Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Traag I.E. + askbardis + Vundo

None
18 antwoorden
  • Hallo,

    Na begin dit jaar windows opnieuw te hebben geinstalleerd heb ik last van het virtumonde virus. Na het openen van I.E. vraagt zonealarm ook steeds of askservice toegang mag krijgen. Geef ik deze toestemming niet dan is I.E. zeer traag. Ik heb al van alles uitgevogeld, o.a. anti malware gedraaid maar het gaat nog niet van harte.
    Hieronder alvast een logfile van HJT geplaatst, is er misschien iemand die mij hiermee wil helpen dit op te lossen?


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:33:17, on 10-1-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20861)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Browser MOUSE\mouse32a.exe
    C:\Program Files\Eset
    od32kui.exe
    C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
    C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\IObit\Advanced WindowsCare V2\Awc.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\AskBarDis\bar\bin\AskService.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {1955965E-53BB-4ABD-B261-690792CD1C0E} - (no file)
    O2 - BHO: (no name) - {19FD8C3A-B75E-4FB4-A734-17B2909AE3B0} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {59DAA659-627C-4F9A-9F64-E86E4B7ECBB5} - (no file)
    O2 - BHO: (no name) - {87914D54-3A02-46D9-9D5A-33535568FA03} - (no file)
    O2 - BHO: (no name) - {91ee37fe-724d-4c4d-9f77-32ecaab54d4b} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: (no name) - {D0115063-AAED-4AC4-8A36-00090FD61A11} - (no file)
    O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
    O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Advanced WindowsCare] "C:\Program Files\IObit\Advanced WindowsCare V2\Awc.exe" /startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
    O8 - Extra context menu item: &Block This Image (ABP) - C:\Program Files\Adblock Pro\blockimg.html
    O8 - Extra context menu item: &Blokkeer dit figuur (ABP) - C:\Program Files\Adblock Pro\blockimg.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files\Adblock Pro\AdblockPro.dll
    O9 - Extra 'Tools' menuitem: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files\Adblock Pro\AdblockPro.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O20 - AppInit_DLLs: ekxhwu.dll cfeoby.dll isyuxm.dll nyclnc.dll
    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    End of file - 7997 bytes


    Alvast bedankt,

    Jan.
  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:b3163388f5]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {1955965E-53BB-4ABD-B261-690792CD1C0E} - (no file)
    O2 - BHO: (no name) - {19FD8C3A-B75E-4FB4-A734-17B2909AE3B0} - (no file)
    O2 - BHO: (no name) - {59DAA659-627C-4F9A-9F64-E86E4B7ECBB5} - (no file)
    O2 - BHO: (no name) - {87914D54-3A02-46D9-9D5A-33535568FA03} - (no file)
    O2 - BHO: (no name) - {91ee37fe-724d-4c4d-9f77-32ecaab54d4b} - (no file)
    O2 - BHO: (no name) - {D0115063-AAED-4AC4-8A36-00090FD61A11} - (no file)
    O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O20 - AppInit_DLLs: ekxhwu.dll cfeoby.dll isyuxm.dll nyclnc.dll
    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe[/b:b3163388f5]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.


    Open een kladblokbestand.
    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

    [b:b3163388f5]@ECHO OFF
    IF EXIST log.txt DEL log.txt
    ECHO Deleting files>>log.txt
    taskkill /f /im AskService.exe
    FOR %%g in (
    C:\Program Files\AskBarDis\bar\bin\AskService.exe) DO (
    IF EXIST %%g (
    ATTRIB -r -s -h %%g
    DEL %%g
    IF EXIST %%g (
    ECHO %%g not deleted>>log.txt
    ) ELSE (
    ECHO %%g deleted>>log.txt)
    ) ELSE (
    ECHO %%g not found>>log.txt))
    START NOTEPAD.EXE log.txt[/b:b3163388f5]


    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: del.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.
    Dubbelklik op del.bat en post de inhoud van de logfile die opent.

    Download [b:b3163388f5]MalwareBytes' Anti-Malware[/color:b3163388f5][/b:b3163388f5] en sla het op je bureaublad op.
    Dubbelklik op [b:b3163388f5]mbam-setup.exe[/b:b3163388f5] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:b3163388f5]
    [*:b3163388f5]Update MalwareBytes' Anti-Malware
    [*:b3163388f5]Start MalwareBytes' Anti-Malware
    [/list:u:b3163388f5]Klik daarna op "[b:b3163388f5]Voltooien[/b:b3163388f5]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:b3163388f5]
    [*:b3163388f5]Zodra het programma gestart is, ga dan naar het tabblad "[b:b3163388f5]Instellingen[/b:b3163388f5]".
    [*:b3163388f5]Vink hier aan: "[b:b3163388f5]Sluit Internet Explorer tijdens verwijdering van malware[/b:b3163388f5]".
    [*:b3163388f5]Ga daarna naar het tabblad "[b:b3163388f5]Scanner[/b:b3163388f5]", kies hier voor "[b:b3163388f5]Snelle Scan[/b:b3163388f5]".
    [*:b3163388f5]Druk vervolgens op "[b:b3163388f5]Scannen[/b:b3163388f5]" om de scan te starten.
    [*:b3163388f5]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:b3163388f5]Wanneer de scan voltooid is, klik op [b:b3163388f5]OK[/b:b3163388f5], daarna "[b:b3163388f5]Bekijk Resultaten[/b:b3163388f5]" om de resultaten te zien.
    [*:b3163388f5]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:b3163388f5]Verwijder geselecteerde[/b:b3163388f5]".
    [*:b3163388f5]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:b3163388f5]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:b3163388f5]Logs[/b:b3163388f5]" tab te klikken in het programma.

    Plaats dit logje samen met een nieuw logje van HijackThis
  • Hier de log van Malware:


    Malwarebytes' Anti-Malware 1.32
    Database versie: 1638
    Windows 5.1.2600 Service Pack 3

    10-1-2009 20:38:32
    mbam-log-2009-01-10 (20-38-32).txt

    Scan type: Snelle Scan
    Objecten gescand: 64507
    Verstreken tijd: 5 minute(s), 39 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)


    Hier de log van HJT:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:44:02, on 10-1-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20861)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Browser MOUSE\mouse32a.exe
    C:\Program Files\Eset
    od32kui.exe
    C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\IObit\Advanced WindowsCare V2\Awc.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Advanced WindowsCare] "C:\Program Files\IObit\Advanced WindowsCare V2\Awc.exe" /startup
    O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
    O8 - Extra context menu item: &Block This Image (ABP) - C:\Program Files\Adblock Pro\blockimg.html
    O8 - Extra context menu item: &Blokkeer dit figuur (ABP) - C:\Program Files\Adblock Pro\blockimg.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files\Adblock Pro\AdblockPro.dll
    O9 - Extra 'Tools' menuitem: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files\Adblock Pro\AdblockPro.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    End of file - 7009 bytes


    Hij lijkt nu al een stuk beter te reageren en Malware kon ook niks meer vinden. Wat moet ik met het kladblokbestandje doen, dat is mij niet geheel duidelijk?

    Gr. Jan.
  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:88b1279900]O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')[/b:88b1279900]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.


    Ik heb de instructies van wat je met kladblok moest doen wat duidelijker gemaakt, zie mijn vorige bericht :wink: .



    Download combofix.exe van deze site: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
    Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
    Wanneer ComboFix klaar is, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • We moesten vanmiddag er even tussenuit vandaar dat het even heeft geduurd maar hier is het HJT log:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:53:32, on 11-1-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20861)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Browser MOUSE\mouse32a.exe
    C:\Program Files\Eset
    od32kui.exe
    C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\IObit\Advanced WindowsCare V2\Awc.exe
    C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi
    edir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Advanced WindowsCare] "C:\Program Files\IObit\Advanced WindowsCare V2\Awc.exe" /startup
    O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Block This Image (ABP) - C:\Program Files\Adblock Pro\blockimg.html
    O8 - Extra context menu item: &Blokkeer dit figuur (ABP) - C:\Program Files\Adblock Pro\blockimg.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files\Adblock Pro\AdblockPro.dll
    O9 - Extra 'Tools' menuitem: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files\Adblock Pro\AdblockPro.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    End of file - 6701 bytes




    [u:1cd6d2bb72][b:1cd6d2bb72][i:1cd6d2bb72]Hier het log van Combofix:[/[/i:1cd6d2bb72][/b:1cd6d2bb72]u]


    ComboFix 09-01-10.03 - jan xxxxx 2009-01-11 10:35:35.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.1023.594 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Mijn documenten\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    * Resident AV is active

    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Application Data\inst.exe
    c:\documents and settings\Application Data\rbap550.dll
    c:\windows\system32\gvxgdhsp.ini
    c:\windows\system32\iurqwkws.ini
    c:\windows\system32\tyrlpktb.ini

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-12-11 to 2009-01-11 ))))))))))))))))))))))))))))))
    .

