Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Hijackthis Log

None
15 antwoorden
  • Hallo, kan iemand dit logje even nakijken?
    Als ik Internet Explorer gebruik krijg ik allemaal popup dingen.
    En ik weet niet of dit er ook mee heeft te maken, maar als ik Internet Explorer gebruik start ook automatisch Limewire op. Als ik het vervolgens afsluit, komt het na enkele minuten weer terug.
    En nog een ander vraagje, bij Windows Live Messenger accepteer t automatisch bestandjes. Ik heb niet de keuze of ik het wil accepteren of weigeren. Weet iemand hoe je dat oplost?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:08:14, on 5-11-2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\R2VicnVpa2Vy\command.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Network Monitor
    etmon.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\713xRMT.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\windows\system32\rkwnw64m.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Documents and Settings\Gebruiker\Application Data\gadcom\gadcom.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\mcntltdl.exe
    C:\WINDOWS\system32\QI02\QI022328.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\limewire\limewire.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\regsvr32.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMT.exe
    O4 - HKLM\..\Run: [Stupid Data Dart Wave] C:\Documents and Settings\All Users\Application Data\flag ace stupid data\LOCKS DEBUG.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKLM\..\Run: [{FB-BD-D2-21-DW}] C:\windows\system32\rkwnw64m.exe DWmmm01
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntltdl.exe DWmmm01
    O4 - HKLM\..\Run: [alzhgfnhyiwscumg] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\tfpakeldqf.dll"
    O4 - HKLM\..\Run: [CPM7b0c8e12] Rundll32.exe "c:\windows\system32\ovyutago.dll",a
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
    O4 - HKCU\..\Run: [01wma] C:\DOCUME~1\GEBRUI~1\APPLIC~1\ERROR2~1\DOESLIES.exe
    O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Gebruiker\Application Data\gadcom\gadcom.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\mcntltdl.exe
    O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rkwnw64m.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223917203140
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225057627564&h=e071cb737eeaba4414e51dd50d4a05d1/&filename=jinstall-6u10-windows-i586-jc.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O20 - AppInit_DLLs: ,c:\windows\system32\ovyutago.dll jucpyb.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\ovyutago.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\ovyutago.dll
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\R2VicnVpa2Vy\command.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor
    etmon.exe


    End of file - 8530 bytes
  • Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

    [b:69fe46959f]O4 - HKLM\..\Run: [Stupid Data Dart Wave] C:\Documents and Settings\All Users\Application Data\flag ace stupid data\LOCKS DEBUG.exe
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKLM\..\Run: [{FB-BD-D2-21-DW}] C:\windows\system32\rkwnw64m.exe DWmmm01
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntltdl.exe DWmmm01
    O4 - HKLM\..\Run: [alzhgfnhyiwscumg] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\tfpakeldqf.dll"
    O4 - HKLM\..\Run: [CPM7b0c8e12] Rundll32.exe "c:\windows\system32\ovyutago.dll",a
    O4 - HKCU\..\Run: [01wma] C:\DOCUME~1\GEBRUI~1\APPLIC~1\ERROR2~1\DOESLIES.exe
    O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Gebruiker\Application Data\gadcom\gadcom.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\mcntltdl.exe
    O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rkwnw64m.exe
    O20 - AppInit_DLLs: ,c:\windows\system32\ovyutago.dll jucpyb.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\ovyutago.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\ovyutago.dll[/b:69fe46959f]

    Klik op 'Fix checked' om de items te verwijderen.

    Download [b:69fe46959f]MBAM (Malwarebytes' Anti-Malware)[/b:69fe46959f] hier :
    http://www.besttechie.net/tools/mbam-setup.exe

    Dubbelklik op mbam-setup.exe om het programma te installeren.

    Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
    Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
    Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
    Het scannen kan een tijdje duren, dus wees geduldig.
    Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
    Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
    Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
    De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

    Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
    Daarna zal het vragen om de computer opnieuw op te starten… dus sta toe dat MBAM de computer opnieuw opstart.

    Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:59:53, on 5-11-2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\713xRMT.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {C31C05B4-0A01-4DC2-8E5E-0315459F508E} - C:\WINDOWS\system32\mlJYopNf.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMT.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [CPM7b0c8e12] Rundll32.exe "c:\windows\system32\yesyuovd.dll",a
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223917203140
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225057627564&h=e071cb737eeaba4414e51dd50d4a05d1/&filename=jinstall-6u10-windows-i586-jc.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O20 - Winlogon Notify: mlJYopNf - C:\WINDOWS\SYSTEM32\mlJYopNf.dll
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe


    End of file - 6715 bytes

























    Malwarebytes' Anti-Malware 1.30
    Database versie: 1306
    Windows 5.1.2600 Service Pack 3

    5-11-2008 22:53:56
    mbam-log-2008-11-05 (22-53-56).txt

    Scan type: Snelle Scan
    Objecten gescand: 43954
    Verstreken tijd: 7 minute(s), 10 second(s)

    Geheugenprocessen geïnfecteerd: 2
    Geheugenmodulen geïnfecteerd: 6
    Registersleutels geïnfecteerd: 30
    Registerwaarden geïnfecteerd: 2
    Registerdata bestanden geïnfecteerd: 4
    Mappen geïnfecteerd: 4
    Bestanden geïnfecteerd: 32

    Geheugenprocessen geïnfecteerd:
    C:\WINDOWS\R2VicnVpa2Vy\command.exe (Adware.CommAd) -> Failed to unload process.
    C:\Program Files\Network Monitor
    etmon.exe (Trojan.DNSChanger) -> Unloaded process successfully.

    Geheugenmodulen geïnfecteerd:
    C:\WINDOWS\system32\hgukkdcu.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\opnlMged.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\R2VicnVpa2Vy\asappsrv.dll (Adware.CommAd) -> Delete on reboot.
    C:\WINDOWS\system32\sveqwydq.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\zarkxt.dll (Trojan.Vundo.H) -> Delete on reboot.
    c:\WINDOWS\system32\yesyuovd.dll (Trojan.Agent) -> Delete on reboot.

    Registersleutels geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21dc5101-fcb8-4265-9089-d7566260004c} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{21dc5101-fcb8-4265-9089-d7566260004c} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fa78cc5e-5557-412d-b8b4-f20efbd68309} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{fa78cc5e-5557-412d-b8b4-f20efbd68309} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdservice (Adware.CommAd) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdservice (Adware.CommAd) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdservice (Adware.CommAd) -> Delete on reboot.
    HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Agent) -> Delete on reboot.
    HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d8da907-a776-619b-6bc1-d1d90851882d} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{4d8da907-a776-619b-6bc1-d1d90851882d} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{be4ed16f-a661-6d3c-8351-195b3351b2ee} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{be4ed16f-a661-6d3c-8351-195b3351b2ee} (Adware.BHO) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Agent) -> Delete on reboot.

    Registerdata bestanden geïnfecteerd:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnlmged -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnlmged -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: c:\windows\system32\yesyuovd.dll -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: system32\yesyuovd.dll -> Delete on reboot.

