Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

hjt log

None
24 antwoorden
  • krijg nu toch zelf van spion gevaar

    hjt hierbij

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:48:01, on 1-10-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\system32\printer.exe
    C:\WINDOWS\service32.exe
    C:\WINDOWS\sysnet32.exe
    C:\WINDOWS\system32\sistray.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE
    C:\WINDOWS\system32\ATWTUSB.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\Program Files\AnalogX\SimpleServer\WWW\http.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\exploeee.exe
    C:\Documents and Settings\Arie\Mijn documenten\download\HiJackThis202\HijackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
    O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr.dll
    O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [atwtusb] RUNDLL32 FuncKey.DLL,ExtFuncCall AA
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [\\HELENA\EPSON] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P14 "\\HELENA\EPSON" /O14 "\\HELENA\EPSON" /M "Stylus D88"
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
    O4 - HKLM\..\Run: [PdxRegCl] "C:\Program Files\Paradox\Programs\PdxRegCl.exe" /s /c
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
    O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
    O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [c:_program files_wordperfe3a] C:\Program Files\WordPerfect Office 12\Programs\CorUpd.exe /Watch
    ="SOFTWARE\Corel\WordPerfect Suite\12"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
    O4 - HKCU\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
    O4 - HKLM\..\Policies\Explorer\Run: [4F27V1D89M] C:\WINDOWS\service32.exe
    O4 - HKLM\..\Policies\Explorer\Run: [Service] C:\WINDOWS\sysnet32.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: SimpleServer.WWW.lnk = C:\Program Files\AnalogX\SimpleServer\WWW\http.exe
    O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe
    O4 - Startup: system.exe
    O4 - Startup: info.exe
    O4 - Global Startup: autorun.exe
    O4 - Global Startup: info.exe
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://aadebraal.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://braalde.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B81CF520-A2A6-4F7A-887D-7F0A61225C90}: NameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BDF3B365-2CFD-45DF-BDC2-98F871015220}: NameServer = 192.168.2.1
    O20 - AppInit_DLLs: C:\WINDOWS\system32\hadjajr.ini
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe


    End of file - 8959 bytes
  • even zelf los nagekeken wat ik niet vertrouw (heb het niet verwijderd)

    O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
    O4 - HKLM\..\Run: [atwtusb] RUNDLL32 FuncKey.DLL,ExtFuncCall AA
    O4 - HKCU\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe

    O4 - Startup: system.exe
    O4 - Startup: info.exe
    O4 - Global Startup: autorun.exe
    O4 - Global Startup: info.exe

    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab

    O20 - AppInit_DLLs: C:\WINDOWS\system32\hadjajr.ini

    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe


    C:\WINDOWS\exploeee.exe

    C:\WINDOWS\Explorer.exe
  • Dag Sjouwer,

    Ga naar Start - uitvoeren en tik in: [b:d0bd384e21]services.msc[/b:d0bd384e21]
    Druk op Enter.
    Zoek deze service: ProtexisLicensing, dubbelklik erop; Stop de service en zet het opstarttype op uitgeschakeld.

    Download SmitfraudFix (by S!Ri) en plaats het op je bureaublad.
    Start de computer op in veilige modus. Hoe je dit doet kan je hier lezen.
    Sluit alle open vensters.
    Start Hijackthis en vink de volgende items aan:
    [b:d0bd384e21]F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
    O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr.dll
    O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
    O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
    O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
    O4 - HKCU\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
    O4 - HKLM\..\Policies\Explorer\Run: [4F27V1D89M] C:\WINDOWS\service32.exe
    O4 - HKLM\..\Policies\Explorer\Run: [Service] C:\WINDOWS\sysnet32.exe
    O4 - Startup: SimpleServer.WWW.lnk = C:\Program Files\AnalogX\SimpleServer\WWW\http.exe
    O4 - Startup: system.exe
    O4 - Startup: info.exe
    O4 - Global Startup: autorun.exe
    O4 - Global Startup: info.exe
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O20 - AppInit_DLLs: C:\WINDOWS\system32\hadjajr.ini[/b:d0bd384e21]

    Klik daarna op "Fix checked" en sluit HijackThis.


    Dubbelklik op smitfraudfix.exe.
    Kies optie #2 - Clean door [b:d0bd384e21]2[/b:d0bd384e21] te typen en druk dan op "Enter".

    Wanneer de volgende vraag gesteld: "Registry cleaning - Do you want to clean the registry ?"; antwoord je "Yes/ja" door [b:d0bd384e21]Y[/b:d0bd384e21] te typen en daarna op "Enter" te klikken. Dit zal je bureaublad terug herstellen en registersleutels die deze infectie heeft aangemaakt weer verwijderen.