    2009-01-10 20:59 . 2009-01-10 20:59 <DIR> dr-h—– c:\documents and settings\Onlangs geopend
    2009-01-10 20:57 . 2009-01-10 20:57 <DIR> d——– c:\program files\CCleaner
    2009-01-10 20:57 . 2009-01-10 20:57 3,165,824 –a—— c:\program files\ccsetup215.exe
    2009-01-10 19:23 . 1998-10-22 05:01 1,888,744 –a—— c:\windows\system32\vcl40.bpl
    2009-01-10 19:23 . 1998-08-05 00:00 122,128 –a—— c:\windows\system32\VB6IT.DLL
    2009-01-10 19:23 . 1999-06-03 00:00 101,888 –a—— c:\windows\system32\VB6STKIT.DLL
    2009-01-10 19:23 . 1998-06-17 05:00 18,944 –a—— c:\windows\system32\borlndmm.dll
    2009-01-10 19:22 . 2009-01-10 19:22 <DIR> d——– c:\documents and settings\WINDOWS
    2009-01-10 19:22 . 1997-08-26 12:06 315,904 –a—— c:\windows\IsUninst.exe
    2009-01-10 13:51 . 2009-01-10 13:54 <DIR> d——– c:\program files\Enigma Software Group
    2009-01-10 12:25 . 2009-01-10 12:35 <DIR> d——– c:\documents and settings\Application Data\Nero
    2009-01-10 12:05 . 2009-01-10 12:05 4,757 –a—— c:\windows\Irremote.ini
    2009-01-10 12:03 . 2009-01-10 12:03 <DIR> d——– c:\program files\Windows Sidebar
    2009-01-10 11:46 . 2009-01-10 12:21 <DIR> d——– c:\program files\Common Files\Nero
    2009-01-07 19:11 . 2006-08-13 13:51 11,134 –a—— c:\windows\system32\msvcr20.dll
    2009-01-05 22:21 . 2009-01-05 22:22 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-01-05 22:21 . 2009-01-05 22:21 <DIR> d——– c:\documents and settings\Application Data\Malwarebytes
    2009-01-05 22:21 . 2009-01-05 22:21 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
    2009-01-05 22:21 . 2009-01-04 18:38 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-05 22:21 . 2009-01-04 18:38 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-01-04 18:07 . 2009-01-10 10:30 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
    2009-01-04 14:23 . 2009-01-04 14:23 <DIR> d——– c:\program files\Trend Micro
    2009-01-04 13:01 . 2009-01-04 13:01 151 –a—— c:\windows\PhotoSnapViewer.INI
    2009-01-03 15:03 . 2009-01-03 15:03 0 –a—— c:\windows
    sreg.dat
    2009-01-03 14:49 . 2009-01-03 14:49 <DIR> d——– c:\documents and settings\Application Data\Webroot
    2009-01-03 11:18 . 2009-01-03 11:18 <DIR> d——– C:\NVIDIA
    2009-01-02 19:03 . 2009-01-02 19:03 196,608 –a—— c:\windows\system32\avisynth.dll
    2009-01-02 19:02 . 2009-01-02 19:02 414,272 –a—— c:\windows\system32\DivXc32f.dll
    2009-01-02 19:02 . 2009-01-02 19:02 414,272 –a—— c:\windows\system32\DivXc32.dll
    2009-01-02 19:02 . 2009-01-02 19:02 291,408 –a—— c:\windows\system32\DivXa32.acm
    2009-01-02 19:02 . 2009-01-02 19:02 240,400 –a—— c:\windows\system32\DivX_c32.ax
    2009-01-02 19:02 . 2009-01-02 19:02 33,280 –a—— c:\windows\system32\HUFFYUV.DLL
    2009-01-01 15:23 . 2009-01-01 15:23 <DIR> d——– c:\program files\Adblock Pro
    2009-01-01 15:23 . 2009-01-01 15:23 <DIR> d——– c:\documents and settings\Application Data\Adblock Pro
    2009-01-01 14:01 . 2009-01-10 14:18 <DIR> d——– c:\program files\AskBarDis
    2009-01-01 14:00 . 2009-01-01 14:00 <DIR> d——– c:\program files\Zone Labs
    2009-01-01 14:00 . 2008-11-13 15:18 1,221,008 –a—— c:\windows\system32\zpeng25.dll
    2009-01-01 14:00 . 2009-01-11 10:40 348,371 –a—— c:\windows\system32\vsconfig.xml
    2009-01-01 14:00 . 2009-01-01 14:00 4,212 –ah—– c:\windows\system32\zllictbl.dat
    2008-12-31 18:57 . 2008-12-31 18:57 95 –a—— c:\windows\wininit.ini
    2008-12-31 18:19 . 2008-12-31 18:19 <DIR> d——– C:\NV25002720.TMP
    2008-12-31 18:19 . 2008-12-31 18:19 <DIR> d——– C:\NV19121840.TMP
    2008-12-31 18:18 . 2008-12-31 18:18 <DIR> d——– C:\NV38322812.TMP
    2008-12-31 18:18 . 2008-12-31 18:18 <DIR> d——– C:\NV15402232.TMP
    2008-12-31 15:49 . 2008-12-31 15:49 <DIR> d——– c:\documents and settings\Application Data\Lavasoft
    2008-12-31 14:48 . 2009-01-05 22:10 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2008-12-31 14:30 . 2006-10-26 19:56 32,592 –a—— c:\windows\system32\msonpmon.dll
    2008-12-31 14:29 . 2008-12-31 14:29 <DIR> d——– c:\program files\Microsoft Works
    2008-12-31 14:27 . 2008-12-31 14:27 <DIR> d——– c:\program files\Microsoft.NET
    2008-12-31 14:26 . 2008-12-31 14:26 <DIR> d——– c:\program files\Microsoft Visual Studio 8
    2008-12-31 14:24 . 2009-01-10 13:03 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
    2008-12-30 15:29 . 2008-12-30 15:30 <DIR> d——– c:\program files\aida32pe_393
    2008-12-30 15:20 . 2009-01-01 14:46 <DIR> d——– c:\program files\A1Click Ultra PC Cleaner
    2008-12-30 14:46 . 2008-12-30 14:56 2,516 –ahs—- c:\documents and settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys
    2008-12-30 14:46 . 2008-12-30 14:46 8 -r-hs—- c:\documents and settings\All Users.WINDOWS\Application Data\D6A83A6613.sys
    2008-12-30 14:42 . 2008-12-30 14:42 <DIR> d——– c:\program files\Common Files\Protexis
    2008-12-30 14:42 . 2008-12-30 14:45 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Corel
    2008-12-30 14:39 . 2008-12-30 14:42 <DIR> d——– c:\program files\Corel
    2008-12-30 14:38 . 2008-12-30 14:38 <DIR> d——– c:\documents and settings\Application Data\InstallShield
    2008-12-30 12:44 . 2008-12-26 14:30 86 –a—— c:\documents and settings\DelBFE.bat
    2008-12-29 14:20 . 2008-12-30 11:18 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\NOS
    2008-12-29 14:19 . 2008-12-29 14:19 <DIR> d——– c:\documents and settings\Application Data\AdobeUM
    2008-12-29 14:02 . 2009-01-08 19:52 69 –a—— c:\windows\NeroDigital.ini
    2008-12-29 13:50 . 2009-01-10 12:25 <DIR> d——– c:\documents and settings\Application Data\Ahead
    2008-12-29 13:49 . 2008-12-29 13:49 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Ahead
    2008-12-29 13:43 . 2009-01-10 12:04 <DIR> d——– c:\program files\Nero
    2008-12-29 13:43 . 2009-01-10 11:57 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Nero
    2008-12-29 11:53 . 2008-12-29 11:52 512,096 –a—— c:\windows\system32\drivers\amon.sys
    2008-12-29 11:53 . 2008-12-29 11:52 298,104 –a—— c:\windows\system32\imon.dll
    2008-12-29 11:53 . 2008-12-29 11:52 15,424 –a—— c:\windows\system32\drivers
    od32drv.sys
    2008-12-29 11:48 . 2005-10-11 15:21 1,077,344 –a—— c:\windows\system32\mscomctl.ocx
    2008-12-28 16:10 . 2008-12-28 16:10 2,188,566 –a—— c:\program files\GrabIt172b3.exe
    2008-12-28 13:23 . 2009-01-10 21:20 <DIR> d——– c:\documents and settings\Application Data\GrabIt
    2008-12-28 13:18 . 2008-12-28 13:18 <DIR> d——– C:\NV1961080.TMP
    2008-12-28 13:18 . 2008-12-28 13:18 <DIR> d——– C:\NV1220640.TMP
    2008-12-28 13:14 . 2004-06-03 03:40 294,400 –a—— c:\windows\system32\idecoi.dll
    2008-12-28 13:14 . 2004-05-20 03:11 172,032 -ra—— c:\windows\system32
    vuide.exe
    2008-12-28 13:14 . 2004-06-03 03:40 79,360 -ra—— c:\windows\system32\drivers
    vatabus.sys
    2008-12-28 13:14 . 2004-03-20 19:30 464 -ra—— c:\windows\system32
    vide.nvu
    2008-12-28 11:52 . 2008-12-28 11:52 <DIR> d——– c:\documents and settings\Application Data\VanDale
    2008-12-27 17:54 . 2000-03-29 07:17 5,824 –a—— c:\windows\system32\drivers\ASUSHWIO.SYS
    2008-12-27 17:54 . 2008-12-31 18:14 4,839 –a—— c:\windows\Ascd_tmp.ini
    2008-12-27 15:20 . 2008-12-30 14:47 <DIR> d——– c:\documents and settings\Application Data\Corel
    2008-12-27 13:50 . 2006-01-04 09:12 77,824 -ra—— c:\windows\system32\HPZIDS01.dll
    2008-12-27 13:50 . 2006-04-10 14:03 38,400 –a—— c:\windows\system32\hpz3l054.dll
    2008-12-27 10:47 . 2008-12-27 10:47 <DIR> d——– c:\documents and settings\JA~1VOL\LOCALS~1
    2008-12-27 10:47 . 2008-12-27 10:47 <DIR> d——– c:\documents and settings\JA~1VOL
    2008-12-27 10:29 . 2008-12-27 10:29 <DIR> d——– c:\program files\support.com
    2008-12-27 10:29 . 2008-12-27 10:29 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Support.com
    2008-12-26 15:18 . 2008-04-13 23:15 172,416 –a—— c:\windows\system32\drivers\kmixer.sys
    2008-12-26 15:18 . 2008-04-13 21:09 142,592 –a—— c:\windows\system32\drivers\aec.sys
    2008-12-26 15:18 . 2008-04-13 23:47 83,072 –a—— c:\windows\system32\drivers\wdmaud.sys
    2008-12-26 15:18 . 2008-04-13 23:45 60,800 –a—— c:\windows\system32\drivers\sysaudio.sys
    2008-12-26 15:18 . 2008-04-13 23:15 56,576 –a—— c:\windows\system32\drivers\swmidi.sys
    2008-12-26 15:18 . 2008-04-13 23:15 52,864 –a—— c:\windows\system32\drivers\DMusic.sys
    2008-12-26 15:18 . 2008-04-13 23:09 7,552 –a—— c:\windows\system32\drivers\MSKSSRV.sys
    2008-12-26 15:18 . 2008-04-13 23:15 6,272 –a—— c:\windows\system32\drivers\splitter.sys
    2008-12-26 15:18 . 2008-04-13 23:09 5,376 –a—— c:\windows\system32\drivers\MSPCLOCK.sys
    2008-12-26 15:17 . 2008-04-14 21:32 21,504 –a—— c:\windows\system32\hidserv.dll
    2008-12-26 15:17 . 2008-04-13 23:09 4,992 –a—— c:\windows\system32\drivers\MSPQM.sys
    2008-12-26 15:17 . 2001-08-17 20:59 3,072 –a—— c:\windows\system32\drivers\audstub.sys
    2008-12-26 15:17 . 2008-04-13 23:15 2,944 –a—— c:\windows\system32\drivers\drmkaud.sys
    2008-12-26 15:16 . 2008-04-13 23:17 25,856 –a—— c:\windows\system32\drivers\usbprint.sys
    2008-12-26 15:15 . 2008-03-21 12:35 146,048 –a—— c:\windows\system32\drivers\portcls.sys
    2008-12-26 15:15 . 2008-04-14 21:33 129,536 –a—— c:\windows\system32\ksproxy.ax
    2008-12-26 15:15 . 2008-04-13 23:15 60,160 –a—— c:\windows\system32\drivers\drmk.sys
    2008-12-26 15:15 . 2008-04-14 21:04 58,112 –a—— c:\windows\system32\drivers\redbook.sys
    2008-12-26 15:15 . 2008-04-13 23:15 10,624 –a—— c:\windows\system32\drivers\gameenum.sys
    2008-12-26 15:15 . 2008-04-14 21:32 4,096 –a—— c:\windows\system32\ksuser.dll
    2008-12-26 15:15 . 2001-08-17 21:00 2,944 –a—— c:\windows\system32\drivers\msmpu401.sys
    2008-12-26 15:14 . 2008-04-14 21:32 4,274,816 –a—— c:\windows\system32
    v4_disp.dll
    2008-12-26 15:14 . 2008-04-13 21:04 1,897,408 –a—— c:\windows\system32\drivers
    v4_mini.sys
    2008-12-26 15:13 . 2008-04-14 21:32 76,288 –a—— c:\windows\system32\usbui.dll
    2008-12-26 15:10 . 2008-12-26 14:21 <DIR> d–h—– c:\documents and settings\Default User.WINDOWS\Sjablonen
    2008-12-26 15:10 . 2008-12-26 15:10 <DIR> d–h—– c:\documents and settings\Default User.WINDOWS\Onlangs geopend
    2008-12-26 15:10 . 2008-12-26 15:10 <DIR> d–h—– c:\documents and settings\Default User.WINDOWS\Netwerkprinteromgeving
    2008-12-26 15:10 . 2008-12-26 15:10 <DIR> d——– c:\documents and settings\Default User.WINDOWS\Mijn documenten
    2008-12-26 15:10 . 2008-12-26 15:10 <DIR> dr——- c:\documents and settings\Default User.WINDOWS\Menu Start
    2008-12-26 15:10 . 2008-12-26 15:10 <DIR> d——– c:\documents and settings\Default User.WINDOWS\Favorieten
    2008-12-26 15:10 . 2008-12-26 15:10 <DIR> d——– c:\documents and settings\Default User.WINDOWS\Bureaublad
    2008-12-26 15:10 . 2009-01-11 10:33 <DIR> d–h—– c:\documents and settings\Default User.WINDOWS
    2008-12-26 15:10 . 2008-12-26 15:10 <DIR> d–h—– c:\documents and settings\All Users.WINDOWS\Sjablonen
    2008-12-26 15:10 . 2009-01-10 13:54 <DIR> dr——- c:\documents and settings\All Users.WINDOWS\Menu Start
    2008-12-26 15:10 . 2008-12-26 15:10 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Favorieten
    2008-12-26 15:10 . 2008-12-26 14:23 <DIR> dr——- c:\documents and settings\All Users.WINDOWS\Documenten

