Vraag & Antwoord

Beveiliging & privacy

besmet met Vundo/Virtumonde

24 antwoorden
  • Mijn computer is besmet met Vundo. Ik heb geprobeerd met Vundofix het te verwijderen maar hij krijgt niet alles weg. Er is nu nog bijvoorbeeld een bestand C:\WINDOWS\system32\efcaxus.dll en dat kan niet worden verwijderd. Kan iemand mij helpen...? Theo hier alvast mijn Hijacklogfile: (overigens gemaakt in safe mode) Logfile of HijackThis v1.99.1 Scan saved at 17:43:01, on 26-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Documents and Settings\Theo\Bureaublad\virus gelul\hijackthis\Hijackshit.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4487CCA4-0BB3-4D9B-840E-635BFEA5220D} - C:\WINDOWS\system32\vtutu.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll O2 - BHO: (no name) - {644610BB-4DF2-4550-9848-CCDA86431A21} - C:\WINDOWS\system32\jkhfc.dll (file missing) O2 - BHO: (no name) - {6EAC9A92-03E8-48A2-A15A-DC2158E3E2D9} - C:\WINDOWS\system32\mllmm.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll O2 - BHO: (no name) - {9B8EDC93-A259-47FC-A80D-C6026963ACDD} - C:\WINDOWS\system32\vtstr.dll (file missing) O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134} - C:\WINDOWS\system32\efcaxus.dll O2 - BHO: {07a1e34a-c471-776b-37e4-5e3f18ad131e} - {e131da81-f3e5-4e73-b677-174ca43e1a70} - C:\WINDOWS\system32\qwcbwwyy.dll (file missing) O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ROBOTFTPSCHED] C:\Program Files\FTPShell\botsched.exe O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [MSConfig] C:\Documents and Settings\Theo\Bureaublad\msconfig.exe /auto O4 - HKLM\..\Run: [10e30233] rundll32.exe "C:\WINDOWS\system32\uucyxlaa.dll",b O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKLM\..\RunOnce: [SpybotDeletingA3820] command /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKLM\..\RunOnce: [SpybotDeletingC3532] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKLM\..\RunOnce: [SpybotDeletingA9080] command /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC3075] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingA5667] command /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC4686] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingA6208] command /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC8552] cmd /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingA7145] command /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC9073] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingA1306] command /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKLM\..\RunOnce: [SpybotDeletingC9610] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKLM\..\RunOnce: [SpybotDeletingA8313] command /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC6509] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingA777] command /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC6459] cmd /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingA4229] command /c del "C:\WINDOWS\system32\jkhfc.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC6493] cmd /c del "C:\WINDOWS\system32\jkhfc.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingA6262] command /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC6467] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingA2154] command /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKLM\..\RunOnce: [SpybotDeletingC8147] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKLM\..\RunOnce: [SpybotDeletingA6065] command /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC5227] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingA2089] command /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC7578] cmd /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingA7721] command /c del "C:\WINDOWS\system32\jkhfc.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC9043] cmd /c del "C:\WINDOWS\system32\jkhfc.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingA5642] command /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKLM\..\RunOnce: [SpybotDeletingC5253] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKLM\..\RunOnce: [SpybotDeletingA1573] command /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC5453] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingA5953] command /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC3664] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKLM\..\RunOnce: [VundoFix] "C:\Documents and Settings\Theo\Bureaublad\vundofix.exe" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Device Detection] C:\Program Files\AH Fotoservice\dd.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [DDC] C:\WINDOWS\system32\tbrncqcs.exe O4 - HKCU\..\RunOnce: [SpybotDeletingB2701] command /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKCU\..\RunOnce: [SpybotDeletingD9348] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKCU\..\RunOnce: [SpybotDeletingB9950] command /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingD6373] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingB5155] command /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD930] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB4568] command /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingD575] cmd /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingB2703] command /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingD431] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingB3879] command /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKCU\..\RunOnce: [SpybotDeletingD2928] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKCU\..\RunOnce: [SpybotDeletingB745] command /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD2283] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB9904] command /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingD5120] cmd /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingB5617] command /c del "C:\WINDOWS\system32\jkhfc.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD6212] cmd /c del "C:\WINDOWS\system32\jkhfc.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB2102] command /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKCU\..\RunOnce: [SpybotDeletingD235] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKCU\..\RunOnce: [SpybotDeletingB4313] command /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingD1429] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingB9423] command /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD8740] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.techzine.nl/scan8/oscan8.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O20 - Winlogon Notify: efcaxus - C:\WINDOWS\SYSTEM32\efcaxus.dll O20 - Winlogon Notify: uhpumrbw - uhpumrbw.dll (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\tbrncqcs.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PREVXAgent - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe" -f (file missing) O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • Afgaand op wat ik bij eerdere posts heb gelezen neem ik aan dat het de bedoeling is dat ik combofix uitvoer en een nieuwere versie van Hijackthis gebruik. Hier volgen de logs. Ik hoop dat iemand me kan vertellen wat ik ermee moet... Theo Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:36:06, on 26-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll O2 - BHO: (no name) - {644610BB-4DF2-4550-9848-CCDA86431A21} - C:\WINDOWS\system32\jkhfc.dll (file missing) O2 - BHO: (no name) - {6EAC9A92-03E8-48A2-A15A-DC2158E3E2D9} - C:\WINDOWS\system32\mllmm.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll O2 - BHO: (no name) - {9B8EDC93-A259-47FC-A80D-C6026963ACDD} - C:\WINDOWS\system32\vtstr.dll (file missing) O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: {07a1e34a-c471-776b-37e4-5e3f18ad131e} - {e131da81-f3e5-4e73-b677-174ca43e1a70} - C:\WINDOWS\system32\qwcbwwyy.dll (file missing) O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ROBOTFTPSCHED] C:\Program Files\FTPShell\botsched.exe O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [MSConfig] C:\Documents and Settings\Theo\Bureaublad\msconfig.exe /auto O4 - HKLM\..\Run: [10e30233] rundll32.exe "C:\WINDOWS\system32\uucyxlaa.dll",b O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKLM\..\RunOnce: [SpybotDeletingA3820] command /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKLM\..\RunOnce: [SpybotDeletingC3532] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKLM\..\RunOnce: [SpybotDeletingA9080] command /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC3075] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingA5667] command /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC4686] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingA6208] command /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC8552] cmd /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingA7145] command /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC9073] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingA1306] command /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKLM\..\RunOnce: [SpybotDeletingC9610] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKLM\..\RunOnce: [SpybotDeletingA8313] command /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC6509] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingA777] command /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC6459] cmd /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingA4229] command /c del "C:\WINDOWS\system32\jkhfc.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC6493] cmd /c del "C:\WINDOWS\system32\jkhfc.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingA6262] command /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC6467] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingA2154] command /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKLM\..\RunOnce: [SpybotDeletingC8147] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKLM\..\RunOnce: [SpybotDeletingA6065] command /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC5227] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingA2089] command /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC7578] cmd /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingA7721] command /c del "C:\WINDOWS\system32\jkhfc.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC9043] cmd /c del "C:\WINDOWS\system32\jkhfc.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingA5642] command /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKLM\..\RunOnce: [SpybotDeletingC5253] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKLM\..\RunOnce: [SpybotDeletingA1573] command /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC5453] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingA5953] command /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC3664] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKLM\..\RunOnce: [VundoFix] "C:\Documents and Settings\Theo\Bureaublad\vundofix.exe" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Device Detection] C:\Program Files\AH Fotoservice\dd.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [SpybotDeletingB2701] command /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKCU\..\RunOnce: [SpybotDeletingD9348] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKCU\..