Vraag & Antwoord

Beveiliging & privacy

Is deze PC besmet met een Spambot Trojan?

Anoniem
smeenk
18 antwoorden
 • Hallo,

  Ik heb hier een PC staan die een hele ernstige besmetting heeft.
  De ADSL aansluiting van de eigenaar is afgesloten vanwege een Trojan op deze PC. (vermoedelijk een spambot :( )

  Het vervelende is dat er meerdere (5) gebruikers zijn op deze PC. Moeten deze allemaal appart bekeken worden of volstaat het inloggen als administrator middels de veilige modus?

  Hier is het logje:

  Logfile of HijackThis v1.99.1
  Scan saved at 19:51:16, on 6-6-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Eset\nod32krn.exe
  C:\WINDOWS\system32\PRISMSVC.EXE
  C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
  C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\PRISMSVR.EXE
  C:\WINDOWS\system32\igfxtray.exe
  C:\WINDOWS\system32\hkcmd.exe
  C:\Program Files\Eset\nod32kui.exe
  C:\Program Files\Analog Devices\Core\smax4pnp.exe
  C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\WINDOWS\vsnpstd.exe
  C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
  C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
  C:\Program Files\TrojanHunter 4.6\THGuard.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\MSN Messenger\msnmsgr.exe
  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  C:\Program Files\Dell Wireless\PRISMCFG.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
  C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
  C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
  C:\Documents and Settings\Bente\Application Data\U3\0000184519602EC1\LaunchPad.exe
  C:\WINDOWS\system32\ntvdm.exe
  C:\Program Files\CCleaner\ccleaner.exe
  F:\totalcmd\TOTALCMD.EXE
  c:\Program Files\Hijackthis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
  O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
  O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\iifdcby.dll
  O2 - BHO: (no name) - {27F13264-56CC-4851-93CD-7F55828A5D34} - C:\WINDOWS\system32\mljji.dll (file missing)
  O2 - BHO: (no name) - {33A06963-4937-4C7A-99EF-60DFE1072B0f} - C:\WINDOWS\system32\ltmiqamt.dll (file missing)
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{34E52~2\Bar888.dll
  O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\krgpxeqd.dll (file missing)
  O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
  O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{34E52~2\Bar888.dll
  O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
  O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
  O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
  O4 - HKLM\..\Run: [swcpshell] C:\Windows\System32\csharpshell.exe
  O4 - HKLM\..\Run: Need for Speed Carbon
  O4 - HKLM\..\Run: [] C:\WINDOWS\scvhost.exe
  O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
  O4 - HKLM\..\Run: [lies name fast ace] C:\Documents and Settings\All Users\Application Data\option trans lies name\MeetSixth.exe
  O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [j4241838] rundll32 C:\WINDOWS\system32\j4241838.dll sook
  O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\uonhdmwq.dll",realset
  O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
  O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - HKCU\..\Run: [csharpshell] C:\Windows\System32\csharpshell.exe
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe
  O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
  O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe (file missing)
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/680c575f61e35a0c21d88084ee83f28c_35.exe
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
  O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O20 - AppInit_DLLs: pushow28.dll
  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
  O20 - Winlogon Notify: iifdcby - C:\WINDOWS\SYSTEM32\iifdcby.dll
  O20 - Winlogon Notify: mljji - C:\WINDOWS\system32\mljji.dll (file missing)
  O20 - Winlogon Notify: pmnmmkj - C:\WINDOWS\SYSTEM32\pmnmmkj.dll
  O20 - Winlogon Notify: PRISMAPI.DLL - C:\WINDOWS\SYSTEM32\PRISMAPI.DLL
  O20 - Winlogon Notify: vtursro - C:\WINDOWS\SYSTEM32\vtursro.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)
  O20 - Winlogon Notify: winkve32 - winkve32.dll (file missing)
  O20 - Winlogon Notify: yayvsqq - C:\WINDOWS\SYSTEM32\yayvsqq.dll
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0002239 (file missing)
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
  O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
  O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
  O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

  Ik zal nu eerst een full scan doen met Ad-aware vanuit de veilige modus (Administrator)
 • Download [b:bc8dcd1c9f]Combofix[/b:bc8dcd1c9f] naar je bureaublad.
  Dubbelklik [b:bc8dcd1c9f]combofix.exe[/b:bc8dcd1c9f]
  Volg de instructies.
  Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

  Wanneer de fix gedaan heeft en na herstart, zal de log combofix.txt openen.
  Plaats deze log in je volgende post.

  Groeten smeenk ;)
 • Combofix kwam met de melding dat er een rootkit was aangetroffen waarna de PC opnieuw werd opgestart.

  Hier de log van Combofix:
  "user" - 2007-06-07 9:39:19 Service Pack 2 NTFS
  ComboFix 07-06-3B - Running from: "C:\temp\"

 • Download:
  Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.

  Er zal een schermpje openen, daarin zullen snel enkele regels voorbijkomen, daarna zal dit scherm vanzelf sluiten, dit is normaal.
  [b:743f67e6cc]Mogelijk[/b:743f67e6cc] start er ook een uninstaller van een rogue scanner op, [b:743f67e6cc]sluit deze niet af[/b:743f67e6cc] maar volg eventuele aanwijzingen en laat deze zijn werk doen.

  Daarna de [b:743f67e6cc]PC herstarten[/b:743f67e6cc] en nogmaals RemoveVideoActiveXObject.exe dubbelklikken.
  Zoek daarna even het volgende bestand op C:\[b:743f67e6cc]RVAXO-results.log[/b:743f67e6cc]
  Dubbelklik dit bestand, het zal als een logje openen, post de inhoud in je volgende bericht tesamen met een nieuw logje van HijackThis.
 • —————-RemoveVideoActiveXObject.exe first run————-

  Files found:

  C:\WINDOWS\tasks\AAF7E417914C60CF.job
  C:\WINDOWS\tasks\At1.job
  C:\WINDOWS\tasks\At2.job
  C:\WINDOWS\tasks\At3.job
  C:\WINDOWS\tasks\At4.job
  C:\WINDOWS\tasks\At5.job
  C:\WINDOWS\tasks\At6.job
  C:\WINDOWS\system32\j1211137.dll
  C:\WINDOWS\system32\j4241838.dll
  C:\WINDOWS\system32\vbzip11.dll
  C:\WINDOWS\d3dx.dat

  Uninstallers Rogue scanners:


  Folders Found:


  ——————-


  Logfile of HijackThis v1.99.1
  Scan saved at 12:12:37, on 7-6-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Eset\nod32krn.exe
  C:\WINDOWS\system32\PRISMSVC.EXE
  C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
  C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\PRISMSVR.EXE
  C:\WINDOWS\system32\wscntfy.exe
  C:\Program Files\Eset\nod32kui.exe
  C:\Program Files\Analog Devices\Core\smax4pnp.exe
  C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\MSN Messenger\msnmsgr.exe
  C:\Windows\System32\csharpshell.exe
  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  C:\Program Files\Dell Wireless\PRISMCFG.exe
  c:\progra~1\intern~1\iexplore.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
  C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
  C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
  C:\Program Files\Hijackthis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
  O2 - BHO: (no name) - AutorunsDisabled - (no file)
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {27F13264-56CC-4851-93CD-7F55828A5D34} - (no file)
  O2 - BHO: (no name) - {33A06963-4937-4C7A-99EF-60DFE1072B0f} - (no file)
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
  O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - HKCU\..\Run: [csharpshell] C:\Windows\System32\csharpshell.exe
  O4 - HKCU\..\Run: [Proc skip] C:\DOCUME~1\Wout\APPLIC~1\STOPDR~1\Warn cool.exe
  O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
  O4 - Startup: Registration Myst V
  O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Eagle Dynamics\Lock On\Register\schedule.exe
  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe
  O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
  O9 - Extra button: (no name) - AutorunsDisabled - (no file)
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/680c575f61e35a0c21d88084ee83f28c_35.exe
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
  O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O20 - AppInit_DLLs: pushow28.dll
  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
  O20 - Winlogon Notify: mljji - C:\WINDOWS\system32\mljji.dll (file missing)
  O20 - Winlogon Notify: PRISMAPI.DLL - C:\WINDOWS\SYSTEM32\PRISMAPI.DLL
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)
  O20 - Winlogon Notify: winkve32 - winkve32.dll (file missing)
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
  O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
  O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

  ————————–

  Bijzonderheden:

  De firewall is uitgeschakeld en als je hem wil aanzetten dan moet de er een service worden gestart omdat die niet actief is.

  Verder komt er bij het opstarten (alle gebruikers) dat csharpshell.exe niet kan worden gestart omdat js3250.dll niet kan worden gevonden. Google levert hier niets bruikbaars op.
 • Start HijackThis nog een keer, kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
  [b:715b1fb9e1]R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
  O2 - BHO: (no name) - AutorunsDisabled - (no file)
  O2 - BHO: (no name) - {27F13264-56CC-4851-93CD-7F55828A5D34} - (no file)
  O2 - BHO: (no name) - {33A06963-4937-4C7A-99EF-60DFE1072B0f} - (no file)
  O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
  O4 - HKCU\..\Run: [csharpshell] C:\Windows\System32\csharpshell.exe
  O4 - HKCU\..\Run: [Proc skip] C:\DOCUME~1\Wout\APPLIC~1\STOPDR~1\Warn cool.exe
  O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
  O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS
  O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/680c575f61e35a0c21d88084ee83f28c_35.exe
  O20 - AppInit_DLLs: pushow28.dll
  O20 - Winlogon Notify: mljji - C:\WINDOWS\system32\mljji.dll (file missing)
  O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)
  O20 - Winlogon Notify: winkve32 - winkve32.dll (file missing) [/b:715b1fb9e1]
  Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

  Doe daarna de volgende stappen:

  1. Download ATF cleaner (gemaakt door Atribune)
  Dubbelklik op ATF cleaner om het programma te starten.
  Op het tabblad "Main", plaats je een vinkje bij [b:715b1fb9e1]Select All[/b:715b1fb9e1].
  Klik op de knop [b:715b1fb9e1]Empty Selected[/b:715b1fb9e1].

  Het volgende doen als je ook FireFox als browser hebt:
  Klik op tabblad "Firefox", plaats een vinkje bij [b:715b1fb9e1]Select All[/b:715b1fb9e1].
  Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
  (dit haalt het vinkje weer weg bij "Firefox saved passwords";)
  Klik op de knop [b:715b1fb9e1]Empty Selected[/b:715b1fb9e1].

  Het volgende doen als je ook Opera als browser hebt:
  Klik op tabblad "Opera", plaats een vinkje bij [b:715b1fb9e1]Select All[/b:715b1fb9e1].
  Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
  Klik op de knop [b:715b1fb9e1]Empty Selected[/b:715b1fb9e1].
  Ga naar het tabblad "Main" en klik op de knop [b:715b1fb9e1]Exit[/b:715b1fb9e1] om het programma af te sluiten.

  2. Download [b:715b1fb9e1]Dr.Web CureIt[/b:715b1fb9e1] naar je bureaublad:
  ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

  3. Start de computer in veilige modus.

  4. Dubbelklik [b:715b1fb9e1]drweb-cureit.exe[/b:715b1fb9e1] en sta het toe om de express scan te starten.
  Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
  Eenmaal de korte scan is beeïndigd, Klik [b:715b1fb9e1]Options[/b:715b1fb9e1] > Change Settings
  Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
  Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
  Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
  Klik daarna de [b:715b1fb9e1]groene pijl[/b:715b1fb9e1] rechts om de scan te starten.
  Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
  Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:715b1fb9e1]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:715b1fb9e1]
  Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:715b1fb9e1]Move incurable[/b:715b1fb9e1] zoals je zal zien in volgende afbeelding:
  [img:715b1fb9e1]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:715b1fb9e1]
  Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
  Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:715b1fb9e1]file[/b:715b1fb9e1] en kies [b:715b1fb9e1]save report list[/b:715b1fb9e1]. Bewaar de log op je bureaublad.
  Sluit daarna Dr.Web Cureit.

  5. [b:715b1fb9e1]Herstart[/b:715b1fb9e1] je computer in normale modus!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
  Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post tesamen met een logje van Hijackthis ;)
 • Dr. WebCure-it:

  (full) dat is mijn wens walt disney 11.wma C:\Documents and Settings\Bente\Shared Trojan.Isbar.389 Deleted.
  (live) dat is mijn wens walt disney 07.wma C:\Documents and Settings\Bente\Shared Trojan.Isbar.389 Deleted.
  (uncensored) dat is mijn wens walt disney 45.wma C:\Documents and Settings\Bente\Shared Trojan.Isbar.389 Deleted.
  01 Track 1.wma C:\Documents and Settings\Bente\Shared Trojan.Isbar.389 Deleted.
  03 Track 3.wma C:\Documents and Settings\Bente\Shared Trojan.Isbar.389 Deleted.
  04 Track 4.wma C:\Documents and Settings\Bente\Shared Trojan.Isbar.389 Deleted.
  dat is mijn wens walt disney 43.wma C:\Documents and Settings\Bente\Shared Trojan.Isbar.389 Deleted.
  bllafbty.dll C:\Documents and Settings\Jacob\Local Settings\Temp Trojan.Virtumod Deleted.
  bptjatmt.dll C:\Documents and Settings\Jacob\Local Settings\Temp Trojan.Virtumod Deleted.
  jrgagjds.dll C:\Documents and Settings\Jacob\Local Settings\Temp Trojan.Virtumod Deleted.
  rayectds.dll C:\Documents and Settings\Jacob\Local Settings\Temp Trojan.Virtumod Deleted.
  rewdnkwo.dll C:\Documents and Settings\Jacob\Local Settings\Temp Trojan.Virtumod Deleted.
  scaisnup.dll C:\Documents and Settings\Jacob\Local Settings\Temp Trojan.Virtumod Deleted.
  shtukelw.dll C:\Documents and Settings\Jacob\Local Settings\Temp Trojan.Virtumod Deleted.
  svhdnktj.dll C:\Documents and Settings\Jacob\Local Settings\Temp Trojan.Virtumod Deleted.
  vpqvhjje.dll C:\Documents and Settings\Jacob\Local Settings\Temp Trojan.Virtumod Deleted.
  vpxgmcrr.dll C:\Documents and Settings\Jacob\Local Settings\Temp Trojan.Virtumod Deleted.
  vwckhqri.dll C:\Documents and Settings\Jacob\Local Settings\Temp Trojan.Virtumod Deleted.
  xltgcxbb.dll C:\Documents and Settings\Jacob\Local Settings\Temp Trojan.Virtumod Deleted.
  Movies.exe C:\Documents and Settings\Wout\Bureaublad\wout\backups Win95.SK Incurable.Moved.
  ftreuils.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  fuyswhjg.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  gjilclpf.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  gpxvlhoq.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  gxoqhkvd.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  ijxxtsbo.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  kbyhromn.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  kkaesuwc.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  kkeclbln.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  ktlndube.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  lbcolfqj.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  ldexdyfy.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  lieqmjds.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  lpmrpfxp.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  lxfxmrbh.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  metktfxs.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  mnrlkxks.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  msukhwml.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  mtmbpytc.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  niecltrv.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  nweiyvnh.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  oomhywan.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  oqdpxovc.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  plvvwpci.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  posemibs.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  prcbnern.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  rfaqrtgf.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  rptxtjqf.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  ssrvljqy.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  tfaiibvl.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  tipnosmx.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  tpysoccp.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  tsvgpxaa.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  umrsqfta.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  uxhyuvrf.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  vbqpkakl.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  wcymvgwt.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  wlpupuwc.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  wtvvyuwv.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  xkwtmhol.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  xyfjrtuk.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  ylcioqwq.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  ysegqhbj.dll C:\Documents and Settings\Wout\Local Settings\Temp Trojan.Virtumod Deleted.
  sfksiesoy[1].htm C:\Documents and Settings\Wout\Local Settings\Temporary Internet Files\Content.IE5\4XUZ8XIN Trojan.Click.2452 Deleted.
  a120_tb.dll C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar Adware.Softomate Incurable.Moved.
  02VK31DA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.10301 Deleted.
  03USDACA.NQF C:\Program Files\ESET\infected Trojan.NtRootKit.239 Deleted.
  0WV5BNAA.NQF C:\Program Files\ESET\infected Adware.Zango Incurable.Moved.
  11UFUGBA.NQF C:\Program Files\ESET\infected Trojan.MulDrop.3338 Deleted.
  13LJX3BA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.10301 Deleted.
  2CBTDCCA.NQF C:\Program Files\ESET\infected Adware.Advert Incurable.Moved.
  2DFKERAA.NQF C:\Program Files\ESET\infected Trojan.Virtumod Deleted.
  2MSPB5BA.NQF C:\Program Files\ESET\infected Adware.Crew Incurable.Moved.
  2NSMTEDA.NQF C:\Program Files\ESET\infected Trojan.Isbar Incurable.Moved.
  2YX4K2BA.NQF C:\Program Files\ESET\infected BackDoor.Vocc Deleted.
  30Z3SLCA.NQF C:\Program Files\ESET\infected Adware.DollarRevenue Incurable.Moved.
  4ALAEQAA.NQF C:\Program Files\ESET\infected Trojan.Click.1210 Deleted.
  51G5VCBA.NQF C:\Program Files\ESET\infected Trojan.MulDrop.3338 Deleted.
  5BCIPYAA.NQF C:\Program Files\ESET\infected Adware.DollarRevenue Incurable.Moved.
  5EPCGMAA.NQF C:\Program Files\ESET\infected Win32.HLLW.Banshee Incurable.Moved.
  5S3DAMAA.NQF C:\Program Files\ESET\infected Dialer.Coulomb Incurable.Moved.
  5XBURIDA.NQF C:\Program Files\ESET\infected Adware.Zango Incurable.Moved.
  B0L31RAA.NQF C:\Program Files\ESET\infected Trojan.Click.1210 Deleted.
  BGW5TADA.NQF C:\Program Files\ESET\infected Adware.TopSearch Incurable.Moved.
  BHSSCIDA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.10301 Deleted.
  C40E0GAA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.10301 Deleted.
  C5AD42CA.NQF C:\Program Files\ESET\infected Trojan.Virtumod Deleted.
  DK5QD1CA.NQF C:\Program Files\ESET\infected Trojan.Mezzia Deleted.
  EL1GSDCA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.21939 Deleted.
  EUXFKFCA.NQF C:\Program Files\ESET\infected Adware.DollarRevenue Incurable.Moved.
  FGWASXAA.NQF C:\Program Files\ESET\infected Trojan.Click.1210 Deleted.
  FO4EORBA.NQF C:\Program Files\ESET\infected Dialer.Webcont Incurable.Moved.
  FXUOUXCA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.3385 Incurable.Moved.
  H2VYPSCA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.22042 Deleted.
  HAKXOWBA.NQF C:\Program Files\ESET\infected Adware.NewDotNet Incurable.Moved.
  HAQ352CA.NQF C:\Program Files\ESET\infected Trojan.Isbar.450 Deleted.
  HDEXL3CA.NQF C:\Program Files\ESET\infected Trojan.KeyLogger.89 Deleted.
  HJXW2ACA.NQF C:\Program Files\ESET\infected Adware.TopSearch Incurable.Moved.
  JE5HZPCA.NQF C:\Program Files\ESET\infected Win32.HLLW.Krepper Deleted.
  JOZ1RZBA.NQF C:\Program Files\ESET\infected Adware.DollarRevenue Incurable.Moved.
  KM0DP3DA.NQF C:\Program Files\ESET\infected BackDoor.Vocc Deleted.
  L2IYKCCA.NQF C:\Program Files\ESET\infected Tool.GameCrack Incurable.Moved.
  LH3GI5AA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.8620 Deleted.
  LM10VGBA.NQF C:\Program Files\ESET\infected Trojan.Virtumod Deleted.
  MAZFTHCA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.10301 Deleted.
  MIZB5WCA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.13549 Deleted.
  MLY2I4DA.NQF C:\Program Files\ESET\infected Dialer.Webcont Incurable.Moved.
  MQEG4QCA.NQF C:\Program Files\ESET\infected Trojan.Click.1210 Deleted.
  MVCELPAA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.9222 Deleted.
  N2HPOVDA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.19256 Deleted.
  NVO1J5DA.NQF C:\Program Files\ESET\infected Adware.DollarRevenue Incurable.Moved.
  NYH4ITAA.NQF C:\Program Files\ESET\infected Trojan.Click.1210 Deleted.
  O00HGZBA.NQF C:\Program Files\ESET\infected Trojan.Click.1210 Deleted.
  O2H0Z3DA.NQF C:\Program Files\ESET\infected Adware.Crew Incurable.Moved.
  OBBUPSCA.NQF C:\Program Files\ESET\infected Win32.HLLW.Banshee Incurable.Moved.
  OBHCGBDA.NQF C:\Program Files\ESET\infected Adware.TopSearch Incurable.Moved.
  P34QDRBA.NQF C:\Program Files\ESET\infected Trojan.Mezzia Deleted.
  PL410YAA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.4990 Deleted.
  QTBYX0CA.NQF C:\Program Files\ESET\infected Win32.HLLW.Krepper Deleted.
  QXVCSJCA.NQF C:\Program Files\ESET\infected Adware.Crew Incurable.Moved.
  RH5FD1AA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.4990 Deleted.
  RJUWHPBA.NQF C:\Program Files\ESET\infected Dialer.Coulomb Incurable.Moved.
  RUJUT3AA.NQF C:\Program Files\ESET\infected Trojan.MulDrop.420 Deleted.
  T11EMBCA.NQF C:\Program Files\ESET\infected Trojan.MulDrop.3338 Deleted.
  TWOOINDA.NQF C:\Program Files\ESET\infected BackDoor.Madtro Deleted.
  U3NI42DA.NQF C:\Program Files\ESET\infected Trojan.Click.1210 Deleted.
  UDNHGDCA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.6217 Deleted.
  UT2505BA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.10301 Deleted.
  UVYNTZBA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.8620 Deleted.
  VK2V0BCA.NQF C:\Program Files\ESET\infected BackDoor.Vocc Deleted.
  W5HUHUCA.NQF C:\Program Files\ESET\infected Trojan.MulDrop.3338 Deleted.
  X3EA4PBA.NQF C:\Program Files\ESET\infected Trojan.MulDrop.3290 Deleted.
  Y2GSQRCA.NQF C:\Program Files\ESET\infected Tool.GameCrack Incurable.Moved.
  YDWBBABA.NQF C:\Program Files\ESET\infected Trojan.DownLoader.10301 Deleted.
  YFSTH5DA.NQF C:\Program Files\ESET\infected Adware.TopSearch Incurable.Moved.
  YSYKBEDA.NQF C:\Program Files\ESET\infected Trojan.Virtumod Deleted.
  NPMyWebS.dll C:\Program Files\Mozilla Firefox\plugins Adware.Msearch Incurable.Moved.
  riched20.dll C:\Program Files\MSN Messenger Adware.Msearch Incurable.Moved.
  F3HISTSW.DLL C:\Program Files\MyWebSearch\bar\1.bin Adware.Msearch Incurable.Moved.
  F3HTTPCT.DLL C:\Program Files\MyWebSearch\bar\1.bin Trojan.Isbar.438 Deleted.
  F3PSSAVR.SCR C:\Program Files\MyWebSearch\bar\1.bin Adware.Msearch Incurable.Moved.
  F3RESTUB.DLL C:\Program Files\MyWebSearch\bar\1.bin Adware.Msearch Incurable.Moved.
  F3SCHMON.EXE C:\Program Files\MyWebSearch\bar\1.bin Adware.Msearch Incurable.Moved.
  F3SCRCTR.DLL C:\Program Files\MyWebSearch\bar\1.bin Trojan.DownLoader.7028 Deleted.
  F3WPHOOK.DLL C:\Program Files\MyWebSearch\bar\1.bin Adware.Msearch Incurable.Moved.
  M3IDLE.DLL C:\Program Files\MyWebSearch\bar\1.bin Adware.MWS Incurable.Moved.
  M3OUTLCN.DLL C:\Program Files\MyWebSearch\bar\1.bin Adware.Msearch Incurable.Moved.
  M3PLUGIN.DLL C:\Program Files\MyWebSearch\bar\1.bin Adware.Msearch Incurable.Moved.
  MWSBAR.DLL C:\Program Files\MyWebSearch\bar\1.bin Adware.Msearch Incurable.Moved.
  MWSOEMON.EXE C:\Program Files\MyWebSearch\bar\1.bin Adware.Websearch Incurable.Moved.
  MWSOEPLG.DLL C:\Program Files\MyWebSearch\bar\1.bin Adware.Websearch Incurable.Moved.
  NPMYWEBS.DLL C:\Program Files\MyWebSearch\bar\1.bin Adware.Msearch Incurable.Moved.
  MWSSRCAS.DLL C:\Program Files\MyWebSearch\SrchAstt\1.bin Adware.MWS Incurable.Moved.
  8WrT25S.dat C:\Program Files\TrojanHunter 4.6\Quarantine Trojan.Virtumod Deleted.
  Bar888.dll.vir C:\QooBox\Quarantine\C\Program Files\Common Files\{34E52~1 Adware.Lucky Incurable.Moved.
  UnInstall.exe.vir C:\QooBox\Quarantine\C\Program Files\Common Files\{34E52~1 Adware.IWantSearch Incurable.Moved.
  Bar888.dll.vir C:\QooBox\Quarantine\C\Program Files\Common Files\{34E52~2 Adware.Lucky Incurable.Moved.
  UnInstall.exe.vir C:\QooBox\Quarantine\C\Program Files\Common Files\{34E52~2 Adware.IWantSearch Incurable.Moved.
  iifdcby.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
  mljiihi.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
  pmnmmkj.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
  vtursro.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
  yayvsqq.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted.
  7EN6BEGvyf.ini C:\WINDOWS\system32 BackDoor.Cia.24 Incurable.Moved.
  allwylnj.dll C:\WINDOWS\system32 Trojan.Juan Deleted.
  f3PSSavr.scr C:\WINDOWS\system32 Adware.Msearch Incurable.Moved.
  ftpuhtqs.exe C:\WINDOWS\system32 Trojan.Click.2485 Deleted.
  mtdgoiwv.dll C:\WINDOWS\system32 Trojan.Virtumod Deleted.
  nysknkbe.dll C:\WINDOWS\system32 Trojan.Virtumod Deleted.
  qfofdcoy.dll C:\WINDOWS\system32 Trojan.Virtumod Deleted.
  qpocvlgw.exe C:\WINDOWS\system32 Trojan.Click.2485 Deleted.
  svchosts.exe~ C:\WINDOWS\system32 Trojan.MulDrop.6162 Deleted.
  uonhdmwq.dll C:\WINDOWS\system32 Trojan.Virtumod Deleted.