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-04 23:11 ——— d—–w c:\program files\Hitman Pro
    2009-01-04 19:35 ——— d—–w c:\program files\Eset
    2009-01-04 17:09 ——— d—–w c:\program files\Google
    2009-01-02 17:55 ——— d—–w c:\program files\Windows Media Connect 2
    2009-01-01 13:46 ——— d—–w c:\program files\PowerISO
    2008-12-31 13:55 ——— d—–w c:\program files\Spybot - Search & Destroy
    2008-12-31 13:28 ——— d—–w c:\program files\MSBuild
    2008-12-30 14:23 ——— d—–w c:\program files\Common Files\Wise Installation Wizard
    2008-12-30 13:43 ——— d—–w c:\program files\Common Files\Corel
    2008-12-29 13:23 ——— d—–w c:\program files\Common Files\Adobe
    2008-12-29 12:48 ——— d—–w c:\program files\Common Files\Ahead
    2008-12-28 15:11 ——— d—–w c:\program files\GrabIt
    2008-12-27 17:14 ——— d—–r c:\program files\Volvo
    2008-12-27 09:47 ——— d—–w c:\program files\Browser Mouse
    2008-12-22 09:15 ——— d—–w c:\documents and settings\Application Data\GrabIt
    2008-12-21 12:44 ——— d—–w c:\program files\MagicISO
    2008-11-29 17:02 ——— d—–w c:\program files\Spyware Doctor
    2008-11-22 16:39 ——— d—–w c:\program files\world atlas
    2008-11-21 19:20 ——— d—–w c:\documents and settings\Application Data\Malwarebytes
    2008-11-21 17:57 ——— d—–w c:\documents and settings\Application Data\AdobeUM
    2008-11-16 21:16 ——— d—–w c:\program files\AltBinz
    2008-11-16 21:15 ——— d—–w c:\program files\Belastingdienst
    2008-11-12 18:54 ——— d—–w c:\documents and settings\Application Data\Web Page Maker
    2008-11-12 18:50 ——— d—–w c:\program files\Web Page Maker
    2008-06-28 11:13 47,360 -c–a-w c:\documents and settings\Application Data\pcouffin.sys
    2007-06-25 18:38 3,105,517 -c–a-w c:\program files\SABnzbd-0.2.5-w32.exe
    2006-04-18 18:50 2,216 -c–a-w c:\documents and settings\Application Data\ViewerApp.dat
    2005-11-30 19:20 2,990,512 -c–a-w c:\program files\hitmanpro231.exe
    2005-11-12 14:40 3,200,856 -c–a-w c:\program files\hitmanpro221.exe
    2005-11-09 19:16 13,975,118 -c–a-w c:\program files\VSP80EN.exe
    2005-11-07 21:01 4,632,749 -c–a-w c:\program files\DeepsightExtractorInstaller44.zip
    2005-11-07 20:54 4,229,261 -c–a-w c:\program files\aawseplus.exe
    2005-10-30 10:56 11,121,192 -c–a-w c:\program files\DivXPlay.exe
    2005-10-01 18:16 13,697,817 -c–a-w c:\program files\klcodec254f.exe
    2005-09-25 12:55 680,571 -c–a-w c:\program files\xace26.exe
    2005-03-31 06:16 2,884,878 -c–a-w c:\program files\CdCoverCreator-Setup-2.4.exe
    2000-09-24 11:03 388 -c–a-w c:\program files\file_id.diz
    2000-09-23 23:27 33,554,896 -c–a-w c:\program files\fo-psp7.exe
    2007-12-23 20:34 61,038 -c–a-w c:\program files\mozilla firefox\components\jar50.dll
    2007-12-23 20:34 49,256 -c–a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2007-12-23 20:34 166,000 -c–a-w c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
    "SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeper.exe" [2005-12-14 3404800]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FLMOFFICE4DMOUSE"="c:\program files\Browser MOUSE\mouse32a.exe" [2008-12-27 360448]
    "nod32kui"="c:\program files\Eset
    od32kui.exe" [2008-12-29 949376]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-18 16712]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
    "Advanced WindowsCare"="c:\program files\IObit\Advanced WindowsCare V2\Awc.exe" [2006-08-22 887808]
    "Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-18 532808]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.HFYU"= huffyuv.dll
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.divxa32"= DivXa32.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\BitComet\\BitComet.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9768:TCP"= 9768:TCP:BitComet 9768 TCP
    "9768:UDP"= 9768:UDP:BitComet 9768 UDP

    R1 nod32drv;nod32drv;c:\windows\system32\drivers
    od32drv.sys [2008-12-29 15424]
    S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-01-01 464264]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2b24d3b-d1d2-11dd-9bc7-806d6172696f}]
    \Shell\AutoRun\command - e:\bin\Assetup.exe
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-01-10 c:\windows\Tasks\Advanced WindowsCare.job
    - c:\program files\IObit\Advanced WindowsCare V2\AutoCare.exe [2006-08-04 14:32]

    2009-01-10 c:\windows\Tasks\AwcUpdate.job
    - c:\program files\IObit\Advanced WindowsCare V2\AutoUpdate.exe [2006-08-22 00:16]

    2009-01-11 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-04 18:07]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.startpagina.nl/
    IE: &Block This Image (ABP) - c:\program files\Adblock Pro\blockimg.html
    IE: &Blokkeer dit figuur (ABP) - c:\program files\Adblock Pro\blockimg.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {{E7FD3540-AB30-40f1-91E7-101F733C1FD5} - {7685B225-8229-4321-BA13-A24485B0A760} - c:\program files\Adblock Pro\AdblockPro.dll
    LSP: c:\windows\system32\imon.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-11 10:40:10
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(712)
    c:\windows\system32\cscui.dll

    - - - - - - - > 'lsass.exe'(768)
    c:\windows\system32\imon.dll
    c:\program files\Eset\pr_imon.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32\ZoneLabs\vsmon.exe
    c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\program files\Eset
    od32krn.exe
    c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
    c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-01-11 10:42:36 - machine werd herstart
    ComboFix-quarantined-files.txt 2009-01-11 09:42:33

    Pre-Run: 28.082.044.928 bytes beschikbaar
    Post-Run: 29,999,046,656 bytes beschikbaar

    WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    289


    [i:1cd6d2bb72]En nog een copietje van het kladblokbestandje:[/[/u:1cd6d2bb72]b][/i:1cd6d2bb72]

    Deleting files
    C:\Program not found
    Files\AskBarDis\bar\bin\AskService.exe not found


    Askbar had ik al verwijderd uit de program files.
    Wat denk je ervan, kan het er weer mee door?

    Ik wil je wel alvast bedanken voor de energie die je er ingestoken hebt, zoiets is voor mij nooit uit te vinden wat je allemaal moet verwijderen.