    Mappen geïnfecteerd:
    C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\WINDOWS\Fonts' (Trojan.Agent) -> Files: 28197 -> Quarantined and deleted successfully.
    C:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

    Bestanden geïnfecteerd:
    C:\WINDOWS\system32\opnlMged.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\degMlnpo.ini (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\degMlnpo.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\zarkxt.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\dtipkegi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\igekpitd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hgukkdcu.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\ucdkkugh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\R2VicnVpa2Vy\asappsrv.dll (Adware.CommAd) -> Delete on reboot.
    C:\WINDOWS\R2VicnVpa2Vy\command.exe (Adware.CommAd) -> Delete on reboot.
    C:\Program Files\Network Monitor
    etmon.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sveqwydq.dll (Trojan.Vundo.H) -> Delete on reboot.
    c:\WINDOWS\system32\yesyuovd.dll (Trojan.Agent) -> Delete on reboot.
    C:\Program Files\Mjcore\Mjcore.dll (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\WINDOWS\Fonts\Setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Gebruiker\Local Settings\Temporary Internet Files\Content.IE5\0NINABY7\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Gebruiker\Local Settings\Temporary Internet Files\Content.IE5\TH4WH3O8
    d82m0[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gside.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dwwnw64r.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\zxdnt3d.cfg. (Adware.ZenoSearch) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\Fonts\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\atmtd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\atmtd.dll._ (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jxsjnoumbvgck.dll (Adware.BHO) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tfpakeldqf.dll (Adware.BHO) -> Quarantined and deleted successfully.
  • Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

    [b:210001947c]O2 - BHO: (no name) - {C31C05B4-0A01-4DC2-8E5E-0315459F508E} - C:\WINDOWS\system32\mlJYopNf.dll
    O4 - HKLM\..\Run: [CPM7b0c8e12] Rundll32.exe "c:\windows\system32\yesyuovd.dll",a
    O20 - Winlogon Notify: mlJYopNf - C:\WINDOWS\SYSTEM32\mlJYopNf.dll
    [/b:210001947c]
    Klik op 'Fix checked' om de items te verwijderen.

    Download [b:210001947c]Combofix[/color:210001947c][/b:210001947c] naar je Bureaublad.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:210001947c]download Combofix opnieuw[/b:210001947c].
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:210001947c]
    Dubbelklik op [b:210001947c]Combofix.exe[/b:210001947c] om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op [b:210001947c]Ja[/b:210001947c] te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op [b:210001947c]JA[/b:210001947c] te klikken in het "Query - Recovery Console" venster.
    Klik op [b:210001947c]OK[/b:210001947c] en [b:210001947c]Ja[/b:210001947c] om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op [b:210001947c]Ja[/b:210001947c] om het scannen op malware te starten.
    Tijdens het runnen van de fix, [b:210001947c]NIET[/b:210001947c] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:210001947c]
    Wanneer de fix voltooid is en na herstart, zal de log [b:210001947c]Combofix.txt[/b:210001947c] openen.

    Post dit logje in je volgende antwoord.
  • ik kon
    O2 - BHO: (no name) - {C31C05B4-0A01-4DC2-8E5E-0315459F508E} - C:\WINDOWS\system32\mlJYopNf.dll
    en
    O20 - Winlogon Notify: mlJYopNf - C:\WINDOWS\SYSTEM32\mlJYopNf.dll
    niet meer vinden in m'n hijackthis.

    Ik heb combofix gedownload.
    Maar als ik erop klik krijg ik een blauw schermpje en na enige tijd hoor ik een piep, en staat er: Combifix heeft de aanwezigheid van rootkit activiteit ontdekt en dient de machine te herstarten.
    Nadat ik toen m'n computer had gestart, klikte ik weer op combifix. Maar krijg ik de zelfde melding.
    Wat nu?
  • Laat eerst Prevx Free Scanner - download hier : http://www.prevx.com/freescan.asp - eens los op je machientje. En daarna Combofix opnieuw proberen.
  • Ik heb het gedownload en een scan gedaan en er zijn 15 infecties gevonden.
    Maar er zijn infecties die Free to Cleanup zijn, en infecties waarbij staat: License required to Clean.
    Ik klikte dus op Clean up, maar nu moet ik een License aanschaffen.
    Want alle 15 infecties zijn License required to Clean.
    Dus dat gaat ook niet door.
  • Pech - maar niet geheel onverwacht - dat dit kon gebeuren … maar wel een aanduiding dat er nog wat fout zit. Met de trialversie van A Squared http://www.emsisoft.com/en/software/download/ hetzelfde even doen. Benieuwd wat dat oplevert.
  • A Squared gedowload en laten scannen. Veel fouten gevonden, allemaal gewist.
    Toen Combifix geprobeerd, deed het deze keer wel.
    Hier het logje van Combifix:

    ComboFix 08-11-05.02 - Gebruiker 2008-11-06 23:21:20.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.144 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Gebruiker\Application Data\gadcom
    c:\temp\1cb
    c:\windows\system32\aydyik.dll
    c:\windows\system32\debdfbmv.dll
    c:\windows\system32\efcATKET.dll
    c:\windows\system32\folsqebe.dll
    c:\windows\system32\gpupsyju.dll
    c:\windows\system32\hvlauuek.dll
    c:\windows\system32\jucpyb.dll
    c:\windows\system32\mbjtynrv.dll
    c:\windows\system32\MSINET.oca
    c:\windows\system32\ovyutago.dll
    c:\windows\system32\pjuyabqf.dll
    c:\windows\system32\sgyycxmv.ini
    c:\windows\system32\TEKTAcfe.ini
    c:\windows\system32\TEKTAcfe.ini2
    c:\windows\system32\ujyspupg.ini
    c:\windows\system32\uyjjou.dll
    c:\windows\system32\vrnytjbm.ini

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-10-06 to 2008-11-06 ))))))))))))))))))))))))))))))
    .