\RunOnce: [SpybotDeletingB9950] command /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingD6373] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingB5155] command /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD930] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB4568] command /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingD575] cmd /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingB2703] command /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingD431] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingB3879] command /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKCU\..\RunOnce: [SpybotDeletingD2928] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKCU\..\RunOnce: [SpybotDeletingB745] command /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD2283] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB9904] command /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingD5120] cmd /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingB5617] command /c del "C:\WINDOWS\system32\jkhfc.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD6212] cmd /c del "C:\WINDOWS\system32\jkhfc.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB2102] command /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKCU\..\RunOnce: [SpybotDeletingD235] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKCU\..\RunOnce: [SpybotDeletingB4313] command /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingD1429] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingB9423] command /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD8740] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.techzine.nl/scan8/oscan8.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O20 - Winlogon Notify: uhpumrbw - uhpumrbw.dll (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PREVXAgent - Prevx - C:\Program Files\Prevx2\PXAgent.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 15752 bytes En hier die van combofix: (Ik heb een heleboel regels weggelaten want er waren duizenden bestanden van de vorm pos****.tmp die de log een beetje onhandzaam maakten...) ComboFix 08-01-23.1C - Theo 2008-01-26 18:06:02.1 - NTFSx86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.274 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Theo\Bureaublad\virus gelul\ComboFix.exe [color=red:69b255b8b0][b:69b255b8b0]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b:69b255b8b0][/color:69b255b8b0] . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Laura\Mijn documenten\pos1000.tmp C:\Documents and Settings\Laura\Mijn documenten\pos1001.tmp ... (etc) ... C:\Documents and Settings\Laura\Mijn documenten\posFFE.tmp C:\Documents and Settings\Laura\Mijn documenten\posFFF.tmp C:\Documents and Settings\Theo\Mijn documenten\pos138B.tmp C:\Documents and Settings\Theo\Mijn documenten\pos138C.tmp ... (etc) ... C:\Documents and Settings\Theo\Mijn documenten\posFA5.tmp C:\Documents and Settings\Theo\Mijn documenten\posFA6.tmp C:\pos1.tmp C:\pos10.tmp C:\pos100.tmp C:\pos1000.tmp C:\pos1001.tmp C:\pos1002.tmp ... (etc) ... C:\posFFD.tmp C:\posFFE.tmp C:\posFFF.tmp C:\Program Files\Temporary C:\WINDOWS\b.exe C:\WINDOWS\Fonts\a.zip C:\WINDOWS\system32\efcaxus.dll C:\WINDOWS\system32\taskkill.exe C:\WINDOWS\system32\ututv.ini C:\WINDOWS\system32\ututv.ini2 C:\WINDOWS\system32\vtutu.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService (((((((((((((((((((( Bestanden Gemaakt van 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))) . 2008-01-26 18:01 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-26 09:51 . 2008-01-26 16:01 <DIR> d-------- C:\VundoFix Backups 2008-01-24 23:15 . 2008-01-24 23:15 <DIR> d-------- C:\WINDOWS\LastGood 2008-01-24 23:15 . 2008-01-26 09:42 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-01-24 18:27 . 2008-01-24 18:27 <DIR> d-------- C:\Program Files\CCleaner 2008-01-24 16:14 . 2008-01-25 18:45 979 --a------ C:\WINDOWS\wininit.ini 2008-01-22 21:55 . 2008-01-22 21:55 1,110,643 ---hs---- C:\WINDOWS\system32\qmjspumg.ini 2008-01-18 16:29 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-16 19:57 . 2008-01-22 21:55 1,111,123 ---hs---- C:\WINDOWS\system32\mrndghns.ini 2008-01-14 17:11 . 2008-01-16 19:54 1,066,306 ---hs---- C:\WINDOWS\system32\eoaduoll.ini 2008-01-10 13:38 . 2008-01-15 21:10 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe 2008-01-10 13:17 . 2008-01-10 13:17 0 --a------ C:\WINDOWS\CeEKey .INI 2008-01-10 12:31 . 2008-01-24 14:25 <DIR> d-------- C:\Program Files\Prevx2 2008-01-09 21:49 . 2008-01-10 13:36 24,576 --a------ C:\WINDOWS\system32\ZoomingHook .exe 2008-01-09 20:44 . 2008-01-09 20:44 17,642,616 --a------ C:\WINDOWS\system32\MRT .exe 2008-01-09 17:40 . 2008-01-09 17:40 208 --a------ C:\WINDOWS\system32\MRT.INI 2008-01-08 22:41 . 2008-01-08 22:42 <DIR> d-------- C:\Program Files\MathType 2008-01-08 22:07 . 2008-01-13 17:20 <DIR> d-------- C:\Program Files\Dot1XCfg 2008-01-08 22:07 . 2008-01-08 22:07 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-25 19:16 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-25 19:15 --------- d-----w C:\Program Files\Java 2008-01-22 22:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-13 16:20 --------- d-----w C:\Program Files\SymNetDrv 2008-01-13 16:20 --------- d-----w C:\Program Files\REGSHAVE 2008-01-13 16:20 --------- d-----w C:\Program Files\QuickTime 2008-01-11 12:21 --------- d-----w C:\Program Files\Norton Internet Security 2008-01-11 12:21 --------- d-----w C:\Program Files\iTunes 2008-01-11 12:21 --------- d-----w C:\Program Files\FTPShell 2008-01-10 13:39 --------- d-----w C:\Program Files\Conexant 2008-01-10 13:38 --------- d-----w C:\Program Files\EzButton 2008-01-10 13:37 --------- d-----w C:\Program Files\Apoint2K . [code:1:69b255b8b0]<pre> ----a-w 192,512 2008-01-10 12:35:49 C:\Program Files\Apoint2K\Apoint .exe ----a-w 339,968 2008-01-10 12:35:45 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe ----a-w 139,264 2008-01-10 12:36:44 C:\Program Files\Common Files\Nokia\NCLTools\NclConf .exe ----a-w 1,106,944 2008-01-10 12:36:58 C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer .exe ----a-w 180,269 2008-01-10 12:36:55 C:\Program Files\Common Files\Real\Update_OB\realsched .exe ----a-w 71,256 2008-01-10 12:36:20 C:\Program Files\Common Files\Symantec Shared\ccApp .exe ----a-w 462,848 2008-01-10 12:36:31 C:\Program Files\Conexant\CnxDslTb .exe ----a-w 61,440 2008-01-10 12:38:23 C:\Program Files\Dot1XCfg\Dot1XCfg .exe ----a-w 712,704 2008-01-10 12:36:00 C:\Program Files\EzButton\EzButton .EXE ----a-w 60,928 2008-01-11 12:21:26 C:\Program Files\FTPShell\botsched .exe ----a-w 68,856 2008-01-10 14:03:24 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe ----a-w 6,731,312 2008-01-24 18:40:13 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe ----a-w 49,152 2008-01-10 12:37:00 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe ----a-w 278,528 2008-01-11 12:21:26 C:\Program Files\iTunes\iTunesHelper .exe ----a-w 49,263 2008-01-10 12:37:29 C:\Program Files\Java\jre1.5.0_08\bin\jusched .exe ----a-w 1,694,208 2008-01-09 20:19:23 C:\Program Files\Messenger\msmsgs .exe ----a-w 167,936 2008-01-10 12:36:44 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication .exe ----a-w 70,760 2008-01-11 12:21:15 C:\Program Files\Norton Internet Security\UrlLstCk .exe ----a-w 1,997,880 2008-01-11 12:21:34 C:\Program Files\Prevx2\PXConsole .exe ----a-w 53,248 2008-01-11 12:21:17 C:\Program Files\REGSHAVE\REGSHAVE .EXE ----a-w 95,960 2008-01-11 12:21:18 C:\Program Files\SymNetDrv\SNDMon .exe ----a-w 643,072 2008-01-10 12:35:59 C:\Program Files\TOSHIBA\E-KEY\CeEKey .exe ----a-w 1,019,904 2008-01-10 12:36:02 C:\Program Files\TOSHIBA\PadTouch\PadExe .exe ----a-w 135,168 2008-01-10 12:35:50 C:\Program Files\TOSHIBA\Power Management\CePMTray .exe ----a-w 65,536 2008-01-10 12:37:57 C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd .exe ----a-w 118,784 2008-01-10 12:36:06 C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView .exe ----a-w 53,248 2008-01-10 12:36:05 C:\Program Files\TOSHIBA\TouchPad\TPTray .exe ----a-w 15,360 2008-01-15 20:10:23 C:\WINDOWS\system32\ctfmon .exe ----a-w 17,642,616 2008-01-09 19:44:52 C:\WINDOWS\system32\MRT .exe ----a-w 24,576 2008-01-10 12:36:05 C:\WINDOWS\system32\ZoomingHook .exe </pre>[/code:1:69b255b8b0] -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{644610BB-4DF2-4550-9848-CCDA86431A21}] C:\WINDOWS\system32\jkhfc.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EAC9A92-03E8-48A2-A15A-DC2158E3E2D9}] C:\WINDOWS\system32\mllmm.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B8EDC93-A259-47FC-A80D-C6026963ACDD}] C:\WINDOWS\system32\vtstr.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e131da81-f3e5-4e73-b677-174ca43e1a70}] C:\WINDOWS\system32\qwcbwwyy.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [ ] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ] "Device Detection"="C:\Program Files\AH Fotoservice\dd.exe" [ ] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ] "Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "SpybotDeletingB2701"="command /c del C:\WINDOWS\system32\uhpumrbw.dllbox" [ ] "SpybotDeletingD9348"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dllbox" [ ] "SpybotDeletingB9950"="command /c del C:\WINDOWS\system32\uhpumrbw.dll_old" [ ] "SpybotDeletingD6373"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dll_old" [ ] "SpybotDeletingB5155"="command /c del C:\WINDOWS\system32\uhpumrbw.dll" [ ] "SpybotDeletingD930"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dll" [ ] "SpybotDeletingB4568"="command /c del C:\WINDOWS\system32\jkhfc.dll_old" [ ] "SpybotDeletingD575"="cmd /c del C:\WINDOWS\system32\jkhfc.dll_old" [ ] "SpybotDeletingB2703"="command /c del C:\WINDOWS\system32\uhpumrbw.dll_old" [ ] "SpybotDeletingD431"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dll_old" [ ] "SpybotDeletingB3879"="command /c del C:\WINDOWS\system32\uhpumrbw.dllbox" [ ] "SpybotDeletingD2928"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dllbox" [ ] "SpybotDeletingB745"="command /c del C:\WINDOWS\system32\uhpumrbw.dll" [ ] "SpybotDeletingD2283"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dll" [ ] "SpybotDeletingB9904"="command /c del C:\WINDOWS\system32\jkhfc.dll_old" [ ] "SpybotDeletingD5120"="cmd /c del C:\WINDOWS\system32\jkhfc.dll_old" [ ] "SpybotDeletingB5617"="command /c del C:\WINDOWS\system32\jkhfc.dll" [ ] "SpybotDeletingD6212"="cmd /c del C:\WINDOWS\system32\jkhfc.dll" [ ] "SpybotDeletingB2102"="command /c del C:\WINDOWS\system32\uhpumrbw.dllbox" [ ] "SpybotDeletingD235"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dllbox" [ ] "SpybotDeletingB4313"="command /c del C:\WINDOWS\system32\uhpumrbw.dll_old" [ ] "SpybotDeletingD1429"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dll_old" [ ] "SpybotDeletingB9423"="command /c del C:\WINDOWS\system32\uhpumrbw.dll" [ ] "SpybotDeletingD8740"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dll" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [ ] "AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 04:00 88363 C:\WINDOWS\agrsmmsg.exe] "CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [ ] "CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [ ] "EzButton"="C:\Program Files\EzButton\EzButton.EXE" [ ] "TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [ ] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [ ] "NDSTray.exe"="NDSTray.exe" [] "URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [ ] "CFSServ.exe"="CFSServ.exe" [] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 07:06 29696 C:\WINDOWS\KHALMNPR.Exe] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [ ] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [ ] "DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [ ] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [ ] "ROBOTFTPSCHED"="C:\Program Files\FTPShell\botsched.exe" [ ] "PrevxOne"="C:\Program Files\Prevx2\PXConsole.exe" [ ] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-24 23:08 6731312] "MSConfig"="C:\Documents and Settings\Theo\Bureaublad\msconfig.exe" [ ] "10e30233"="C:\WINDOWS\system32\uucyxlaa.dll" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2007-08-31 16:46 4943184] "SpybotDeletingA3820"="command /c del C:\WINDOWS\system32\uhpumrbw.dllbox" [ ] "SpybotDeletingC3532"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dllbox" [ ] "SpybotDeletingA9080"="command /c del C:\WINDOWS\system32\uhpumrbw.dll_old" [ ] "SpybotDeletingC3075"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dll_old" [ ] "SpybotDeletingA5667"="command /c del C:\WINDOWS\system32\uhpumrbw.dll" [ ] "SpybotDeletingC4686"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dll" [ ] "SpybotDeletingA6208"="command /c del C:\WINDOWS\system32\jkhfc.dll_old" [ ] "SpybotDeletingC8552"="cmd /c del C:\WINDOWS\system32\jkhfc.dll_old" [ ] "SpybotDeletingA7145"="command /c del C:\WINDOWS\system32\uhpumrbw.dll_old" [ ] "SpybotDeletingC9073"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dll_old" [ ] "SpybotDeletingA1306"="command /c del C:\WINDOWS\system32\uhpumrbw.dllbox" [ ] "SpybotDeletingC9610"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dllbox" [ ] "SpybotDeletingA8313"="command /c del C:\WINDOWS\system32\uhpumrbw.dll" [ ] "SpybotDeletingC6509"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dll" [ ] "SpybotDeletingA777"="command /c del C:\WINDOWS\system32\jkhfc.dll_old" [ ] "SpybotDeletingC6459"="cmd /c del C:\WINDOWS\system32\jkhfc.dll_old" [ ] "SpybotDeletingA4229"="command /c del C:\WINDOWS\system32\jkhfc.dll" [ ] "SpybotDeletingC6493"="cmd /c del C:\WINDOWS\system32\jkhfc.dll" [ ] "SpybotDeletingA6262"="command /c del C:\WINDOWS\system32\uhpumrbw.dll_old" [ ] "SpybotDeletingC6467"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dll_old" [ ] "SpybotDeletingA2154"="command /c del C:\WINDOWS\system32\uhpumrbw.dllbox" [ ] "SpybotDeletingC8147"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dllbox" [ ] "SpybotDeletingA6065"="command /c del C:\WINDOWS\system32\uhpumrbw.dll" [ ] "SpybotDeletingC5227"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dll" [ ] "SpybotDeletingA2089"="command /c del C:\WINDOWS\system32\jkhfc.dll_old" [ ] "SpybotDeletingC7578"="cmd /c del C:\WINDOWS\system32\jkhfc.dll_old" [ ] "SpybotDeletingA7721"="command /c del C:\WINDOWS\system32\jkhfc.dll" [ ] "SpybotDeletingC9043"="cmd /c del C:\WINDOWS\system32\jkhfc.dll" [ ] "SpybotDeletingA5642"="command /c del C:\WINDOWS\system32\uhpumrbw.dllbox" [ ] "SpybotDeletingC5253"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dllbox" [ ] "SpybotDeletingA1573"="command /c del C:\WINDOWS\system32\uhpumrbw.dll_old" [ ] "SpybotDeletingC5453"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dll_old" [ ] "SpybotDeletingA5953"="command /c del C:\WINDOWS\system32\uhpumrbw.dll" [ ] "SpybotDeletingC3664"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dll" [ ] "SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2007-08-31 16:46 4943184] "VundoFix"="C:\Documents and Settings\Theo\Bureaublad\vundofix.exe" [2008-01-25 22:04 132608] C:\Documents and Settings\Theo\Menu Start\Programma's\Opstarten\ Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-17 07:03:44 59080] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-03-13 19:15:27 573440] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360] Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 23:49:24 73728] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-03-07 20:57:58 106560] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\uhpumrbw] uhpumrbw.dll R3 ncfvsbus;NCF Virtual Serial Bus Enumerator;C:\WINDOWS\system32\DRIVERS\ncfvsbus.sys [2004-11-26 10:15] S0 Cdr4vsd;Cdr4vsd;C:\WINDOWS\system32\drivers\Cdr4vsd.sys [1999-05-06 01:50] S2 NokiaSuite3;NokiaSuite3;C:\WINDOWS\system32\drivers\NokiaSuite3.sys [1998-09-12 08:59] S3 CnxEtP;ADSL USB MODEM LAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-03-06 09:20] S3 CnxEtU;ADSL USB MODEM Loader;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-03-06 09:20] S3 CnxTgN;ADSL USB MODEM LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2005-03-06 09:20] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17555c5c-fff6-11d8-b410-806d6172696f}] \Shell\AutoRun\command - D:\browser.exe . Inhoud van de 'Gedeelde Taken' map "2005-03-11 22:50:11 C:\WINDOWS\Tasks\Herinnering voor registratie 1.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2005-03-18 22:05:11 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2005-03-04 14:39:21 C:\WINDOWS\Tasks\Herinnering voor registratie 3.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2008-01-24 11:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job" - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe "2007-12-23 11:43:43 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - Theo.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task: "2008-01-22 22:33:45 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-26 20:28:18 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-01-26 20:34:03 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-26 19:34:01 . 2008-01-09 18:08:15 --- E O F --- [/b]
  • Herstart je PC eens, maak daarna een nieuwe log met Combofix en Hijackthis en post die
  • Bedankt voor je reactie! Hier zijn de nieuwe logs. Ze zijn gemaakt met windows in veilige modus. Is dat goed? groeten, Theo combofix: ComboFix 08-01-23.1C - Theo 2008-01-27 17:30:59.2 - NTFSx86 NETWORK Gestart vanuit: C:\Documents and Settings\Theo\Bureaublad\virus gelul\ComboFix.exe [color=red:ba0bbdbf84][b:ba0bbdbf84]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b:ba0bbdbf84][/color:ba0bbdbf84] . (((((((((((((((((((( Bestanden Gemaakt van 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))) . 2008-01-27 12:43 . 2008-01-27 12:43 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-01-27 12:30 . 2008-01-27 12:30 <DIR> d-------- C:\WINDOWS\system32\nl-nl 2008-01-27 12:30 . 2008-01-27 12:30 759 --a------ C:\WINDOWS\system32\spupdsvc.inf 2008-01-26 23:33 . 2008-01-26 23:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-26 22:09 . 2008-01-26 22:09 <DIR> d-------- C:\Program Files\Trend Micro 2008-01-26 18:01 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-26 09:51 . 2008-01-27 11:57 <DIR> d-------- C:\VundoFix Backups 2008-01-25 20:17 . 2008-01-27 12:28 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-01-24 23:15 . 2008-01-24 23:15 <DIR> d-------- C:\WINDOWS\LastGood 2008-01-24 23:15 . 2008-01-27 17:20 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-01-24 18:27 . 2008-01-24 18:27 <DIR> d-------- C:\Program Files\CCleaner 2008-01-24 16:14 . 2008-01-25 18:45 979 --a------ C:\WINDOWS\wininit.ini 2008-01-22 21:55 . 2008-01-22 21:55 1,110,643 ---hs---- C:\WINDOWS\system32\qmjspumg.ini 2008-01-18 16:29 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-16 19:57 . 2008-01-22 21:55 1,111,123 ---hs---- C:\WINDOWS\system32\mrndghns.ini 2008-01-14 17:11 . 2008-01-16 19:54 1,066,306 ---hs---- C:\WINDOWS\system32\eoaduoll.ini 2008-01-10 13:38 . 2008-01-15 21:10 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe 2008-01-10 13:17 . 2008-01-10 13:17 0 --a------ C:\WINDOWS\CeEKey .INI 2008-01-10 12:31 . 2008-01-24 14:25 <DIR> d-------- C:\Program Files\Prevx2 2008-01-09 21:49 . 2008-01-10 13:36 24,576 --a------ C:\WINDOWS\system32\ZoomingHook .exe 2008-01-09 20:44 . 2008-01-09 20:44 17,642,616 --a------ C:\WINDOWS\system32\MRT .exe 2008-01-09 17:40 . 2008-01-09 17:40 208 --a------ C:\WINDOWS\system32\MRT.INI 2008-01-08 22:41 . 2008-01-08 22:42 <DIR> d-------- C:\Program Files\MathType 2008-01-08 22:07 . 2008-01-08 22:07 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-25 19:16 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-25 19:15 --------- d-----w C:\Program Files\Java 2008-01-22 22:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-13 16:20 --------- d-----w C:\Program Files\SymNetDrv 2008-01-13 16:20 --------- d-----w C:\Program Files\REGSHAVE 2008-01-13 16:20 --------- d-----w C:\Program Files\QuickTime 2008-01-11 12:21 --------- d-----w C:\Program Files\Norton Internet Security 2008-01-11 12:21 --------- d-----w C:\Program Files\iTunes 2008-01-11 12:21 --------- d-----w C:\Program Files\FTPShell 2008-01-10 13:39 --------- d-----w C:\Program Files\Conexant 2008-01-10 13:38 --------- d-----w C:\Program Files\EzButton 2008-01-10 13:37 --------- d-----w C:\Program Files\Apoint2K 2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll 2005-05-11 21:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll . [code:1:ba0bbdbf84]<pre> ----a-w 192,512 2008-01-10 12:35:49 C:\Program Files\Apoint2K\Apoint .exe ----a-w 339,968 2008-01-10 12:35:45 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe ----a-w 139,264 2008-01-10 12:36:44 C:\Program Files\Common Files\Nokia\NCLTools\NclConf .exe ----a-w 1,106,944 2008-01-10 12:36:58 C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer .exe ----a-w 180,269 2008-01-10 12:36:55 C:\Program Files\Common Files\Real\Update_OB\realsched .exe ----a-w 71,256 2008-01-10 12:36:20 C:\Program Files\Common Files\Symantec Shared\ccApp .exe ----a-w 462,848 2008-01-10 12:36:31 C:\Program Files\Conexant\CnxDslTb .exe ----a-w 712,704 2008-01-10 12:36:00 C:\Program Files\EzButton\EzButton .EXE ----a-w 60,928 2008-01-11 12:21:26 C:\Program Files\FTPShell\botsched .exe ----a-w 68,856 2008-01-10 14:03:24 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe ----a-w 6,731,312 2008-01-24 18:40:13 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe ----a-w 49,152 2008-01-10 12:37:00 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe ----a-w 278,528 2008-01-11 12:21:26 C:\Program Files\iTunes\iTunesHelper .exe ----a-w 49,263 2008-01-10 12:37:29 C:\Program Files\Java\jre1.5.0_08\bin\jusched .exe ----a-w 1,694,208 2008-01-09 20:19:23 C:\Program Files\Messenger\msmsgs .exe ----a-w 167,936 2008-01-10 12:36:44 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication .exe ----a-w 70,760 2008-01-11 12:21:15 C:\Program Files\Norton Internet Security\UrlLstCk .exe ----a-w 1,997,880 2008-01-11 12:21:34 C:\Program Files\Prevx2\PXConsole .exe ----a-w 53,248 2008-01-11 12:21:17 C:\Program Files\REGSHAVE\REGSHAVE .EXE ----a-w 95,960 2008-01-11 12:21:18 C:\Program Files\SymNetDrv\SNDMon .exe ----a-w 643,072 2008-01-10 12:35:59 C:\Program Files\TOSHIBA\E-KEY\CeEKey .exe ----a-w 1,019,904 2008-01-10 12:36:02 C:\Program Files\TOSHIBA\PadTouch\PadExe .exe ----a-w 135,168 2008-01-10 12:35:50 C:\Program Files\TOSHIBA\Power Management\CePMTray .exe ----a-w 65,536 2008-01-10 12:37:57 C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd .exe ----a-w 118,784 2008-01-10 12:36:06 C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView .exe ----a-w 53,248 2008-01-10 12:36:05 C:\Program Files\TOSHIBA\TouchPad\TPTray .exe ----a-w 15,360 2008-01-15 20:10:23 C:\WINDOWS\system32\ctfmon .exe ----a-w 17,642,616 2008-01-09 19:44:52 C:\WINDOWS\system32\MRT .exe ----a-w 24,576 2008-01-10 12:36:05 C:\WINDOWS\system32\ZoomingHook .exe </pre>[/code:1:ba0bbdbf84] ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{644610BB-4DF2-4550-9848-CCDA86431A21}] C:\WINDOWS\system32\jkhfc.