    Groeten Jan.
  • Graag gedaan Jan, ik ga het voor je analyseren moet eerst dit weten:
    Heb je bewust je accountnaam WINDOWS genoemd?
    Ben je er van op de hoogte dar een een account op jouw computer is die WINDOWS heet?
  • Ik heb nou ook weer niet zo heel veel verstand van computers, ik gebruik hem meer om wat te internetten en downloaden enz. Als ik dus een account heb met de naam windows dan is dat zeker niet bewust gedaan en ik begrijp uit je vraag dat dat niet een handige zet is geweest?
    Waar zie je die account staan trouwens, ik denk dat eea ontstaan is met het opnieuw installeren. Ik ben toen wel wat aan het klooien geweest, was voor mij de eerste keer dat ik windows opnieuw erop heb gezet en was al blij dat ik het spul weer aan de praat kreeg….

    Groet Jan.
  • Sorry Jan dat het wat langer duurde dan normaal, maar ik moest even iets navragen over jouw log.


    Ga naar Virustotal.com
    Upload het volgende bestand door het volgende te kopiëren/plakken (dus niet via "Bladeren…" opzoeken!): [b:45a0f72255]c:\documents and settings\DelBFE.bat[/b:45a0f72255]
    Wacht totdat het resultaat verschijnt. Post dit mee in je volgende reactie


    Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

    [b:45a0f72255]File::
    C:\NV25002720.TMP
    C:\NV19121840.TMP
    C:\NV38322812.TMP
    C:\NV15402232.TMP
    C:\NV1961080.TMP
    C:\NV1220640.TMP
    c:\documents and settings\All Users.WINDOWS\Application Data\D6A83A6613.sys
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2b24d3b-d1d2-11dd-9bc7-806d6172696f}]
    Driver::
    ASKService[/b:45a0f72255][/color:45a0f72255]

    Sla het kladblokbestand op als CFScript.txt

    Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe, zoals hier onder:

    [img:45a0f72255]http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif[/img:45a0f72255]

    ComboFix zal opnieuw starten.
    Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
    Post de inhoud van de logfile.

  • Dit zegt virustotal:

    0 bytes size received / Se ha recibido un archivo vacio

    Het log van Combofix:

    ComboFix 09-01-17.01 - 2009-01-17 17:50:12.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.1023.584 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Bureaublad\CFScript.txt
    AV: ESET NOD32 antivirus systeem 2.70 *On-access scanning disabled* (Outdated)
    FW: ZoneAlarm Firewall *disabled*
    * Nieuw herstelpunt werd aangemaakt
    * Resident AV is active


    FILE ::
    c:\documents and settings\All Users.WINDOWS\Application Data\D6A83A6613.sys
    C:\NV1220640.TMP
    C:\NV15402232.TMP
    C:\NV19121840.TMP
    C:\NV1961080.TMP
    C:\NV25002720.TMP
    C:\NV38322812.TMP
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users.WINDOWS\Application Data\D6A83A6613.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ——-\Legacy_ASKSERVICE
    ——-\Service_ASKService


    (((((((((((((((((((( Bestanden Gemaakt van 2008-12-17 to 2009-01-17 ))))))))))))))))))))))))))))))
    .

    2009-01-16 18:50 . 2009-01-17 17:14 <DIR> d——– c:\program files\NOS
    2009-01-14 22:30 . 2009-01-16 18:48 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
    2009-01-13 22:37 . 2009-01-13 22:37 <DIR> d——– c:\program files\Microsoft CAPICOM 2.1.0.2
    2009-01-13 22:36 . 2009-01-13 22:36 <DIR> d——– c:\program files\MSXML 4.0
    2009-01-13 22:36 . 2009-01-13 22:40 1,374 –a—— c:\windows\imsins.BAK
    2009-01-13 22:34 . 2009-01-17 17:52 <DIR> dr-h—– c:\documents and settings\Onlangs geopend
    2009-01-13 20:04 . 2008-10-16 20:50 6,068,224 —–c— c:\windows\system32\dllcache\ieframe.dll
    2009-01-13 20:04 . 2007-04-17 10:32 2,455,488 —–c— c:\windows\system32\dllcache\ieapfltr.dat
    2009-01-13 20:04 . 2007-03-08 06:11 1,032,192 —–c— c:\windows\system32\dllcache\ieframe.dll.mui
    2009-01-13 20:04 . 2008-10-16 20:50 459,264 —–c— c:\windows\system32\dllcache\msfeeds.dll
    2009-01-13 20:04 . 2008-10-16 20:50 380,928 —–c— c:\windows\system32\dllcache\ieapfltr.dll
    2009-01-13 20:04 . 2008-10-16 20:50 267,776 —–c— c:\windows\system32\dllcache\iertutil.dll
    2009-01-13 20:04 . 2008-10-16 20:50 63,488 —–c— c:\windows\system32\dllcache\icardie.dll
    2009-01-13 20:04 . 2008-10-16 20:50 52,224 —–c— c:\windows\system32\dllcache\msfeedsbs.dll
    2009-01-13 20:04 . 2008-10-16 13:46 13,824 —–c— c:\windows\system32\dllcache\ieudinit.exe
    2009-01-13 19:59 . 2008-08-14 14:27 2,193,536 —–c— c:\windows\system32\dllcache
    toskrnl.exe
    2009-01-13 19:59 . 2008-08-14 14:27 2,149,888 —–c— c:\windows\system32\dllcache
    tkrnlmp.exe
    2009-01-13 19:59 . 2008-08-14 14:27 2,070,400 —–c— c:\windows\system32\dllcache
    tkrnlpa.exe
    2009-01-13 19:59 . 2008-08-14 14:27 2,028,544 —–c— c:\windows\system32\dllcache
    tkrpamp.exe
    2009-01-13 19:56 . 2008-10-24 12:41 455,936 —–c— c:\windows\system32\dllcache\mrxsmb.sys
    2009-01-12 21:34 . 2009-01-12 21:34 <DIR> d——– c:\documents and settings\Web Page Maker
    2009-01-12 21:34 . 2009-01-12 21:46 <DIR> d——– c:\documents and settings\Application Data\Web Page Maker
    2009-01-12 21:12 . 2009-01-12 21:12 146,650 –a—— c:\windows\system32\BuzzingBee.wav
    2009-01-12 21:12 . 2009-01-12 21:12 125,690 –a—— c:\windows\system32\LoopyMusic.wav
    2009-01-12 21:06 . 2004-06-18 09:32 15,684,608 -ra—— c:\windows\system32\ALSNDMGR.CPL
    2009-01-12 21:06 . 2004-06-18 09:15 7,506,432 -ra—— c:\windows\system32\RTLCPL.EXE
    2009-01-12 21:06 . 2002-11-21 08:07 765,952 -ra—— c:\windows\system\crlds3d.dll
    2009-01-12 21:06 . 2004-06-21 09:53 626,204 -ra—— c:\windows\system32\drivers\ALCXWDM.SYS
    2009-01-12 21:06 . 2004-02-24 04:08 400,384 -ra—— c:\windows\system32\drivers\ALCXSENS.SYS
    2009-01-12 21:06 . 2004-02-09 08:18 155,648 -ra—— c:\windows\system32\RTLCPAPI.dll
    2009-01-12 21:06 . 2002-02-05 06:54 141,016 -ra—— c:\windows\system32\ALSNDMGR.WAV
    2009-01-12 21:06 . 2004-06-18 09:31 67,584 -ra—— c:\windows\SOUNDMAN.EXE
    2009-01-12 21:06 . 2003-08-19 12:36 65,536 –a–c— c:\windows\system32\dllcache\a3d.dll
    2009-01-12 21:06 . 2003-08-19 12:36 65,536 -ra—— c:\windows\system32\Audio3D.dll
    2009-01-12 21:06 . 2003-08-19 12:36 65,536 -ra—— c:\windows\system32\a3d.dll
    2009-01-12 07:59 . 2009-01-12 07:59 <DIR> d——– c:\program files\GetData
    2009-01-12 07:58 . 2009-01-12 08:03 <DIR> d-a—— c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
    2009-01-11 20:35 . 2009-01-12 20:27 <DIR> d——– c:\documents and settings\Application Data\Uniblue
    2009-01-11 20:35 . 2009-01-12 20:27 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\DriverScanner
    2009-01-11 20:18 . 2009-01-11 20:18 <DIR> d——– c:\program files\iXi Tools
    2009-01-11 10:31 . 2009-01-11 10:32 2,915,194 -ra—— c:\documents and settings\ComboFix.exe
    2009-01-10 21:02 . 2009-01-10 21:02 45,820 –a—— c:\documents and settings\cc_20090110_210222.reg
    2009-01-10 20:57 . 2009-01-10 20:57 <DIR> d——– c:\program files\CCleaner
    2009-01-10 20:57 . 2009-01-10 20:57 3,165,824 –a—— c:\program files\ccsetup215.exe
    2009-01-10 19:23 . 1998-10-22 05:01 1,888,744 –a—— c:\windows\system32\vcl40.bpl
    2009-01-10 19:23 . 1998-08-05 00:00 122,128 –a—— c:\windows\system32\VB6IT.DLL
    2009-01-10 19:23 . 1999-06-03 00:00 101,888 –a—— c:\windows\system32\VB6STKIT.DLL
    2009-01-10 19:23 . 1998-06-17 05:00 18,944 –a—— c:\windows\system32\borlndmm.dll
    2009-01-10 19:22 . 1997-08-26 12:06 315,904 –a—— c:\windows\IsUninst.exe
    2009-01-10 13:51 . 2009-01-10 13:54 <DIR> d——– c:\program files\Enigma Software Group
    2009-01-10 12:25 . 2009-01-12 21:33 <DIR> d——– c:\documents and settings\Application Data\Nero
    2009-01-10 12:05 . 2009-01-10 12:05 4,757 –a—— c:\windows\Irremote.ini
    2009-01-10 12:03 . 2009-01-10 12:03 <DIR> d——– c:\program files\Windows Sidebar
    2009-01-10 11:46 . 2009-01-10 12:21 <DIR> d——– c:\program files\Common Files\Nero
    2009-01-07 19:11 . 2006-08-13 13:51 11,134 –a—— c:\windows\system32\msvcr20.dll
    2009-01-05 22:21 . 2009-01-05 22:22 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-01-05 22:21 . 2009-01-05 22:21 <DIR> d——– c:\documents and settings\Application Data\Malwarebytes
    2009-01-05 22:21 . 2009-01-04 18:38 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-05 22:21 . 2009-01-04 18:38 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-01-04 14:23 . 2009-01-04 14:23 <DIR> d——– c:\program files\Trend Micro
    2009-01-04 13:01 . 2009-01-04 13:01 151 –a—— c:\windows\PhotoSnapViewer.INI
    2009-01-03 15:03 . 2009-01-03 15:03 0 –a—— c:\windows
    sreg.dat
    2009-01-03 14:49 . 2009-01-03 14:49 <DIR> d——– c:\documents and settings\Application Data\Webroot
    2009-01-03 11:18 . 2009-01-03 11:18 <DIR> d——– C:\NVIDIA
    2009-01-02 19:03 . 2009-01-02 19:03 196,608 –a—— c:\windows\system32\avisynth.dll
    2009-01-02 19:02 . 2009-01-02 19:02 414,272 –a—— c:\windows\system32\DivXc32f.dll
    2009-01-02 19:02 . 2009-01-02 19:02 414,272 –a—— c:\windows\system32\DivXc32.dll
    2009-01-02 19:02 . 2009-01-02 19:02 291,408 –a—— c:\windows\system32\DivXa32.acm
    2009-01-02 19:02 . 2009-01-02 19:02 240,400 –a—— c:\windows\system32\DivX_c32.ax
    2009-01-02 19:02 . 2009-01-02 19:02 33,280 –a—— c:\windows\system32\HUFFYUV.DLL
    2009-01-01 15:23 . 2009-01-01 15:23 <DIR> d——– c:\program files\Adblock Pro
    2009-01-01 15:23 . 2009-01-01 15:23 <DIR> d——– c:\documents and settings\Application Data\Adblock Pro
    2009-01-01 14:01 . 2009-01-10 14:18 <DIR> d——– c:\program files\AskBarDis
    2009-01-01 14:00 . 2009-01-01 14:00 <DIR> d——– c:\program files\Zone Labs
    2009-01-01 14:00 . 2008-11-13 15:18 1,221,008 –a—— c:\windows\system32\zpeng25.dll
    2009-01-01 14:00 . 2009-01-17 17:54 348,371 –a—— c:\windows\system32\vsconfig.xml
    2009-01-01 14:00 . 2009-01-01 14:00 4,212 –ah—– c:\windows\system32\zllictbl.dat
    2008-12-31 18:57 . 2008-12-31 18:57 95 –a—— c:\windows\wininit.ini
    2008-12-31 18:19 . 2008-12-31 18:19 <DIR> d——– C:\NV25002720.TMP
    2008-12-31 18:19 . 2008-12-31 18:19 <DIR> d——– C:\NV19121840.TMP
    2008-12-31 18:18 . 2008-12-31 18:18 <DIR> d——– C:\NV38322812.TMP
    2008-12-31 18:18 . 2008-12-31 18:18 <DIR> d——– C:\NV15402232.TMP
    2008-12-31 15:49 . 2008-12-31 15:49 <DIR> d——– c:\documents and settings\Application Data\Lavasoft
    2008-12-31 14:48 . 2009-01-05 22:10 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2008-12-31 14:30 . 2006-10-26 19:56 32,592 –a—— c:\windows\system32\msonpmon.dll
    2008-12-31 14:29 . 2008-12-31 14:29 <DIR> d——– c:\program files\Microsoft Works
    2008-12-31 14:27 . 2008-12-31 14:27 <DIR> d——– c:\program files\Microsoft.NET
    2008-12-31 14:26 . 2008-12-31 14:26 <DIR> d——– c:\program files\Microsoft Visual Studio 8
    2008-12-31 14:24 . 2009-01-16 20:11 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
    2008-12-30 15:29 . 2008-12-30 15:30 <DIR> d——– c:\program files\aida32pe_393
    2008-12-30 15:20 . 2009-01-01 14:46 <DIR> d——– c:\program files\A1Click Ultra PC Cleaner
    2008-12-30 14:56 . 2008-12-30 14:56 <DIR> d——– c:\documents and settings\Mijn Corel-presentaties
    2008-12-30 14:46 . 2008-12-30 14:56 2,516 –ahs—- c:\documents and settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys
    2008-12-30 14:42 . 2008-12-30 14:42 <DIR> d——– c:\program files\Common Files\Protexis
    2008-12-30 14:39 . 2008-12-30 14:42 <DIR> d——– c:\program files\Corel
    2008-12-30 14:38 . 2008-12-30 14:38 <DIR> d——– c:\documents and settings\Application Data\InstallShield
    2008-12-30 12:44 . 2008-12-26 14:30 86 –a—— c:\documents and settings\DelBFE.bat
    2008-12-29 14:20 . 2009-01-17 17:14 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\NOS
    2008-12-29 14:19 . 2008-12-29 14:19 <DIR> d——– c:\documents and settings\Application Data\AdobeUM
    2008-12-29 14:02 . 2009-01-12 08:19 69 –a—— c:\windows\NeroDigital.ini
    2008-12-29 13:50 . 2009-01-10 12:25 <DIR> d——– c:\documents and settings\Application Data\Ahead
    2008-12-29 13:43 . 2009-01-10 12:04 <DIR> d——– c:\program files\Nero
    2008-12-29 13:43 . 2009-01-16 19:31 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Nero
    2008-12-29 11:53 . 2008-12-29 11:52 512,096 –a—— c:\windows\system32\drivers\amon.sys
    2008-12-29 11:53 . 2008-12-29 11:52 298,104 –a—— c:\windows\system32\imon.dll
    2008-12-29 11:53 . 2008-12-29 11:52 15,424 –a—— c:\windows\system32\drivers
    od32drv.sys
    2008-12-29 11:48 . 2005-10-11 15:21 1,077,344 –a—— c:\windows\system32\mscomctl.ocx
    2008-12-28 16:10 . 2008-12-28 16:10 2,188,566 –a—— c:\program files\GrabIt172b3.exe
    2008-12-28 13:23 . 2009-01-16 22:01 <DIR> d——– c:\documents and settings\Application Data\GrabIt
    2008-12-28 13:18 . 2008-12-28 13:18 <DIR> d——– C:\NV1961080.TMP
    2008-12-28 13:18 . 2008-12-28 13:18 <DIR> d——– C:\NV1220640.TMP
    2008-12-28 13:14 . 2004-06-03 03:40 294,400 –a—— c:\windows\system32\idecoi.dll
    2008-12-28 13:14 . 2004-05-20 03:11 172,032 -ra—— c:\windows\system32
    vuide.exe
    2008-12-28 13:14 . 2004-06-03 03:40 79,360 -ra—— c:\windows\system32\drivers
    vatabus.sys
    2008-12-28 13:14 . 2004-03-20 19:30 464 -ra—— c:\windows\system32
    vide.nvu
    2008-12-28 11:52 . 2008-12-28 11:52 <DIR> d——– c:\documents and settings\Application Data\VanDale
    2008-12-27 17:54 . 2000-03-29 07:17 5,824 –a—— c:\windows\system32\drivers\ASUSHWIO.SYS
    2008-12-27 17:54 . 2008-12-31 18:14 4,839 –a—— c:\windows\Ascd_tmp.ini
    2008-12-27 17:07 . 2009-01-16 22:08 <DIR> d——– c:\documents and settings\GrabIt Downloads
    2008-12-27 15:20 . 2008-12-30 14:56 <DIR> d——– c:\documents and settings\My PSP Files
    2008-12-27 15:20 . 2008-12-30 14:47 <DIR> d——– c:\documents and settings\Application Data\Corel
    2008-12-27 13:50 . 2006-01-04 09:12 77,824 -ra—— c:\windows\system32\HPZIDS01.dll
    2008-12-27 13:50 . 2006-04-10 14:03 38,400 –a—— c:\windows\system32\hpz3l054.dll
    2008-12-27 11:19 . 2008-12-27 11:19 <DIR> dr——- c:\documents and settings\Mijn video's
    2008-12-27 10:47 . 2008-12-27 10:47 <DIR> d——– c:\documents and settings\~1VOL\LOCALS~1