    2008-11-06 21:31 . 2008-11-06 23:13 <DIR> d——– c:\program files\a-squared Anti-Malware
    2008-11-06 19:12 . 2008-11-06 22:47 <DIR> dr-h—– c:\documents and settings\Gebruiker\Onlangs geopend
    2008-11-06 18:25 . 2008-11-06 18:32 <DIR> d——– c:\documents and settings\Gebruiker\.jenny
    2008-11-06 17:46 . 2008-11-06 17:47 <DIR> d——– c:\program files\Windows Live Safety Center
    2008-11-06 17:12 . 2008-11-06 17:12 <DIR> d——– c:\program files\PrevxCSI
    2008-11-06 17:12 . 2008-11-06 17:15 <DIR> d——– c:\documents and settings\All Users\Application Data\PrevxCSI
    2008-11-06 17:12 . 2008-11-06 17:12 25,400 –a—— c:\windows\system32\drivers\pxark.sys
    2008-11-06 16:34 . 2008-11-06 19:44 160 –a—— c:\documents and settings\Gebruiker\Application Data\wklnhst.dat
    2008-11-06 16:22 . 2008-11-06 16:22 395 –a—— c:\windows\ODBC.INI
    2008-11-06 16:21 . 2008-11-06 16:21 <DIR> d——– c:\windows\ShellNew
    2008-11-06 16:17 . 2008-11-06 16:23 <DIR> d——– c:\program files\Microsoft Works
    2008-11-06 16:15 . 2008-11-06 16:15 <DIR> d——– c:\program files\Microsoft Works Suite 2004
    2008-11-05 17:07 . 2008-11-05 17:07 <DIR> d——– c:\program files\Trend Micro
    2008-11-05 17:03 . 2008-11-05 17:03 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2008-11-05 17:03 . 2008-11-05 17:03 <DIR> d——– c:\documents and settings\Gebruiker\Application Data\Malwarebytes
    2008-11-05 17:03 . 2008-11-05 17:03 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-11-05 17:03 . 2008-10-22 16:10 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2008-11-05 17:03 . 2008-10-22 16:10 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2008-11-04 20:28 . 2008-11-04 20:28 50,000 –a—— c:\windows\CPM7b0c8e12
    2008-11-04 19:22 . 2008-11-04 19:22 147,456 –a—— c:\windows\system32\vbzip10.dll
    2008-11-04 19:19 . 2008-11-04 19:19 <DIR> d——– c:\windows\system32\sni
    2008-11-04 19:19 . 2008-11-06 23:12 <DIR> d——– c:\windows\system32\QI02
    2008-11-04 19:19 . 2008-11-06 23:12 <DIR> d——– c:\windows\system32\hin
    2008-11-04 19:19 . 2008-11-06 23:12 <DIR> d——– c:\windows\system32\ell
    2008-11-04 19:19 . 2008-11-06 23:12 <DIR> d–hs—- c:\windows\R2VicnVpa2Vy
    2008-11-04 19:19 . 2008-11-04 19:19 <DIR> d——– c:\temp\NT32
    2008-11-04 19:19 . 2008-11-06 23:21 <DIR> d——– C:\Temp
    2008-11-04 19:19 . 2008-11-04 19:20 77,895 –a—— c:\windows\system32\xopzcdzmgdlije.exe
    2008-11-04 19:11 . 1998-10-29 16:45 306,688 –a—— c:\windows\IsUninst.exe
    2008-11-04 19:10 . 2008-11-04 19:10 <DIR> d——– c:\program files\Microsoft SQL Server
    2008-11-04 18:56 . 2008-11-04 18:56 <DIR> d——– c:\program files\CCleaner
    2008-11-04 18:54 . 2008-11-04 18:56 <DIR> d——– c:\documents and settings\All Users\Application Data\WinZip
    2008-11-03 14:19 . 2008-11-03 14:19 <DIR> d——– c:\program files\ERROR 2
    2008-11-01 20:25 . 2008-11-01 20:28 <DIR> d——– c:\documents and settings\Gebruiker\Application Data\dvdcss
    2008-10-28 23:21 . 2008-11-01 20:27 <DIR> d——– c:\documents and settings\Gebruiker\Application Data\vlc
    2008-10-28 23:20 . 2008-10-28 23:20 <DIR> d——– c:\program files\VideoLAN
    2008-10-27 23:09 . 2008-10-27 23:09 <DIR> d——– c:\program files\MSXML 4.0
    2008-10-27 23:09 . 2008-10-27 23:09 <DIR> d——– c:\program files\Microsoft CAPICOM 2.1.0.2
    2008-10-27 09:53 . 2003-12-11 11:15 626,960 -ra—— c:\windows\system32\hpvaut32.dll
    2008-10-27 09:53 . 2003-12-11 11:15 487,424 -ra—— c:\windows\system32\hpvcp70.dll
    2008-10-27 09:53 . 2003-12-11 11:15 344,064 -ra—— c:\windows\system32\hpvcr70.dll
    2008-10-27 09:53 . 2003-12-11 11:15 82,432 -ra—— c:\windows\system32\MSXML4r.dll
    2008-10-27 09:53 . 2003-12-11 11:15 44,544 -ra—— c:\windows\system32\MSXML4a.dll
    2008-10-27 09:52 . 2008-10-27 09:52 <DIR> d——– c:\program files\HP
    2008-10-27 09:52 . 2008-10-27 09:53 <DIR> d——– c:\program files\Hewlett-Packard
    2008-10-27 09:52 . 2008-10-27 09:53 72,050 –a—— c:\windows\hpdj3840.his
    2008-10-27 09:52 . 2008-10-27 09:53 7,260 –a—— c:\windows\hpdj3840.ini
    2008-10-27 09:51 . 2008-10-27 09:52 4,241 –a—— c:\windows\hpbvspst.his
    2008-10-27 09:51 . 2008-10-27 09:52 414 –a—— c:\windows\hpbvspst.ini
    2008-10-27 09:50 . 2008-04-13 20:47 25,856 –a—— c:\windows\system32\drivers\usbprint.sys
    2008-10-27 09:50 . 2008-04-13 20:47 25,856 –a–c— c:\windows\system32\dllcache\usbprint.sys
    2008-10-27 09:49 . 2008-10-27 09:49 <DIR> d——– c:\program files\Common Files\Adobe AIR
    2008-10-27 09:48 . 2008-10-27 09:48 <DIR> d——– c:\program files\Common Files\Adobe
    2008-10-27 09:46 . 2008-10-27 09:52 <DIR> d——– c:\program files\NOS
    2008-10-27 09:46 . 2008-10-27 09:52 <DIR> d——– c:\documents and settings\All Users\Application Data\NOS
    2008-10-27 09:05 . 2008-10-27 09:05 <DIR> d——– c:\program files\MSECache
    2008-10-26 22:46 . 2008-10-26 22:45 410,976 –a—— c:\windows\system32\deploytk.dll
    2008-10-26 22:44 . 2008-10-26 22:44 <DIR> d——– c:\windows\Sun
    2008-10-24 22:31 . 2008-04-14 18:02 221,184 –a—— c:\windows\system32\wmpns.dll
    2008-10-24 22:29 . 2008-10-24 22:29 <DIR> d–h—– c:\windows\PIF
    2008-10-24 13:09 . 2008-10-24 13:09 <DIR> d——– c:\documents and settings\Gebruiker\Incomplete
    2008-10-24 13:07 . 2008-11-05 09:11 <DIR> d——– c:\documents and settings\Gebruiker\Application Data\LimeWire
    2008-10-24 13:06 . 2008-10-26 22:45 73,728 –a—— c:\windows\system32\javacpl.cpl
    2008-10-24 13:05 . 2008-11-04 19:23 <DIR> d——– c:\program files\LimeWire
    2008-10-24 13:05 . 2008-10-26 22:45 <DIR> d——– c:\program files\Java
    2008-10-24 13:05 . 2008-10-24 13:05 <DIR> d——– c:\program files\Common Files\Java
    2008-10-24 10:37 . 2008-10-24 10:37 <DIR> d——– c:\documents and settings\Gebruiker\Application Data\Windows Search
    2008-10-24 10:20 . 2008-10-24 10:20 <DIR> dr-h—– C:\MSOCache
    2008-10-24 10:18 . 2008-08-14 14:27 2,193,536 —–c— c:\windows\system32\dllcache
    toskrnl.exe
    2008-10-24 10:18 . 2008-08-14 14:27 2,149,888 —–c— c:\windows\system32\dllcache
    tkrnlmp.exe
    2008-10-24 10:18 . 2008-08-14 14:27 2,070,400 —–c— c:\windows\system32\dllcache
    tkrnlpa.exe
    2008-10-24 10:18 . 2008-08-14 14:27 2,028,544 —–c— c:\windows\system32\dllcache
    tkrpamp.exe
    2008-10-24 10:18 . 2008-09-15 16:28 1,846,528 —–c— c:\windows\system32\dllcache\win32k.sys
    2008-10-24 10:18 . 2008-09-08 11:41 333,824 —–c— c:\windows\system32\dllcache\srv.sys
    2008-10-24 10:17 . 2008-10-15 17:37 337,408 —–c— c:\windows\system32\dllcache
    etapi32.dll
    2008-10-24 10:16 . 2007-07-30 18:19 271,224 –a—— c:\windows\system32\mucltui.dll
    2008-10-24 10:16 . 2007-07-30 18:18 30,072 –a—— c:\windows\system32\mucltui.dll.mui
    2008-10-24 10:15 . 2008-10-24 10:15 <DIR> d——– c:\documents and settings\All Users\Application Data\Messenger Plus!
    2008-10-23 20:39 . 2008-10-26 22:44 <DIR> d——– c:\documents and settings\Gebruiker\Application Data\Apple Computer
    2008-10-23 20:38 . 2008-10-23 20:38 <DIR> d——– c:\program files\QuickTime
    2008-10-23 20:38 . 2008-10-23 20:38 <DIR> d——– c:\program files\iTunes
    2008-10-23 20:38 . 2008-10-23 20:38 <DIR> d——– c:\program files\iPod
    2008-10-23 20:38 . 2008-10-23 20:38 <DIR> d——– c:\program files\Bonjour
    2008-10-23 20:38 . 2008-10-23 20:38 <DIR> d——– c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-10-23 20:38 . 2008-04-17 12:12 107,368 –a—— c:\windows\system32\GEARAspi.dll
    2008-10-23 20:38 . 2008-04-17 12:12 15,464 –a—— c:\windows\system32\drivers\GEARAspiWDM.sys
    2008-10-23 20:37 . 2008-10-23 20:37 <DIR> d——– c:\program files\Apple Software Update
    2008-10-23 20:37 . 2008-10-23 20:38 <DIR> d——– c:\documents and settings\All Users\Application Data\Apple Computer
    2008-10-23 20:36 . 2008-10-23 20:36 <DIR> d——– c:\program files\Common Files\Apple
    2008-10-23 20:36 . 2008-10-23 20:36 <DIR> d——– c:\documents and settings\All Users\Application Data\Apple
    2008-10-23 20:25 . 2008-10-23 20:25 0 –a—— c:\windows
    sreg.dat
    2008-10-23 18:53 . 2008-11-03 14:19 <DIR> d——– c:\documents and settings\All Users\Application Data\flag ace stupid data
    2008-10-23 18:52 . 2008-10-23 18:52 <DIR> d——– c:\program files\Messenger Plus! Live
    2008-10-23 18:52 . 2008-11-06 23:12 <DIR> d——– c:\program files\Circle Developement
    2008-10-23 18:52 . 2008-11-06 23:12 <DIR> d——– c:\documents and settings\Gebruiker\Application Data\ERROR 2
    2008-10-23 18:31 . 2008-10-23 18:31 9,084 –ah—– c:\windows\system32\mlfcache.dat
    2008-10-23 18:29 . 2006-10-05 03:42 2,560 ——— c:\windows\system32\drivers\cdralw2k.sys
    2008-10-23 18:29 . 2006-10-05 03:42 2,432 ——— c:\windows\system32\drivers\cdr4_xp.sys
    2008-10-23 18:28 . 2008-10-23 18:29 <DIR> d——– c:\program files\Picasa2
    2008-10-23 18:28 . 2008-10-23 18:28 <DIR> d——– c:\program files\Google
    2008-10-23 18:17 . 2008-10-27 09:31 <DIR> d——– c:\documents and settings\Gebruiker\Contacts
    2008-10-23 18:14 . 2008-10-23 18:17 <DIR> d——– c:\program files\Windows Live
    2008-10-23 18:14 . 2008-10-23 18:15 <DIR> d–hsc— c:\program files\Common Files\WindowsLiveInstaller
    2008-10-23 18:14 . 2008-10-23 18:14 <DIR> d——– c:\documents and settings\All Users\Application Data\WLInstaller
    2008-10-13 18:12 . 2008-10-25 15:33 <DIR> d——– c:\program files\Microsoft Silverlight
    2008-10-13 18:12 . 2008-10-13 18:12 <DIR> d——– c:\documents and settings\Gebruiker\Application Data\Windows Desktop Search
    2008-10-13 18:11 . 2008-10-13 18:11 <DIR> d——– c:\windows\system32\GroupPolicy
    2008-10-13 18:11 . 2008-10-13 18:11 <DIR> d——– c:\program files\Windows Media Connect 2
    2008-10-13 18:11 . 2008-10-13 18:11 <DIR> d——– c:\program files\Windows Desktop Search
    2008-10-13 18:11 . 2008-03-07 18:02 192,000 —–c— c:\windows\system32\dllcache\offfilt.dll
    2008-10-13 18:11 . 2008-03-07 18:02 98,304 —–c— c:\windows\system32\dllcache
    lhtml.dll
    2008-10-13 18:11 . 2008-03-07 18:02 29,696 —–c— c:\windows\system32\dllcache\mimefilt.dll
    2008-10-13 18:09 . 2008-11-04 19:19 <DIR> d——– c:\windows\system32\LogFiles
    2008-10-13 18:09 . 2008-10-13 18:10 <DIR> d——– c:\windows\system32\drivers\UMDF
    2008-10-13 18:05 . 2008-10-13 18:06 <DIR> d——– c:\windows\system32\URTTemp
    2008-10-13 17:48 . 2008-10-13 17:48 <DIR> d——– c:\windows\system32
    l
    2008-10-13 17:48 . 2008-10-13 17:48 <DIR> d——– c:\windows\system32\bits
    2008-10-13 17:48 . 2008-10-13 17:48 <DIR> d——– c:\windows\l2schemas
    2008-10-13 17:47 . 2008-10-13 17:47 <DIR> d——– c:\windows\ServicePackFiles
    2008-10-13 17:43 . 2008-10-13 17:43 <DIR> d——– c:\windows\EHome
    2008-10-13 17:40 . 2008-10-13 17:40 2,422 –a—— c:\windows\system32\wpa.bak
    2008-10-13 17:22 . 2008-10-13 18:11 <DIR> d——– c:\windows\system32
    l-nl
    2008-10-13 17:22 . 2008-10-03 18:38 6,066,176 —–c— c:\windows\system32\dllcache\ieframe.dll
    2008-10-13 17:22 . 2007-04-17 10:32 2,455,488 —–c— c:\windows\system32\dllcache\ieapfltr.dat
    2008-10-13 17:22 . 2007-03-08 06:11 1,032,192 —–c— c:\windows\system32\dllcache\ieframe.dll.mui