    De tool zal daarna je computer opnieuw laten opstarten om de restanten te verwijderen.
    Indien de computer niet automatisch start, start je de pc zelf opnieuw in normale windowsmodus.
    Wanneer de computer opnieuw gestart is zal er een logfile open: C:\rapport.txt.
    Post de inhoud van dat logje samen met een nieuwe hijackthislog.
  • O4 - Startup: SimpleServer.WWW.lnk = C:\Program Files\AnalogX\SimpleServer\WWW\http.exe

    is door mij zelf ingestelt en is legaal
  • de hjt

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:53:46, on 1-10-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\sistray.EXE
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\WINDOWS\system32\ATWTUSB.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\system32\explore.exe
    C:\Program Files\AnalogX\SimpleServer\WWW\http.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Documents and Settings\Arie\Menu Start\Programma's\Opstarten\system.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
    C:\Documents and Settings\Arie\Mijn documenten\download\HiJackThis202\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
    O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [atwtusb] RUNDLL32 FuncKey.DLL,ExtFuncCall AA
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [\\HELENA\EPSON] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P14 "\\HELENA\EPSON" /O14 "\\HELENA\EPSON" /M "Stylus D88"
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
    O4 - HKLM\..\Run: [PdxRegCl] "C:\Program Files\Paradox\Programs\PdxRegCl.exe" /s /c
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
    O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
    O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [c:_program files_wordperfe3a] C:\Program Files\WordPerfect Office 12\Programs\CorUpd.exe /Watch
    ="SOFTWARE\Corel\WordPerfect Suite\12"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
    O4 - HKCU\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: SimpleServer.WWW.lnk = C:\Program Files\AnalogX\SimpleServer\WWW\http.exe
    O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe
    O4 - Startup: system.exe
    O4 - Startup: info.exe
    O4 - Global Startup: info.exe
    O4 - Global Startup: autorun.exe
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://aadebraal.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://braalde.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B81CF520-A2A6-4F7A-887D-7F0A61225C90}: NameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BDF3B365-2CFD-45DF-BDC2-98F871015220}: NameServer = 192.168.2.1
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe


    End of file - 8437 bytes

    de smit fraud

    SmitFraudFix v2.234

    Scan done at 19:44:47,82, ma 01-10-2007
    Run from C:\Documents and Settings\Arie\Bureaublad\SmitfraudFix
    OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
    The filesystem type is FAT32
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    192.168.200.3 ad.doubleclick.net
    192.168.200.3 ad.fastclick.net
    192.168.200.3 ads.fastclick.net
    192.168.200.3 ar.atwola.com
    192.168.200.3 atdmt.com
    192.168.200.3 avp.ch
    192.168.200.3 avp.com
    192.168.200.3 avp.ru
    192.168.200.3 awaps.net
    192.168.200.3 banner.fastclick.net
    192.168.200.3 banners.fastclick.net
    192.168.200.3 ca.com
    192.168.200.3 click.atdmt.com
    192.168.200.3 clicks.atdmt.com
    192.168.200.3 customer.symantec.com
    192.168.200.3 dispatch.mcafee.com
    192.168.200.3 download.mcafee.com
    192.168.200.3 downloads-us1.kaspersky-labs.com
    192.168.200.3 downloads-us2.kaspersky-labs.com
    192.168.200.3 downloads-us3.kaspersky-labs.com
    192.168.200.3 downloads1.kaspersky-labs.com
    192.168.200.3 downloads2.kaspersky-labs.com
    192.168.200.3 downloads3.kaspersky-labs.com
    192.168.200.3 downloads4.kaspersky-labs.com
    192.168.200.3 engine.awaps.net
    192.168.200.3 f-secure.com
    192.168.200.3 fastclick.net
    192.168.200.3 ftp.avp.ch
    192.168.200.3 ftp.downloads1.kaspersky-labs.com
    192.168.200.3 ftp.downloads2.kaspersky-labs.com
    192.168.200.3 ftp.downloads3.kaspersky-labs.com
    192.168.200.3 ftp.f-secure.com
    192.168.200.3 ftp.kasperskylab.ru
    192.168.200.3 ftp.sophos.com
    192.168.200.3 ids.kaspersky-labs.com
    192.168.200.3 kaspersky-labs.com
    192.168.200.3 kaspersky.com
    192.168.200.3 liveupdate.symantec.com
    192.168.200.3 liveupdate.symantecliveupdate.com
    192.168.200.3 mast.mcafee.com
    192.168.200.3 mcafee.com
    192.168.200.3 media.fastclick.net
    192.168.200.3 my-etrust.com
    192.168.200.3 nai.com
    192.168.200.3 networkassociates.com
    192.168.200.3 norton.com
    192.168.200.3 phx.corporate-ir.net
    192.168.200.3 rads.mcafee.com
    192.168.200.3 secure.nai.com
    192.168.200.3 securityresponse.symantec.com
    192.168.200.3 service1.symantec.com
    192.168.200.3 sophos.com
    192.168.200.3 spd.atdmt.com
    192.168.200.3 symantec.com
    192.168.200.3 trendmicro.com
    192.168.200.3 update.symantec.com
    192.168.200.3 updates.symantec.com
    192.168.200.3 updates1.kaspersky-labs.com
    192.168.200.3 updates2.kaspersky-labs.com
    192.168.200.3 updates3.kaspersky-labs.com
    192.168.200.3 updates4.kaspersky-labs.com
    192.168.200.3 updates5.kaspersky-labs.com
    192.168.200.3 us.mcafee.com
    192.168.200.3 vil.nai.com
    192.168.200.3 viruslist.com
    192.168.200.3 viruslist.ru
    192.168.200.3 virusscan.jotti.org
    192.168.200.3 virustotal.com
    192.168.200.3 www.avp.ch
    192.168.200.3 www.avp.com
    192.168.200.3 www.avp.ru
    192.168.200.3 www.awaps.net
    192.168.200.3 www.ca.com
    192.168.200.3 www.f-secure.com
    192.168.200.3 www.fastclick.net
    192.168.200.3 www.grisoft.com
    192.168.200.3 www.kaspersky-labs.com
    192.168.200.3 www.kaspersky.com
    192.168.200.3 www.kaspersky.ru
    192.168.200.3 www.mcafee.com
    192.168.200.3 www.my-etrust.com
    192.168.200.3 www.nai.com
    192.168.200.3 www.networkassociates.com
    192.168.200.3 www.sophos.com
    192.168.200.3 www.symantec.com
    192.168.200.3 www.symantec.com
    192.168.200.3 www.trendmicro.com
    192.168.200.3 www.viruslist.com
    192.168.200.3 www.viruslist.ru
    192.168.200.3 www.virustotal.com
    192.168.200.3 www3.ca.com