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-16 17:58 ——— d—–w c:\program files\Common Files\Adobe
    2009-01-04 23:11 ——— d—–w c:\program files\Hitman Pro
    2009-01-04 19:35 ——— d—–w c:\program files\Eset
    2009-01-04 17:09 ——— d—–w c:\program files\Google
    2009-01-02 17:55 ——— d—–w c:\program files\Windows Media Connect 2
    2009-01-01 13:46 ——— d—–w c:\program files\PowerISO
    2008-12-31 13:55 ——— d—–w c:\program files\Spybot - Search & Destroy
    2008-12-31 13:28 ——— d—–w c:\program files\MSBuild
    2008-12-30 14:23 ——— d—–w c:\program files\Common Files\Wise Installation Wizard
    2008-12-30 13:43 ——— d—–w c:\program files\Common Files\Corel
    2008-12-29 12:48 ——— d—–w c:\program files\Common Files\Ahead
    2008-12-28 15:11 ——— d—–w c:\program files\GrabIt
    2008-12-27 17:14 ——— d—–r c:\program files\Volvo
    2008-12-27 09:47 ——— d—–w c:\program files\Browser Mouse
    2008-12-22 09:15 ——— d—–w c:\documents and settings\Application Data\GrabIt
    2008-12-21 12:44 ——— d—–w c:\program files\MagicISO
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    2008-11-29 17:02 ——— d—–w c:\program files\Spyware Doctor
    2008-11-22 16:39 ——— d—–w c:\program files\world atlas
    2008-11-21 19:20 ——— d—–w c:\documents and settings\Application Data\Malwarebytes
    2008-11-21 17:57 ——— d—–w c:\documents and settings\Application Data\AdobeUM
    2008-06-28 11:13 47,360 -c–a-w c:\documents and settings\Application Data\pcouffin.sys
    2007-06-25 18:38 3,105,517 -c–a-w c:\program files\SABnzbd-0.2.5-w32.exe
    2006-04-18 18:50 2,216 -c–a-w c:\documents and settings\Application Data\ViewerApp.dat
    2005-11-30 19:20 2,990,512 -c–a-w c:\program files\hitmanpro231.exe
    2005-11-12 14:40 3,200,856 -c–a-w c:\program files\hitmanpro221.exe
    2005-11-09 19:16 13,975,118 -c–a-w c:\program files\VSP80EN.exe
    2005-11-07 21:01 4,632,749 -c–a-w c:\program files\DeepsightExtractorInstaller44.zip
    2005-11-07 20:54 4,229,261 -c–a-w c:\program files\aawseplus.exe
    2005-10-30 10:56 11,121,192 -c–a-w c:\program files\DivXPlay.exe
    2005-10-01 18:16 13,697,817 -c–a-w c:\program files\klcodec254f.exe
    2005-09-25 12:55 680,571 -c–a-w c:\program files\xace26.exe
    2005-03-31 06:16 2,884,878 -c–a-w c:\program files\CdCoverCreator-Setup-2.4.exe
    2000-09-24 11:03 388 -c–a-w c:\program files\file_id.diz
    2000-09-23 23:27 33,554,896 -c–a-w c:\program files\fo-psp7.exe
    2007-12-23 20:34 61,038 -c–a-w c:\program files\mozilla firefox\components\jar50.dll
    2007-12-23 20:34 49,256 -c–a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2007-12-23 20:34 166,000 -c–a-w c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
    "SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeper.exe" [2005-12-14 3404800]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FLMOFFICE4DMOUSE"="c:\program files\Browser MOUSE\mouse32a.exe" [2008-12-27 360448]
    "nod32kui"="c:\program files\Eset
    od32kui.exe" [2008-12-29 949376]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-18 16712]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
    "Advanced WindowsCare"="c:\program files\IObit\Advanced WindowsCare V2\Awc.exe" [2006-08-22 887808]
    "Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-18 532808]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "SoundMan"="SOUNDMAN.EXE" [2004-06-18 c:\windows\SOUNDMAN.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.HFYU"= huffyuv.dll
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.divxa32"= DivXa32.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\BitComet\\BitComet.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9768:TCP"= 9768:TCP:BitComet 9768 TCP
    "9768:UDP"= 9768:UDP:BitComet 9768 UDP