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-13 16:10 ——— d–h–w c:\program files\InstallShield Installation Information
    2008-10-13 16:07 ——— d—–w c:\program files\Common Files\InstallShield
    2008-10-13 15:53 907,520 —-a-w c:\windows\system32\drivers\3xHybrid.sys
    2008-10-13 15:53 466,944 —-a-w c:\windows\713xRMT.exe
    2008-10-13 15:53 466,944 —-a-w c:\windows\23885RMT.exe
    2008-10-13 15:53 450,560 —-a-w c:\windows\878RMTMon.exe
    2008-10-13 15:53 450,560 —-a-w c:\windows\878RMT.exe
    2008-10-13 15:45 ——— d—–w c:\program files\C-Media 3D Audio
    2008-10-13 15:42 43,520 —-a-w c:\windows\system32\drivers\fetnd5bv.sys
    2008-10-13 15:42 379,360 —-a-w c:\windows\system32\drivers\wlanCIG.sys
    2008-10-13 15:32 ——— d—–w c:\program files\Intel
    2008-10-13 15:27 23,600 —-a-w c:\windows\system32\drivers\TVICHW32.SYS
    2008-10-13 14:21 ——— d—–w c:\program files\microsoft frontpage
    2008-09-08 10:41 333,824 —-a-w c:\windows\system32\drivers\srv.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector" [X]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TV Card Remote Control Device Monitor"="c:\windows\713xRMT.exe" [2008-10-13 466944]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-26 136600]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
    "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
    "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 49152]
    "a-squared"="c:\program files\A-SQUARED ANTI-MALWARE\a2guard.exe" [2008-11-02 2780816]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-08-06 69632]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=