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EAC9A92-03E8-48A2-A15A-DC2158E3E2D9}] C:\WINDOWS\system32\mllmm.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B8EDC93-A259-47FC-A80D-C6026963ACDD}] C:\WINDOWS\system32\vtstr.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e131da81-f3e5-4e73-b677-174ca43e1a70}] C:\WINDOWS\system32\qwcbwwyy.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [ ] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ] "Device Detection"="C:\Program Files\AH Fotoservice\dd.exe" [ ] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ] "Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "SpybotDeletingB2701"="command /c del C:\WINDOWS\system32\uhpumrbw.dllbox" [ ] "SpybotDeletingD9348"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dllbox" [ ] "SpybotDeletingB9950"="command /c del C:\WINDOWS\system32\uhpumrbw.dll_old" [ ] "SpybotDeletingD6373"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dll_old" [ ] "SpybotDeletingB5155"="command /c del C:\WINDOWS\system32\uhpumrbw.dll" [ ] "SpybotDeletingD930"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dll" [ ] "SpybotDeletingB4568"="command /c del C:\WINDOWS\system32\jkhfc.dll_old" [ ] "SpybotDeletingD575"="cmd /c del C:\WINDOWS\system32\jkhfc.dll_old" [ ] "SpybotDeletingB2703"="command /c del C:\WINDOWS\system32\uhpumrbw.dll_old" [ ] "SpybotDeletingD431"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dll_old" [ ] "SpybotDeletingB3879"="command /c del C:\WINDOWS\system32\uhpumrbw.dllbox" [ ] "SpybotDeletingD2928"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dllbox" [ ] "SpybotDeletingB745"="command /c del C:\WINDOWS\system32\uhpumrbw.dll" [ ] "SpybotDeletingD2283"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dll" [ ] "SpybotDeletingB9904"="command /c del C:\WINDOWS\system32\jkhfc.dll_old" [ ] "SpybotDeletingD5120"="cmd /c del C:\WINDOWS\system32\jkhfc.dll_old" [ ] "SpybotDeletingB5617"="command /c del C:\WINDOWS\system32\jkhfc.dll" [ ] "SpybotDeletingD6212"="cmd /c del C:\WINDOWS\system32\jkhfc.dll" [ ] "SpybotDeletingB2102"="command /c del C:\WINDOWS\system32\uhpumrbw.dllbox" [ ] "SpybotDeletingD235"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dllbox" [ ] "SpybotDeletingB4313"="command /c del C:\WINDOWS\system32\uhpumrbw.dll_old" [ ] "SpybotDeletingD1429"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dll_old" [ ] "SpybotDeletingB9423"="command /c del C:\WINDOWS\system32\uhpumrbw.dll" [ ] "SpybotDeletingD8740"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dll" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [ ] "AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 04:00 88363 C:\WINDOWS\agrsmmsg.exe] "CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [ ] "CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [ ] "EzButton"="C:\Program Files\EzButton\EzButton.EXE" [ ] "TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [ ] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [ ] "NDSTray.exe"="NDSTray.exe" [] "URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [ ] "CFSServ.exe"="CFSServ.exe" [] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 07:06 29696 C:\WINDOWS\KHALMNPR.Exe] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [ ] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [ ] "DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [ ] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [ ] "ROBOTFTPSCHED"="C:\Program Files\FTPShell\botsched.exe" [ ] "PrevxOne"="C:\Program Files\Prevx2\PXConsole.exe" [ ] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-24 23:08 6731312] "MSConfig"="C:\Documents and Settings\Theo\Bureaublad\msconfig.exe" [ ] "10e30233"="C:\WINDOWS\system32\uucyxlaa.dll" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2007-08-31 16:46 4943184] "SpybotDeletingA3820"="command /c del C:\WINDOWS\system32\uhpumrbw.dllbox" [ ] "SpybotDeletingC3532"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dllbox" [ ] "SpybotDeletingA9080"="command /c del C:\WINDOWS\system32\uhpumrbw.dll_old" [ ] "SpybotDeletingC3075"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dll_old" [ ] "SpybotDeletingA5667"="command /c del C:\WINDOWS\system32\uhpumrbw.dll" [ ] "SpybotDeletingC4686"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dll" [ ] "SpybotDeletingA6208"="command /c del C:\WINDOWS\system32\jkhfc.dll_old" [ ] "SpybotDeletingC8552"="cmd /c del C:\WINDOWS\system32\jkhfc.dll_old" [ ] "SpybotDeletingA7145"="command /c del C:\WINDOWS\system32\uhpumrbw.dll_old" [ ] "SpybotDeletingC9073"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dll_old" [ ] "SpybotDeletingA1306"="command /c del C:\WINDOWS\system32\uhpumrbw.dllbox" [ ] "SpybotDeletingC9610"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dllbox" [ ] "SpybotDeletingA8313"="command /c del C:\WINDOWS\system32\uhpumrbw.dll" [ ] "SpybotDeletingC6509"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dll" [ ] "SpybotDeletingA777"="command /c del C:\WINDOWS\system32\jkhfc.dll_old" [ ] "SpybotDeletingC6459"="cmd /c del C:\WINDOWS\system32\jkhfc.dll_old" [ ] "SpybotDeletingA4229"="command /c del C:\WINDOWS\system32\jkhfc.dll" [ ] "SpybotDeletingC6493"="cmd /c del C:\WINDOWS\system32\jkhfc.dll" [ ] "SpybotDeletingA6262"="command /c del C:\WINDOWS\system32\uhpumrbw.dll_old" [ ] "SpybotDeletingC6467"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dll_old" [ ] "SpybotDeletingA2154"="command /c del C:\WINDOWS\system32\uhpumrbw.dllbox" [ ] "SpybotDeletingC8147"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dllbox" [ ] "SpybotDeletingA6065"="command /c del C:\WINDOWS\system32\uhpumrbw.dll" [ ] "SpybotDeletingC5227"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dll" [ ] "SpybotDeletingA2089"="command /c del C:\WINDOWS\system32\jkhfc.dll_old" [ ] "SpybotDeletingC7578"="cmd /c del C:\WINDOWS\system32\jkhfc.dll_old" [ ] "SpybotDeletingA7721"="command /c del C:\WINDOWS\system32\jkhfc.dll" [ ] "SpybotDeletingC9043"="cmd /c del C:\WINDOWS\system32\jkhfc.dll" [ ] "SpybotDeletingA5642"="command /c del C:\WINDOWS\system32\uhpumrbw.dllbox" [ ] "SpybotDeletingC5253"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dllbox" [ ] "SpybotDeletingA1573"="command /c del C:\WINDOWS\system32\uhpumrbw.dll_old" [ ] "SpybotDeletingC5453"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dll_old" [ ] "SpybotDeletingA5953"="command /c del C:\WINDOWS\system32\uhpumrbw.dll" [ ] "SpybotDeletingC3664"="cmd /c del C:\WINDOWS\system32\uhpumrbw.dll" [ ] "SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2007-08-31 16:46 4943184] "VundoFix"="C:\Documents and Settings\Theo\Bureaublad\vundofix.exe" [2008-01-25 22:04 132608] "NoIE4StubProcessing"="C:\WINDOWS\system32\reg.exe" [2004-08-04 11:00 56832] C:\Documents and Settings\Theo\Menu Start\Programma's\Opstarten\ Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-17 07:03:44 59080] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-03-13 19:15:27 573440] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360] Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 23:49:24 73728] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-03-07 20:57:58 106560] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\uhpumrbw] uhpumrbw.dll R3 ncfvsbus;NCF Virtual Serial Bus Enumerator;C:\WINDOWS\system32\DRIVERS\ncfvsbus.sys [2004-11-26 10:15] S0 Cdr4vsd;Cdr4vsd;C:\WINDOWS\system32\drivers\Cdr4vsd.sys [1999-05-06 01:50] S2 NokiaSuite3;NokiaSuite3;C:\WINDOWS\system32\drivers\NokiaSuite3.sys [1998-09-12 08:59] S3 CnxEtP;ADSL USB MODEM LAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-03-06 09:20] S3 CnxEtU;ADSL USB MODEM Loader;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-03-06 09:20] S3 CnxTgN;ADSL USB MODEM LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2005-03-06 09:20] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17555c5c-fff6-11d8-b410-806d6172696f}] \Shell\AutoRun\command - D:\browser.exe . Inhoud van de 'Gedeelde Taken' map "2005-03-11 22:50:11 C:\WINDOWS\Tasks\Herinnering voor registratie 1.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2005-03-18 22:05:11 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2005-03-04 14:39:21 C:\WINDOWS\Tasks\Herinnering voor registratie 3.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2008-01-24 11:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job" - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe "2007-12-23 11:43:43 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - Theo.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task: "2008-01-22 22:33:45 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-27 17:36:35 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-01-27 17:37:57 ComboFix-quarantined-files.txt 2008-01-27 16:37:55 ComboFix2.txt 2008-01-26 19:34:04 . 2008-01-09 18:08:15 --- E O F --- hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:39:22, on 27-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll O2 - BHO: (no name) - {644610BB-4DF2-4550-9848-CCDA86431A21} - C:\WINDOWS\system32\jkhfc.dll (file missing) O2 - BHO: (no name) - {6EAC9A92-03E8-48A2-A15A-DC2158E3E2D9} - C:\WINDOWS\system32\mllmm.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll O2 - BHO: (no name) - {9B8EDC93-A259-47FC-A80D-C6026963ACDD} - C:\WINDOWS\system32\vtstr.dll (file missing) O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: {07a1e34a-c471-776b-37e4-5e3f18ad131e} - {e131da81-f3e5-4e73-b677-174ca43e1a70} - C:\WINDOWS\system32\qwcbwwyy.dll (file missing) O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ROBOTFTPSCHED] C:\Program Files\FTPShell\botsched.exe O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [MSConfig] C:\Documents and Settings\Theo\Bureaublad\msconfig.exe /auto O4 - HKLM\..\Run: [10e30233] rundll32.exe "C:\WINDOWS\system32\uucyxlaa.dll",b O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKLM\..\RunOnce: [SpybotDeletingA3820] command /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKLM\..\RunOnce: [SpybotDeletingC3532] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKLM\..\RunOnce: [SpybotDeletingA9080] command /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC3075] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingA5667] command /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC4686] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingA6208] command /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC8552] cmd /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingA7145] command /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC9073] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingA1306] command /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKLM\..\RunOnce: [SpybotDeletingC9610] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKLM\..