Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Hardnekkig Trojan.Vundo probleem

None
10 antwoorden
  • Dag,

    Ik zit met een hardnekkig Trojan.Vundo probleem. Alleen al dit schrijven is lastig met al die irritante popups en sites die ongevraagd verschijnen. Wie o wie kan me hiermee helpen? Ik heb al een aantal Trojan threads bekeken en begrepen dat Vundofix tekst en Hijack logfile nodig zijn. Overigens kon Vundofix het betreffende bestand met virus niet verwijderen, terwijl Vundofix zegt van wel.

    [b:b324cfef9b]Hier is de Vundofix tekst:[/b:b324cfef9b]
    Symantec Trojan.Vundo Removal Tool 1.5.0
    The process "iexplore.exe" might be affected by the threat. It has been suspended.
    The process "iexplore.exe" might be affected by the threat. It has been terminated.

    C:\Documents and Settings\Den - Man\Mijn documenten\Kunstgeschiedenis\Walter Crane\DBNL . Eveline Koolhaas-Grosfeld, ‘“Economische” schilderkunst. De verbeelding van broederschap in de laat achttiende-eeuwse genre-schilderkunst, in het bijzonder van Adriaan de Lelie’.url (WARNING: not scanned, path to long)
    C:\Documents and Settings\Den - Man\Mijn documenten\Kunstgeschiedenis\Walter Crane\http___www.jstor.org.proxy.ubn.kun.nl_8080_cgi-bin_jstor_printpage_00027359_ap050011_05a00050_0.pdf_backcontext=page&dowhat=Acrobat&config=jstor&userID=83aef801@kun.nl_01cce4405a1264112e41b67a9&0.pdf (WARNING: not scanned, path to long)
    C:\Documents and Settings\Den - Man\Mijn documenten\Radiohead ?In Rainbows?: (not scanned)
    C:\System Volume Information: (not scanned)
    F:\System Volume Information: (not scanned)

    Trojan.Vundo has been successfully removed from your computer!

    Here is the report:

    The total number of the scanned files: 105284
    The number of deleted files: 0
    The number of viral processes terminated: 1
    The number of viral processes suspended: 1
    The number of viral threads terminated: 0
    The number of registry entries fixed: 0

    [b:b324cfef9b]Hier is de HiJack logfile:[/b:b324cfef9b]
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:36:37, on 15-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Trust\302KS\Mouse\mouse32a.exe
    C:\Program Files\Trust\302KS\Keyboard\KbdAp32A.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\ASUS\Probe\AsusProb.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\TomTom HOME\TomTomHOME.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\regsvr32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Network ICE\BlackICE\blackice.exe
    C:\Program Files\Network ICE\BlackICE\blackd.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\system32\vmgoelri.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\HiJack\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O1 - Hosts: 66.98.148.65 auto.search.msn.com
    O1 - Hosts: 66.98.148.65 auto.search.msn.es
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\ynlushsc.dll
    O4 - HKLM\..\Run: [Winsock2 driver] NTSYS32.EXE
    O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Trust\302KS\Keyboard\MMKEYBD.EXE
    O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Program Files\Trust\302KS\Mouse\mouse32a.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [XMetaL 48] C:\Program Files\Corel\XMetaL 4\Author\registration.exe /title="XMetaL 4" /date=111807 serial=XA04WRD-0010630-MTS
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [tubwtork] rundll32.exe "C:\Program Files\ebsvaxwf\mxezurgt.dll",Init
    O4 - HKLM\..\Run: [rojkjqli] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\rojkjqli.dll"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [acb588aa] rundll32.exe "C:\WINDOWS\system32\bqlggior.dll",b
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: .protected
    O4 - Global Startup: .protected
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BlackICE Utility.lnk = ?
    O4 - Global Startup: Exif Launcher.lnk.disabled
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {F2570A0D-001D-477D-93D1-D05EF5EB95CD} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: www.2-spyware.com
    O15 - Trusted Zone: www.albricht.nl
    O15 - Trusted Zone: www.aluriasoftware.com
    O15 - Trusted Zone: www.antispypro.com
    O15 - Trusted Zone: www.aoc-europe.com
    O15 - Trusted Zone: www.askanowner.nl
    O15 - Trusted Zone: ftp.atcomputing.nl
    O15 - Trusted Zone: *.blackboard.ru.nl
    O15 - Trusted Zone: forums.breekpunt.nl
    O15 - Trusted Zone: log.campaigns.nl
    O15 - Trusted Zone: home.casema.nl
    O15 - Trusted Zone: *.castlecops.com
    O15 - Trusted Zone: home.comcast.net
    O15 - Trusted Zone: www.comparestoreprices.co.uk
    O15 - Trusted Zone: *.computing.net
    O15 - Trusted Zone: www.daniweb.com
    O15 - Trusted Zone: www.dierenambulancehelmond.nl
    O15 - Trusted Zone: www.dimo.nl
    O15 - Trusted Zone: www.doggynet.nl
    O15 - Trusted Zone: www.download.com
    O15 - Trusted Zone: www.doxdesk.com
    O15 - Trusted Zone: lists.aas.duke.edu
    O15 - Trusted Zone: art.ebay.com
    O15 - Trusted Zone: art.listings.ebay.com
    O15 - Trusted Zone: cgi.ebay.com
    O15 - Trusted Zone: feedback.ebay.com
    O15 - Trusted Zone: my.ebay.com
    O15 - Trusted Zone: pages.ebay.com
    O15 - Trusted Zone: search.ebay.com
    O15 - Trusted Zone: signin.ebay.com
    O15 - Trusted Zone: www.ebay.com
    O15 - Trusted Zone: secure.element5.com
    O15 - Trusted Zone: www.emsisoft.com
    O15 - Trusted Zone: www.enigmasoftware.com
    O15 - Trusted Zone: www.enigmasoftwaregroup.com
    O15 - Trusted Zone: www.enom.com
    O15 - Trusted Zone: www.entechtaiwan.com
    O15 - Trusted Zone: www.experts-exchange.com
    O15 - Trusted Zone: www.faqfarm.com
    O15 - Trusted Zone: forum.faqman.nl
    O15 - Trusted Zone: www.fox.nl
    O15 - Trusted Zone: www.funda.nl
    O15 - Trusted Zone: groups.google.nl
    O15 - Trusted Zone: images.google.nl
    O15 - Trusted Zone: www.google.nl
    O15 - Trusted Zone: www4.hccnet.nl
    O15 - Trusted Zone: www.huisinhelmond.nl
    O15 - Trusted Zone: www.kieskeurig.nl
    O15 - Trusted Zone: www.let.kun.nl
    O15 - Trusted Zone: www.student.kun.nl
    O15 - Trusted Zone: www.let.ru.nl
    O15 - Trusted Zone: www.mac-net.com
    O15 - Trusted Zone: www.marktplaats.nl
    O15 - Trusted Zone: *.marktplaats.nl
    O15 - Trusted Zone: www.michelangelo.com
    O15 - Trusted Zone: www.mrbass.org
    O15 - Trusted Zone: www.multifoon.nl
    O15 - Trusted Zone: www.pcwereld.be
    O15 - Trusted Zone: www.pdatechcenter.nl
    O15 - Trusted Zone: media.popuptraffic.com
    O15 - Trusted Zone: www.pricerunner.co.uk
    O15 - Trusted Zone: www.probeernu.nl
    O15 - Trusted Zone: www.rabomakelaardijdepeel.nl
    O15 - Trusted Zone: www.rabomakelaardijzuid.nl
    O15 - Trusted Zone: www.registrant.nl
    O15 - Trusted Zone: www.reviewcentre.com
    O15 - Trusted Zone: www.sannen.nl
    O15 - Trusted Zone: www.shopgenie.co.uk
    O15 - Trusted Zone: www.sosstrays.be
    O15 - Trusted Zone: www.stichtingaai.nl
    O15 - Trusted Zone: www.student.ru.nl
    O15 - Trusted Zone: *.surf.to
    O15 - Trusted Zone: securityresponse.symantec.com
    O15 - Trusted Zone: forums.techguy.org
    O15 - Trusted Zone: forums.thatcomputerguy.us
    O15 - Trusted Zone: www.twanpoels.nl
    O15 - Trusted Zone: forum.tweakzone.nl
    O15 - Trusted Zone: www.vkampen.nl
    O15 - Trusted Zone: wpls.webpower.com
    O15 - Trusted Zone: www.wonenin.nl
    O15 - Trusted Zone: *.www.ns.nl
    O15 - Trusted Zone: *.www.ru.nl
    O15 - Trusted Zone: www.xs4all.nl
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: DomainService - - C:\WINDOWS\system32\vmgoelri.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\rapapp.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O24 - Desktop Component 0: (no name) - http://akomed.nl/Pictures/top2.jpg
    O24 - Desktop Component 1: (no name) - http://ebay0.ipixmedia.com/abc/M28/_EBAY_7836be91b2f85b5ad844154187ed287f/i-1.JPG
    O24 - Desktop Component 10: (no name) - http://doggy.net/pups/clipart/aai-logo.gif
    O24 - Desktop Component 11: (no name) - http://www.dierenthuis.nl/nieuws/habikat/pics/habikat.jpg
    O24 - Desktop Component 12: (no name) - http://pictures.autotrader.nl/PICTURES/NLDE/CARS/200x150/6735169215814200x150x1x0.jpg
    O24 - Desktop Component 13: (no name) - http://www.drink.nl/REAL_A/ag.gif
    O24 - Desktop Component 14: (no name) - http://www.why.nl/graphics/nieuwefront_01.jpg
    O24 - Desktop Component 15: (no name) - http://www.vlooienmarkten.nl/images/grotekerkdenhaag.jpg
    O24 - Desktop Component 2: (no name) - http://images.google.com/images?q=tbn:_-DfWjwd4doC:www.hondkopen.nl/foto%27s/jachthonden8/AmCockers/puppies%2520met%2520pompoen.JPG
    O24 - Desktop Component 3: (no name) - http://www.hondkopen.nl/foto's/jachthonden8/AmCockers/puppies%20met%20pompoen.JPG
    O24 - Desktop Component 4: (no name) - http://home.quicknet.nl/mw/prive/blackmask/Luna7-140902.jpg
    O24 - Desktop Component 5: (no name) - http://images.google.com/images?q=tbn:o_cZqkNNymcC:home.planet.nl/~katna000/images/post.gif
    O24 - Desktop Component 6: (no name) - http://doggy.net/pups/messages/286/22206.jpg
    O24 - Desktop Component 7: (no name) - http://doggy.net/pups/messages/286/22569.jpg
    O24 - Desktop Component 8: (no name) - http://www.telefoongids.nl/pix/telgids.gif
    O24 - Desktop Component 9: (no name) - http://us.f804.mail.yahoo.com/ym/ShowLetter/Image5.jpg?box=Inbox&MsgId=5941_1933083_33779_1391_237394_0_8966_307682_894583483&bodyPart=2&filename=Image5.jpg&tnef=&YY=26537&order=down&sort=date&pos=0