    R0 pxark;pxark;c:\windows\system32\drivers\pxark.sys [2008-11-06 25400]
    R2 CSIScanner;CSIScanner;c:\program files\PrevxCSI\prevxcsi.exe [2008-11-06 880696]
    R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-10-26 152984]
    R3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-10-13 907520]
    R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;c:\windows\system32\DRIVERS\fetnd5bv.sys [2008-10-13 43520]
    R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [2002-04-24 19928]
    S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
    .
    Inhoud van de 'Gedeelde Taken' map

    2008-11-06 c:\windows\Tasks\AF910737919EB88F.job
    - c:\docume~1\gebrui~1\applic~1\error2~1\flaw rule knob.exe [2008-11-03 14:19]

    2008-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    - - - - ORPHANS VERWIJDERD - - - -

    BHO-{1F3FB1A6-E27C-430C-8F01-59ECBBFE6F08} - c:\windows\system32\efcATKET.dll
    BHO-{6387c1e4-56bc-4f7d-8723-33c5b2624d87} - c:\windows\system32\aydyik.dll
    HKCU-Run-01wma - c:\docume~1\GEBRUI~1\APPLIC~1\ERROR2~1\DOESLIES.exe
    HKLM-Run-CPM7b0c8e12 - c:\windows\system32\pjuyabqf.dll
    HKLM-Run-783fbd8e - c:\windows\system32\gpupsyju.dll
    HKLM-Run-Cmaudio - cmicnfg.cpl
    SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pjuyabqf.dll
    SSODL-SSODL-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pjuyabqf.dll


    .
    ——- Bijkomende Scan ——-
    .
    FireFox -: Profile - c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\0nm4dv2c.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.nl/
    FF -: plugin - c:\program files\iTunes\Mozilla Plugins
    pitunes.dll
    FF -: plugin - c:\program files\Java\jre6\bin
    ew_plugin
    pdeploytk.dll
    FF -: plugin - c:\program files\Java\jre6\bin
    ew_plugin
    pjp2.dll
    FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0
    pctrl.1.0.30716.0.dll
    FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0
    pctrl.dll
    FF -: plugin - c:\program files\Mozilla Firefox\plugins
    p_gp.dll
    FF -: plugin - c:\program files\Mozilla Firefox\plugins
    pdeploytk.dll
    FF -: plugin - c:\program files\Picasa2
    pPicasa2.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-06 23:27:46
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\scardsvr.exe
    c:\program files\a-squared Anti-Malware\a2service.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    c:\windows\system32\searchindexer.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Picasa2\PicasaMediaDetector.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2008-11-06 23:31:35 - machine werd herstart
    ComboFix-quarantined-files.txt 2008-11-06 22:31:23

    Pre-Run: 216.073.740.288 bytes beschikbaar
    Post-Run: 216,080,367,616 bytes beschikbaar

    WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    287 — E O F — 2008-10-28 19:41:33
  • Open een kladblokbestand.

    Kopieer en plak daarin de onderstaande vetgedrukte tekst.

    [b:5c8dbcb262]File::
    c:\windows\Tasks\AF910737919EB88F.job
    c:\windows\713xRMT.exe
    c:\windows\system32\vbzip10.dll
    c:\windows\system32\xopzcdzmgdlije.exe
    c:\windows\23885RMT.exe
    c:\windows\878RMTMon.exe
    c:\windows\878RMT.exe

    Folder::
    c:\windows\CPM7b0c8e12
    c:\windows\system32\sni
    c:\windows\system32\QI02
    c:\windows\system32\hin
    c:\windows\system32\ell
    c:\windows\R2VicnVpa2Vy

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TV Card Remote Control Device Monitor"=-[/b:5c8dbcb262]

    Sla dit bestand op je bureaublad op als CFScript.txt.

    Sleep CFScript.txt in ComboFix.exe
    Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

    Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

    En laat dan eens weten of je nog problemen hebt en zo ja, dewelke ?
  • ComboFix 08-11-05.02 - Gebruiker 2008-11-07 8:16:15.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.79 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Gebruiker\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt

    FILE ::
    c:\windows\23885RMT.exe
    c:\windows\713xRMT.exe
    c:\windows\878RMT.exe
    c:\windows\878RMTMon.exe
    c:\windows\system32\vbzip10.dll
    c:\windows\system32\xopzcdzmgdlije.exe
    c:\windows\Tasks\AF910737919EB88F.job
    .
    De volgende bestanden werden uitgeschakeld tijdens de run:
    c:\program files\a-squared Anti-Malware\a2handler.dll


    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\23885RMT.exe
    c:\windows\713xRMT.exe
    c:\windows\878RMT.exe
    c:\windows\878RMTMon.exe
    c:\windows\CPM7b0c8e12\
    c:\windows\R2VicnVpa2Vy
    c:\windows\system32\ell
    c:\windows\system32\hin
    c:\windows\system32\QI02
    c:\windows\system32\sni
    c:\windows\system32\vbzip10.dll
    c:\windows\system32\xopzcdzmgdlije.exe
    c:\windows\Tasks\AF910737919EB88F.job

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-10-07 to 2008-11-07 ))))))))))))))))))))))))))))))
    .