  —-
  Dat was een hele lijst !!


  Hijackthis:

  Logfile of HijackThis v1.99.1
  Scan saved at 16:26:09, on 7-6-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Eset\nod32krn.exe
  C:\WINDOWS\system32\PRISMSVC.EXE
  C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
  C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\PRISMSVR.EXE
  C:\Program Files\Eset\nod32kui.exe
  C:\Program Files\Analog Devices\Core\smax4pnp.exe
  C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\MSN Messenger\msnmsgr.exe
  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
  c:\progra~1\intern~1\iexplore.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  C:\Program Files\Dell Wireless\PRISMCFG.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
  C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
  C:\Program Files\Hijackthis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
  O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
  O4 - HKCU\..\Run: [Proc skip] C:\DOCUME~1\Wout\APPLIC~1\STOPDR~1\Warn cool.exe
  O4 - Startup: Registration Myst V
  O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Eagle Dynamics\Lock On\Register\schedule.exe
  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
  O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
  O20 - Winlogon Notify: PRISMAPI.DLL - C:\WINDOWS\SYSTEM32\PRISMAPI.DLL
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
  O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
  O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
 • Nog Bedankt Smeenk!!! :D

  Nog wat vragen:

  Moet ik deze acties voor elke gebruiker (account) doen?
  Was deze besmetting voldoende aanleiding voor Xs4all om internet eraf te gooien?

  Pff, nu maar hopen dat ie weer schoon is, anders gaat Windows eraf en lijkt mij een reinstall het beste.
 • Ik heb een aantal items nog eens per useraccount verwijderd met Hijackthis.
  O.a. My websearch blijft toch per gebruiker in het register staan.