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\system32\printer.exe Deleted
    C:\WINDOWS\system32\WinAvXX.exe Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{B81CF520-A2A6-4F7A-887D-7F0A61225C90}: NameServer=192.168.2.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{BDF3B365-2CFD-45DF-BDC2-98F871015220}: NameServer=192.168.2.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{B81CF520-A2A6-4F7A-887D-7F0A61225C90}: NameServer=192.168.2.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{BDF3B365-2CFD-45DF-BDC2-98F871015220}: NameServer=192.168.2.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{B81CF520-A2A6-4F7A-887D-7F0A61225C90}: NameServer=192.168.2.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{BDF3B365-2CFD-45DF-BDC2-98F871015220}: NameServer=192.168.2.1


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End
  • ben nog niet van de melding af
  • kom nog een keer met de logs (vermoed dat ik ook de derde naam moet nemen om alles kwijt te raken

    eerst de smitfraud

    SmitFraudFix v2.234

    Scan done at 20:06:09,61, ma 01-10-2007
    Run from C:\Documents and Settings\Arie\Bureaublad\SmitfraudFix
    OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
    The filesystem type is FAT32
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    192.168.200.3 ad.doubleclick.net
    192.168.200.3 ad.fastclick.net
    192.168.200.3 ads.fastclick.net
    192.168.200.3 ar.atwola.com
    192.168.200.3 atdmt.com
    192.168.200.3 avp.ch
    192.168.200.3 avp.com
    192.168.200.3 avp.ru
    192.168.200.3 awaps.net
    192.168.200.3 banner.fastclick.net
    192.168.200.3 banners.fastclick.net
    192.168.200.3 ca.com
    192.168.200.3 click.atdmt.com
    192.168.200.3 clicks.atdmt.com
    192.168.200.3 customer.symantec.com
    192.168.200.3 dispatch.mcafee.com
    192.168.200.3 download.mcafee.com
    192.168.200.3 downloads-us1.kaspersky-labs.com
    192.168.200.3 downloads-us2.kaspersky-labs.com
    192.168.200.3 downloads-us3.kaspersky-labs.com
    192.168.200.3 downloads1.kaspersky-labs.com
    192.168.200.3 downloads2.kaspersky-labs.com
    192.168.200.3 downloads3.kaspersky-labs.com
    192.168.200.3 downloads4.kaspersky-labs.com
    192.168.200.3 engine.awaps.net
    192.168.200.3 f-secure.com
    192.168.200.3 fastclick.net
    192.168.200.3 ftp.avp.ch
    192.168.200.3 ftp.downloads1.kaspersky-labs.com
    192.168.200.3 ftp.downloads2.kaspersky-labs.com
    192.168.200.3 ftp.downloads3.kaspersky-labs.com
    192.168.200.3 ftp.f-secure.com
    192.168.200.3 ftp.kasperskylab.ru
    192.168.200.3 ftp.sophos.com
    192.168.200.3 ids.kaspersky-labs.com
    192.168.200.3 kaspersky-labs.com
    192.168.200.3 kaspersky.com
    192.168.200.3 liveupdate.symantec.com
    192.168.200.3 liveupdate.symantecliveupdate.com
    192.168.200.3 mast.mcafee.com
    192.168.200.3 mcafee.com
    192.168.200.3 media.fastclick.net
    192.168.200.3 my-etrust.com
    192.168.200.3 nai.com
    192.168.200.3 networkassociates.com
    192.168.200.3 norton.com
    192.168.200.3 phx.corporate-ir.net
    192.168.200.3 rads.mcafee.com
    192.168.200.3 secure.nai.com
    192.168.200.3 securityresponse.symantec.com
    192.168.200.3 service1.symantec.com
    192.168.200.3 sophos.com
    192.168.200.3 spd.atdmt.com
    192.168.200.3 symantec.com
    192.168.200.3 trendmicro.com
    192.168.200.3 update.symantec.com
    192.168.200.3 updates.symantec.com
    192.168.200.3 updates1.kaspersky-labs.com
    192.168.200.3 updates2.kaspersky-labs.com
    192.168.200.3 updates3.kaspersky-labs.com
    192.168.200.3 updates4.kaspersky-labs.com
    192.168.200.3 updates5.kaspersky-labs.com
    192.168.200.3 us.mcafee.com
    192.168.200.3 vil.nai.com
    192.168.200.3 viruslist.com
    192.168.200.3 viruslist.ru
    192.168.200.3 virusscan.jotti.org
    192.168.200.3 virustotal.com
    192.168.200.3 www.avp.ch
    192.168.200.3 www.avp.com
    192.168.200.3 www.avp.ru
    192.168.200.3 www.awaps.net
    192.168.200.3 www.ca.com
    192.168.200.3 www.f-secure.com
    192.168.200.3 www.fastclick.net
    192.168.200.3 www.grisoft.com
    192.168.200.3 www.kaspersky-labs.com
    192.168.200.3 www.kaspersky.com
    192.168.200.3 www.kaspersky.ru
    192.168.200.3 www.mcafee.com
    192.168.200.3 www.my-etrust.com
    192.168.200.3 www.nai.com
    192.168.200.3 www.networkassociates.com
    192.168.200.3 www.sophos.com
    192.168.200.3 www.symantec.com
    192.168.200.3 www.symantec.com
    192.168.200.3 www.trendmicro.com
    192.168.200.3 www.viruslist.com
    192.168.200.3 www.viruslist.ru
    192.168.200.3 www.virustotal.com
    192.168.200.3 www3.ca.com