\RunOnce: [SpybotDeletingA8313] command /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC6509] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingA777] command /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC6459] cmd /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingA4229] command /c del "C:\WINDOWS\system32\jkhfc.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC6493] cmd /c del "C:\WINDOWS\system32\jkhfc.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingA6262] command /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC6467] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingA2154] command /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKLM\..\RunOnce: [SpybotDeletingC8147] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKLM\..\RunOnce: [SpybotDeletingA6065] command /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC5227] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingA2089] command /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC7578] cmd /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingA7721] command /c del "C:\WINDOWS\system32\jkhfc.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC9043] cmd /c del "C:\WINDOWS\system32\jkhfc.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingA5642] command /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKLM\..\RunOnce: [SpybotDeletingC5253] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKLM\..\RunOnce: [SpybotDeletingA1573] command /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC5453] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingA5953] command /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC3664] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKLM\..\RunOnce: [VundoFix] "C:\Documents and Settings\Theo\Bureaublad\vundofix.exe" O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Device Detection] C:\Program Files\AH Fotoservice\dd.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [SpybotDeletingB2701] command /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKCU\..\RunOnce: [SpybotDeletingD9348] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKCU\..\RunOnce: [SpybotDeletingB9950] command /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingD6373] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingB5155] command /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD930] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB4568] command /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingD575] cmd /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingB2703] command /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingD431] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingB3879] command /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKCU\..\RunOnce: [SpybotDeletingD2928] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKCU\..\RunOnce: [SpybotDeletingB745] command /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD2283] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB9904] command /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingD5120] cmd /c del "C:\WINDOWS\system32\jkhfc.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingB5617] command /c del "C:\WINDOWS\system32\jkhfc.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD6212] cmd /c del "C:\WINDOWS\system32\jkhfc.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB2102] command /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKCU\..\RunOnce: [SpybotDeletingD235] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dllbox" O4 - HKCU\..\RunOnce: [SpybotDeletingB4313] command /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingD1429] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingB9423] command /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD8740] cmd /c del "C:\WINDOWS\system32\uhpumrbw.dll" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.techzine.nl/scan8/oscan8.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O20 - Winlogon Notify: uhpumrbw - uhpumrbw.dll (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PREVXAgent - Prevx - C:\Program Files\Prevx2\PXAgent.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 16456 bytes
  • Oh ja, misschien dat die ook relevante informatie is: Voordat ik de gevraagde, nieuwe logs gemaakt heb, heb ik de online-scanner Karspersky laten draaien en die merkte C:\Program Files\Dot1XCfg\Dot1XCfg .exe aan als geinfecteerd met het virus: Trojan-Downloader.Win32.Adload.qf Ik heb dat programma toen maar verwijderd. groeten, Theo
  • Hoi Theo, Wil je de logfiles in normale modus maken? Veilige modus toont namelijk niet alles. Pim
  • hoi Pim, Dat ging een stuk moeizamer dan in veilige modus... En het symbooltje van de harde schijf C: is weer voorzien van een rood kruis :? . Maar goed, hier komen de logs: Theo ComboFix 08-01-23.1C - Theo 2008-01-28 0:27:48.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.171 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Theo\Bureaublad\virus gelul\ComboFix.exe [color=red:5d04bd198d][b:5d04bd198d]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b:5d04bd198d][/color:5d04bd198d] . (((((((((((((((((((( Bestanden Gemaakt van 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))) . 2008-01-27 12:43 . 2008-01-27 12:43 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-01-27 12:30 . 2008-01-27 12:30 <DIR> d-------- C:\WINDOWS\system32\nl-nl 2008-01-26 23:33 . 2008-01-26 23:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-26 22:09 . 2008-01-26 22:09 <DIR> d-------- C:\Program Files\Trend Micro 2008-01-26 18:01 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-26 09:51 . 2008-01-27 11:57 <DIR> d-------- C:\VundoFix Backups 2008-01-25 20:17 . 2008-01-27 12:28 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-01-24 23:15 . 2008-01-27 17:20 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-01-24 18:27 . 2008-01-24 18:27 <DIR> d-------- C:\Program Files\CCleaner 2008-01-24 16:14 . 2008-01-25 18:45 979 --a------ C:\WINDOWS\wininit.ini 2008-01-22 21:55 . 2008-01-22 21:55 1,110,643 ---hs---- C:\WINDOWS\system32\qmjspumg.ini 2008-01-18 16:29 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-16 19:57 . 2008-01-22 21:55 1,111,123 ---hs---- C:\WINDOWS\system32\mrndghns.ini 2008-01-14 17:11 . 2008-01-16 19:54 1,066,306 ---hs---- C:\WINDOWS\system32\eoaduoll.ini 2008-01-10 13:38 . 2008-01-15 21:10 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe 2008-01-10 13:17 . 2008-01-10 13:17 0 --a------ C:\WINDOWS\CeEKey .INI 2008-01-10 12:31 . 2008-01-28 00:33 <DIR> d-------- C:\Program Files\Prevx2 2008-01-09 21:49 . 2008-01-10 13:36 24,576 --a------ C:\WINDOWS\system32\ZoomingHook .exe 2008-01-09 20:44 . 2008-01-09 20:44 17,642,616 --a------ C:\WINDOWS\system32\MRT .exe 2008-01-09 17:40 . 2008-01-09 17:40 208 --a------ C:\WINDOWS\system32\MRT.INI 2008-01-08 22:41 . 2008-01-08 22:42 <DIR> d-------- C:\Program Files\MathType 2008-01-08 22:07 . 2008-01-08 22:07 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-25 19:16 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-25 19:15 --------- d-----w C:\Program Files\Java 2008-01-22 22:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-13 16:20 --------- d-----w C:\Program Files\SymNetDrv 2008-01-13 16:20 --------- d-----w C:\Program Files\REGSHAVE 2008-01-13 16:20 --------- d-----w C:\Program Files\QuickTime 2008-01-11 12:21 --------- d-----w C:\Program Files\Norton Internet Security 2008-01-11 12:21 --------- d-----w C:\Program Files\iTunes 2008-01-11 12:21 --------- d-----w C:\Program Files\FTPShell 2008-01-10 13:39 --------- d-----w C:\Program Files\Conexant 2008-01-10 13:38 --------- d-----w C:\Program Files\EzButton 2008-01-10 13:37 --------- d-----w C:\Program Files\Apoint2K 2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll 2005-05-11 21:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll . [code:1:5d04bd198d]<pre> ----a-w 192,512 2008-01-10 12:35:49 C:\Program Files\Apoint2K\Apoint .exe ----a-w 339,968 2008-01-10 12:35:45 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe ----a-w 139,264 2008-01-10 12:36:44 C:\Program Files\Common Files\Nokia\NCLTools\NclConf .exe ----a-w 1,106,944 2008-01-10 12:36:58 C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer .exe ----a-w 180,269 2008-01-10 12:36:55 C:\Program Files\Common Files\Real\Update_OB\realsched .exe ----a-w 71,256 2008-01-10 12:36:20 C:\Program Files\Common Files\Symantec Shared\ccApp .exe ----a-w 462,848 2008-01-10 12:36:31 C:\Program Files\Conexant\CnxDslTb .exe ----a-w 712,704 2008-01-10 12:36:00 C:\Program Files\EzButton\EzButton .EXE ----a-w 60,928 2008-01-11 12:21:26 C:\Program Files\FTPShell\botsched .exe ----a-w 68,856 2008-01-10 14:03:24 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe ----a-w 6,731,312 2008-01-24 18:40:13 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe ----a-w 49,152 2008-01-10 12:37:00 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe ----a-w 278,528 2008-01-11 12:21:26 C:\Program Files\iTunes\iTunesHelper .exe ----a-w 49,263 2008-01-10 12:37:29 C:\Program Files\Java\jre1.5.0_08\bin\jusched .exe ----a-w 1,694,208 2008-01-09 20:19:23 C:\Program Files\Messenger\msmsgs .exe ----a-w 167,936 2008-01-10 12:36:44 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication .exe ----a-w 70,760 2008-01-11 12:21:15 C:\Program Files\Norton Internet Security\UrlLstCk .exe ----a-w 1,997,880 2008-01-11 12:21:34 C:\Program Files\Prevx2\PXConsole .exe ----a-w 53,248 2008-01-11 12:21:17 C:\Program Files\REGSHAVE\REGSHAVE .EXE ----a-w 95,960 2008-01-11 12:21:18 C:\Program Files\SymNetDrv\SNDMon .exe ----a-w 643,072 2008-01-10 12:35:59 C:\Program Files\TOSHIBA\E-KEY\CeEKey .exe ----a-w 1,019,904 2008-01-10 12:36:02 C:\Program Files\TOSHIBA\PadTouch\PadExe .exe ----a-w 135,168 2008-01-10 12:35:50 C:\Program Files\TOSHIBA\Power Management\CePMTray .exe ----a-w 65,536 2008-01-10 12:37:57 C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd .exe ----a-w 118,784 2008-01-10 12:36:06 C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView .exe ----a-w 53,248 2008-01-10 12:36:05 C:\Program Files\TOSHIBA\TouchPad\TPTray .exe ----a-w 15,360 2008-01-15 20:10:23 C:\WINDOWS\system32\ctfmon .exe ----a-w 17,642,616 2008-01-09 19:44:52 C:\WINDOWS\system32\MRT .exe ----a-w 24,576 2008-01-10 12:36:05 C:\WINDOWS\system32\ZoomingHook .exe </pre>[/code:1:5d04bd198d] ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{644610BB-4DF2-4550-9848-CCDA86431A21}] C:\WINDOWS\system32\jkhfc.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EAC9A92-03E8-48A2-A15A-DC2158E3E2D9}] C:\WINDOWS\system32\mllmm.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B8EDC93-A259-47FC-A80D-C6026963ACDD}] C:\WINDOWS\system32\vtstr.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e131da81-f3e5-4e73-b677-174ca43e1a70}] C:\WINDOWS\system32\qwcbwwyy.