Control) - http://212.182.185.186/cgi-bin/MxPEG_ActiveX.cab?dummy=2422621
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    O16 - DPF: {4C0942C1-C405-4805-B3B6-EA16F2DDD1BD} (innova-Panorama-Viewer Object) - http://www.webplaner-innoplus.de/innova/pano/prog
    undum.7.0.2.0.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com
    esources/MsnPUpld.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: McAfee Application Installer Cleanup (0200401181471829) (0200401181471829mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\020040~1.EXE (file missing)
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe


Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.