    R1 nod32drv;nod32drv;c:\windows\system32\drivers
    od32drv.sys [2008-12-29 15424]
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-01-12 c:\windows\Tasks\Advanced WindowsCare.job
    - c:\program files\IObit\Advanced WindowsCare V2\AutoCare.exe [2006-08-04 14:32]

    2009-01-16 c:\windows\Tasks\AwcUpdate.job
    - c:\program files\IObit\Advanced WindowsCare V2\AutoUpdate.exe [2006-08-22 00:16]

    2009-01-17 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-04 18:07]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.startpagina.nl/
    IE: &Block This Image (ABP) - c:\program files\Adblock Pro\blockimg.html
    IE: &Blokkeer dit figuur (ABP) - c:\program files\Adblock Pro\blockimg.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {{E7FD3540-AB30-40f1-91E7-101F733C1FD5} - {7685B225-8229-4321-BA13-A24485B0A760} - c:\program files\Adblock Pro\AdblockPro.dll
    LSP: c:\windows\system32\imon.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-17 17:54:36
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(716)
    c:\windows\system32\cscui.dll

    - - - - - - - > 'lsass.exe'(772)
    c:\windows\system32\imon.dll
    c:\program files\Eset\pr_imon.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32\ZoneLabs\vsmon.exe
    c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\program files\Eset
    od32krn.exe
    c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
    c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-01-17 17:57:25 - machine werd herstart
    ComboFix-quarantined-files.txt 2009-01-17 16:57:21
    ComboFix2.txt 2009-01-17 16:39:23
    ComboFix3.txt 2009-01-11 09:42:38

    Pre-Run: 27.307.671.552 bytes beschikbaar
    Post-Run: 27,292,475,392 bytes beschikbaar

    290 — E O F — 2009-01-16 17:48:13


    Ben benieuwd.

    Gr. Jan.
  • Download GV Killer.exe.
    Zet het in een eigen map bijvoorbeeld in de map C:\Program Files\GV Killer en maak vervolgens een snelkoppeling van C:\Program Files\GV Killer\GV Killer.exe naar je bureaublad.
    Start GV Killer en gebruik Kopiëren en Plakken om de namen van onderstaande bestanden en mappen in het bestand C:\Program Files\GV Killer\input.txt te zetten.

    [b:7166ca2d36]C:\NV1220640.TMP
    C:\NV15402232.TMP
    C:\NV19121840.TMP
    C:\NV1961080.TMP
    C:\NV25002720.TMP
    C:\NV38322812.TMP[/b:7166ca2d36]

    Sluit het bestand C:\Program Files\GV Killer\input.txt en druk op de toets Start Killing om het programma te starten.
    Plaats de inhoud van het bestand C:\GV Killer.txt in je volgende bericht.
  • Logfile gv_killer_01.txt v7.0.9 - Copyright © GV_Soft Guido Vaesen
    Rapport datum: 17-1-2009 19:57:25 log van , Beheerder van deze computer
    Platform: Windows XP Prof SP3 NLD Normale modus

    BEGIN Geplande taken—————————————————————–
    C:\WINDOWS\tasks\Advanced WindowsCare.job
    C:\WINDOWS\tasks\AwcUpdate.job
    C:\WINDOWS\tasks\Google Software Updater.job
    EINDE Geplande taken—————————————————————–


    Lijst Notify keys——————————————————————–
    HKLM\software\microsoft\windows nt\currentversion\winlogon
    otify
    dimsntfy %SystemRoot%\System32\dimsntfy.dll
    WgaLogon WgaLogon.dll
    Settings
    Einde Notify keys——————————————————————–

    Verklaring Errorcodes—————————————————————-
    code 00 : Bestand is verwijderd.
    code 53 : Bestand of map werd niet gevonden op uw PC.
    code 70 : Bestand was in gebruik.
    code 75 : Services zijn nog geladen of bestand in gebruik.
    code M0 : Map is verwijderd.
    code ML : Map is volledig leeg gemaakt.
    code MN : Map werd niet gevonden op uw PC, is niet leeg gemaakt.
    code MV : Map werd niet gevonden op uw PC, is niet verwijderd.
    code K0 : Register key is verwijderd.
    Einde Errorcodes——————————————————————–

    BEGIN Inhoud van Input.txt———————————————————–
    C:\NV1220640.TMP
    C:\NV15402232.TMP
    C:\NV19121840.TMP
    C:\NV1961080.TMP
    C:\NV25002720.TMP
    C:\NV38322812.TMP
    EINDE Inhoud van Input.txt———————————————————–

    M0 C:\NV1220640.TMP
    M0 C:\NV15402232.TMP
    M0 C:\NV19121840.TMP
    M0 C:\NV1961080.TMP
    M0 C:\NV25002720.TMP
    M0 C:\NV38322812.TMP
    EINDE Inhoud van Input.txt———————————————————–


    ;2576396-640-0343632-23304=L595XN1H57

    ;EINDE GV_Killer ———————————————————————
  • Plaats een nieuwe log van HijackThis en ComboFix.
  • HJT LOG:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:22:45, on 17-1-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20935)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Browser MOUSE\mouse32a.exe
    C:\Program Files\Eset
    od32kui.exe
    C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\IObit\Advanced WindowsCare V2\Awc.exe
    C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi
    edir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Advanced WindowsCare] "C:\Program Files\IObit\Advanced WindowsCare V2\Awc.exe" /startup
    O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Block This Image (ABP) - C:\Program Files\Adblock Pro\blockimg.html
    O8 - Extra context menu item: &Blokkeer dit figuur (ABP) - C:\Program Files\Adblock Pro\blockimg.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files\Adblock Pro\AdblockPro.dll
    O9 - Extra 'Tools' menuitem: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files\Adblock Pro\AdblockPro.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    End of file - 7138 bytes


    COMBOFIX LOG:

    ComboFix 09-01-17.02 - 2009-01-17 21:11:56.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.1023.573 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Bureaublad\ComboFix.exe
    AV: ESET NOD32 antivirus systeem 2.70 *On-access scanning disabled* (Outdated)
    FW: ZoneAlarm Firewall *disabled*
    * Nieuw herstelpunt werd aangemaakt
    * Resident AV is active

    .

    (((((((((((((((((((( Bestanden Gemaakt van 2008-12-17 to 2009-01-17 ))))))))))))))))))))))))))))))
    .