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [ ] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ] "Device Detection"="C:\Program Files\AH Fotoservice\dd.exe" [ ] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ] "Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [ ] "AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 04:00 88363 C:\WINDOWS\agrsmmsg.exe] "CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [ ] "CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [ ] "EzButton"="C:\Program Files\EzButton\EzButton.EXE" [ ] "TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [ ] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [ ] "NDSTray.exe"="NDSTray.exe" [] "URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [ ] "CFSServ.exe"="CFSServ.exe" [] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 07:06 29696 C:\WINDOWS\KHALMNPR.Exe] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [ ] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [ ] "DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [ ] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [ ] "ROBOTFTPSCHED"="C:\Program Files\FTPShell\botsched.exe" [ ] "PrevxOne"="C:\Program Files\Prevx2\PXConsole.exe" [ ] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-24 23:08 6731312] "10e30233"="C:\WINDOWS\system32\uucyxlaa.dll" [ ] C:\Documents and Settings\Theo\Menu Start\Programma's\Opstarten\ Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-17 07:03:44 59080] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-03-13 19:15:27 573440] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360] Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 23:49:24 73728] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-03-07 20:57:58 106560] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\uhpumrbw] uhpumrbw.dll R2 NokiaSuite3;NokiaSuite3;C:\WINDOWS\system32\drivers\NokiaSuite3.sys [1998-09-12 08:59] R3 ncfvsbus;NCF Virtual Serial Bus Enumerator;C:\WINDOWS\system32\DRIVERS\ncfvsbus.sys [2004-11-26 10:15] S0 Cdr4vsd;Cdr4vsd;C:\WINDOWS\system32\drivers\Cdr4vsd.sys [1999-05-06 01:50] S3 CnxEtP;ADSL USB MODEM LAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-03-06 09:20] S3 CnxEtU;ADSL USB MODEM Loader;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-03-06 09:20] S3 CnxTgN;ADSL USB MODEM LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2005-03-06 09:20] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17555c5c-fff6-11d8-b410-806d6172696f}] \Shell\AutoRun\command - D:\browser.exe *Newly Created Service* - PROCEXP90 . Inhoud van de 'Gedeelde Taken' map "2005-03-11 22:50:11 C:\WINDOWS\Tasks\Herinnering voor registratie 1.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2005-03-18 22:05:11 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2005-03-04 14:39:21 C:\WINDOWS\Tasks\Herinnering voor registratie 3.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2008-01-27 23:00:10 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job" - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe "2007-12-23 11:43:43 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - Theo.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task: "2008-01-27 22:33:25 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-28 00:33:47 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-01-28 0:41:30 ComboFix-quarantined-files.txt 2008-01-27 23:41:21 ComboFix2.txt 2008-01-27 16:37:58 ComboFix3.txt 2008-01-26 19:34:04 . 2008-01-09 18:08:15 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:50:11, on 28-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Prevx2\PXAgent.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Common Files\Symantec Shared\NMAIN.EXE C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll O2 - BHO: (no name) - {644610BB-4DF2-4550-9848-CCDA86431A21} - C:\WINDOWS\system32\jkhfc.dll (file missing) O2 - BHO: (no name) - {6EAC9A92-03E8-48A2-A15A-DC2158E3E2D9} - C:\WINDOWS\system32\mllmm.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll O2 - BHO: (no name) - {9B8EDC93-A259-47FC-A80D-C6026963ACDD} - C:\WINDOWS\system32\vtstr.dll (file missing) O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: {07a1e34a-c471-776b-37e4-5e3f18ad131e} - {e131da81-f3e5-4e73-b677-174ca43e1a70} - C:\WINDOWS\system32\qwcbwwyy.dll (file missing) O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ROBOTFTPSCHED] C:\Program Files\FTPShell\botsched.exe O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [10e30233] rundll32.exe "C:\WINDOWS\system32\uucyxlaa.dll",b O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Device Detection] C:\Program Files\AH Fotoservice\dd.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.techzine.nl/scan8/oscan8.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O20 - Winlogon Notify: uhpumrbw - uhpumrbw.dll (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PREVXAgent - Prevx - C:\Program Files\Prevx2\PXAgent.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 11133 bytes
  • Ik zie dat je TeaTimer van Spybot op de achtergrond hebt draaien, deze kan in de weg zitten met het fixen van HijackThis-regels. Zet daarom de TeaTimer eventjes uit, dit doe je op de volgende manier: 1. Start Spybot Search and Destroy. 2. Ga naar 'Mode' > selecteer [b:4a7efb54fa]Advanced Mode[/b:4a7efb54fa] 3. Ga naar 'Tools' en klik op het [b:4a7efb54fa]Resident[/b:4a7efb54fa]-icoon in de lijst 4. Haal het vinkje weg bij [b:4a7efb54fa]Resident TeaTimer[/b:4a7efb54fa] en klik OK 5. Download nu [url=http://downloads.subratam.org/ResetTeaTimer.bat]ResetTeaTimer.bat[/url] naar je bureaublad. (rechtsklikken -> opslaan als..) 6. Open nu [b:4a7efb54fa]ResetTeaTimer.bat[/b:4a7efb54fa] vanaf je bureaublad. Start hijackthis, kies voor 'do a system scan only' en vink onderstaande regels aan: [b:4a7efb54fa] O2 - BHO: (no name) - {644610BB-4DF2-4550-9848-CCDA86431A21} - C:\WINDOWS\system32\jkhfc.dll (file missing) O2 - BHO: (no name) - {6EAC9A92-03E8-48A2-A15A-DC2158E3E2D9} - C:\WINDOWS\system32\mllmm.dll (file missing) O2 - BHO: (no name) - {9B8EDC93-A259-47FC-A80D-C6026963ACDD} - C:\WINDOWS\system32\vtstr.dll (file missing) O2 - BHO: {07a1e34a-c471-776b-37e4-5e3f18ad131e} - {e131da81-f3e5-4e73-b677-174ca43e1a70} - C:\WINDOWS\system32\qwcbwwyy.dll (file missing) O4 - HKLM\..\Run: [10e30233] rundll32.exe "C:\WINDOWS\system32\uucyxlaa.dll",b O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O20 - Winlogon Notify: uhpumrbw - uhpumrbw.dll (file missing) [/b:4a7efb54fa] Sluit nu alle openstaande vensters, behalve hijackthis en klik op 'Fix checked'. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:4a7efb54fa] Folder:: C:\VundoFix Backups C:\Program Files\Dot1XCfg File:: C:\WINDOWS\imsins.BAK C:\WINDOWS\system32\qmjspumg.ini C:\WINDOWS\system32\mrndghns.ini C:\WINDOWS\system32\eoaduoll.ini RENV:: C:\Program Files\Apoint2K\Apoint .exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe C:\Program Files\Common Files\Nokia\NCLTools\NclConf .exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer .exe C:\Program Files\Common Files\Real\Update_OB\realsched .exe C:\Program Files\Common Files\Symantec Shared\ccApp .exe C:\Program Files\Conexant\CnxDslTb .exe C:\Program Files\EzButton\EzButton .EXE C:\Program Files\FTPShell\botsched .exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe C:\Program Files\iTunes\iTunesHelper .exe C:\Program Files\Java\jre1.5.0_08\bin\jusched .exe C:\Program Files\Messenger\msmsgs .exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication .exe C:\Program Files\Norton Internet Security\UrlLstCk .exe C:\Program Files\Prevx2\PXConsole .exe C:\Program Files\REGSHAVE\REGSHAVE .EXE C:\Program Files\SymNetDrv\SNDMon .exe C:\Program Files\TOSHIBA\E-KEY\CeEKey .exe C:\Program Files\TOSHIBA\PadTouch\PadExe .exe C:\Program Files\TOSHIBA\Power Management\CePMTray .exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd .exe C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView .exe C:\Program Files\TOSHIBA\TouchPad\TPTray .exe C:\WINDOWS\system32\ctfmon .exe C:\WINDOWS\system32\MRT .exe C:\WINDOWS\system32\ZoomingHook .exe Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{644610BB-4DF2-4550-9848-CCDA86431A21}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EAC9A92-03E8-48A2-A15A-DC2158E3E2D9}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B8EDC93-A259-47FC-A80D-C6026963ACDD}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e131da81-f3e5-4e73-b677-174ca43e1a70}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dot1XCfg"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "10e30233"=- [/b:4a7efb54fa] Sla dit op op je Bureaublad als [b:4a7efb54fa]CFScript.txt[/b:4a7efb54fa] Sleep [b:4a7efb54fa]CFScript.txt[/b:4a7efb54fa] in [b:4a7efb54fa]ComboFix.exe[/b:4a7efb54fa] zoals getoond in onderstaand voorbeeld : [img:4a7efb54fa]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:4a7efb54fa] Dit zal [b:4a7efb54fa]ComboFix[/b:4a7efb54fa] doen herstarten. Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje. Succes! Pim
  • Ik snap er weinig van, wat ik nu allemaal met m'n computer aan het doen ben, maar vind het des te toffer dat je me er mee helpt! :D Hier komen de logfiles: groeten, Theo ComboFix 08-01-23.1C - Theo 2008-01-28 17:01:09.6 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.195 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Theo\Bureaublad\virus gelul\ComboFix.exe Command switches used :: C:\Documents and Settings\Theo\Bureaublad\virus gelul\cfscript.txt * Nieuw herstelpunt werd aangemaakt [color=red:2971d7e79e][b:2971d7e79e]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b:2971d7e79e][/color:2971d7e79e] FILE C:\WINDOWS\imsins.BAK C:\WINDOWS\system32\eoaduoll.ini C:\WINDOWS\system32\mrndghns.ini C:\WINDOWS\system32\qmjspumg.ini . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\VundoFix Backups C:\VundoFix Backups\aalxycuu.ini.bad C:\VundoFix Backups\gxyxoaex.dll.bad C:\VundoFix Backups\mllmm.dll.bad C:\VundoFix Backups\uhpumrbw.dllbox.bad C:\VundoFix Backups\uucyxlaa.dll.bad C:\VundoFix Backups\vtstr.dll.bad C:\VundoFix Backups\xeaoxyxg.ini.bad C:\WINDOWS\imsins.BAK C:\WINDOWS\system32\eoaduoll.ini C:\WINDOWS\system32\mrndghns.ini C:\WINDOWS\system32\qmjspumg.ini . (((((((((((((((((((( Bestanden Gemaakt van 2007-12-28 to 2008-01-28 )))))))))))))))))))))))))))))) . 2008-01-27 12:43 . 2008-01-27 12:43 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-01-27 12:30 . 2008-01-27 12:30 <DIR> d-------- C:\WINDOWS\system32\nl-nl 2008-01-26 23:33 . 2008-01-26 23:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-26 22:09 . 2008-01-26 22:09 <DIR> d-------- C:\Program Files\Trend Micro 2008-01-26 18:01 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-24 23:15 . 2008-01-27 17:20 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-01-24 18:27 . 2008-01-24 18:27 <DIR> d-------- C:\Program Files\CCleaner 2008-01-24 16:14 . 2008-01-25 18:45 979 --a------ C:\WINDOWS\wininit.ini 2008-01-18 16:29 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-10 13:38 . 2008-01-15 21:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe 2008-01-10 13:38 . 2008-01-15 21:10 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe 2008-01-10 13:17 . 2008-01-10 13:17 0 --a------ C:\WINDOWS\CeEKey .INI 2008-01-10 12:31 . 2008-01-28 17:08 <DIR> d-------- C:\Program Files\Prevx2 2008-01-09 21:49 . 2008-01-10 13:36 24,576 --a------ C:\WINDOWS\system32\ZoomingHook.exe 2008-01-09 17:40 . 2008-01-09 17:40 208 --a------ C:\WINDOWS\system32\MRT.INI 2008-01-08 22:41 . 2008-01-08 22:42 <DIR> d-------- C:\Program Files\MathType 2008-01-08 22:07 . 