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\system32\printer.exe Deleted
    C:\WINDOWS\system32\WinAvXX.exe Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{B81CF520-A2A6-4F7A-887D-7F0A61225C90}: NameServer=192.168.2.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{BDF3B365-2CFD-45DF-BDC2-98F871015220}: NameServer=192.168.2.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{B81CF520-A2A6-4F7A-887D-7F0A61225C90}: NameServer=192.168.2.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{BDF3B365-2CFD-45DF-BDC2-98F871015220}: NameServer=192.168.2.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{B81CF520-A2A6-4F7A-887D-7F0A61225C90}: NameServer=192.168.2.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{BDF3B365-2CFD-45DF-BDC2-98F871015220}: NameServer=192.168.2.1


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End



    nu de hjt

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:13:08, on 1-10-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\sistray.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\ATWTUSB.EXE
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\AnalogX\SimpleServer\WWW\http.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
    C:\Documents and Settings\Arie\Mijn documenten\download\HiJackThis202\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [atwtusb] RUNDLL32 FuncKey.DLL,ExtFuncCall AA
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [\\HELENA\EPSON] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P14 "\\HELENA\EPSON" /O14 "\\HELENA\EPSON" /M "Stylus D88"
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
    O4 - HKLM\..\Run: [PdxRegCl] "C:\Program Files\Paradox\Programs\PdxRegCl.exe" /s /c
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [c:_program files_wordperfe3a] C:\Program Files\WordPerfect Office 12\Programs\CorUpd.exe /Watch
    ="SOFTWARE\Corel\WordPerfect Suite\12"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: SimpleServer.WWW.lnk = C:\Program Files\AnalogX\SimpleServer\WWW\http.exe
    O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe
    O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://aadebraal.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://braalde.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B81CF520-A2A6-4F7A-887D-7F0A61225C90}: NameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BDF3B365-2CFD-45DF-BDC2-98F871015220}: NameServer = 192.168.2.1
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe


    End of file - 7754 bytes
  • de hosts file ook aangepast naar orgineel
  • ben blijkbaar geen beheerder van het systeem meer, ook in veilige modus de administator is geen beheerder meer
  • Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Plaats het op je bureaublad.
    Dubbelklik er op om het programma te starten.
    In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
    Volg de instructies op het scherm.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • komt ie weer

    combo fix

    ComboFix 07-10-02.2 - Arie 2007-10-01 21:39:18.1 - [b:7c37ea765d]FAT32[/b:7c37ea765d][/color:7c37ea765d]x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.41 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\Arie\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Arie\Application Data\un_Idroidcomm_12345.exe
    C:\WINDOWS\system32\~.exe
    C:\WINDOWS\system32\explore.exe

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-09-02 to 2007-10-02 ))))))))))))))))))))))))))))))
    .

    2007-10-01 21:38 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-10-01 19:45 4,210 –a—— C:\WINDOWS\system32\tmp.reg
    2007-10-01 19:40 <DIR> d——– C:\Documents and Settings\Administrator\Application Data\Corel
    2007-10-01 17:36 9,728 –a—— C:\WINDOWS\exploeee.exe
    2007-10-01 17:36 12,288 –a—— C:\WINDOWS\svhjdsah.exe
    2007-09-27 15:19 <DIR> d——– C:\Program Files\MyPhotoFun
    2007-09-27 15:19 <DIR> d——– C:\Documents and Settings\All Users\Application Data\MyPhotoFun
    2007-09-27 14:48 <DIR> d——– C:\Documents and Settings\Arie\Application Data\U3
    2007-09-24 22:11 <DIR> d——– C:\Program Files\Common Files\xing shared
    2007-09-24 06:07 8,743 –a—— C:\WINDOWS\snet32.exe
    2007-09-18 06:05 8,483 –a—— C:\WINDOWS\sysnet32.exe
    2007-09-17 22:24 12,075 –a—— C:\WINDOWS\service32.exe
    2007-09-17 22:23 5,120 –a—— C:\WINDOWS\svchost.dll
    2007-09-16 16:02 <DIR> d——– C:\Documents and Settings\Arie\Application Data\TomTom
    2007-09-16 16:01 <DIR> d——– C:\Program Files\TomTom HOME 2
    2007-09-16 16:01 <DIR> d——– C:\Documents and Settings\All Users\Application Data\TomTom