    2009-01-17 19:55 . 2009-01-17 19:55 <DIR> d——– c:\program files\GV_Killer
    2009-01-17 19:55 . 2004-03-08 23:00 152,848 –a—— c:\windows\system32\COMDLG32.OCX
    2009-01-17 19:55 . 2001-09-07 11:00 59,904 –a—— c:\windows\system32\wbemdisp.tlb
    2009-01-17 19:35 . 2009-01-17 19:35 <DIR> d——– c:\program files\Osirius
    2009-01-16 18:50 . 2009-01-17 17:14 <DIR> d——– c:\program files\NOS
    2009-01-14 22:30 . 2009-01-17 19:51 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
    2009-01-13 22:37 . 2009-01-13 22:37 <DIR> d——– c:\program files\Microsoft CAPICOM 2.1.0.2
    2009-01-13 22:36 . 2009-01-13 22:36 <DIR> d——– c:\program files\MSXML 4.0
    2009-01-13 22:36 . 2009-01-13 22:40 1,374 –a—— c:\windows\imsins.BAK
    2009-01-13 22:34 . 2009-01-17 21:15 <DIR> dr-h—– c:\documents and settings\Onlangs geopend
    2009-01-13 20:04 . 2008-10-16 20:50 6,068,224 —–c— c:\windows\system32\dllcache\ieframe.dll
    2009-01-13 20:04 . 2007-04-17 10:32 2,455,488 —–c— c:\windows\system32\dllcache\ieapfltr.dat
    2009-01-13 20:04 . 2007-03-08 06:11 1,032,192 —–c— c:\windows\system32\dllcache\ieframe.dll.mui
    2009-01-13 20:04 . 2008-10-16 20:50 459,264 —–c— c:\windows\system32\dllcache\msfeeds.dll
    2009-01-13 20:04 . 2008-10-16 20:50 380,928 —–c— c:\windows\system32\dllcache\ieapfltr.dll
    2009-01-13 20:04 . 2008-10-16 20:50 267,776 —–c— c:\windows\system32\dllcache\iertutil.dll
    2009-01-13 20:04 . 2008-10-16 20:50 63,488 —–c— c:\windows\system32\dllcache\icardie.dll
    2009-01-13 20:04 . 2008-10-16 20:50 52,224 —–c— c:\windows\system32\dllcache\msfeedsbs.dll
    2009-01-13 20:04 . 2008-10-16 13:46 13,824 —–c— c:\windows\system32\dllcache\ieudinit.exe
    2009-01-13 19:59 . 2008-08-14 14:27 2,193,536 —–c— c:\windows\system32\dllcache
    toskrnl.exe
    2009-01-13 19:59 . 2008-08-14 14:27 2,149,888 —–c— c:\windows\system32\dllcache
    tkrnlmp.exe
    2009-01-13 19:59 . 2008-08-14 14:27 2,070,400 —–c— c:\windows\system32\dllcache
    tkrnlpa.exe
    2009-01-13 19:59 . 2008-08-14 14:27 2,028,544 —–c— c:\windows\system32\dllcache
    tkrpamp.exe
    2009-01-13 19:56 . 2008-10-24 12:41 455,936 —–c— c:\windows\system32\dllcache\mrxsmb.sys
    2009-01-12 21:34 . 2009-01-12 21:34 <DIR> d——– c:\documents and settings\Web Page Maker
    2009-01-12 21:34 . 2009-01-12 21:46 <DIR> d——– c:\documents and settings\Application Data\Web Page Maker
    2009-01-12 21:12 . 2009-01-12 21:12 146,650 –a—— c:\windows\system32\BuzzingBee.wav
    2009-01-12 21:12 . 2009-01-12 21:12 125,690 –a—— c:\windows\system32\LoopyMusic.wav
    2009-01-12 21:06 . 2004-06-18 09:32 15,684,608 -ra—— c:\windows\system32\ALSNDMGR.CPL
    2009-01-12 21:06 . 2004-06-18 09:15 7,506,432 -ra—— c:\windows\system32\RTLCPL.EXE
    2009-01-12 21:06 . 2002-11-21 08:07 765,952 -ra—— c:\windows\system\crlds3d.dll
    2009-01-12 21:06 . 2004-06-21 09:53 626,204 -ra—— c:\windows\system32\drivers\ALCXWDM.SYS
    2009-01-12 21:06 . 2004-02-24 04:08 400,384 -ra—— c:\windows\system32\drivers\ALCXSENS.SYS
    2009-01-12 21:06 . 2004-02-09 08:18 155,648 -ra—— c:\windows\system32\RTLCPAPI.dll
    2009-01-12 21:06 . 2002-02-05 06:54 141,016 -ra—— c:\windows\system32\ALSNDMGR.WAV
    2009-01-12 21:06 . 2004-06-18 09:31 67,584 -ra—— c:\windows\SOUNDMAN.EXE
    2009-01-12 21:06 . 2003-08-19 12:36 65,536 –a–c— c:\windows\system32\dllcache\a3d.dll
    2009-01-12 21:06 . 2003-08-19 12:36 65,536 -ra—— c:\windows\system32\Audio3D.dll
    2009-01-12 21:06 . 2003-08-19 12:36 65,536 -ra—— c:\windows\system32\a3d.dll
    2009-01-12 07:59 . 2009-01-12 07:59 <DIR> d——– c:\program files\GetData
    2009-01-12 07:58 . 2009-01-12 08:03 <DIR> d-a—— c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
    2009-01-11 20:35 . 2009-01-12 20:27 <DIR> d——– c:\documents and settings\Application Data\Uniblue
    2009-01-11 20:35 . 2009-01-12 20:27 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\DriverScanner
    2009-01-11 20:18 . 2009-01-11 20:18 <DIR> d——– c:\program files\iXi Tools
    2009-01-11 10:31 . 2009-01-11 10:32 2,915,194 -ra—— c:\documents and settings\ComboFix.exe
    2009-01-10 21:02 . 2009-01-10 21:02 45,820 –a—— c:\documents and settings\cc_20090110_210222.reg
    2009-01-10 20:57 . 2009-01-10 20:57 <DIR> d——– c:\program files\CCleaner
    2009-01-10 20:57 . 2009-01-10 20:57 3,165,824 –a—— c:\program files\ccsetup215.exe
    2009-01-10 19:23 . 1998-10-22 05:01 1,888,744 –a—— c:\windows\system32\vcl40.bpl
    2009-01-10 19:23 . 1998-08-05 00:00 122,128 –a—— c:\windows\system32\VB6IT.DLL
    2009-01-10 19:23 . 1999-06-03 00:00 101,888 –a—— c:\windows\system32\VB6STKIT.DLL
    2009-01-10 19:23 . 1998-06-17 05:00 18,944 –a—— c:\windows\system32\borlndmm.dll
    2009-01-10 19:22 . 1997-08-26 12:06 315,904 –a—— c:\windows\IsUninst.exe
    2009-01-10 13:51 . 2009-01-10 13:54 <DIR> d——– c:\program files\Enigma Software Group
    2009-01-10 12:25 . 2009-01-12 21:33 <DIR> d——– c:\documents and settings\Application Data\Nero
    2009-01-10 12:05 . 2009-01-10 12:05 4,757 –a—— c:\windows\Irremote.ini
    2009-01-10 12:03 . 2009-01-10 12:03 <DIR> d——– c:\program files\Windows Sidebar
    2009-01-10 11:46 . 2009-01-10 12:21 <DIR> d——– c:\program files\Common Files\Nero
    2009-01-07 19:11 . 2006-08-13 13:51 11,134 –a—— c:\windows\system32\msvcr20.dll
    2009-01-05 22:21 . 2009-01-05 22:22 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-01-05 22:21 . 2009-01-05 22:21 <DIR> d——– c:\documents and settings\Application Data\Malwarebytes
    2009-01-05 22:21 . 2009-01-04 18:38 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-05 22:21 . 2009-01-04 18:38 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-01-04 14:23 . 2009-01-04 14:23 <DIR> d——– c:\program files\Trend Micro
    2009-01-04 13:01 . 2009-01-04 13:01 151 –a—— c:\windows\PhotoSnapViewer.INI
    2009-01-03 15:03 . 2009-01-03 15:03 0 –a—— c:\windows
    sreg.dat
    2009-01-03 14:49 . 2009-01-03 14:49 <DIR> d——– c:\documents and settings\Application Data\Webroot
    2009-01-03 11:18 . 2009-01-03 11:18 <DIR> d——– C:\NVIDIA
    2009-01-02 19:03 . 2009-01-02 19:03 196,608 –a—— c:\windows\system32\avisynth.dll
    2009-01-02 19:02 . 2009-01-02 19:02 414,272 –a—— c:\windows\system32\DivXc32f.dll
    2009-01-02 19:02 . 2009-01-02 19:02 414,272 –a—— c:\windows\system32\DivXc32.dll
    2009-01-02 19:02 . 2009-01-02 19:02 291,408 –a—— c:\windows\system32\DivXa32.acm
    2009-01-02 19:02 . 2009-01-02 19:02 240,400 –a—— c:\windows\system32\DivX_c32.ax
    2009-01-02 19:02 . 2009-01-02 19:02 33,280 –a—— c:\windows\system32\HUFFYUV.DLL
    2009-01-01 15:23 . 2009-01-01 15:23 <DIR> d——– c:\program files\Adblock Pro
    2009-01-01 15:23 . 2009-01-01 15:23 <DIR> d——– c:\documents and settings\Application Data\Adblock Pro
    2009-01-01 14:01 . 2009-01-10 14:18 <DIR> d——– c:\program files\AskBarDis
    2009-01-01 14:00 . 2009-01-01 14:00 <DIR> d——– c:\program files\Zone Labs
    2009-01-01 14:00 . 2008-11-13 15:18 1,221,008 –a—— c:\windows\system32\zpeng25.dll
    2009-01-01 14:00 . 2009-01-17 21:17 348,371 –a—— c:\windows\system32\vsconfig.xml
    2009-01-01 14:00 . 2009-01-01 14:00 4,212 –ah—– c:\windows\system32\zllictbl.dat
    2008-12-31 18:57 . 2008-12-31 18:57 95 –a—— c:\windows\wininit.ini
    2008-12-31 15:49 . 2008-12-31 15:49 <DIR> d——– c:\documents and settings\Application Data\Lavasoft
    2008-12-31 14:48 . 2009-01-05 22:10 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2008-12-31 14:30 . 2006-10-26 19:56 32,592 –a—— c:\windows\system32\msonpmon.dll
    2008-12-31 14:29 . 2008-12-31 14:29 <DIR> d——– c:\program files\Microsoft Works
    2008-12-31 14:27 . 2008-12-31 14:27 <DIR> d——– c:\program files\Microsoft.NET
    2008-12-31 14:26 . 2008-12-31 14:26 <DIR> d——– c:\program files\Microsoft Visual Studio 8
    2008-12-31 14:24 . 2009-01-16 20:11 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
    2008-12-30 15:29 . 2008-12-30 15:30 <DIR> d——– c:\program files\aida32pe_393
    2008-12-30 15:20 . 2009-01-01 14:46 <DIR> d——– c:\program files\A1Click Ultra PC Cleaner
    2008-12-30 14:56 . 2008-12-30 14:56 <DIR> d——– c:\documents and settings\Mijn Corel-presentaties
    2008-12-30 14:46 . 2008-12-30 14:56 2,516 –ahs—- c:\documents and settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys
    2008-12-30 14:42 . 2008-12-30 14:42 <DIR> d——– c:\program files\Common Files\Protexis
    2008-12-30 14:39 . 2008-12-30 14:42 <DIR> d——– c:\program files\Corel
    2008-12-30 14:38 . 2008-12-30 14:38 <DIR> d——– c:\documents and settings\Application Data\InstallShield
    2008-12-30 12:44 . 2008-12-26 14:30 86 –a—— c:\documents and settings\DelBFE.bat
    2008-12-29 14:20 . 2009-01-17 17:14 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\NOS
    2008-12-29 14:19 . 2008-12-29 14:19 <DIR> d——– c:\documents and settings\Application Data\AdobeUM
    2008-12-29 14:02 . 2009-01-17 19:43 69 –a—— c:\windows\NeroDigital.ini
    2008-12-29 13:50 . 2009-01-10 12:25 <DIR> d——– c:\documents and settings\Application Data\Ahead
    2008-12-29 13:43 . 2009-01-10 12:04 <DIR> d——– c:\program files\Nero
    2008-12-29 13:43 . 2009-01-16 19:31 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Nero
    2008-12-29 11:53 . 2008-12-29 11:52 512,096 –a—— c:\windows\system32\drivers\amon.sys
    2008-12-29 11:53 . 2008-12-29 11:52 298,104 –a—— c:\windows\system32\imon.dll
    2008-12-29 11:53 . 2008-12-29 11:52 15,424 –a—— c:\windows\system32\drivers
    od32drv.sys
    2008-12-29 11:48 . 2005-10-11 15:21 1,077,344 –a—— c:\windows\system32\mscomctl.ocx
    2008-12-28 16:10 . 2008-12-28 16:10 2,188,566 –a—— c:\program files\GrabIt172b3.exe
    2008-12-28 13:23 . 2009-01-16 22:01 <DIR> d——– c:\documents and settings\Application Data\GrabIt
    2008-12-28 13:14 . 2004-06-03 03:40 294,400 –a—— c:\windows\system32\idecoi.dll
    2008-12-28 13:14 . 2004-05-20 03:11 172,032 -ra—— c:\windows\system32
    vuide.exe
    2008-12-28 13:14 . 2004-06-03 03:40 79,360 -ra—— c:\windows\system32\drivers
    vatabus.sys
    2008-12-28 13:14 . 2004-03-20 19:30 464 -ra—— c:\windows\system32
    vide.nvu
    2008-12-28 11:52 . 2008-12-28 11:52 <DIR> d——– c:\documents and settings\Application Data\VanDale
    2008-12-27 17:54 . 2000-03-29 07:17 5,824 –a—— c:\windows\system32\drivers\ASUSHWIO.SYS
    2008-12-27 17:54 . 2008-12-31 18:14 4,839 –a—— c:\windows\Ascd_tmp.ini
    2008-12-27 17:07 . 2009-01-17 19:32 <DIR> d——– c:\documents and settings\GrabIt Downloads
    2008-12-27 15:20 . 2008-12-30 14:56 <DIR> d——– c:\documents and settings\My PSP Files
    2008-12-27 15:20 . 2008-12-30 14:47<DIR> d——– c:\documents and settings\Application Data\Corel
    2008-12-27 13:50 . 2006-01-04 09:12 77,824 -ra—— c:\windows\system32\HPZIDS01.dll
    2008-12-27 13:50 . 2006-04-10 14:03 38,400 –a—— c:\windows\system32\hpz3l054.dll
    2008-12-27 11:19 . 2008-12-27 11:19 <DIR> dr——- c:\documents and settings\Mijn video's
    2008-12-27 10:47 . 2008-12-27 10:47 <DIR> d——– c:\documents and settings\~1VOL\LOCALS~1
    2008-12-27 10:47 . 2008-12-27 10:47 <DIR> d——– c:\documents and settings\~1VOL
    2008-12-27 10:29 . 2008-12-27 10:29 <DIR> d——– c:\program files\support.com