    End of file - 15935 bytes

    Alvast bedankt!

    mvrgr Dennis
  • Hoi Dennis,

    Download Combofix naar je Bureaublad.
    [list:b45594986a]
    Dubbelklik [b:b45594986a]Combofix.exe[/b:b45594986a]
    Volg de instructies, aanvaard de disclaimer door "[b:b45594986a]1[/b:b45594986a]" te typen en te bevestigen via "[b:b45594986a]Enter[/b:b45594986a]".
    Tijdens het runnen van de fix, [b:b45594986a]NIET[/b:b45594986a] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:b45594986a]

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    [i:b45594986a]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:b45594986a]

    [b:b45594986a]Note:[/b:b45594986a] Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.


    Succes!

    Pim
  • Hoi Pim,

    Allereerst hartstikke fijn dat je me hiermee wilt helpen!
    Ik heb de scans uitgevoerd. Ik denk niet dat alle virussen zijn verwijderd, maar goed. Dit is het resultaat:
    [b:42731d4ade]COMBOFIX:[/b:42731d4ade]
    ComboFix 07-11-08.3 - Den - Man 2007-11-15 18:05:17.5 - NTFSx86
    Gestart vanuit: C:\Documents and Settings\Den - Man\Bureaublad\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Menu Start\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Menu Start\Online Security Guide.lnk
    C:\Documents and Settings\Den - Man\Bureaublad\Live Safety Center.lnk
    C:\Documents and Settings\Den - Man\Bureaublad\Online Security Guide.lnk
    C:\Documents and Settings\Den - Man\Favorieten\Online Security Guide.lnk
    C:\WINDOWS\system32\ynlushsc.dllbox

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-10-15 to 2007-11-15 ))))))))))))))))))))))))))))))
    .