    2008-11-07 00:12 . 2008-11-07 08:14 <DIR> dr-h—– c:\documents and settings\Gebruiker\Onlangs geopend
    2008-11-06 23:48 . 2008-11-06 23:49 <DIR> d——– c:\documents and settings\Gebruiker\.jordan
    2008-11-06 21:31 . 2008-11-07 08:15 <DIR> d——– c:\program files\a-squared Anti-Malware
    2008-11-06 18:25 . 2008-11-06 23:50 <DIR> d——– c:\documents and settings\Gebruiker\.jenny
    2008-11-06 17:46 . 2008-11-06 17:47 <DIR> d——– c:\program files\Windows Live Safety Center
    2008-11-06 16:34 . 2008-11-06 19:44 160 –a—— c:\documents and settings\Gebruiker\Application Data\wklnhst.dat
    2008-11-06 16:22 . 2008-11-06 16:22 395 –a—— c:\windows\ODBC.INI
    2008-11-06 16:21 . 2008-11-06 16:21 <DIR> d——– c:\windows\ShellNew
    2008-11-06 16:17 . 2008-11-06 16:23 <DIR> d——– c:\program files\Microsoft Works
    2008-11-06 16:15 . 2008-11-06 16:15 <DIR> d——– c:\program files\Microsoft Works Suite 2004
    2008-11-05 17:07 . 2008-11-05 17:07 <DIR> d——– c:\program files\Trend Micro
    2008-11-05 17:03 . 2008-11-05 17:03 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2008-11-05 17:03 . 2008-11-05 17:03 <DIR> d——– c:\documents and settings\Gebruiker\Application Data\Malwarebytes
    2008-11-05 17:03 . 2008-11-05 17:03 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-11-05 17:03 . 2008-10-22 16:10 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2008-11-05 17:03 . 2008-10-22 16:10 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2008-11-04 20:28 . 2008-11-04 20:28 50,000 –a—— c:\windows\CPM7b0c8e12
    2008-11-04 19:19 . 2008-11-04 19:19 <DIR> d——– c:\temp\NT32
    2008-11-04 19:19 . 2008-11-06 23:21 <DIR> d——– C:\Temp
    2008-11-04 19:11 . 1998-10-29 16:45 306,688 –a—— c:\windows\IsUninst.exe
    2008-11-04 19:10 . 2008-11-04 19:10 <DIR> d——– c:\program files\Microsoft SQL Server
    2008-11-04 18:56 . 2008-11-04 18:56 <DIR> d——– c:\program files\CCleaner
    2008-11-04 18:54 . 2008-11-04 18:56 <DIR> d——– c:\documents and settings\All Users\Application Data\WinZip
    2008-11-03 14:19 . 2008-11-03 14:19 <DIR> d——– c:\program files\ERROR 2
    2008-11-01 20:25 . 2008-11-01 20:28 <DIR> d——– c:\documents and settings\Gebruiker\Application Data\dvdcss
    2008-10-28 23:21 . 2008-11-01 20:27 <DIR> d——– c:\documents and settings\Gebruiker\Application Data\vlc
    2008-10-28 23:20 . 2008-10-28 23:20 <DIR> d——– c:\program files\VideoLAN
    2008-10-27 23:09 . 2008-10-27 23:09 <DIR> d——– c:\program files\MSXML 4.0
    2008-10-27 23:09 . 2008-10-27 23:09 <DIR> d——– c:\program files\Microsoft CAPICOM 2.1.0.2
    2008-10-27 09:53 . 2003-12-11 11:15 626,960 -ra—— c:\windows\system32\hpvaut32.dll
    2008-10-27 09:53 . 2003-12-11 11:15 487,424 -ra—— c:\windows\system32\hpvcp70.dll
    2008-10-27 09:53 . 2003-12-11 11:15 344,064 -ra—— c:\windows\system32\hpvcr70.dll
    2008-10-27 09:53 . 2003-12-11 11:15 82,432 -ra—— c:\windows\system32\MSXML4r.dll
    2008-10-27 09:53 . 2003-12-11 11:15 44,544 -ra—— c:\windows\system32\MSXML4a.dll
    2008-10-27 09:52 . 2008-10-27 09:52 <DIR> d——– c:\program files\HP
    2008-10-27 09:52 . 2008-10-27 09:53 <DIR> d——– c:\program files\Hewlett-Packard
    2008-10-27 09:52 . 2008-10-27 09:53 72,050 –a—— c:\windows\hpdj3840.his
    2008-10-27 09:52 . 2008-10-27 09:53 7,260 –a—— c:\windows\hpdj3840.ini
    2008-10-27 09:51 . 2008-10-27 09:52 4,241 –a—— c:\windows\hpbvspst.his
    2008-10-27 09:51 . 2008-10-27 09:52 414 –a—— c:\windows\hpbvspst.ini
    2008-10-27 09:50 . 2008-04-13 20:47 25,856 –a—— c:\windows\system32\drivers\usbprint.sys
    2008-10-27 09:50 . 2008-04-13 20:47 25,856 –a–c— c:\windows\system32\dllcache\usbprint.sys
    2008-10-27 09:49 . 2008-10-27 09:49 <DIR> d——– c:\program files\Common Files\Adobe AIR
    2008-10-27 09:48 . 2008-10-27 09:48 <DIR> d——– c:\program files\Common Files\Adobe
    2008-10-27 09:46 . 2008-10-27 09:52 <DIR> d——– c:\program files\NOS
    2008-10-27 09:46 . 2008-10-27 09:52 <DIR> d——– c:\documents and settings\All Users\Application Data\NOS
    2008-10-27 09:05 . 2008-10-27 09:05 <DIR> d——– c:\program files\MSECache
    2008-10-26 22:46 . 2008-10-26 22:45 410,976 –a—— c:\windows\system32\deploytk.dll
    2008-10-26 22:44 . 2008-10-26 22:44 <DIR> d——– c:\windows\Sun
    2008-10-24 22:31 . 2008-04-14 18:02 221,184 –a—— c:\windows\system32\wmpns.dll
    2008-10-24 22:29 . 2008-10-24 22:29 <DIR> d–h—– c:\windows\PIF
    2008-10-24 13:09 . 2008-10-24 13:09 <DIR> d——– c:\documents and settings\Gebruiker\Incomplete
    2008-10-24 13:07 . 2008-11-05 09:11 <DIR> d——– c:\documents and settings\Gebruiker\Application Data\LimeWire
    2008-10-24 13:06 . 2008-10-26 22:45 73,728 –a—— c:\windows\system32\javacpl.cpl
    2008-10-24 13:05 . 2008-11-04 19:23 <DIR> d——– c:\program files\LimeWire
    2008-10-24 13:05 . 2008-10-26 22:45 <DIR> d——– c:\program files\Java
    2008-10-24 13:05 . 2008-10-24 13:05 <DIR> d——– c:\program files\Common Files\Java
    2008-10-24 10:37 . 2008-10-24 10:37 <DIR> d——– c:\documents and settings\Gebruiker\Application Data\Windows Search
    2008-10-24 10:20 . 2008-10-24 10:20 <DIR> dr-h—– C:\MSOCache
    2008-10-24 10:18 . 2008-08-14 14:27 2,193,536 —–c— c:\windows\system32\dllcache
    toskrnl.exe
    2008-10-24 10:18 . 2008-08-14 14:27 2,149,888 —–c— c:\windows\system32\dllcache
    tkrnlmp.exe
    2008-10-24 10:18 . 2008-08-14 14:27 2,070,400 —–c— c:\windows\system32\dllcache
    tkrnlpa.exe
    2008-10-24 10:18 . 2008-08-14 14:27 2,028,544 —–c— c:\windows\system32\dllcache
    tkrpamp.exe
    2008-10-24 10:18 . 2008-09-15 16:28 1,846,528 —–c— c:\windows\system32\dllcache\win32k.sys
    2008-10-24 10:18 . 2008-09-08 11:41 333,824 —–c— c:\windows\system32\dllcache\srv.sys
    2008-10-24 10:17 . 2008-10-15 17:37 337,408 —–c— c:\windows\system32\dllcache
    etapi32.dll
    2008-10-24 10:16 . 2007-07-30 18:19 271,224 –a—— c:\windows\system32\mucltui.dll
    2008-10-24 10:16 . 2007-07-30 18:18 30,072 –a—— c:\windows\system32\mucltui.dll.mui
    2008-10-24 10:15 . 2008-10-24 10:15 <DIR> d——– c:\documents and settings\All Users\Application Data\Messenger Plus!
    2008-10-23 20:39 . 2008-10-26 22:44 <DIR> d——– c:\documents and settings\Gebruiker\Application Data\Apple Computer
    2008-10-23 20:38 . 2008-10-23 20:38 <DIR> d——– c:\program files\QuickTime
    2008-10-23 20:38 . 2008-10-23 20:38 <DIR> d——– c:\program files\iTunes
    2008-10-23 20:38 . 2008-10-23 20:38 <DIR> d——– c:\program files\iPod
    2008-10-23 20:38 . 2008-10-23 20:38 <DIR> d——– c:\program files\Bonjour
    2008-10-23 20:38 . 2008-10-23 20:38 <DIR> d——– c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-10-23 20:38 . 2008-04-17 12:12 107,368 –a—— c:\windows\system32\GEARAspi.dll
    2008-10-23 20:38 . 2008-04-17 12:12 15,464 –a—— c:\windows\system32\drivers\GEARAspiWDM.sys
    2008-10-23 20:37 . 2008-10-23 20:37 <DIR> d——– c:\program files\Apple Software Update
    2008-10-23 20:37 . 2008-10-23 20:38 <DIR> d——– c:\documents and settings\All Users\Application Data\Apple Computer
    2008-10-23 20:36 . 2008-10-23 20:36 <DIR> d——– c:\program files\Common Files\Apple
    2008-10-23 20:36 . 2008-10-23 20:36 <DIR> d——– c:\documents and settings\All Users\Application Data\Apple
    2008-10-23 20:25 . 2008-10-23 20:25 0 –a—— c:\windows
    sreg.dat
    2008-10-23 18:53 . 2008-11-03 14:19 <DIR> d——– c:\documents and settings\All Users\Application Data\flag ace stupid data
    2008-10-23 18:52 . 2008-10-23 18:52 <DIR> d——– c:\program files\Messenger Plus! Live
    2008-10-23 18:52 . 2008-11-06 23:12 <DIR> d——– c:\program files\Circle Developement
    2008-10-23 18:52 . 2008-11-06 23:12 <DIR> d——– c:\documents and settings\Gebruiker\Application Data\ERROR 2
    2008-10-23 18:31 . 2008-10-23 18:31 9,084 –ah—– c:\windows\system32\mlfcache.dat