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-16 17:58 ——— d—–w c:\program files\Common Files\Adobe
    2009-01-04 23:11 ——— d—–w c:\program files\Hitman Pro
    2009-01-04 19:35 ——— d—–w c:\program files\Eset
    2009-01-04 17:09 ——— d—–w c:\program files\Google
    2009-01-02 17:55 ——— d—–w c:\program files\Windows Media Connect 2
    2009-01-01 13:46 ——— d—–w c:\program files\PowerISO
    2008-12-31 13:55 ——— d—–w c:\program files\Spybot - Search & Destroy
    2008-12-31 13:28 ——— d—–w c:\program files\MSBuild
    2008-12-30 14:23 ——— d—–w c:\program files\Common Files\Wise Installation Wizard
    2008-12-30 13:43 ——— d—–w c:\program files\Common Files\Corel
    2008-12-29 12:48 ——— d—–w c:\program files\Common Files\Ahead
    2008-12-28 15:11 ——— d—–w c:\program files\GrabIt
    2008-12-27 17:14 ——— d—–r c:\program files\Volvo
    2008-12-27 09:47 ——— d—–w c:\program files\Browser Mouse
    2008-12-22 09:15 ——— d—–w c:\documents and settings\Application Data\GrabIt
    2008-12-21 12:44 ——— d—–w c:\program files\MagicISO
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    2008-11-29 17:02 ——— d—–w c:\program files\Spyware Doctor
    2008-11-22 16:39 ——— d—–w c:\program files\world atlas
    2008-11-21 19:20 ——— d—–w c:\documents and settings\Application Data\Malwarebytes
    2008-11-21 17:57 ——— d—–w c:\documents and settings\Application Data\AdobeUM
    2008-06-28 11:13 47,360 -c–a-w c:\documents and settings\Application Data\pcouffin.sys
    2007-06-25 18:38 3,105,517 -c–a-w c:\program files\SABnzbd-0.2.5-w32.exe
    2006-04-18 18:50 2,216 -c–a-w c:\documents and settings\Application Data\ViewerApp.dat
    2005-11-30 19:20 2,990,512 -c–a-w c:\program files\hitmanpro231.exe
    2005-11-12 14:40 3,200,856 -c–a-w c:\program files\hitmanpro221.exe
    2005-11-09 19:16 13,975,118 -c–a-w c:\program files\VSP80EN.exe
    2005-11-07 21:01 4,632,749 -c–a-w c:\program files\DeepsightExtractorInstaller44.zip
    2005-11-07 20:54 4,229,261 -c–a-w c:\program files\aawseplus.exe
    2005-10-30 10:56 11,121,192 -c–a-w c:\program files\DivXPlay.exe
    2005-10-01 18:16 13,697,817 -c–a-w c:\program files\klcodec254f.exe
    2005-09-25 12:55 680,571 -c–a-w c:\program files\xace26.exe
    2005-03-31 06:16 2,884,878 -c–a-w c:\program files\CdCoverCreator-Setup-2.4.exe
    2000-09-24 11:03 388 -c–a-w c:\program files\file_id.diz
    2000-09-23 23:27 33,554,896 -c–a-w c:\program files\fo-psp7.exe
    2007-12-23 20:34 61,038 -c–a-w c:\program files\mozilla firefox\components\jar50.dll
    2007-12-23 20:34 49,256 -c–a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2007-12-23 20:34 166,000 -c–a-w c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
    "SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeper.exe" [2005-12-14 3404800]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FLMOFFICE4DMOUSE"="c:\program files\Browser MOUSE\mouse32a.exe" [2008-12-27 360448]
    "nod32kui"="c:\program files\Eset
    od32kui.exe" [2008-12-29 949376]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-18 16712]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
    "Advanced WindowsCare"="c:\program files\IObit\Advanced WindowsCare V2\Awc.exe" [2006-08-22 887808]
    "Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-18 532808]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "SoundMan"="SOUNDMAN.EXE" [2004-06-18 c:\windows\SOUNDMAN.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.HFYU"= huffyuv.dll
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.divxa32"= DivXa32.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\BitComet\\BitComet.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9768:TCP"= 9768:TCP:BitComet 9768 TCP
    "9768:UDP"= 9768:UDP:BitComet 9768 UDP

    R1 nod32drv;nod32drv;c:\windows\system32\drivers
    od32drv.sys [2008-12-29 15424]
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-01-12 c:\windows\Tasks\Advanced WindowsCare.job
    - c:\program files\IObit\Advanced WindowsCare V2\AutoCare.exe [2006-08-04 14:32]

    2009-01-17 c:\windows\Tasks\AwcUpdate.job
    - c:\program files\IObit\Advanced WindowsCare V2\AutoUpdate.exe [2006-08-22 00:16]

    2009-01-17 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-04 18:07]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.startpagina.nl/
    IE: &Block This Image (ABP) - c:\program files\Adblock Pro\blockimg.html
    IE: &Blokkeer dit figuur (ABP) - c:\program files\Adblock Pro\blockimg.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {{E7FD3540-AB30-40f1-91E7-101F733C1FD5} - {7685B225-8229-4321-BA13-A24485B0A760} - c:\program files\Adblock Pro\AdblockPro.dll
    LSP: c:\windows\system32\imon.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-17 21:17:23
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(716)
    c:\windows\system32\cscui.dll

    - - - - - - - > 'lsass.exe'(772)
    c:\windows\system32\imon.dll
    c:\program files\Eset\pr_imon.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32\ZoneLabs\vsmon.exe
    c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\program files\Eset
    od32krn.exe
    c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
    c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-01-17 21:20:15 - machine werd herstart
    ComboFix-quarantined-files.txt 2009-01-17 20:20:11
    ComboFix2.txt 2009-01-17 16:57:27
    ComboFix3.txt 2009-01-17 16:39:23
    ComboFix4.txt 2009-01-11 09:42:38

    Pre-Run: 26.814.808.064 bytes beschikbaar
    Post-Run: 26,805,284,864 bytes beschikbaar

    274 — E O F — 2009-01-16 17:48:13
  • Zijn er nog problemen?
  • Er zijn geen problemen meer in de zin van vervelende pop-ups, ongevraagde webpagina's en een traag draaiende machine enz.
    Vraagje, wat doen (deden) de volgende regels en wat heeft GV killer eigenlijk hier vervolgens mee gedaan?

    C:\NV25002720.TMP
    C:\NV19121840.TMP
    C:\NV38322812.TMP
    C:\NV15402232.TMP
    C:\NV1961080.TMP
    C:\NV1220640.TMP

    En dat er een account op de comp. staat die Windows heet is schijnbaar geen probleem, hij draait er wel mee.

    Alvast mijn grote dank voor je hulp, hier was ik alleen nooit uitgekomen!

    Gr. Jan.
  • Graag gedaan,

    Dat zijn brute force mappen die gecreërd zijn door het virus wat je had.

    Doe nog even dit:


    Download ATF cleaner (mirror)(gemaakt door Atribune)

    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

    Dubbelklik op

    ATF cleaner om het programma te starten.
    Op het tabblad Main, plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Het volgende doen als je ook FireFox als browser hebt:

    Klik op tabblad Firefox, plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    (dit haalt het vinkje weer weg bij Firefox saved passwords)
    Klik op de knop Empty Selected.

    Het volgende doen als je ook Opera als browser hebt:

    Klik op tabblad Opera, plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    Klik op de knop Empty Selected.
    Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.3. Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.


    - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
    - Zet een vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Windows vraagt of je dat zeker weet.
    - Klik "Ja".
    - Klik "OK".
    - Start de pc opnieuw op.
    - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
    - Klik "Ja".
    - Verwijder het vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Klik "OK".
    - Start de pc opnieuw op
    - Er is nu een nieuw schoon herstel punt aangemaakt
  • Opdracht voltooid!!

    Ik wil je nogmaals bedanken voor de hulp en ik heb de computer inmiddels beter beveiligd tegen aanvallen van buitenaf. Ik heb destijds net een paar uur zonder beveiliging gedraaid na het opnieuw installeren van Windows. Kan je nagaan wat een hoop drukte je dan krijgt.

    Bedankt!
    Hoi.
  • Graag gedaan :)

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.