    2007-11-15 15:44 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-11-15 01:34 <DIR> d—-c— C:\HiJack
    2007-11-15 00:38 <DIR> d—-c— C:\VundoFix Backups
    2007-11-14 22:47 85,056 –a—— C:\WINDOWS\system32\bqlggior.dll
    2007-11-14 22:47 79,424 –a—— C:\WINDOWS\system32\sfauqmdt.dll
    2007-11-14 22:44 71,232 –a—— C:\WINDOWS\system32\vmgoelri.exe
    2007-11-14 22:40 145,984 ——— C:\WINDOWS\system32\ynlushsc.dll
    2007-11-14 02:14 8,501,760 —–c— C:\WINDOWS\system32\dllcache\shell32.dll
    2007-11-14 01:29 <DIR> d——– C:\Program Files\Security Task Manager
    2007-11-14 01:29 <DIR> d—-c— C:\Documents and Settings\All Users\Application Data\SecTaskMan
    2007-11-13 23:31 <DIR> d——– C:\Program Files\SymNetDrv
    2007-11-13 20:30 140,648 –a—— C:\WINDOWS\system32\sgdmsuom.dll
    2007-11-13 08:11 <DIR> d——– C:\Program Files\ebsvaxwf
    2007-11-13 08:11 <DIR> d——– C:\Program Files\Dswkmwdc
    2007-11-13 02:09 <DIR> dr-h—– C:\Documents and Settings\Den - Man\Onlangs geopend
    2007-11-12 17:09 <DIR> d——– C:\Program Files\MagicISO
    2007-10-20 17:21 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\Symantec
    2007-10-19 15:34 <DIR> d——– C:\Program Files\Spyware Doctor
    2007-10-19 15:34 <DIR> d——– C:\Documents and Settings\Den - Man\Application Data\PC Tools
    2007-10-19 15:34 <DIR> d-a–c— C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-19 15:34 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-10-19 15:34 79,688 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-10-19 15:34 62,280 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-10-19 15:34 41,288 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-10-19 15:34 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-15 17:00 ——— d—–w C:\Program Files\Common Files\Symantec Shared
    2007-11-15 14:27 ——— dc—-w C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-11-15 00:03 10,344 —-a-w C:\WINDOWS\system32\drivers\symlcbrd.sys
    2007-11-14 23:37 ——— d—–w C:\Program Files\Enigma Software Group
    2007-11-14 00:05 ——— d—–w C:\Program Files\PHP Designer 2005
    2007-11-13 22:35 ——— d—–w C:\Program Files\Norton AntiVirus
    2007-11-13 22:31 805 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-11-13 22:31 60,800 —-a-w C:\WINDOWS\system32\S32EVNT1.DLL
    2007-11-13 22:31 123,952 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-11-13 22:31 10,740 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-11-13 22:31 ——— d—–w C:\Program Files\Symantec
    2007-11-13 22:14 ——— dc—-w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-11-13 22:05 ——— dc—-w C:\Documents and Settings\All Users\Application Data\Setup
    2007-11-13 22:05 ——— d—–w C:\Program Files\KaZaA Lite
    2007-11-13 21:51 ——— dc—-w C:\Documents and Settings\All Users\Application Data\Skype
    2007-11-13 21:51 ——— d—–w C:\Program Files\Skype
    2007-11-13 21:34 ——— d—–w C:\Program Files\Lavasoft
    2007-11-13 21:16 ——— d—–w C:\Program Files\FileZilla
    2007-10-27 21:18 ——— d—–w C:\Program Files\Picasa2
    2007-08-21 06:18 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
    2004-02-09 09:48 2,352 —-a-w C:\Documents and Settings\Den - Man\Application Data\mpauth.dat
    2002-11-22 20:54 4,103,168 -c–a-w C:\Program Files\12640_04.exe
    2002-11-17 16:17 52,135 —-a-r C:\Program Files\Windows_XP_SP11.zip
    2002-11-14 10:54 58,012 —-a-w C:\Program Files\Uninstal.exe
    2002-11-13 21:59 24,630 —-a-w C:\Documents and Settings\Den - Man\Application Data\llslllydqkw.exe
    2002-10-09 14:56 375,917 —-a-w C:\Program Files\yahtzee.zip
    2002-10-06 17:20 493,384 —-a-w C:\Program Files\ie6setup.exe
    2002-09-26 10:05 8,670,600 —-a-w C:\Program Files\mpsetupXP.exe
    2002-09-22 14:49 0 —-a-w C:\Program Files\Global.sw
    2002-08-30 00:11 152,848 —-a-w C:\Program Files\kmd.exe
    2002-08-30 00:08 3,510,536 —-a-w C:\Program Files\winamp3_0-full.exe
    2002-08-28 04:08 7,172 —-a-w C:\Program Files\ClassicGames.iip
    2002-08-28 03:56 424,818 —-a-w C:\Program Files\classicgames.exe
    2002-08-27 16:03 8,905,672 —-a-w C:\Program Files\ar505nld.exe
    2002-08-24 01:53 11,255,038 —-a-w C:\Program Files\DirectDVD.exe
    2002-08-24 01:10 29,636,471 —-a-w C:\Program Files\fo-psp702f.zip
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    2007-11-14 22:40 145984 ——— C:\WINDOWS\system32\ynlushsc.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ea69e99c-7441-4d22-b0a4-e71126cc1f9c}]
    2007-11-14 22:47 79424 –a—— C:\WINDOWS\system32\sfauqmdt.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\ynlushsc.dll [2007-11-14 22:40 145984]

    [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\ynlushsc.dll [2007-11-14 22:40 145984]

    [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Winsock2 driver"="NTSYS32.EXE" []
    "FLMK08KB"="C:\Program Files\Trust\302KS\Keyboard\MMKEYBD.EXE" [2004-07-31 00:25]
    "FLMBROWSEMOUSE"="C:\Program Files\Trust\302KS\Mouse\mouse32a.exe" [2004-07-31 00:26]
    "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57]
    "ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 16:07]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52]
    "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 18:58]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 15:24]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-31 23:08]
    "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2006-09-25 17:16]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
    "XMetaL 48"="C:\Program Files\Corel\XMetaL 4\Author\registration.exe" [2002-07-03 14:03]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 15:27]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-11-13 23:31]
    "acb588aa"="C:\WINDOWS\system32\bqlggior.dll" [2007-11-14 22:47]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 15:00]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-06-05 10:54:24]
    BlackICE Utility.lnk - C:\Program Files\Network ICE\BlackICE\blackice.exe [2002-09-25 11:10:27]
    Exif Launcher.lnk.disabled [2003-09-22 08:53:06]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-03-26 21:41:22]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]
    VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2005-11-12 16:57:54]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [2002-09-30 17:36 86016]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\ynlushsc]
    ynlushsc.dll 2007-11-14 22:40 145984 C:\WINDOWS\system32\ynlushsc.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "InstantAccess"=C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
    "InCD"=C:\Program Files\ahead\InCD\InCD.exe
    "RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    "REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    "NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe
    "RegisterDropHandler"=C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    "HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    "winactive"=C:\Program Files\Window Active\winactive.exe
    "Diskstart"=C:\WINDOWS\System32\code.exe
    "CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

    R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys
    R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys
    R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys
    R1 RapDrv;RapDrv;\??\C:\WINDOWS\System32\drivers\RapDrv.sys
    R1 RapFile;RapFile;\??\C:\WINDOWS\System32\drivers\RapFile.sys
    R1 RapNet;RapNet;\??\C:\WINDOWS\System32\drivers\RapNet.sys
    R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys
    S3 CA504AV;FAMILYC@M 500 FLASH, WDM Video Capture;C:\WINDOWS\system32\Drivers\CA504AV.SYS
    S3 QDFSDRV;QDFSDRV;\??\C:\WINDOWS\system32\drivers\qdfsdrv.sys
    S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
    S3 Sunplus;FAMILYC@M 500 FLASH Still Image Capture, Sunplus Version 1.00;C:\WINDOWS\system32\Drivers\Bulk504.sys