  Ook de windows firewall heb ik weer aan de praat. Deze was duidelijk gesaboteerd door de service uit te schakelen. Via Services heb ik die weer geactiveerd.

  De PC is nu na defragmentatie aanzienlijk sneller. Bedankt voor de hulp !!!

  :D :D :D :D Top ! :D :D :D :D
 • Post nog maar even een nieuw logje van Combofix, ik denk dat er nog wel wat te vinden is ;)
 • "Wout" - 2007-06-08 21:11:43 Service Pack 2 NTFS
  ComboFix 07-06-3B - Running from: "C:\temp\"


  ((((((((((((((((((((((((( Files Created from 2007-05-08 to 2007-06-08 )))))))))))))))))))))))))))))))


  2007-06-07 22:31 <DIR> d——– C:\Program Files\backups
  2007-06-07 17:32 <DIR> d–hs—- C:\DOCUME~1\Wout\Onlangs geopend
  2007-06-07 14:35 <DIR> d——– C:\DOCUME~1\Wout\DoctorWeb
  2007-06-07 14:33 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\U3
  2007-06-07 12:09 32,592 –a—— C:\WINDOWS\system32\RemoveVideoActiveXObject.reg
  2007-06-07 12:09 <DIR> d——– C:\WINDOWS\system32\RVAXO
  2007-06-07 12:05 <DIR> d——– C:\DOCUME~1\Eigenaar\APPLIC~1\U3
  2007-06-07 09:48 49,152 –a—— C:\WINDOWS\nircmd.exe
  2007-06-07 08:35 1,127,814 –a—— C:\temp\combofix.exe
  2007-06-06 21:36 245,760 –a—— C:\Program Files\Uninstall Ask Toolbar.dll
  2007-06-06 20:58 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
  2007-06-06 20:57 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\U3
  2007-06-06 20:43 <DIR> d——– C:\Program Files\Lavasoft
  2007-06-06 20:43 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
  2007-06-06 19:26 14,848 –a—— C:\WINDOWS\system32\drivers\kbdhid.sys
  2007-06-05 20:04 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\TrojanHunter
  2007-06-05 19:11 786,432 –ah—– C:\DOCUME~1\ADMINI~1\NTUSER.DAT
  2007-06-05 19:11 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Menu Start
  2007-06-05 19:11 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Sjablonen
  2007-06-05 19:11 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Onlangs geopend
  2007-06-05 19:11 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Netwerkprinteromgeving
  2007-06-05 19:11 <DIR> d——– C:\DOCUME~1\ADMINI~1\Mijn documenten
  2007-06-05 19:11 <DIR> d——– C:\DOCUME~1\ADMINI~1\Favorieten
  2007-06-05 19:11 <DIR> d——– C:\DOCUME~1\ADMINI~1\Bureaublad
  2007-06-05 18:53 <DIR> d——– C:\Program Files\TrojanHunter 4.6
  2007-06-02 17:33 2,580 –a—— C:\WINDOWS\system32\rcwxwbgm.exe
  2007-06-02 17:29 2,580 –a—— C:\WINDOWS\system32\ndmgyuxg.exe
  2007-06-02 17:02 2,580 –a—— C:\WINDOWS\system32\dfjimgui.exe
  2007-06-02 10:39 2,580 –a—— C:\WINDOWS\system32\vwntvynn.exe
  2007-06-02 08:28 2,580 –a—— C:\WINDOWS\system32\onwqcfxj.exe
  2007-06-02 07:29 2,580 –a—— C:\WINDOWS\system32\jxsmnoic.exe
  2007-06-02 06:23 2,580 –a—— C:\WINDOWS\system32\troeiqll.exe
  2007-05-31 16:27 <DIR> d——– C:\Program Files\Counter-Strike Source
  2007-05-27 08:44 <DIR> d——– C:\Program Files\NeverwinterNights
  2007-05-26 08:00 <DIR> d——– C:\Program Files\UT2004
  2007-05-25 16:19 <DIR> d——– C:\Program Files\OpenArena
  2007-05-25 16:19 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\OpenArena
  2007-05-23 15:55 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\CrystalSpace
  2007-05-23 15:55 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\CrystalApp
  2007-05-19 17:54 <DIR> d——– C:\divx
  2007-05-19 17:07 <DIR> d——– C:\Program Files\VideoLAN
  2007-05-17 14:31 196,608 –a—— C:\WINDOWS\system32\ssleay32.dll
  2007-05-17 14:31 1,040,384 –a—— C:\WINDOWS\system32\libeay32.dll
  2007-05-17 14:23 35 –a—— C:\readme.bat
  2007-05-16 16:05 3,082 –a—— C:\WINDOWS\system32\affv208325p1now.sys
  2007-05-16 08:16 <DIR> d——– C:\Program Files\WinAVIVideoConverter
  2007-05-16 07:48 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\vlc
  2007-05-16 07:03 <DIR> d——– C:\Program Files\Subdownloader
  2007-05-15 17:35 <DIR> d——– C:\Program Files\directx
  2007-05-15 10:12 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\Ahead
  2007-05-15 10:04 <DIR> d——– C:\Program Files\Common Files\Ahead
  2007-05-15 07:25 729,088 –a—— C:\WINDOWS\iun6002.exe
  2007-05-11 21:06 <DIR> d——– C:\Program Files\GoldEsel
  2007-05-11 21:06 <DIR> d——– C:\Program Files\Ahead
  2007-05-11 16:51 <DIR> d——– C:\Program Files\Nero
  2007-05-11 16:51 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
  2007-05-11 16:46 <DIR> d——– C:\Program Files\AskTBar
  2007-05-11 07:26 <DIR> d——– C:\temp
  2007-05-10 19:00 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\option trans lies name
  2007-05-10 18:59 <DIR> d——– C:\Program Files\Stop Draw Dart
  2007-05-10 18:59 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\Stop Draw Dart
  2007-05-10 18:58 <DIR> d——– C:\Program Files\WinZix