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-08-20 19:05 ——— d——– C:\Program Files\TomTom DesktopSuite
    2007-08-20 18:41 ——— d——– C:\Program Files\TomTom HOME
    2007-08-15 17:36 ——— d——– C:\Program Files\MSXML 6.0
    2007-08-03 17:02 17408 –a—— C:\psapi.dll
    2007-07-30 19:19 92504 –a—— C:\WINDOWS\system32\dllcache\cdm.dll
    2007-07-30 19:19 92504 –a—— C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 –a—— C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 549720 –a—— C:\WINDOWS\system32\dllcache\wuapi.dll
    2007-07-30 19:19 53080 –a—— C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 53080 –a—— C:\WINDOWS\system32\dllcache\wuauclt.exe
    2007-07-30 19:19 43352 –a—— C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 –a—— C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 325976 –a—— C:\WINDOWS\system32\dllcache\wucltui.dll
    2007-07-30 19:19 203096 –a—— C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 203096 –a—— C:\WINDOWS\system32\dllcache\wuweb.dll
    2007-07-30 19:19 1712984 –a—— C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:19 1712984 –a—— C:\WINDOWS\system32\dllcache\wuaueng.dll
    2007-07-30 19:18 33624 –a—— C:\WINDOWS\system32\wups.dll
    2007-07-30 19:18 33624 –a—— C:\WINDOWS\system32\dllcache\wups.dll
    2007-07-19 08:59 3583488 –a—— C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-07-13 01:32 765952 –a—— C:\WINDOWS\system32\dllcache\vgx.dll
    2004-11-30 18:00 9783 –a—— C:\WINDOWS\Media\Geluidsschema.reg
    2004-09-09 16:57 4204 –a—— C:\Program Files\uninstal.log
    2003-05-03 05:08 655 –a—— C:\Program Files\INSTALL.LOG
    1998-09-25 21:16 270848 –a—— C:\Program Files\UNWISE.EXE
    2006-09-14 18:16:48 8 –sh–r C:\WINDOWS\system32\4DB7925071.sys
    .

    – Snapshot reset to current date –
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OemReset"="C:\WINDOWS\OPTIONS\OEMRESET.exe" []
    "SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [2002-11-17 17:36]
    "SiS KHooker"="C:\WINDOWS\System32\khooker.exe" []
    "SoundMan"="SOUNDMAN.EXE" [2003-01-07 19:09 C:\WINDOWS\SOUNDMAN.EXE]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 19:50]
    "atwtusb"="FuncKey.DLL" [2002-04-18 14:10 C:\WINDOWS\system32\Funckey.dll]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
    "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
    "LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54]
    "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32]
    "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 C:\WINDOWS\system32\bthprops.cpl]
    "\\HELENA\EPSON"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.exe" [2005-01-27 05:00]
    "QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 05:21]
    "PdxRegCl"="C:\Program Files\Paradox\Programs\PdxRegCl.exe" [2004-06-14 16:57]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-17 18:36]
    "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-08-15 16:59]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
    "c:_program files_wordperfe3a"="C:\Program Files\WordPerfect Office 12\Programs\CorUpd.exe" []
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 15:28]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    C:\Documents and Settings\Arie\Menu Start\Programma's\Opstarten\
    SimpleServer.WWW.lnk - C:\Program Files\AnalogX\SimpleServer\WWW\http.exe [2006-06-25 13:03:34]
    Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe [2004-06-07 16:20:04]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mnu]
    C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe /S:T

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PenLock]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
    "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

    S2 PIEUsb;Pacific Image Electronics USB Scanner;C:\WINDOWS\system32\Drivers\usbscan.sys
    S3 76409eb6-9fc6-4704-9f46-63d33e70fca9;76409eb6-9fc6-4704-9f46-63d33e70fca9;\??\D:\Player\cds300.dll


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    AutoRun\command- E:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb225740-6cf7-11dc-b399-000c76147c59}]
    AutoRun\command- E:\LaunchU3.exe -a