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-11-13 22:23:36 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Den - Man.job"
    - C:\PROGRA~1\NORTON~1\Navw32.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-15 18:47:19
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-11-15 18:50:37 - machine was rebooted
    .
    — E O F —
    [b:42731d4ade]HIJACK:[/b:42731d4ade]
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:56:50, on 15-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Network ICE\BlackICE\blackd.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trust\302KS\Mouse\mouse32a.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Trust\302KS\Keyboard\KbdAp32A.exe
    C:\Program Files\ASUS\Probe\AsusProb.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\TomTom HOME\TomTomHOME.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Network ICE\BlackICE\blackice.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\HiJack\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\ynlushsc.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: {c9f1cc62-117e-4a0b-22d4-1447c99e96ae} - {ea69e99c-7441-4d22-b0a4-e71126cc1f9c} - C:\WINDOWS\system32\sfauqmdt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\ynlushsc.dll
    O4 - HKLM\..\Run: [Winsock2 driver] NTSYS32.EXE
    O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Trust\302KS\Keyboard\MMKEYBD.EXE
    O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Program Files\Trust\302KS\Mouse\mouse32a.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [XMetaL 48] C:\Program Files\Corel\XMetaL 4\Author\registration.exe /title="XMetaL 4" /date=111807 serial=XA04WRD-0010630-MTS
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [acb588aa] rundll32.exe "C:\WINDOWS\system32\bqlggior.dll",b
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BlackICE Utility.lnk = ?
    O4 - Global Startup: Exif Launcher.lnk.disabled
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {F2570A0D-001D-477D-93D1-D05EF5EB95CD} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: www.2-spyware.com
    O15 - Trusted Zone: www.albricht.nl
    O15 - Trusted Zone: www.aluriasoftware.com
    O15 - Trusted Zone: www.antispypro.com
    O15 - Trusted Zone: www.aoc-europe.com
    O15 - Trusted Zone: www.askanowner.nl
    O15 - Trusted Zone: ftp.atcomputing.nl
    O15 - Trusted Zone: *.blackboard.ru.nl
    O15 - Trusted Zone: forums.breekpunt.nl
    O15 - Trusted Zone: log.campaigns.nl
    O15 - Trusted Zone: home.casema.nl
    O15 - Trusted Zone: *.castlecops.com
    O15 - Trusted Zone: home.comcast.net
    O15 - Trusted Zone: www.comparestoreprices.co.uk
    O15 - Trusted Zone: *.computing.net
    O15 - Trusted Zone: www.daniweb.com
    O15 - Trusted Zone: www.dierenambulancehelmond.nl
    O15 - Trusted Zone: www.dimo.nl
    O15 - Trusted Zone: www.doggynet.nl
    O15 - Trusted Zone: www.download.com
    O15 - Trusted Zone: www.doxdesk.com
    O15 - Trusted Zone: lists.aas.duke.edu
    O15 - Trusted Zone: art.ebay.com
    O15 - Trusted Zone: art.listings.ebay.com
    O15 - Trusted Zone: cgi.ebay.com
    O15 - Trusted Zone: feedback.ebay.com
    O15 - Trusted Zone: my.ebay.com
    O15 - Trusted Zone: pages.ebay.com
    O15 - Trusted Zone: search.ebay.com
    O15 - Trusted Zone: signin.ebay.com
    O15 - Trusted Zone: www.ebay.com
    O15 - Trusted Zone: secure.element5.com
    O15 - Trusted Zone: www.emsisoft.com
    O15 - Trusted Zone: www.enigmasoftware.com
    O15 - Trusted Zone: www.enigmasoftwaregroup.com
    O15 - Trusted Zone: www.enom.com
    O15 - Trusted Zone: www.entechtaiwan.com
    O15 - Trusted Zone: www.experts-exchange.com
    O15 - Trusted Zone: www.faqfarm.com
    O15 - Trusted Zone: forum.faqman.nl
    O15 - Trusted Zone: www.fox.nl
    O15 - Trusted Zone: www.funda.nl
    O15 - Trusted Zone: groups.google.nl
    O15 - Trusted Zone: images.google.nl
    O15 - Trusted Zone: www.google.nl
    O15 - Trusted Zone: www4.hccnet.nl
    O15 - Trusted Zone: www.huisinhelmond.nl
    O15 - Trusted Zone: www.kieskeurig.nl
    O15 - Trusted Zone: www.let.kun.nl
    O15 - Trusted Zone: www.student.kun.nl
    O15 - Trusted Zone: www.let.ru.nl
    O15 - Trusted Zone: www.mac-net.com
    O15 - Trusted Zone: www.marktplaats.nl
    O15 - Trusted Zone: *.marktplaats.nl
    O15 - Trusted Zone: www.michelangelo.com
    O15 - Trusted Zone: www.mrbass.org
    O15 - Trusted Zone: www.multifoon.nl
    O15 - Trusted Zone: www.pcwereld.be
    O15 - Trusted Zone: www.pdatechcenter.nl
    O15 - Trusted Zone: media.popuptraffic.com
    O15 - Trusted Zone: www.pricerunner.co.uk
    O15 - Trusted Zone: www.probeernu.nl
    O15 - Trusted Zone: www.rabomakelaardijdepeel.nl
    O15 - Trusted Zone: www.rabomakelaardijzuid.nl
    O15 - Trusted Zone: www.registrant.nl
    O15 - Trusted Zone: www.reviewcentre.com
    O15 - Trusted Zone: www.sannen.nl
    O15 - Trusted Zone: www.shopgenie.co.uk
    O15 - Trusted Zone: www.sosstrays.be
    O15 - Trusted Zone: www.stichtingaai.nl
    O15 - Trusted Zone: www.student.ru.nl
    O15 - Trusted Zone: *.surf.to
    O15 - Trusted Zone: securityresponse.symantec.com
    O15 - Trusted Zone: forums.techguy.org
    O15 - Trusted Zone: forums.thatcomputerguy.us
    O15 - Trusted Zone: www.twanpoels.nl
    O15 - Trusted Zone: forum.tweakzone.nl
    O15 - Trusted Zone: www.vkampen.nl
    O15 - Trusted Zone: wpls.webpower.com
    O15 - Trusted Zone: www.wonenin.nl
    O15 - Trusted Zone: *.www.ns.nl
    O15 - Trusted Zone: *.www.ru.nl
    O15 - Trusted Zone: www.xs4all.nl
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O20 - Winlogon Notify: ynlushsc - C:\WINDOWS\SYSTEM32\ynlushsc.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\rapapp.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O24 - Desktop Component 0: (no name) - http://akomed.nl/Pictures/top2.jpg
    O24 - Desktop Component 1: (no name) - http://ebay0.ipixmedia.com/abc/M28/_EBAY_7836be91b2f85b5ad844154187ed287f/i-1.JPG
    O24 - Desktop Component 10: (no name) - http://doggy.net/pups/clipart/aai-logo.gif
    O24 - Desktop Component 11: (no name) - http://www.dierenthuis.nl/nieuws/habikat/pics/habikat.jpg
    O24 - Desktop Component 12: (no name) - http://pictures.autotrader.nl/PICTURES/NLDE/CARS/200x150/6735169215814200x150x1x0.jpg
    O24 - Desktop Component 13: (no name) - http://www.drink.nl/REAL_A/ag.gif
    O24 - Desktop Component 14: (no name) - http://www.why.nl/graphics/nieuwefront_01.jpg
    O24 - Desktop Component 15: (no name) - http://www.vlooienmarkten.nl/images/grotekerkdenhaag.jpg
    O24 - Desktop Component 2: (no name) - http://images.google.com/images?q=tbn:_-DfWjwd4doC:www.hondkopen.nl/foto%27s/jachthonden8/AmCockers/puppies%2520met%2520pompoen.JPG
    O24 - Desktop Component 3: (no name) - http://www.hondkopen.nl/foto's/jachthonden8/AmCockers/puppies%20met%20pompoen.JPG
    O24 - Desktop Component 4: (no name) - http://home.quicknet.nl/mw/prive/blackmask/Luna7-140902.jpg
    O24 - Desktop Component 5: (no name) - http://images.google.com/images?q=tbn:o_cZqkNNymcC:home.planet.nl/~katna000/images/post.gif
    O24 - Desktop Component 6: (no name) - http://doggy.net/pups/messages/286/22206.jpg
    O24 - Desktop Component 7: (no name) - http://doggy.net/pups/messages/286/22569.jpg
    O24 - Desktop Component 8: (no name) - http://www.telefoongids.nl/pix/telgids.gif
    O24 - Desktop Component 9: (no name) - http://us.f804.mail.yahoo.com/ym/ShowLetter/Image5.jpg?box=Inbox&MsgId=5941_1933083_33779_1391_237394_0_8966_307682_894583483&bodyPart=2&filename=Image5.jpg&tnef=&YY=26537&order=down&sort=date&pos=0


    End of file - 16111 bytes

    Ik hoor het wel van je!
    groeten Dennis
  • Even tussendoor,

    Download HostsXpert[/color:c9d1361c9a] en unzip HostsXpert naar een eigen map,
    bijvoorbeeld C:\HostsXpert.

    Start [b:c9d1361c9a]HostsXpert.exe [/b:c9d1361c9a]

    klik [b:c9d1361c9a]"restore microsoft's hosts files"[/b:c9d1361c9a]

    Sluit daarna het programma af.

    Plaats een nieuw HJT logje voor Pim.
  • OK, gedaan! Bedankt voor je inbreng.