  (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

  2007-06-08 19:12:58 ——– d—–w C:\Program Files\MyWebSearch
  2007-06-07 13:56:05 ——– d—–w C:\Program Files\MSN Messenger
  2007-06-07 07:51:19 69,380 —-a-w C:\WINDOWS\system32\perfc013.dat
  2007-06-07 07:51:19 442,004 —-a-w C:\WINDOWS\system32\perfh013.dat
  2007-06-06 19:35:56 ——– d—–w C:\Program Files\Zylom Games
  2007-06-05 18:25:14 ——– d–h–w C:\Program Files\InstallShield Installation Information
  2007-06-05 18:22:44 ——– d—–w C:\Program Files\Microsoft Games
  2007-06-03 07:25:49 ——– d—–w C:\DOCUME~1\Wout\APPLIC~1\uTorrent
  2007-06-03 07:25:01 ——– d—–w C:\Program Files\Valve
  2007-06-02 15:07:53 ——– d—–w C:\Program Files\Google
  2007-05-29 14:07:26 356 —-a-w C:\systeam.dll
  2007-05-23 13:23:14 ——– d—–w C:\Program Files\Call of Duty
  2007-05-19 15:39:48 ——– d—–w C:\Program Files\DivX
  2007-05-16 14:12:03 ——– d—–w C:\Program Files\WinAVI VideoConverter
  2007-05-15 05:15:18 1,339 —-a-w C:\WINDOWS\eReg.dat
  2007-05-14 04:55:49 ——– d—–w C:\Program Files\Movie Maker
  2007-05-14 04:55:44 ——– d—–w C:\Program Files\Messenger
  2007-05-12 20:49:03 ——– d—–w C:\Program Files\GameSpy Arcade
  2007-05-11 16:53:59 ——– d—–w C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
  2007-05-11 13:22:06 ——– d—–w C:\DOCUME~1\Wout\APPLIC~1\AdobeUM
  2007-05-08 05:35:55 ——– d—–w C:\Program Files\TrackMania Nations ESWC
  2007-05-07 17:05:49 ——– d—–w C:\Program Files\BitLord
  2007-05-07 13:12:15 ——– d—–w C:\Program Files\Dell
  2007-05-02 18:04:23 524,288 —-a-w C:\WINDOWS\system32\DivXsm.exe
  2007-05-02 18:04:19 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
  2007-05-02 18:04:06 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
  2007-05-02 18:04:05 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
  2007-05-02 18:02:06 73,728 —-a-w C:\WINDOWS\system32\dpl100.dll
  2007-05-02 18:02:06 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
  2007-05-02 18:02:04 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
  2007-05-02 18:02:02 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
  2007-05-02 18:02:02 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
  2007-05-02 18:02:02 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
  2007-05-02 18:02:02 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
  2007-05-02 18:02:02 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
  2007-05-02 18:01:56 823,296 —-a-w C:\WINDOWS\system32\divx_xx0c.dll
  2007-05-02 18:01:56 823,296 —-a-w C:\WINDOWS\system32\divx_xx07.dll
  2007-05-02 18:01:56 802,816 —-a-w C:\WINDOWS\system32\divx_xx11.dll
  2007-05-02 18:01:56 740,442 —-a-w C:\WINDOWS\system32\DivX.dll
  2007-05-02 02:33:57 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
  2007-05-02 02:33:56 124,472 —-a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
  2007-04-26 05:44:31 43,520 —-a-w C:\WINDOWS\system32\CmdLineExt03.dll
  2007-04-25 15:10:15 ——– d—–w C:\Program Files\Empire Interactive
  2007-04-24 05:57:58 ——– d—–w C:\Program Files\PowerISO
  2007-04-23 18:33:09 ——– d—–w C:\Program Files\Bethesda Softworks
  2007-04-20 05:02:21 ——– d—–w C:\DOCUME~1\Wout\APPLIC~1\Souptoys
  2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
  2007-04-18 15:48:09 ——– d—–w C:\Program Files\EA GAMES
  2007-04-18 15:47:24 ——– d—–w C:\Program Files\StealthBot
  2007-04-18 15:46:32 ——– d—–w C:\Program Files\Maplom
  2007-04-17 05:29:38 ——– d—–w C:\Program Files\Tremulous
  2007-04-16 20:47:36 33,624 —-a-w C:\WINDOWS\system32\wups.dll
  2007-04-16 20:45:54 1,710,936 —-a-w C:\WINDOWS\system32\wuaueng.dll
  2007-04-16 20:45:48 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
  2007-04-16 20:45:42 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
  2007-04-16 20:45:36 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
  2007-04-16 20:45:28 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
  2007-04-16 20:45:20 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
  2007-04-16 20:45:20 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
  2007-04-09 12:27:07 31,548 —-a-w C:\WINDOWS\system32\drivers\scdemu.sys
  2007-03-21 16:41:15 90,112 —-a-w C:\WINDOWS\system32\CmdLineExt.dll
  2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
  2007-03-14 17:19:56 95,864 —-a-w C:\WINDOWS\system32\NeroCo.dll
  2007-03-08 15:39:10 579,072 —-a-w C:\WINDOWS\system32\user32.dll
  2007-03-08 15:39:10 40,960 —-a-w C:\WINDOWS\system32\mf3216.dll
  2007-03-08 15:39:10 281,600 —-a-w C:\WINDOWS\system32\gdi32.dll
  2007-03-08 15:37:59 1,843,712 —-a-w C:\WINDOWS\system32\win32k.sys
  2004-08-03 23:03:30 1,347,584 –sh–r C:\WINDOWS\system32\soundvol32.exe


  ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


  *Note* empty entries & legit default entries are not shown

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 14:17]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll [2006-07-26 03:17]
  {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 13:32]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-03-31 20:45]
  "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42]
  "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
  "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-07-29 20:34]
  "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  Usnsvc usnsvc

  HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13a83d8a-1453-11dc-a589-99b044036ab0}]
  AutoRun\command- E:\LaunchU3.exe -a

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bea8a92-c557-11da-9d83-000bdbc37813}]
  AutoRun\command- E:\Install.exe

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a903b137-c0f1-11da-93a1-806d6172696f}]
  AutoRun\command- D:\setup.exe /autorun
  setup\command- D:\setup.exe

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcaef07c-c736-11da-9d89-000bdbc37813}]
  AutoRun\command- F:\setup.exe /autorun
  directx\command- F:\DirectX\dxsetup.exe
  setup\command- F:\setup.exe

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcaef07d-c736-11da-9d89-000bdbc37813}]
  AutoRun\command- G:\stub.exe

  *Newly Created Service* - GTNDIS5

  Contents of the 'Scheduled Tasks' folder
  2007-06-03 23:53:01 C:\WINDOWS\tasks\MP Scheduled Scan.job

  **************************************************************************

  catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
  Rootkit scan 2007-06-08 21:14:33
  Windows 5.1.2600 Service Pack 2 NTFS

  scanning hidden processes …

  scanning hidden autostart entries …

  scanning hidden files …

  scan completed successfully
  hidden files: 0

  **************************************************************************

  Completion time: 2007-06-08 21:15:10
  C:\ComboFix-quarantined-files.txt … 2007-06-08 21:15
  C:\ComboFix2.txt … 2007-06-07 09:48

  — E O F —
 • De service van Windowsdefender is ook uitgeschakeld!
  Moet deze opnieuw worden geinstalleerd?
 • Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:81f9006b0d][b:81f9006b0d]
 • "Wout" - 2007-06-09 7:21:15 Service Pack 2 NTFS
  Command switches used :: ""C:\Documents and Settings\Wout\Bureaublad\ComboFix-Do.txt""


  ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


  C:\DOCUME~1\ALLUSE~1\APPLIC~1\option trans lies name
  C:\DOCUME~1\ALLUSE~1\APPLIC~1\option trans lies name\Admin Global Mfcd
  C:\DOCUME~1\ALLUSE~1\APPLIC~1\option trans lies name\EQ GLOBAL SETUP
  C:\DOCUME~1\ALLUSE~1\APPLIC~1\option trans lies name\JugsAxisDupe
  C:\DOCUME~1\ALLUSE~1\APPLIC~1\option trans lies name\license media ford
  C:\DOCUME~1\ALLUSE~1\APPLIC~1\option trans lies name\MeetSixth.exe
  C:\DOCUME~1\ALLUSE~1\APPLIC~1\option trans lies name\start long pile
  C:\DOCUME~1\Wout\APPLIC~1\Stop Draw Dart
  C:\DOCUME~1\Wout\APPLIC~1\Stop Draw Dart\B1EE8C87
  C:\DOCUME~1\Wout\APPLIC~1\Stop Draw Dart\pectadea.exe
  C:\DOCUME~1\Wout\APPLIC~1\Stop Draw Dart\Tool Gpl Wma.exe
  C:\DOCUME~1\Wout\APPLIC~1\Stop Draw Dart\Warn cool.exe
  C:\Program Files\MyWebSearch
  C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
  C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
  C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
  C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
  C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
  C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
  C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
  C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
  C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
  C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
  C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
  C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
  C:\Program Files\Stop Draw Dart
  C:\WINDOWS\system32\RemoveVideoActiveXObject.reg
  C:\WINDOWS\system32\RVAXO
  C:\WINDOWS\system32\RVAXO\d3dx.dat
  C:\WINDOWS\system32\RVAXO\remove.exe
  C:\WINDOWS\system32\RVAXO\vbzip11.dll
  C:\WINDOWS\system32\vwntvynn.exe


  ((((((((((((((((((((((((( Files Created from 2007-05-09 to 2007-06-09 )))))))))))))))))))))))))))))))


  2007-06-08 21:28 <DIR> d——– C:\Program Files\Windows Defender
  2007-06-08 21:22 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\Lavasoft
  2007-06-07 22:31 <DIR> d——– C:\Program Files\backups
  2007-06-07 17:32 <DIR> d–hs—- C:\DOCUME~1\Wout\Onlangs geopend
  2007-06-07 14:35 <DIR> d——– C:\DOCUME~1\Wout\DoctorWeb
  2007-06-07 14:33 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\U3
  2007-06-07 12:05 <DIR> d——– C:\DOCUME~1\Eigenaar\APPLIC~1\U3
  2007-06-07 09:48 49,152 –a—— C:\WINDOWS\nircmd.exe
  2007-06-07 08:35 1,127,814 –a—— C:\temp\combofix.exe
  2007-06-06 21:36 245,760 –a—— C:\Program Files\Uninstall Ask Toolbar.dll
  2007-06-06 20:58 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
  2007-06-06 20:57 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\U3
  2007-06-06 20:43 <DIR> d——– C:\Program Files\Lavasoft
  2007-06-06 20:43 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
  2007-06-06 19:26 14,848 –a—— C:\WINDOWS\system32\drivers\kbdhid.sys
  2007-06-05 20:04 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\TrojanHunter
  2007-06-05 19:11 786,432 –ah—– C:\DOCUME~1\ADMINI~1\NTUSER.DAT
  2007-06-05 19:11 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Menu Start
  2007-06-05 19:11 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Sjablonen
  2007-06-05 19:11 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Onlangs geopend
  2007-06-05 19:11 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Netwerkprinteromgeving
  2007-06-05 19:11 <DIR> d——– C:\DOCUME~1\ADMINI~1\Mijn documenten
  2007-06-05 19:11 <DIR> d——– C:\DOCUME~1\ADMINI~1\Favorieten
  2007-06-05 19:11 <DIR> d——– C:\DOCUME~1\ADMINI~1\Bureaublad
  2007-06-05 18:53 <DIR> d——– C:\Program Files\TrojanHunter 4.6
  2007-05-31 16:27 <DIR> d——– C:\Program Files\Counter-Strike Source
  2007-05-27 08:44 <DIR> d——– C:\Program Files\NeverwinterNights
  2007-05-26 08:00 <DIR> d——– C:\Program Files\UT2004
  2007-05-25 16:19 <DIR> d——– C:\Program Files\OpenArena
  2007-05-25 16:19 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\OpenArena
  2007-05-23 15:55 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\CrystalSpace
  2007-05-23 15:55 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\CrystalApp
  2007-05-19 17:54 <DIR> d——– C:\divx
  2007-05-19 17:07 <DIR> d——– C:\Program Files\VideoLAN
  2007-05-17 14:31 196,608 –a—— C:\WINDOWS\system32\ssleay32.dll
  2007-05-17 14:31 1,040,384 –a—— C:\WINDOWS\system32\libeay32.dll
  2007-05-17 14:23 35 –a—— C:\readme.bat
  2007-05-16 16:05 3,082 –a—— C:\WINDOWS\system32\affv208325p1now.sys
  2007-05-16 08:16 <DIR> d——– C:\Program Files\WinAVIVideoConverter
  2007-05-16 07:48 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\vlc
  2007-05-16 07:03 <DIR> d——– C:\Program Files\Subdownloader
  2007-05-15 17:35 <DIR> d——– C:\Program Files\directx
  2007-05-15 10:12 <DIR> d——– C:\DOCUME~1\Wout\APPLIC~1\Ahead
  2007-05-15 10:04 <DIR> d——– C:\Program Files\Common Files\Ahead
  2007-05-15 07:25 729,088 –a—— C:\WINDOWS\iun6002.exe
  2007-05-11 21:06 <DIR> d——– C:\Program Files\GoldEsel
  2007-05-11 21:06 <DIR> d——– C:\Program Files\Ahead
  2007-05-11 16:51 <DIR> d——– C:\Program Files\Nero
  2007-05-11 16:51 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
  2007-05-11 16:46 <DIR> d——– C:\Program Files\AskTBar
  2007-05-11 07:26 <DIR> d——– C:\temp
  2007-05-10 18:58 <DIR> d——– C:\Program Files\WinZix