    *Newly Created Service* - CATCHME
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-02 21:43:18
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "\HELENA\\EPSON"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIABE.EXE /P14 \"\HELENA\\EPSON\" /O14 \"\HELENA\\EPSON\" /M \"Stylus D88\""
    .
    Voltooingstijd: 2007-10-02 21:44:31
    C:\ComboFix-quarantined-files.txt … 2007-10-02 21:44
    .
    — E O F —


    hjt

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:54:04, on 2-10-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\sistray.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ATWTUSB.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\Program Files\AnalogX\SimpleServer\WWW\http.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
    C:\Documents and Settings\Arie\Mijn documenten\download\HiJackThis202\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [atwtusb] RUNDLL32 FuncKey.DLL,ExtFuncCall AA
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [\\HELENA\EPSON] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P14 "\\HELENA\EPSON" /O14 "\\HELENA\EPSON" /M "Stylus D88"
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
    O4 - HKLM\..\Run: [PdxRegCl] "C:\Program Files\Paradox\Programs\PdxRegCl.exe" /s /c
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [c:_program files_wordperfe3a] C:\Program Files\WordPerfect Office 12\Programs\CorUpd.exe /Watch
    ="SOFTWARE\Corel\WordPerfect Suite\12"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: SimpleServer.WWW.lnk = C:\Program Files\AnalogX\SimpleServer\WWW\http.exe
    O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe
    O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://aadebraal.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://braalde.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B81CF520-A2A6-4F7A-887D-7F0A61225C90}: NameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BDF3B365-2CFD-45DF-BDC2-98F871015220}: NameServer = 192.168.2.1
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe


    End of file - 7774 bytes
  • Opruiming van cookies en tijdelijke internetbestanden:
    Sluit alle open vensters van Internet Explorer.
    Ga naar Start en klik op "Configuratiescherm" en dubbelklik op "Internet-opties".
    Het venster "Eigenschappen voor Internet" zal openen.
    Ga naar het tabblad "Algemeen".
    Bij "Browsergeschiedenis" klik je op de knop "Verwijderen".
    Een nieuw venster zal open: Browsergeschiedenis verwijderen.
    Klik onderaan op de knop "Alles verwijderen". In het venster dat nu opent plaats je een vinkje bij "Ook bestanden en instellingen die door invoegtoepassingen zijn opgeslagen, verwijderen".
    Klik op Ja.
    Dit verwijdert de tijdelijke internetbestanden, de cookies, de surfgeschiedenis, de opgeslagen informatie die je in formulieren hebt opgegeven en de opgeslagen wachtwoorden die automatisch worden ingevuld als je je aanmeldt bij een website die je eerder hebt bezocht.
    Indien je deze laatste 2 (formuliergegevens en wachtwoorden) liever niet verwijderd, dan klik je niet op alles verwijderen maar enkel op deze:
    - bij Tijdelijke internetbestanden op Bestanden verwijderen.
    - bij Cookies op Cookies verwijderen.
    - bij Geschiedenis op Geschiedenis verwijderen.

    Blokkeer ook nog de indirecte of third party cookies:
    Op het tabblad Privacy klik je op de knop geavanceerd.
    Plaats een vinkje bij "Automatische cookie-verwerking opheffen".
    Bij Directe cookies zorg je dat "Accepteren" aangeduid is.
    Bij Indirecte cookies kies je voor "Blokkeren".
    Klik op OK.
    Wanneer dit gebeurd is, sluit je het venster "Eigenschappen voor Internet".

    Opruiming van andere tijdelijke mappen en de prullenbak leegmaken:
    Sluit alle open vensters.
    Ga naar Start, kies Uitvoeren en tik in: cleanmgr
    Druk daarna op OK en Schijfopruiming zal gestart worden.
    Indien je meerdere partities hebt kies je de partitie waarop Windows geïnstalleerd is.
    Laat nu je systeem scannen op bestanden die verwijderd kunnen worden.
    Wanneer het overzicht verschijnt zorg je dat enkel de volgende items aangevinkt zijn:
    - Tijdelijke internetbestanden
    - Prullenbak
    - Tijdelijke bestanden
    Klik daarna op OK.


    Download [b:96559e8ca8]Dr.Web CureIt[/b:96559e8ca8] en plaats het op je bureaublad: [b:96559e8ca8]cureit.exe[/b:96559e8ca8].

    Dubbelklik op cureit.exe, en klik daarna op [b:96559e8ca8]Start[/b:96559e8ca8] om een snelle scan te laten uitvoeren.
    Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, laat je CureIt dit repareren.
    - Verschijnt er een venster met een aanbieding tot kopen met 50% korting, dan klik je deze weg met het kruisje.
    Daarna zal het hoofdvenster zichtbaar worden.
    - Kies bovenaan in het menu voor [b:96559e8ca8]Taal[/b:96559e8ca8] en wijzig deze naar [b:96559e8ca8]Dutch(nederlands)[/b:96559e8ca8], indien deze bij jou anders staat ingesteld.
    - Kies daarna voor [b:96559e8ca8]Acties[/b:96559e8ca8] en stel het volgende in:
    Adware: [b:96559e8ca8]Verplaats[/b:96559e8ca8]
    Dialers: [b:96559e8ca8]Verplaats[/b:96559e8ca8]
    Jokes: [b:96559e8ca8]Rapportage[/b:96559e8ca8]
    Riskware: [b:96559e8ca8]Rapportage[/b:96559e8ca8]
    Hacktools: [b:96559e8ca8]Verplaats[/b:96559e8ca8]
    Haal dan het vinkje weg bij [b:96559e8ca8]Prompt bij actie[/b:96559e8ca8].
    Druk dan op [b:96559e8ca8]OK[/b:96559e8ca8].
    - Kies [b:96559e8ca8]Opties[/b:96559e8ca8] - [b:96559e8ca8]Instellingen veranderen[/b:96559e8ca8] en verwijder het vinkje bij [b:96559e8ca8]Heuristic analyse[/b:96559e8ca8].
    - Druk daarna op [b:96559e8ca8]OK[/b:96559e8ca8].

    Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
    - Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
    - Klik daarna op de [b:96559e8ca8]groene pijl[/b:96559e8ca8] rechts, om de scan te starten.
    Dit zal geïnfecteerde bestanden verplaatsen naar de volgende map %userprofile%\DoctorWeb\[b:96559e8ca8]Quarantine[/b:96559e8ca8]\ indien deze niet gedesinfecteerd kunnen worden.
    - Als de scan gereed is kies je bovenaan voor [b:96559e8ca8]Bestand[/b:96559e8ca8] - [b:96559e8ca8]Rapportagelijst opslaan[/b:96559e8ca8]. Bewaar de log van Dr.web CureIt op je bureaublad.
    - Sluit daarna Dr.Web Cureit.

    [b:96559e8ca8]Herstart je computer!![/b:96559e8ca8] Dit een belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens een herstart.
    Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.
    Post ook een nieuw logje van Hijackthis en een nieuwe log van Combofix.
  • Het onderstaande heeft laatst bij een reparatie van mij geholpen.
    [list:abbf321af9]
    [*:abbf321af9]Download [u:abbf321af9][b:abbf321af9]Spywareguard[/b:abbf321af9][/u:abbf321af9][/color:abbf321af9][size=7:abbf321af9]<–dit is een link[/color:abbf321af9][/size:abbf321af9] en installeer dit op je systeem.

    [*:abbf321af9]Start vervolgens opnieuw op en zie wat voor meldingen spywareguard geeft.

    [*:abbf321af9]Post vervolgens de bestanden die spywareguard aangeeft. Dit kan bijvoorbeeld zijn : C:\Windows\System32\mhjjlb.exe
    [/list:u:abbf321af9]

    Succes! 8)
  • komen de andere 2 logs

    hjt

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:46:47, on 3-10-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\sistray.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\ATWTUSB.EXE
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\AnalogX\SimpleServer\WWW\http.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
    C:\Documents and Settings\Arie\Mijn documenten\download\HiJackThis202\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [atwtusb] RUNDLL32 FuncKey.DLL,ExtFuncCall AA
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [\\HELENA\EPSON] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P14 "\\HELENA\EPSON" /O14 "\\HELENA\EPSON" /M "Stylus D88"
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
    O4 - HKLM\..\Run: [PdxRegCl] "C:\Program Files\Paradox\Programs\PdxRegCl.exe" /s /c
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [c:_program files_wordperfe3a] C:\Program Files\WordPerfect Office 12\Programs\CorUpd.exe /Watch
    ="SOFTWARE\Corel\WordPerfect Suite\12"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: SimpleServer.WWW.lnk = C:\Program Files\AnalogX\SimpleServer\WWW\http.exe
    O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe
    O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://aadebraal.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://braalde.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B81CF520-A2A6-4F7A-887D-7F0A61225C90}: NameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BDF3B365-2CFD-45DF-BDC2-98F871015220}: NameServer = 192.168.2.1
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe


    End of file - 7707 bytes

    combo

    ComboFix 07-10-02.2 - Arie 2007-10-03 18:22:30.2 - [b:7430af253b]FAT32[/b:7430af253b][/color:7430af253b]x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.48 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\Arie\Bureaublad\ComboFix.exe
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-09-03 to 2007-10-03 ))))))))))))))))))))))))))))))
    .

    2007-10-03 06:28 <DIR> d——– C:\Documents and Settings\Arie\DoctorWeb
    2007-10-01 21:38 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-10-01 19:45 4,210 –a—— C:\WINDOWS\system32\tmp.reg
    2007-10-01 19:40 <DIR> d——– C:\Documents and Settings\Administrator\Application Data\Corel
    2007-10-01 17:36 12,288 –a—— C:\WINDOWS\svhjdsah.exe
    2007-09-27 15:19 <DIR> d——– C:\Program Files\MyPhotoFun
    2007-09-27 15:19 <DIR> d——– C:\Documents and Settings\All Users\Application Data\MyPhotoFun
    2007-09-27 14:48 <DIR> d——– C:\Documents and Settings\Arie\Application Data\U3
    2007-09-24 22:11 <DIR> d——– C:\Program Files\Common Files\xing shared
    2007-09-17 22:23 5,120 –a—— C:\WINDOWS\svchost.dll
    2007-09-16 16:02 <DIR> d——– C:\Documents and Settings\Arie\Application Data\TomTom
    2007-09-16 16:01 <DIR> d——– C:\Program Files\TomTom HOME 2
    2007-09-16 16:01 <DIR> d——– C:\Documents and Settings\All Users\Application Data\TomTom