    Hier is de nieuw HiJack log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:51:55, on 15-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Network ICE\BlackICE\blackd.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trust\302KS\Mouse\mouse32a.exe
    C:\Program Files\Trust\302KS\Keyboard\KbdAp32A.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\ASUS\Probe\AsusProb.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\TomTom HOME\TomTomHOME.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Network ICE\BlackICE\blackice.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\HiJack\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\ynlushsc.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: {c9f1cc62-117e-4a0b-22d4-1447c99e96ae} - {ea69e99c-7441-4d22-b0a4-e71126cc1f9c} - C:\WINDOWS\system32\sfauqmdt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\ynlushsc.dll
    O4 - HKLM\..\Run: [Winsock2 driver] NTSYS32.EXE
    O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Trust\302KS\Keyboard\MMKEYBD.EXE
    O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Program Files\Trust\302KS\Mouse\mouse32a.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [XMetaL 48] C:\Program Files\Corel\XMetaL 4\Author\registration.exe /title="XMetaL 4" /date=111807 serial=XA04WRD-0010630-MTS
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [acb588aa] rundll32.exe "C:\WINDOWS\system32\bqlggior.dll",b
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BlackICE Utility.lnk = ?
    O4 - Global Startup: Exif Launcher.lnk.disabled
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {F2570A0D-001D-477D-93D1-D05EF5EB95CD} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: www.2-spyware.com
    O15 - Trusted Zone: www.albricht.nl
    O15 - Trusted Zone: www.aluriasoftware.com
    O15 - Trusted Zone: www.antispypro.com
    O15 - Trusted Zone: www.aoc-europe.com
    O15 - Trusted Zone: www.askanowner.nl
    O15 - Trusted Zone: ftp.atcomputing.nl
    O15 - Trusted Zone: *.blackboard.ru.nl
    O15 - Trusted Zone: forums.breekpunt.nl
    O15 - Trusted Zone: log.campaigns.nl
    O15 - Trusted Zone: home.casema.nl
    O15 - Trusted Zone: *.castlecops.com
    O15 - Trusted Zone: home.comcast.net
    O15 - Trusted Zone: www.comparestoreprices.co.uk
    O15 - Trusted Zone: *.computing.net
    O15 - Trusted Zone: www.daniweb.com
    O15 - Trusted Zone: www.dierenambulancehelmond.nl
    O15 - Trusted Zone: www.dimo.nl
    O15 - Trusted Zone: www.doggynet.nl
    O15 - Trusted Zone: www.download.com
    O15 - Trusted Zone: www.doxdesk.com
    O15 - Trusted Zone: lists.aas.duke.edu
    O15 - Trusted Zone: art.ebay.com
    O15 - Trusted Zone: art.listings.ebay.com
    O15 - Trusted Zone: cgi.ebay.com
    O15 - Trusted Zone: feedback.ebay.com
    O15 - Trusted Zone: my.ebay.com
    O15 - Trusted Zone: pages.ebay.com
    O15 - Trusted Zone: search.ebay.com
    O15 - Trusted Zone: signin.ebay.com
    O15 - Trusted Zone: www.ebay.com
    O15 - Trusted Zone: secure.element5.com
    O15 - Trusted Zone: www.emsisoft.com
    O15 - Trusted Zone: www.enigmasoftware.com
    O15 - Trusted Zone: www.enigmasoftwaregroup.com
    O15 - Trusted Zone: www.enom.com
    O15 - Trusted Zone: www.entechtaiwan.com
    O15 - Trusted Zone: www.experts-exchange.com
    O15 - Trusted Zone: www.faqfarm.com
    O15 - Trusted Zone: forum.faqman.nl
    O15 - Trusted Zone: www.fox.nl
    O15 - Trusted Zone: www.funda.nl
    O15 - Trusted Zone: groups.google.nl
    O15 - Trusted Zone: images.google.nl
    O15 - Trusted Zone: www.google.nl
    O15 - Trusted Zone: www4.hccnet.nl
    O15 - Trusted Zone: www.huisinhelmond.nl
    O15 - Trusted Zone: www.kieskeurig.nl
    O15 - Trusted Zone: www.let.kun.nl
    O15 - Trusted Zone: www.student.kun.nl
    O15 - Trusted Zone: www.let.ru.nl
    O15 - Trusted Zone: www.mac-net.com
    O15 - Trusted Zone: www.marktplaats.nl
    O15 - Trusted Zone: *.marktplaats.nl
    O15 - Trusted Zone: www.michelangelo.com
    O15 - Trusted Zone: www.mrbass.org
    O15 - Trusted Zone: www.multifoon.nl
    O15 - Trusted Zone: www.pcwereld.be
    O15 - Trusted Zone: www.pdatechcenter.nl
    O15 - Trusted Zone: media.popuptraffic.com
    O15 - Trusted Zone: www.pricerunner.co.uk
    O15 - Trusted Zone: www.probeernu.nl
    O15 - Trusted Zone: www.rabomakelaardijdepeel.nl
    O15 - Trusted Zone: www.rabomakelaardijzuid.nl
    O15 - Trusted Zone: www.registrant.nl
    O15 - Trusted Zone: www.reviewcentre.com
    O15 - Trusted Zone: www.sannen.nl
    O15 - Trusted Zone: www.shopgenie.co.uk
    O15 - Trusted Zone: www.sosstrays.be
    O15 - Trusted Zone: www.stichtingaai.nl
    O15 - Trusted Zone: www.student.ru.nl
    O15 - Trusted Zone: *.surf.to
    O15 - Trusted Zone: securityresponse.symantec.com
    O15 - Trusted Zone: forums.techguy.org
    O15 - Trusted Zone: forums.thatcomputerguy.us
    O15 - Trusted Zone: www.twanpoels.nl
    O15 - Trusted Zone: forum.tweakzone.nl
    O15 - Trusted Zone: www.vkampen.nl
    O15 - Trusted Zone: wpls.webpower.com
    O15 - Trusted Zone: www.wonenin.nl
    O15 - Trusted Zone: *.www.ns.nl
    O15 - Trusted Zone: *.www.ru.nl
    O15 - Trusted Zone: www.xs4all.nl
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O20 - Winlogon Notify: ynlushsc - C:\WINDOWS\SYSTEM32\ynlushsc.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\rapapp.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O24 - Desktop Component 0: (no name) - http://akomed.nl/Pictures/top2.jpg
    O24 - Desktop Component 1: (no name) - http://ebay0.ipixmedia.com/abc/M28/_EBAY_7836be91b2f85b5ad844154187ed287f/i-1.JPG
    O24 - Desktop Component 10: (no name) - http://doggy.net/pups/clipart/aai-logo.gif
    O24 - Desktop Component 11: (no name) - http://www.dierenthuis.nl/nieuws/habikat/pics/habikat.jpg
    O24 - Desktop Component 12: (no name) - http://pictures.autotrader.nl/PICTURES/NLDE/CARS/200x150/6735169215814200x150x1x0.jpg
    O24 - Desktop Component 13: (no name) - http://www.drink.nl/REAL_A/ag.gif
    O24 - Desktop Component 14: (no name) - http://www.why.nl/graphics/nieuwefront_01.jpg
    O24 - Desktop Component 15: (no name) - http://www.vlooienmarkten.nl/images/grotekerkdenhaag.jpg
    O24 - Desktop Component 2: (no name) - http://images.google.com/images?q=tbn:_-DfWjwd4doC:www.hondkopen.nl/foto%27s/jachthonden8/AmCockers/puppies%2520met%2520pompoen.JPG
    O24 - Desktop Component 3: (no name) - http://www.hondkopen.nl/foto's/jachthonden8/AmCockers/puppies%20met%20pompoen.JPG
    O24 - Desktop Component 4: (no name) - http://home.quicknet.nl/mw/prive/blackmask/Luna7-140902.jpg
    O24 - Desktop Component 5: (no name) - http://images.google.com/images?q=tbn:o_cZqkNNymcC:home.planet.nl/~katna000/images/post.gif
    O24 - Desktop Component 6: (no name) - http://doggy.net/pups/messages/286/22206.jpg
    O24 - Desktop Component 7: (no name) - http://doggy.net/pups/messages/286/22569.jpg
    O24 - Desktop Component 8: (no name) - http://www.telefoongids.nl/pix/telgids.gif
    O24 - Desktop Component 9: (no name) - http://us.f804.mail.yahoo.com/ym/ShowLetter/Image5.jpg?box=Inbox&MsgId=5941_1933083_33779_1391_237394_0_8966_307682_894583483&bodyPart=2&filename=Image5.jpg&tnef=&YY=26537&order=down&sort=date&pos=0