    2008-10-23 18:29 . 2006-10-05 03:42 2,560 ——— c:\windows\system32\drivers\cdralw2k.sys
    2008-10-23 18:29 . 2006-10-05 03:42 2,432 ——— c:\windows\system32\drivers\cdr4_xp.sys
    2008-10-23 18:28 . 2008-10-23 18:29 <DIR> d——– c:\program files\Picasa2
    2008-10-23 18:28 . 2008-10-23 18:28 <DIR> d——– c:\program files\Google
    2008-10-23 18:17 . 2008-10-27 09:31 <DIR> d——– c:\documents and settings\Gebruiker\Contacts
    2008-10-23 18:14 . 2008-10-23 18:17 <DIR> d——– c:\program files\Windows Live
    2008-10-23 18:14 . 2008-10-23 18:15 <DIR> d–hsc— c:\program files\Common Files\WindowsLiveInstaller
    2008-10-23 18:14 . 2008-10-23 18:14 <DIR> d——– c:\documents and settings\All Users\Application Data\WLInstaller
    2008-10-13 18:12 . 2008-10-25 15:33 <DIR> d——– c:\program files\Microsoft Silverlight
    2008-10-13 18:12 . 2008-10-13 18:12 <DIR> d——– c:\documents and settings\Gebruiker\Application Data\Windows Desktop Search
    2008-10-13 18:11 . 2008-10-13 18:11 <DIR> d——– c:\windows\system32\GroupPolicy
    2008-10-13 18:11 . 2008-10-13 18:11 <DIR> d——– c:\program files\Windows Media Connect 2
    2008-10-13 18:11 . 2008-10-13 18:11 <DIR> d——– c:\program files\Windows Desktop Search
    2008-10-13 18:11 . 2008-03-07 18:02 192,000 —–c— c:\windows\system32\dllcache\offfilt.dll
    2008-10-13 18:11 . 2008-03-07 18:02 98,304 —–c— c:\windows\system32\dllcache
    lhtml.dll
    2008-10-13 18:11 . 2008-03-07 18:02 29,696 —–c— c:\windows\system32\dllcache\mimefilt.dll
    2008-10-13 18:09 . 2008-11-04 19:19 <DIR> d——– c:\windows\system32\LogFiles
    2008-10-13 18:09 . 2008-10-13 18:10 <DIR> d——– c:\windows\system32\drivers\UMDF
    2008-10-13 18:05 . 2008-10-13 18:06 <DIR> d——– c:\windows\system32\URTTemp
    2008-10-13 17:48 . 2008-10-13 17:48 <DIR> d——– c:\windows\system32
    l
    2008-10-13 17:48 . 2008-10-13 17:48 <DIR> d——– c:\windows\system32\bits
    2008-10-13 17:48 . 2008-10-13 17:48 <DIR> d——– c:\windows\l2schemas
    2008-10-13 17:47 . 2008-10-13 17:47 <DIR> d——– c:\windows\ServicePackFiles
    2008-10-13 17:43 . 2008-10-13 17:43 <DIR> d——– c:\windows\EHome
    2008-10-13 17:40 . 2008-10-13 17:40 2,422 –a—— c:\windows\system32\wpa.bak
    2008-10-13 17:22 . 2008-10-13 18:11 <DIR> d——– c:\windows\system32
    l-nl
    2008-10-13 17:22 . 2008-10-03 18:38 6,066,176 —–c— c:\windows\system32\dllcache\ieframe.dll
    2008-10-13 17:22 . 2007-04-17 10:32 2,455,488 —–c— c:\windows\system32\dllcache\ieapfltr.dat
    2008-10-13 17:22 . 2007-03-08 06:11 1,032,192 —–c— c:\windows\system32\dllcache\ieframe.dll.mui
    2008-10-13 17:22 . 2008-08-26 09:27 459,264 —–c— c:\windows\system32\dllcache\msfeeds.dll
    2008-10-13 17:22 . 2008-08-26 09:27 383,488 —–c— c:\windows\system32\dllcache\ieapfltr.dll
    2008-10-13 17:22 . 2008-08-26 09:27 267,776 —–c— c:\windows\system32\dllcache\iertutil.dll
    2008-10-13 17:22 . 2008-08-26 09:27 63,488 —–c— c:\windows\system32\dllcache\icardie.dll
    2008-10-13 17:22 . 2008-08-26 09:27 52,224 —–c— c:\windows\system32\dllcache\msfeedsbs.dll
    2008-10-13 17:22 . 2008-08-25 09:38 13,824 —–c— c:\windows\system32\dllcache\ieudinit.exe
    2008-10-13 17:13 . 2008-10-13 17:13 0 –a—— c:\windows\ativpsrm.bin
    2008-10-13 17:10 . 2008-10-13 17:10 <DIR> d——– C:\SWSetup
    2008-10-13 17:10 . 2002-04-24 11:07 19,928 –a—— c:\windows\system32\drivers\wbscr.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-13 16:10 ——— d–h–w c:\program files\InstallShield Installation Information
    2008-10-13 16:07 ——— d—–w c:\program files\Common Files\InstallShield
    2008-10-13 15:53 907,520 —-a-w c:\windows\system32\drivers\3xHybrid.sys
    2008-10-13 15:53 9,760 —-a-w c:\windows\system32\34CoInstaller.dll
    2008-10-13 15:53 104,992 —-a-w c:\windows\system32\NXPMV32.dll
    2008-10-13 15:45 ——— d—–w c:\program files\C-Media 3D Audio
    2008-10-13 15:42 69,632 —-a-w c:\windows\system32\vuins32.dll
    2008-10-13 15:42 43,520 —-a-w c:\windows\system32\drivers\fetnd5bv.sys
    2008-10-13 15:42 379,360 —-a-w c:\windows\system32\drivers\wlanCIG.sys
    2008-10-13 15:42 319,456 —-a-w c:\windows\system32\difxapi.dll
    2008-10-13 15:41 32,768 —-a-w c:\windows\system32\udaprop.dll
    2008-10-13 15:32 ——— d—–w c:\program files\Intel
    2008-10-13 15:27 23,600 —-a-w c:\windows\system32\drivers\TVICHW32.SYS
    2008-10-13 14:21 ——— d—–w c:\program files\microsoft frontpage
    2008-09-15 15:28 1,846,528 —-a-w c:\windows\system32\win32k.sys
    2008-09-08 10:41 333,824 —-a-w c:\windows\system32\drivers\srv.sys
    2008-08-29 08:18 87,336 —-a-w c:\windows\system32\dns-sd.exe
    2008-08-29 07:53 61,440 —-a-w c:\windows\system32\dnssd.dll
    2008-08-26 08:27 826,368 —-a-w c:\windows\system32\wininet.dll
    2008-08-21 02:19 425,984 —-a-w c:\windows\system32\ATIDEMGX.dll
    2008-08-21 02:18 314,880 —-a-w c:\windows\system32\ati2dvag.dll
    2008-08-21 02:08 184,320 —-a-w c:\windows\system32\atipdlxx.dll
    2008-08-21 02:08 143,360 —-a-w c:\windows\system32\Oemdspif.dll
    2008-08-21 02:07 43,520 —-a-w c:\windows\system32\ati2edxx.dll
    2008-08-21 02:07 26,112 —-a-w c:\windows\system32\Ati2mdxx.exe
    2008-08-21 02:07 143,360 —-a-w c:\windows\system32\ati2evxx.dll
    2008-08-21 02:05 573,440 —-a-w c:\windows\system32\ati2evxx.exe
    2008-08-21 02:04 53,248 —-a-w c:\windows\system32\ATIDDC.DLL
    2008-08-21 02:01 10,084,352 —-a-w c:\windows\system32\atioglxx.dll
    2008-08-21 01:55 4,094,560 —-a-w c:\windows\system32\ati3duag.dll
    2008-08-21 01:50 307,200 —-a-w c:\windows\system32\atiiiexx.dll
    2008-08-21 01:38 2,377,856 —-a-w c:\windows\system32\ativvaxx.dll
    2008-08-21 01:23 48,640 —-a-w c:\windows\system32\amdpcom32.dll
    2008-08-21 01:19 380,928 —-a-w c:\windows\system32\atikvmag.dll
    2008-08-21 01:18 37,376 —-a-w c:\windows\system32\atiadlxx.dll
    2008-08-21 01:18 17,408 —-a-w c:\windows\system32\atitvo32.dll
    2008-08-21 01:17 253,952 —-a-w c:\windows\system32\atiok3x2.dll
    2008-08-21 01:11 561,152 —-a-w c:\windows\system32\ati2cqag.dll
    2008-08-14 13:27 2,149,888 —-a-w c:\windows\system32
    toskrnl.exe
    2008-08-14 13:27 2,028,544 —-a-w c:\windows\system32
    tkrnlpa.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-11-06_23.30.06.94 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2003-07-14 21:52:56 55,360 —-a-r c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\MSOHTMED.EXE
    + 2003-07-14 21:57:08 58,944 —-a-r c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\SEQCHK10.DLL
    + 2005-05-03 11:09:02 6,864,584 —-a-r c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\WORDVIEW.EXE
    + 2007-05-31 12:37:46 8,812,384 —-a-r c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.8173\WORDVIEW.EXE
    - 2008-11-04 18:24:42 135,168 —-a-r c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2008-11-06 23:16:21 135,168 —-a-r c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2008-11-04 18:24:42 40,960 —-a-r c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
    + 2008-11-06 23:16:21 40,960 —-a-r c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
    + 2008-11-07 07:02:17 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_7ec.dat
    + 2008-11-07 07:02:21 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_90.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector" [X]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-26 136600]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
    "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
    "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 49152]
    "a-squared"="c:\program files\A-SQUARED ANTI-MALWARE\a2guard.exe" [2008-11-02 2780816]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-08-06 69632]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=