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-08-20 19:05 ——— d——– C:\Program Files\TomTom DesktopSuite
    2007-08-20 18:41 ——— d——– C:\Program Files\TomTom HOME
    2007-08-15 17:36 ——— d——– C:\Program Files\MSXML 6.0
    2007-08-03 17:02 17408 –a—— C:\psapi.dll
    2007-07-30 19:19 92504 –a—— C:\WINDOWS\system32\dllcache\cdm.dll
    2007-07-30 19:19 92504 –a—— C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 –a—— C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 549720 –a—— C:\WINDOWS\system32\dllcache\wuapi.dll
    2007-07-30 19:19 53080 –a—— C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 53080 –a—— C:\WINDOWS\system32\dllcache\wuauclt.exe
    2007-07-30 19:19 43352 –a—— C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 –a—— C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 325976 –a—— C:\WINDOWS\system32\dllcache\wucltui.dll
    2007-07-30 19:19 203096 –a—— C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 203096 –a—— C:\WINDOWS\system32\dllcache\wuweb.dll
    2007-07-30 19:19 1712984 –a—— C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:19 1712984 –a—— C:\WINDOWS\system32\dllcache\wuaueng.dll
    2007-07-30 19:18 33624 –a—— C:\WINDOWS\system32\wups.dll
    2007-07-30 19:18 33624 –a—— C:\WINDOWS\system32\dllcache\wups.dll
    2007-07-19 08:59 3583488 –a—— C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-07-13 01:32 765952 –a—— C:\WINDOWS\system32\dllcache\vgx.dll
    2004-11-30 18:00 9783 –a—— C:\WINDOWS\Media\Geluidsschema.reg
    2004-09-09 16:57 4204 –a—— C:\Program Files\uninstal.log
    2003-05-03 05:08 655 –a—— C:\Program Files\INSTALL.LOG
    1998-09-25 21:16 270848 –a—— C:\Program Files\UNWISE.EXE
    2006-09-14 18:16:48 8 –sh–r C:\WINDOWS\system32\4DB7925071.sys
    .

    – Snapshot reset to current date –
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OemReset"="C:\WINDOWS\OPTIONS\OEMRESET.exe" []
    "SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [2002-11-17 17:36]
    "SiS KHooker"="C:\WINDOWS\System32\khooker.exe" []
    "SoundMan"="SOUNDMAN.EXE" [2003-01-07 19:09 C:\WINDOWS\SOUNDMAN.EXE]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 19:50]
    "atwtusb"="FuncKey.DLL" [2002-04-18 14:10 C:\WINDOWS\system32\Funckey.dll]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
    "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
    "LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54]
    "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32]
    "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 C:\WINDOWS\system32\bthprops.cpl]
    "\\HELENA\EPSON"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.exe" [2005-01-27 05:00]
    "QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 05:21]
    "PdxRegCl"="C:\Program Files\Paradox\Programs\PdxRegCl.exe" [2004-06-14 16:57]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-17 18:36]
    "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-08-15 16:59]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
    "c:_program files_wordperfe3a"="C:\Program Files\WordPerfect Office 12\Programs\CorUpd.exe" []
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 15:28]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    C:\Documents and Settings\Arie\Menu Start\Programma's\Opstarten\
    SimpleServer.WWW.lnk - C:\Program Files\AnalogX\SimpleServer\WWW\http.exe [2006-06-25 13:03:34]
    Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe [2004-06-07 16:20:04]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mnu]
    C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe /S:T

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PenLock]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
    "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

    S2 PIEUsb;Pacific Image Electronics USB Scanner;C:\WINDOWS\system32\Drivers\usbscan.sys
    S3 76409eb6-9fc6-4704-9f46-63d33e70fca9;76409eb6-9fc6-4704-9f46-63d33e70fca9;\??\D:\Player\cds300.dll


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    AutoRun\command- E:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb225740-6cf7-11dc-b399-000c76147c59}]
    AutoRun\command- E:\LaunchU3.exe -a

    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-03 18:26:32
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "\HELENA\\EPSON"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIABE.EXE /P14 \"\HELENA\\EPSON\" /O14 \"\HELENA\\EPSON\" /M \"Stylus D88\""
    .
    Voltooingstijd: 2007-10-03 18:28:08
    C:\ComboFix-quarantined-files.txt … 2007-10-03 18:28
    C:\ComboFix2.txt … 2007-10-02 21:44
    .
    — E O F —
  • Deze bestanden kan je nog verwijderen sjouwer:

    C:\WINDOWS\svhjdsah.exe
    C:\WINDOWS\svchost.dll

    Zijn er nog problemen?
  • zover ik nu kan zien zijn er geen problemen meer

    aan de log te zien die ik direct naar jouw toe stuurde zal nog wel het systeem hetrstel uit gezet moeten worden en de backups van de gebruikte progjes

    kan ook de progjes zelf weg (behalve hjt)
  • Systeemherstel kan je inderdaad best uitvoeren.
  • ik vroeg ook om wat er weg kan van de gebruikte progjes

    sys herstel zal ik even voor herstarten
  • Progjes mogen weg.
  • ik krijg toch soms nog een melding van dat ik via een proxy werk, terwijl ik nooit dit zelf heb ingestelt

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.