    End of file - 16152 bytes
  • Hoi Dennis :)

    Start hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:
    [b:5956664c7d]
    O1 - Hosts: 66.98.148.65 auto.search.msn.com
    O1 - Hosts: 66.98.148.65 auto.search.msn.es
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\ynlushsc.dll
    O4 - HKLM\..\Run: [Winsock2 driver] NTSYS32.EXE
    O4 - HKLM\..\Run: [tubwtork] rundll32.exe "C:\Program Files\ebsvaxwf\mxezurgt.dll",Init
    O4 - HKLM\..\Run: [rojkjqli] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\rojkjqli.dll"
    O4 - HKLM\..\Run: [acb588aa] rundll32.exe "C:\WINDOWS\system32\bqlggior.dll",b
    O4 - Startup: .protected
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {F2570A0D-001D-477D-93D1-D05EF5EB95CD} - (no file)
    [/b:5956664c7d]

    Indien je onderstaande 'Trusted zones' niet zelf hebt ingesteld, kun je deze ook aanvinken:
    [b:5956664c7d]
    O15 - Trusted Zone: www.2-spyware.com
    O15 - Trusted Zone: www.albricht.nl
    O15 - Trusted Zone: www.aluriasoftware.com
    O15 - Trusted Zone: www.antispypro.com
    O15 - Trusted Zone: www.aoc-europe.com
    O15 - Trusted Zone: www.askanowner.nl
    O15 - Trusted Zone: ftp.atcomputing.nl
    O15 - Trusted Zone: *.blackboard.ru.nl
    O15 - Trusted Zone: forums.breekpunt.nl
    O15 - Trusted Zone: log.campaigns.nl
    O15 - Trusted Zone: home.casema.nl
    O15 - Trusted Zone: *.castlecops.com
    O15 - Trusted Zone: home.comcast.net
    O15 - Trusted Zone: www.comparestoreprices.co.uk
    O15 - Trusted Zone: *.computing.net
    O15 - Trusted Zone: www.daniweb.com
    O15 - Trusted Zone: www.dierenambulancehelmond.nl
    O15 - Trusted Zone: www.dimo.nl
    O15 - Trusted Zone: www.doggynet.nl
    O15 - Trusted Zone: www.download.com
    O15 - Trusted Zone: www.doxdesk.com
    O15 - Trusted Zone: lists.aas.duke.edu
    O15 - Trusted Zone: art.ebay.com
    O15 - Trusted Zone: art.listings.ebay.com
    O15 - Trusted Zone: cgi.ebay.com
    O15 - Trusted Zone: feedback.ebay.com
    O15 - Trusted Zone: my.ebay.com
    O15 - Trusted Zone: pages.ebay.com
    O15 - Trusted Zone: search.ebay.com
    O15 - Trusted Zone: signin.ebay.com
    O15 - Trusted Zone: www.ebay.com
    O15 - Trusted Zone: secure.element5.com
    O15 - Trusted Zone: www.emsisoft.com
    O15 - Trusted Zone: www.enigmasoftware.com
    O15 - Trusted Zone: www.enigmasoftwaregroup.com
    O15 - Trusted Zone: www.enom.com
    O15 - Trusted Zone: www.entechtaiwan.com
    O15 - Trusted Zone: www.experts-exchange.com
    O15 - Trusted Zone: www.faqfarm.com
    O15 - Trusted Zone: forum.faqman.nl
    O15 - Trusted Zone: www.fox.nl
    O15 - Trusted Zone: www.funda.nl
    O15 - Trusted Zone: groups.google.nl
    O15 - Trusted Zone: images.google.nl
    O15 - Trusted Zone: www.google.nl
    O15 - Trusted Zone: www4.hccnet.nl
    O15 - Trusted Zone: www.huisinhelmond.nl
    O15 - Trusted Zone: www.kieskeurig.nl
    O15 - Trusted Zone: www.let.kun.nl
    O15 - Trusted Zone: www.student.kun.nl
    O15 - Trusted Zone: www.let.ru.nl
    O15 - Trusted Zone: www.mac-net.com
    O15 - Trusted Zone: www.marktplaats.nl
    O15 - Trusted Zone: *.marktplaats.nl
    O15 - Trusted Zone: www.michelangelo.com
    O15 - Trusted Zone: www.mrbass.org
    O15 - Trusted Zone: www.multifoon.nl
    O15 - Trusted Zone: www.pcwereld.be
    O15 - Trusted Zone: www.pdatechcenter.nl
    O15 - Trusted Zone: media.popuptraffic.com
    O15 - Trusted Zone: www.pricerunner.co.uk
    O15 - Trusted Zone: www.probeernu.nl
    O15 - Trusted Zone: www.rabomakelaardijdepeel.nl
    O15 - Trusted Zone: www.rabomakelaardijzuid.nl
    O15 - Trusted Zone: www.registrant.nl
    O15 - Trusted Zone: www.reviewcentre.com
    O15 - Trusted Zone: www.sannen.nl
    O15 - Trusted Zone: www.shopgenie.co.uk
    O15 - Trusted Zone: www.sosstrays.be
    O15 - Trusted Zone: www.stichtingaai.nl
    O15 - Trusted Zone: www.student.ru.nl
    O15 - Trusted Zone: *.surf.to
    O15 - Trusted Zone: securityresponse.symantec.com
    O15 - Trusted Zone: forums.techguy.org
    O15 - Trusted Zone: forums.thatcomputerguy.us
    O15 - Trusted Zone: www.twanpoels.nl
    O15 - Trusted Zone: forum.tweakzone.nl
    O15 - Trusted Zone: www.vkampen.nl
    O15 - Trusted Zone: wpls.webpower.com
    O15 - Trusted Zone: www.wonenin.nl
    O15 - Trusted Zone: *.www.ns.nl
    O15 - Trusted Zone: *.www.ru.nl
    O15 - Trusted Zone: www.xs4all.nl
    [/b:5956664c7d]

    Sluit alle openstaande vensters, behalve hijackthis en klik op 'Fix checked'

    Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:5956664c7d]
    File::
    C:\WINDOWS\system32\bqlggior.dll
    C:\WINDOWS\system32\sfauqmdt.dll
    C:\WINDOWS\system32\vmgoelri.exe
    C:\WINDOWS\system32\ynlushsc.dll
    C:\WINDOWS\system32\sgdmsuom.dll

    Folder::
    C:\Program Files\ebsvaxwf
    C:\Program Files\Dswkmwdc

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ea69e99c-7441-4d22-b0a4-e71126cc1f9c}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\ynlushsc]
    [/b:5956664c7d]

    Sla dit op op je Bureaublad als [b:5956664c7d]CFScript.txt[/b:5956664c7d]

    Sleep [b:5956664c7d]CFScript.txt[/b:5956664c7d] in [b:5956664c7d]ComboFix.exe[/b:5956664c7d] zoals getoond in onderstaand voorbeeld :
    [img:5956664c7d]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:5956664c7d]

    Dit zal [b:5956664c7d]ComboFix[/b:5956664c7d] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

    Pim
  • Hoi Pim,

    De volgende regels kon ik niet aanvinken, omdat deze er niet bij stonden:
    O1 - Hosts: 66.98.148.65 auto.search.msn.com
    O1 - Hosts: 66.98.148.65 auto.search.msn.es
    O4 - HKLM\..\Run: [tubwtork] rundll32.exe "C:\Program Files\ebsvaxwf\mxezurgt.dll",Init
    O4 - HKLM\..\Run: [rojkjqli] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\rojkjqli.dll"
    O4 - Startup: .protected

    [b:fccec2c7dc]ComboFix:[/b:fccec2c7dc]

    ComboFix 07-11-08.3 - Den - Man 2007-11-16 13:45:47.7 - NTFSx86
    Gestart vanuit: C:\Documents and Settings\Den - Man\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Den - Man\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt

    FILE
    C:\WINDOWS\system32\bqlggior.dll
    C:\WINDOWS\system32\sfauqmdt.dll
    C:\WINDOWS\system32\sgdmsuom.dll
    C:\WINDOWS\system32\vmgoelri.exe
    C:\WINDOWS\system32\ynlushsc.dll
    .