    R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-10-26 152984]
    R3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-10-13 907520]
    R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;c:\windows\system32\DRIVERS\fetnd5bv.sys [2008-10-13 43520]
    R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [2002-04-24 19928]
    S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
    .
    Inhoud van de 'Gedeelde Taken' map

    2008-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    - - - - ORPHANS VERWIJDERD - - - -

    HKLM-Run-TV Card Remote Control Device Monitor - c:\windows\713xRMT.exe



    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-07 08:17:54
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-11-07 8:18:58
    ComboFix-quarantined-files.txt 2008-11-07 07:18:55
    ComboFix2.txt 2008-11-06 22:31:39

    Pre-Run: 215.896.678.400 bytes beschikbaar
    Post-Run: 215,883,800,576 bytes beschikbaar

    280 — E O F — 2008-11-06 23:16:23






































    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:20:36, on 7-11-2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223917203140
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225057627564&h=e071cb737eeaba4414e51dd50d4a05d1/&filename=jinstall-6u10-windows-i586-jc.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe


    End of file - 6621 bytes
  • Ziet er goed uit. En wat was het antwoord op deze vraag uit vorig bericht

    [quote:595981a22c] En laat dan eens weten of je nog problemen hebt en zo ja, dewelke ? [/quote:595981a22c]
  • Tot zo ver geen problemen meer gezien.
    Heel erg bedankt!
  • Graag gedaan. Maar er komt nog een staartje aan je verhaal :D

    Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

    Over de trialversie van A Squared mag je zelf beslissen of je deze nog even op je PC laat staan of onmiddellijk verwijdert.

    Verwijder Combofix: Start -> Uitvoeren en typ: [b:bb6a87ba6b]combofix /u[/b:bb6a87ba6b]
    Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

    Download CCleaner hier : http://www.majorgeeks.com/download4191.html

    Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

    Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

    That's it !
  • Is gelukt! Dank.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.