2008-01-08 22:07 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-28 16:01 --------- d-----w C:\Program Files\SymNetDrv 2008-01-28 16:01 --------- d-----w C:\Program Files\REGSHAVE 2008-01-28 16:00 --------- d-----w C:\Program Files\Norton Internet Security 2008-01-28 16:00 --------- d-----w C:\Program Files\iTunes 2008-01-28 16:00 --------- d-----w C:\Program Files\FTPShell 2008-01-28 16:00 --------- d-----w C:\Program Files\EzButton 2008-01-28 16:00 --------- d-----w C:\Program Files\Conexant 2008-01-28 16:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-28 16:00 --------- d-----w C:\Program Files\Apoint2K 2008-01-25 19:16 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-25 19:15 --------- d-----w C:\Program Files\Java 2008-01-13 16:20 --------- d-----w C:\Program Files\QuickTime 2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll 2005-05-11 21:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll . [code:1:2971d7e79e]<pre> ----a-w 1,997,880 2008-01-11 12:21:34 C:\Program Files\Prevx2\PXConsole .exe </pre>[/code:1:2971d7e79e] ((((((((((((((((((((((((((((( snapshot@2008-01-27_17.36.41,59 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-26 17:03:41 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:2971d7e79e]0[/u:2971d7e79e]0000001\NTUSER.DAT + 2008-01-28 16:00:13 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:2971d7e79e]0[/u:2971d7e79e]0000001\NTUSER.DAT - 2008-01-26 17:03:41 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:2971d7e79e]0[/u:2971d7e79e]0000002\UsrClass.dat + 2008-01-28 16:00:13 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:2971d7e79e]0[/u:2971d7e79e]0000002\UsrClass.dat - 2008-01-26 17:03:42 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:2971d7e79e]0[/u:2971d7e79e]0000003\NTUSER.DAT + 2008-01-28 16:00:14 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:2971d7e79e]0[/u:2971d7e79e]0000003\NTUSER.DAT - 2008-01-26 17:03:42 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:2971d7e79e]0[/u:2971d7e79e]0000004\UsrClass.dat + 2008-01-28 16:00:14 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:2971d7e79e]0[/u:2971d7e79e]0000004\UsrClass.dat - 2008-01-26 17:03:42 6,852,608 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:2971d7e79e]0[/u:2971d7e79e]0000005\NTUSER.DAT + 2008-01-28 16:00:15 6,852,608 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:2971d7e79e]0[/u:2971d7e79e]0000005\NTUSER.DAT - 2008-01-26 17:03:42 110,592 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:2971d7e79e]0[/u:2971d7e79e]0000006\UsrClass.dat + 2008-01-28 16:00:15 110,592 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:2971d7e79e]0[/u:2971d7e79e]0000006\UsrClass.dat + 2008-01-09 19:44:52 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2008-01-10 13:37 65536] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-09 21:19 1694208] "Device Detection"="C:\Program Files\AH Fotoservice\dd.exe" [ ] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-10 15:03 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-15 21:10 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-01-10 13:35 339968] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2008-01-10 13:35 192512] "AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 04:00 88363 C:\WINDOWS\agrsmmsg.exe] "CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2008-01-10 13:35 135168] "CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2008-01-10 13:35 643072] "EzButton"="C:\Program Files\EzButton\EzButton.EXE" [2008-01-10 13:36 712704] "TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2008-01-10 13:36 53248] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2008-01-10 13:36 118784] "NDSTray.exe"="NDSTray.exe" [] "URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2008-01-11 13:21 70760] "CFSServ.exe"="CFSServ.exe" [] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 07:06 29696 C:\WINDOWS\KHALMNPR.Exe] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2008-01-11 13:21 53248] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2008-01-10 13:36 167936] "DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2008-01-10 13:36 1106944] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-10 13:37 49152] "ROBOTFTPSCHED"="C:\Program Files\FTPShell\botsched.exe" [2008-01-11 13:21 60928] "PrevxOne"="C:\Program Files\Prevx2\PXConsole.exe" [ ] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-24 19:40 6731312] C:\Documents and Settings\Theo\Menu Start\Programma's\Opstarten\ Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-17 07:03:44 59080] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-03-13 19:15:27 573440] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360] Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 23:49:24 73728] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-03-07 20:57:58 106560] R2 NokiaSuite3;NokiaSuite3;C:\WINDOWS\system32\drivers\NokiaSuite3.sys [1998-09-12 08:59] R3 ncfvsbus;NCF Virtual Serial Bus Enumerator;C:\WINDOWS\system32\DRIVERS\ncfvsbus.sys [2004-11-26 10:15] S0 Cdr4vsd;Cdr4vsd;C:\WINDOWS\system32\drivers\Cdr4vsd.sys [1999-05-06 01:50] S3 CnxEtP;ADSL USB MODEM LAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-03-06 09:20] S3 CnxEtU;ADSL USB MODEM Loader;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-03-06 09:20] S3 CnxTgN;ADSL USB MODEM LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2005-03-06 09:20] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17555c5c-fff6-11d8-b410-806d6172696f}] \Shell\AutoRun\command - D:\browser.exe . Inhoud van de 'Gedeelde Taken' map "2005-03-11 22:50:11 C:\WINDOWS\Tasks\Herinnering voor registratie 1.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2005-03-18 22:05:11 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2005-03-04 14:39:21 C:\WINDOWS\Tasks\Herinnering voor registratie 3.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2008-01-28 15:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job" - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe "2007-12-23 11:43:43 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - Theo.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task: "2008-01-28 14:33:16 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-28 17:08:32 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-01-28 17:12:55 ComboFix-quarantined-files.txt 2008-01-28 16:12:51 ComboFix2.txt 2008-01-28 07:05:20 ComboFix3.txt 2008-01-27 23:41:32 ComboFix4.txt 2008-01-27 16:37:58 ComboFix5.txt 2008-01-26 19:34:04 . 2008-01-09 18:08:15 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:21:06, on 28-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Prevx2\PXAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\EzButton\EzButton.EXE C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbUpdate.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\DOCUME~1\Theo\LOCALS~1\Temp\rbSolnUpdateNLD.2.5.0.exe C:\DOCUME~1\Theo\LOCALS~1\Temp\IXP000.TMP\rbSolnUpdate.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ROBOTFTPSCHED] C:\Program Files\FTPShell\botsched.exe O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Theo\LOCALS~1\Temp\IXP000.TMP\" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Device Detection] C:\Program Files\AH Fotoservice\dd.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.techzine.nl/scan8/oscan8.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PREVXAgent - Prevx - C:\Program Files\Prevx2\PXAgent.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 11706 bytes
  • Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:2b22a9748e] RENV:: C:\Program Files\Prevx2\PXConsole .exe [/b:2b22a9748e] Sla dit op op je Bureaublad als [b:2b22a9748e]CFScript.txt[/b:2b22a9748e] Sleep [b:2b22a9748e]CFScript.txt[/b:2b22a9748e] in [b:2b22a9748e]ComboFix.exe[/b:2b22a9748e] zoals getoond in onderstaand voorbeeld : [img:2b22a9748e]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:2b22a9748e] Dit zal [b:2b22a9748e]ComboFix[/b:2b22a9748e] doen herstarten. Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord. Hoe is het inmiddels met je problemen? Pim :)
  • [quote:34016e8e77] RENV:: C:\Program Files\Prevx2\PXConsole .exe [/quote:34016e8e77] Deze regels moest ik 'in de vorige ronde' ook in het bestandje stoppen. Moest er iets met dit bestand gebeuren, wat niet lukte? Verwijderd worden o.i.d.? Toen ik het bestandje nu naar ComboFix sleepte, zag ik in het command-window staan: [i:34016e8e77] Zoeken naar besmette bestanden . . . Dit duurt gewoonlijk niet langer dan 10 minuten De Scantijd voor zwaar besmette computers kunnen dubbel zo lang duren [b:34016e8e77]Toegang geweigerd.[/b:34016e8e77] ComboFix heeft uw klokinstellingen gewijzigd. Gelieve dit niet te veranderen. Dit zal later worden hersteld Voltooid Deel_1 Voltooid Deel_2 Voltooid Deel_3 etc... [/i:34016e8e77] Duidt dat 'toegang geweigerd' op een probleem? Ik kan dat programma ook gewoon (proberen te) verwijderen; Ik heb het erop gezet toen ik problemen kreeg. De computer loopt inmiddels wel een stuk soepeler, maar 2 dingen vallen me wel op: - Het icoon van de C-schijf is veranderd in een rood kruis; - Ik kan alleen bij mijn hotmail komen in safe-modus. In normale modus zegt firefox in een venstertje: "Het verbinding maken met login.live.com werd geweigerd.". Denk je dat dit het gevolg zal zijn van een van de anti-malware programma's die ik de afgelopen tijd op mijn computer heb gezet? (bijv: Prevx, AVG AntiSpyware, of Spybot) Ik geef je weer een CF-logje en voor de zekerheid ook een HJT-logje. groeten, Theo ComboFix 08-01-23.1C - Theo 2008-01-29 13:15:20.7 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.196 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Theo\Bureaublad\virus gelul\ComboFix.exe Command switches used :: C:\Documents and Settings\Theo\Bureaublad\virus gelul\CFScript.txt * Nieuw herstelpunt werd aangemaakt [color=red:34016e8e77][b:34016e8e77]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b:34016e8e77][/color:34016e8e77] . (((((((((((((((((((( Bestanden Gemaakt van 2007-12-28 to 2008-01-29 )))))))))))))))))))))))))))))) . 2008-01-27 12:43 . 2008-01-27 12:43 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-01-27 12:30 . 2008-01-27 12:30 <DIR> d-------- C:\WINDOWS\system32\nl-nl 2008-01-26 23:33 . 2008-01-26 23:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-26 22:09 . 2008-01-26 22:09 <DIR> d-------- C:\Program Files\Trend Micro 2008-01-26 18:01 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-24 23:15 . 2008-01-27 17:20 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-01-24 18:27 . 2008-01-24 18:27 <DIR> d-------- C:\Program Files\CCleaner 2008-01-24 16:14 . 2008-01-25 18:45 979 --a------ C:\WINDOWS\wininit.ini 2008-01-18 16:29 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-10 13:38 . 2008-01-15 21:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe 2008-01-10 13:38 . 2008-01-15 21:10 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe 2008-01-10 13:17 . 2008-01-10 13:17 0 --a------ C:\WINDOWS\CeEKey .INI 2008-01-10 12:31 . 2008-01-29 13:22 <DIR> d-------- C:\Program Files\Prevx2 2008-01-09 21:49 . 2008-01-10 13:36 24,576 --a------ C:\WINDOWS\system32\ZoomingHook.exe 2008-01-09 17:40 . 2008-01-09 17:40 208 --a------ C:\WINDOWS\system32\MRT.INI 2008-01-08 22:41 . 2008-01-08 22:42 <DIR> d-------- C:\Program Files\MathType 2008-01-08 22:07 . 