    Onmogelijk Systeem Rechten te verkrijgen

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Menu Start\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Menu Start\Online Security Guide.lnk
    C:\Documents and Settings\Den - Man\Bureaublad\Live Safety Center.lnk
    C:\Documents and Settings\Den - Man\Bureaublad\Online Security Guide.lnk
    C:\Documents and Settings\Den - Man\Favorieten\Online Security Guide.lnk
    C:\Program Files\Dswkmwdc
    C:\Program Files\Dswkmwdc\wepoogkk.dll
    C:\Program Files\ebsvaxwf
    C:\Program Files\ebsvaxwf\mxezurgt.dll
    C:\WINDOWS\system32\bqlggior.dll
    C:\WINDOWS\system32\sfauqmdt.dll
    C:\WINDOWS\system32\sgdmsuom.dll
    C:\WINDOWS\system32\vmgoelri.exe
    C:\WINDOWS\system32\ynlushsc.dll
    C:\WINDOWS\system32\ynlushsc.dllbox

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-10-16 to 2007-11-16 ))))))))))))))))))))))))))))))
    .

    2007-11-15 22:48 <DIR> d—-c— C:\HostsXpert
    2007-11-15 15:44 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-11-15 01:34 <DIR> d—-c— C:\HiJack
    2007-11-15 00:38 <DIR> d—-c— C:\VundoFix Backups
    2007-11-14 02:14 8,501,760 —–c— C:\WINDOWS\system32\dllcache\shell32.dll
    2007-11-14 01:29 <DIR> d—-c— C:\Documents and Settings\All Users\Application Data\SecTaskMan
    2007-11-13 23:31 <DIR> d——– C:\Program Files\SymNetDrv
    2007-11-13 02:09 <DIR> dr-h—– C:\Documents and Settings\Den - Man\Onlangs geopend
    2007-11-12 17:09 <DIR> d——– C:\Program Files\MagicISO
    2007-10-20 17:21 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\Symantec
    2007-10-19 15:34 <DIR> d——– C:\Program Files\Spyware Doctor
    2007-10-19 15:34 <DIR> d——– C:\Documents and Settings\Den - Man\Application Data\PC Tools
    2007-10-19 15:34 <DIR> d-a–c— C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-19 15:34 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-10-19 15:34 79,688 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-10-19 15:34 62,280 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-10-19 15:34 41,288 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-10-19 15:34 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-15 18:00 ——— d—–w C:\Program Files\Common Files\Symantec Shared
    2007-11-15 14:27 ——— dc—-w C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-11-15 00:03 10,344 —-a-w C:\WINDOWS\system32\drivers\symlcbrd.sys
    2007-11-14 23:37 ——— d—–w C:\Program Files\Enigma Software Group
    2007-11-14 00:05 ——— d—–w C:\Program Files\PHP Designer 2005
    2007-11-13 22:35 ——— d—–w C:\Program Files\Norton AntiVirus
    2007-11-13 22:31 805 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-11-13 22:31 123,952 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-11-13 22:31 10,740 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-11-13 22:31 ——— d—–w C:\Program Files\Symantec
    2007-11-13 22:14 ——— dc—-w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-11-13 22:05 ——— dc—-w C:\Documents and Settings\All Users\Application Data\Setup
    2007-11-13 22:05 ——— d—–w C:\Program Files\KaZaA Lite
    2007-11-13 21:51 ——— dc—-w C:\Documents and Settings\All Users\Application Data\Skype
    2007-11-13 21:51 ——— d—–w C:\Program Files\Skype
    2007-11-13 21:34 ——— d—–w C:\Program Files\Lavasoft
    2007-11-13 21:16 ——— d—–w C:\Program Files\FileZilla
    2007-10-27 21:18 ——— d—–w C:\Program Files\Picasa2
    2004-02-09 09:48 2,352 —-a-w C:\Documents and Settings\Den - Man\Application Data\mpauth.dat
    2002-11-22 20:54 4,103,168 -c–a-w C:\Program Files\12640_04.exe
    2002-11-17 16:17 52,135 —-a-r C:\Program Files\Windows_XP_SP11.zip
    2002-11-14 10:54 58,012 —-a-w C:\Program Files\Uninstal.exe
    2002-11-13 21:59 24,630 —-a-w C:\Documents and Settings\Den - Man\Application Data\llslllydqkw.exe
    2002-10-09 14:56 375,917 —-a-w C:\Program Files\yahtzee.zip
    2002-10-06 17:20 493,384 —-a-w C:\Program Files\ie6setup.exe
    2002-09-26 10:05 8,670,600 —-a-w C:\Program Files\mpsetupXP.exe
    2002-09-22 14:49 0 —-a-w C:\Program Files\Global.sw
    2002-08-30 00:11 152,848 —-a-w C:\Program Files\kmd.exe
    2002-08-30 00:08 3,510,536 —-a-w C:\Program Files\winamp3_0-full.exe
    2002-08-28 04:08 7,172 —-a-w C:\Program Files\ClassicGames.iip
    2002-08-28 03:56 424,818 —-a-w C:\Program Files\classicgames.exe
    2002-08-27 16:03 8,905,672 —-a-w C:\Program Files\ar505nld.exe
    2002-08-24 01:53 11,255,038 —-a-w C:\Program Files\DirectDVD.exe
    2002-08-24 01:10 29,636,471 —-a-w C:\Program Files\fo-psp702f.zip
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FLMK08KB"="C:\Program Files\Trust\302KS\Keyboard\MMKEYBD.EXE" [2004-07-31 00:25]
    "FLMBROWSEMOUSE"="C:\Program Files\Trust\302KS\Mouse\mouse32a.exe" [2004-07-31 00:26]
    "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57]
    "ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 16:07]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52]
    "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 18:58]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 15:24]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-31 23:08]
    "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2006-09-25 17:16]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
    "XMetaL 48"="C:\Program Files\Corel\XMetaL 4\Author\registration.exe" [2002-07-03 14:03]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 15:27]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-11-13 23:31]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 15:00]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-06-05 10:54:24]
    BlackICE Utility.lnk - C:\Program Files\Network ICE\BlackICE\blackice.exe [2002-09-25 11:10:27]
    Exif Launcher.lnk.disabled [2003-09-22 08:53:06]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-03-26 21:41:22]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]
    VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2005-11-12 16:57:54]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [2002-09-30 17:36 86016]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "InstantAccess"=C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
    "InCD"=C:\Program Files\ahead\InCD\InCD.exe
    "RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    "REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    "NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe
    "RegisterDropHandler"=C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    "HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    "winactive"=C:\Program Files\Window Active\winactive.exe
    "Diskstart"=C:\WINDOWS\System32\code.exe
    "CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