2008-01-08 22:07 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-28 16:01 --------- d-----w C:\Program Files\SymNetDrv 2008-01-28 16:01 --------- d-----w C:\Program Files\REGSHAVE 2008-01-28 16:00 --------- d-----w C:\Program Files\Norton Internet Security 2008-01-28 16:00 --------- d-----w C:\Program Files\iTunes 2008-01-28 16:00 --------- d-----w C:\Program Files\FTPShell 2008-01-28 16:00 --------- d-----w C:\Program Files\EzButton 2008-01-28 16:00 --------- d-----w C:\Program Files\Conexant 2008-01-28 16:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-28 16:00 --------- d-----w C:\Program Files\Apoint2K 2008-01-25 19:16 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-25 19:15 --------- d-----w C:\Program Files\Java 2008-01-13 16:20 --------- d-----w C:\Program Files\QuickTime 2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll 2005-05-11 21:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll . [code:1:34016e8e77]<pre> ----a-w 1,997,880 2008-01-11 12:21:34 C:\Program Files\Prevx2\PXConsole .exe </pre>[/code:1:34016e8e77] ((((((((((((((((((((((((((((( snapshot@2008-01-27_17.36.41,59 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-26 17:03:41 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:34016e8e77]0[/u:34016e8e77]0000001\NTUSER.DAT + 2008-01-29 12:14:11 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:34016e8e77]0[/u:34016e8e77]0000001\NTUSER.DAT - 2008-01-26 17:03:41 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:34016e8e77]0[/u:34016e8e77]0000002\UsrClass.dat + 2008-01-29 12:14:11 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:34016e8e77]0[/u:34016e8e77]0000002\UsrClass.dat - 2008-01-26 17:03:42 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:34016e8e77]0[/u:34016e8e77]0000003\NTUSER.DAT + 2008-01-29 12:14:12 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:34016e8e77]0[/u:34016e8e77]0000003\NTUSER.DAT - 2008-01-26 17:03:42 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:34016e8e77]0[/u:34016e8e77]0000004\UsrClass.dat + 2008-01-29 12:14:12 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:34016e8e77]0[/u:34016e8e77]0000004\UsrClass.dat - 2008-01-26 17:03:42 6,852,608 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:34016e8e77]0[/u:34016e8e77]0000005\NTUSER.DAT + 2008-01-29 12:14:12 6,852,608 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:34016e8e77]0[/u:34016e8e77]0000005\NTUSER.DAT - 2008-01-26 17:03:42 110,592 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:34016e8e77]0[/u:34016e8e77]0000006\UsrClass.dat + 2008-01-29 12:14:12 110,592 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:34016e8e77]0[/u:34016e8e77]0000006\UsrClass.dat + 2008-01-09 19:44:52 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2008-01-10 13:37 65536] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-09 21:19 1694208] "Device Detection"="C:\Program Files\AH Fotoservice\dd.exe" [ ] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-10 15:03 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-15 21:10 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-01-10 13:35 339968] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2008-01-10 13:35 192512] "AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 04:00 88363 C:\WINDOWS\agrsmmsg.exe] "CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2008-01-10 13:35 135168] "CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2008-01-10 13:35 643072] "EzButton"="C:\Program Files\EzButton\EzButton.EXE" [2008-01-10 13:36 712704] "TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2008-01-10 13:36 53248] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2008-01-10 13:36 118784] "NDSTray.exe"="NDSTray.exe" [] "URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2008-01-11 13:21 70760] "CFSServ.exe"="CFSServ.exe" [] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 07:06 29696 C:\WINDOWS\KHALMNPR.Exe] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2008-01-11 13:21 53248] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2008-01-10 13:36 167936] "DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2008-01-10 13:36 1106944] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-10 13:37 49152] "ROBOTFTPSCHED"="C:\Program Files\FTPShell\botsched.exe" [2008-01-11 13:21 60928] "PrevxOne"="C:\Program Files\Prevx2\PXConsole.exe" [ ] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-24 19:40 6731312] C:\Documents and Settings\Theo\Menu Start\Programma's\Opstarten\ Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-17 07:03:44 59080] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-03-13 19:15:27 573440] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360] Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 23:49:24 73728] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-03-07 20:57:58 106560] R2 NokiaSuite3;NokiaSuite3;C:\WINDOWS\system32\drivers\NokiaSuite3.sys [1998-09-12 08:59] R3 ncfvsbus;NCF Virtual Serial Bus Enumerator;C:\WINDOWS\system32\DRIVERS\ncfvsbus.sys [2004-11-26 10:15] S0 Cdr4vsd;Cdr4vsd;C:\WINDOWS\system32\drivers\Cdr4vsd.sys [1999-05-06 01:50] S3 CnxEtP;ADSL USB MODEM LAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-03-06 09:20] S3 CnxEtU;ADSL USB MODEM Loader;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-03-06 09:20] S3 CnxTgN;ADSL USB MODEM LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2005-03-06 09:20] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17555c5c-fff6-11d8-b410-806d6172696f}] \Shell\AutoRun\command - D:\browser.exe . Inhoud van de 'Gedeelde Taken' map "2005-03-11 22:50:11 C:\WINDOWS\Tasks\Herinnering voor registratie 1.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2005-03-18 22:05:11 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2005-03-04 14:39:21 C:\WINDOWS\Tasks\Herinnering voor registratie 3.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2008-01-28 19:00:01 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job" - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe "2007-12-23 11:43:43 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - Theo.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task: "2008-01-28 18:33:46 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-29 13:22:41 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\Program Files\Logitech\SetPoint\lgscroll.dll . Voltooingstijd: 2008-01-29 13:27:39 ComboFix-quarantined-files.txt 2008-01-29 12:27:32 ComboFix2.txt 2008-01-28 16:12:57 ComboFix3.txt 2008-01-28 07:05:20 ComboFix4.txt 2008-01-27 23:41:32 ComboFix5.txt 2008-01-27 16:37:58 . 2008-01-09 18:08:15 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:56:08, on 29-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Prevx2\PXAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\EzButton\EzButton.EXE C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ROBOTFTPSCHED] C:\Program Files\FTPShell\botsched.exe O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Device Detection] C:\Program Files\AH Fotoservice\dd.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.techzine.nl/scan8/oscan8.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PREVXAgent - Prevx - C:\Program Files\Prevx2\PXAgent.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 11332 bytes
  • Best dat je [b:9cc9a0b482]Prevx[/b:9cc9a0b482] even verwijderd en daarna herstart. Daarna mag je deze opnieuw installeren. Kopieer onderstaande code in de codebox in een leeg kladblok venster: [i:9cc9a0b482](vergeet REGEDIT4 niet mee te kopieeren!) [/i:9cc9a0b482] [code:1:9cc9a0b482] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons] [/code:1:9cc9a0b482] Sla deze op als [b:9cc9a0b482]fixreg.reg[/b:9cc9a0b482] en geef als type "[b:9cc9a0b482]Alle bestanden[/b:9cc9a0b482]" Wanneer je hem hebt opgeslagen ziet het icoontje als volgt eruit: [img:9cc9a0b482]http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif[/img:9cc9a0b482] Dubbelklik vervolgens op [b:9cc9a0b482]fixreg.reg[/b:9cc9a0b482]. Bij de vraag of je de wijzigingen aan het register wil toevoegen zeg [b:9cc9a0b482]Ja/Ok[/b:9cc9a0b482] Hoe is het inmiddels met de problemen? Pim
  • Hoi Pim, 't Was even lastig om PrevX te verwijderen: Het proces PXAgent.exe kon niet worden afgebroken en in veilige modus wilde hij niet ge-uninstalled worden, maar toen ik met msconfig het opstarten van PXAgent uitschakelde lukte het wel. Het rode kruisje bij de C-schijf is weg en ik word bij het opstarten niet meer overladen met venstertjes waarin staat dat er allerlei ernstige fouten optreden. Ik zou bijna zeggen: hij doet het weer als vanouds! Zeer bedankt daarvoor! :D Het enige waar ik nu tegenaanloop is dat ik niet bij mijn hotmail kom. Firefox geeft de foutmelding: Het verbinding maken met login.live.com werd geweigerd. In veilige modus lukte het wel. Misschien dat jij enig idee hebt waar dat mee te maken heeft?
  • Probeer dit eens: Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF Cleaner ( van Atribune)[/url] Dubbelklik op [b:761b3d2514]ATF cleaner[/b:761b3d2514] om het programma te starten. Op het tabblad "Main", plaats je een vinkje bij Select All. Haal het vinkje weg bij Prefetch. Klik op de knop Empty Selected. Gebruik je ook [b:761b3d2514]Firefox[/b:761b3d2514] als browser: Klik op tabblad "Firefox", plaats een vinkje bij Select All. Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". (dit verwijdert het vinkje bij "Firefox saved passwords") Klik op de knop Empty Selected. Gebruik je ook [b:761b3d2514]Opera[/b:761b3d2514] als browser: Klik op tabblad "Opera", plaats een vinkje bij Select All. Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". Klik op de knop Empty Selected. Ga naar het tabblad "Main" en klik op de knop [b:761b3d2514]Exit[/b:761b3d2514] om het programma af te sluiten.
  • Nee, dit helpt helaas niet...
  • Download [url=http://wiki.djlizard.net/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles]Dial-a-fix-2006[/url] en pak beide bestanden in hun eigen map uit naar je Bureaublad. * In de map [b:813f89638a]Dial-a-fix-v0.60.0.24[b], dubbelklik op [b]Dial-a-fix.exe[/b:813f89638a] In het venster dat opengaat, klik onderaan op het icoontje met het dubbele groene vinkje (check all). Klik daarna op "GO" en laat de tool alle instellingen terugzetten. Sluit dit venster na afloop door onderaan op "Exit" te klikken. Meld of dat verbetering geeft.
  • Hoi Pim, Geprobeerd, maar geen verbetering... Vervolgens ben ik een beetje dom geweest ben ik bang :oops: : Ik had een hele oude versie van Firefox die ik eraf heb gehaald en vervolgens heb ik een nieuwe versie geinstalleerd. Nu doet internet het helemaal niet meer in normale modus :( . Noch met IE nog met Firefox. Wel in veilige modus overigens, waarin ik nu zit. Theo
  • Download [url=http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml]WinsockFix[/url] Unzip het en plaats het op je bureaublad. Start [b:58a0dcc626]winsockfix.exe[/b:58a0dcc626] en klik op Fix. De computer zal herstarten.
  • Heb ik gedaan, maar weer niet het gewenste resultaat. Ik heb het gevoel dat ik in het zicht van de haven schipbreuk lijd...
  • Kun je eens pingen vanuit een dosbox naar login.live.com ? Dit dan in de normale modus van Windows. Je zou ook een trace route kunnen doen. Dit doe je ook vanuit een dosbox vanaf de propmt: tracert login.live.com Als het goed is zie je dan waar het spaak loopt.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.