    R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys
    R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys
    R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys
    R1 RapDrv;RapDrv;\??\C:\WINDOWS\System32\drivers\RapDrv.sys
    R1 RapFile;RapFile;\??\C:\WINDOWS\System32\drivers\RapFile.sys
    R1 RapNet;RapNet;\??\C:\WINDOWS\System32\drivers\RapNet.sys
    R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys
    S3 CA504AV;FAMILYC@M 500 FLASH, WDM Video Capture;C:\WINDOWS\system32\Drivers\CA504AV.SYS
    S3 QDFSDRV;QDFSDRV;\??\C:\WINDOWS\system32\drivers\qdfsdrv.sys
    S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
    S3 Sunplus;FAMILYC@M 500 FLASH Still Image Capture, Sunplus Version 1.00;C:\WINDOWS\system32\Drivers\Bulk504.sys

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-11-13 22:23:36 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Den - Man.job"
    - C:\PROGRA~1\NORTON~1\Navw32.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-16 13:58:42
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-11-16 14:01:38 - machine was rebooted
    C:\ComboFix2.txt … 2007-11-15 20:16
    C:\ComboFix3.txt … 2007-11-15 18:50
    .
    — E O F —

    [b:fccec2c7dc]HiJack:[/b:fccec2c7dc]

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:09:09, on 16-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Trust\302KS\Keyboard\KbdAp32A.exe
    C:\Program Files\Trust\302KS\Mouse\mouse32a.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\ASUS\Probe\AsusProb.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\TomTom HOME\TomTomHOME.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\Network ICE\BlackICE\blackd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Network ICE\BlackICE\blackice.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\HiJack\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Trust\302KS\Keyboard\MMKEYBD.EXE
    O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Program Files\Trust\302KS\Mouse\mouse32a.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [XMetaL 48] C:\Program Files\Corel\XMetaL 4\Author\registration.exe /title="XMetaL 4" /date=111807 serial=XA04WRD-0010630-MTS
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BlackICE Utility.lnk = ?
    O4 - Global Startup: Exif Launcher.lnk.disabled
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.blackboard.ru.nl
    O15 - Trusted Zone: www.dimo.nl
    O15 - Trusted Zone: www.doggynet.nl
    O15 - Trusted Zone: art.ebay.com
    O15 - Trusted Zone: art.listings.ebay.com
    O15 - Trusted Zone: cgi.ebay.com
    O15 - Trusted Zone: feedback.ebay.com
    O15 - Trusted Zone: my.ebay.com
    O15 - Trusted Zone: pages.ebay.com
    O15 - Trusted Zone: search.ebay.com
    O15 - Trusted Zone: signin.ebay.com
    O15 - Trusted Zone: www.ebay.com
    O15 - Trusted Zone: www.funda.nl
    O15 - Trusted Zone: images.google.nl
    O15 - Trusted Zone: www.google.nl
    O15 - Trusted Zone: www.huisinhelmond.nl
    O15 - Trusted Zone: www.kieskeurig.nl
    O15 - Trusted Zone: www.let.ru.nl
    O15 - Trusted Zone: www.marktplaats.nl
    O15 - Trusted Zone: *.marktplaats.nl
    O15 - Trusted Zone: www.rabomakelaardijdepeel.nl
    O15 - Trusted Zone: www.rabomakelaardijzuid.nl
    O15 - Trusted Zone: www.sosstrays.be
    O15 - Trusted Zone: www.stichtingaai.nl
    O15 - Trusted Zone: www.student.ru.nl
    O15 - Trusted Zone: securityresponse.symantec.com
    O15 - Trusted Zone: www.twanpoels.nl
    O15 - Trusted Zone: www.vkampen.nl
    O15 - Trusted Zone: *.www.ns.nl
    O15 - Trusted Zone: *.www.ru.nl
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\rapapp.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O24 - Desktop Component 0: (no name) - http://akomed.nl/Pictures/top2.jpg
    O24 - Desktop Component 1: (no name) - http://ebay0.ipixmedia.com/abc/M28/_EBAY_7836be91b2f85b5ad844154187ed287f/i-1.JPG
    O24 - Desktop Component 10: (no name) - http://doggy.net/pups/clipart/aai-logo.gif
    O24 - Desktop Component 11: (no name) - http://www.dierenthuis.nl/nieuws/habikat/pics/habikat.jpg
    O24 - Desktop Component 12: (no name) - http://pictures.autotrader.nl/PICTURES/NLDE/CARS/200x150/6735169215814200x150x1x0.jpg
    O24 - Desktop Component 13: (no name) - http://www.drink.nl/REAL_A/ag.gif
    O24 - Desktop Component 14: (no name) - http://www.why.nl/graphics/nieuwefront_01.jpg
    O24 - Desktop Component 15: (no name) - http://www.vlooienmarkten.nl/images/grotekerkdenhaag.jpg
    O24 - Desktop Component 2: (no name) - http://images.google.com/images?q=tbn:_-DfWjwd4doC:www.hondkopen.nl/foto%27s/jachthonden8/AmCockers/puppies%2520met%2520pompoen.JPG
    O24 - Desktop Component 3: (no name) - http://www.hondkopen.nl/foto's/jachthonden8/AmCockers/puppies%20met%20pompoen.JPG
    O24 - Desktop Component 4: (no name) - http://home.quicknet.nl/mw/prive/blackmask/Luna7-140902.jpg
    O24 - Desktop Component 5: (no name) - http://images.google.com/images?q=tbn:o_cZqkNNymcC:home.planet.nl/~katna000/images/post.gif
    O24 - Desktop Component 6: (no name) - http://doggy.net/pups/messages/286/22206.jpg
    O24 - Desktop Component 7: (no name) - http://doggy.net/pups/messages/286/22569.jpg
    O24 - Desktop Component 8: (no name) - http://www.telefoongids.nl/pix/telgids.gif
    O24 - Desktop Component 9: (no name) - http://us.f804.mail.yahoo.com/ym/ShowLetter/Image5.jpg?box=Inbox&MsgId=5941_1933083_33779_1391_237394_0_8966_307682_894583483&bodyPart=2&filename=Image5.jpg&tnef=&YY=26537&order=down&sort=date&pos=0


    End of file - 13207 bytes
    ——————————————
    Mijn computer lijkt weer een stuk stabieler en wat sneller te zijn en vooralsnog geen meldingen van een Trojan.Vundo virus. Het zal toch niet waar zijn… Moet ik nog andere stappen doorlopen?

    mvrgr Dennis
  • Het ziet er goed uit Dennis!

    Echter nog even één dingetje controleren:
    Zegt onderstaande regel je iets cq gebruik je dit programma:
    [b:64252782d2]
    O4 - HKLM\..\Run: [XMetaL 48] C:\Program Files\Corel\XMetaL 4\Author\registration.exe /title="XMetaL 4" /date=111807 serial=XA04WRD-0010630-MTS
    [/b:64252782d2]

    Indien het je niks gezegt, kun je onderstaande file eens uploaden bij Jotti.
    C:\Program Files\Corel\XMetaL 4\Author\registration.exe

    Plaats de uitslag in je volgende post.

    Pim
  • Hoi Pim,

    Ja, dit programma gebruik ik voor een Content Management systeem. Dan neem ik aan dat mijn computer nu genezen is verklaard? Goed werk Pim, enorm bedankt! Als ik ooit weer te maken krijg met die irritante virussen, dan klop ik zeker weer aan. :D

    mvrgr Dennis
  • Hoi Dennis,

    Het ziet er allemaal weer prima uit!

    Deinstalleer Combofix:
    Ga naar start –> uitvoeren en typ daar: [b:69fe194c72]combofix /u[/b:69fe194c72]
    Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.


    Lees om herhaling te voorkomen deze beveiligingstips nog eens door:
    http://www.jawwi.nl/nederlands/tips/beveiligen/beveiligen.html

    Pim

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.