  (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

  2007-06-07 13:56:05 ——– d—–w C:\Program Files\MSN Messenger
  2007-06-07 07:51:19 69,380 —-a-w C:\WINDOWS\system32\perfc013.dat
  2007-06-07 07:51:19 442,004 —-a-w C:\WINDOWS\system32\perfh013.dat
  2007-06-06 19:35:56 ——– d—–w C:\Program Files\Zylom Games
  2007-06-05 18:25:14 ——– d–h–w C:\Program Files\InstallShield Installation Information
  2007-06-05 18:22:44 ——– d—–w C:\Program Files\Microsoft Games
  2007-06-03 07:25:49 ——– d—–w C:\DOCUME~1\Wout\APPLIC~1\uTorrent
  2007-06-03 07:25:01 ——– d—–w C:\Program Files\Valve
  2007-06-02 15:07:53 ——– d—–w C:\Program Files\Google
  2007-05-29 14:07:26 356 —-a-w C:\systeam.dll
  2007-05-23 13:23:14 ——– d—–w C:\Program Files\Call of Duty
  2007-05-19 15:39:48 ——– d—–w C:\Program Files\DivX
  2007-05-16 14:12:03 ——– d—–w C:\Program Files\WinAVI VideoConverter
  2007-05-15 05:15:18 1,339 —-a-w C:\WINDOWS\eReg.dat
  2007-05-14 04:55:49 ——– d—–w C:\Program Files\Movie Maker
  2007-05-14 04:55:44 ——– d—–w C:\Program Files\Messenger
  2007-05-12 20:49:03 ——– d—–w C:\Program Files\GameSpy Arcade
  2007-05-11 16:53:59 ——– d—–w C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
  2007-05-11 13:22:06 ——– d—–w C:\DOCUME~1\Wout\APPLIC~1\AdobeUM
  2007-05-08 05:35:55 ——– d—–w C:\Program Files\TrackMania Nations ESWC
  2007-05-07 17:05:49 ——– d—–w C:\Program Files\BitLord
  2007-05-07 13:12:15 ——– d—–w C:\Program Files\Dell
  2007-05-02 18:04:23 524,288 —-a-w C:\WINDOWS\system32\DivXsm.exe
  2007-05-02 18:04:19 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
  2007-05-02 18:04:06 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
  2007-05-02 18:04:05 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
  2007-05-02 18:02:06 73,728 —-a-w C:\WINDOWS\system32\dpl100.dll
  2007-05-02 18:02:06 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
  2007-05-02 18:02:04 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
  2007-05-02 18:02:02 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
  2007-05-02 18:02:02 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
  2007-05-02 18:02:02 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
  2007-05-02 18:02:02 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
  2007-05-02 18:02:02 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
  2007-05-02 18:01:56 823,296 —-a-w C:\WINDOWS\system32\divx_xx0c.dll
  2007-05-02 18:01:56 823,296 —-a-w C:\WINDOWS\system32\divx_xx07.dll
  2007-05-02 18:01:56 802,816 —-a-w C:\WINDOWS\system32\divx_xx11.dll
  2007-05-02 18:01:56 740,442 —-a-w C:\WINDOWS\system32\DivX.dll
  2007-05-02 02:33:57 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
  2007-05-02 02:33:56 124,472 —-a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
  2007-04-26 05:44:31 43,520 —-a-w C:\WINDOWS\system32\CmdLineExt03.dll
  2007-04-25 15:10:15 ——– d—–w C:\Program Files\Empire Interactive
  2007-04-24 05:57:58 ——– d—–w C:\Program Files\PowerISO
  2007-04-23 18:33:09 ——– d—–w C:\Program Files\Bethesda Softworks
  2007-04-20 05:02:21 ——– d—–w C:\DOCUME~1\Wout\APPLIC~1\Souptoys
  2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
  2007-04-18 15:48:09 ——– d—–w C:\Program Files\EA GAMES
  2007-04-18 15:47:24 ——– d—–w C:\Program Files\StealthBot
  2007-04-18 15:46:32 ——– d—–w C:\Program Files\Maplom
  2007-04-17 05:29:38 ——– d—–w C:\Program Files\Tremulous
  2007-04-16 20:47:36 33,624 —-a-w C:\WINDOWS\system32\wups.dll
  2007-04-16 20:45:54 1,710,936 —-a-w C:\WINDOWS\system32\wuaueng.dll
  2007-04-16 20:45:48 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
  2007-04-16 20:45:42 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
  2007-04-16 20:45:36 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
  2007-04-16 20:45:28 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
  2007-04-16 20:45:20 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
  2007-04-16 20:45:20 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
  2007-04-09 12:27:07 31,548 —-a-w C:\WINDOWS\system32\drivers\scdemu.sys
  2007-03-21 16:41:15 90,112 —-a-w C:\WINDOWS\system32\CmdLineExt.dll
  2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
  2007-03-14 17:19:56 95,864 —-a-w C:\WINDOWS\system32\NeroCo.dll
  2004-08-03 23:03:30 1,347,584 –sh–r C:\WINDOWS\system32\soundvol32.exe


  ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


  *Note* empty entries & legit default entries are not shown

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 14:17]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll [2006-07-26 03:17]
  {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 13:32]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-03-31 20:45]
  "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42]
  "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
  "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
  "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-07-29 20:34]
  "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]

  [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
  "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  Usnsvc usnsvc

  HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bea8a92-c557-11da-9d83-000bdbc37813}]
  AutoRun\command- E:\Install.exe

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a903b137-c0f1-11da-93a1-806d6172696f}]
  AutoRun\command- D:\setup.exe /autorun
  setup\command- D:\setup.exe

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcaef07c-c736-11da-9d89-000bdbc37813}]
  AutoRun\command- F:\setup.exe /autorun
  directx\command- F:\DirectX\dxsetup.exe
  setup\command- F:\setup.exe

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcaef07d-c736-11da-9d89-000bdbc37813}]
  AutoRun\command- G:\stub.exe

  *Newly Created Service* - GTNDIS5

  Contents of the 'Scheduled Tasks' folder
  2007-06-09 05:28:52 C:\WINDOWS\tasks\MP Scheduled Scan.job

  **************************************************************************

  catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
  Rootkit scan 2007-06-09 07:31:57
  Windows 5.1.2600 Service Pack 2 NTFS

  scanning hidden processes …

  scanning hidden autostart entries …

  scanning hidden files …

  scan completed successfully
  hidden files: 0

  **************************************************************************

  Completion time: 2007-06-09 7:32:40 - machine was rebooted
  C:\ComboFix-quarantined-files.txt … 2007-06-09 07:32
  C:\ComboFix2.txt … 2007-06-08 21:15
  C:\ComboFix3.txt … 2007-06-07 09:48

  — E O F —


  Logfile of HijackThis v1.99.1
  Scan saved at 7:34:00, on 9-6-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Windows Defender\MsMpEng.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\netdde.exe
  C:\Program Files\Eset\nod32krn.exe
  C:\WINDOWS\system32\PRISMSVC.EXE
  C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
  C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\PRISMSVR.EXE
  C:\WINDOWS\system32\wscntfy.exe
  C:\Program Files\Eset\nod32kui.exe
  C:\Program Files\Analog Devices\Core\smax4pnp.exe
  C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
  C:\Program Files\Windows Defender\MSASCui.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\MSN Messenger\msnmsgr.exe
  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  C:\Program Files\Dell Wireless\PRISMCFG.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
  C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
  C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
  C:\WINDOWS\system32\notepad.exe
  C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
  C:\Program Files\Hijackthis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
  O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
  O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
  O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
  O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
 • Verwijder de volgende map:
  C:\[b:e7230213e2]qoobox[/b:e7230213e2]\

  Maak dan je prullenbak leeg.

  [b:e7230213e2]
 • Toppie heel erg bedankt smeenk voor de hulp !! Ik heb er weer veel van geleerd.

  Ik heb alle bovenstaande acties gedaan en de problemen lijken nu voorbij.
  Alleen vraag ik me af of er nog restanten in de andere profielen (gebruiker accounts) kunnen zitten?

  Ik heb Windowsdefender opnieuw geinstalleerd en de windows firewall doet het ook weer. Misschien zet ik Sygate er nog bij.
 • Graag gedaan hoor :)

  Je zou nog wat onlinescanners kunnen laten lopen, misschien dat die nog wat restantjes vinden en verwijderen.
 • Ik heb NOD32 laten lopen, deze heeft inderdaad nog e.e.a. verwijderd.

  Daarna heb ik ook met Avast! antivirus (U3 versie 1.0.108) vanaf mijn USB stick gescanned. Ook deze vond een aantal malware items welke nu ook verwijderd zijn.

  Is een online scanner dan nog zinvol? De PC wordt zometeen opgehaald.
  Xs4all wil nu schriftelijk weten wat er allemaal gedaan is om de ADSL aansluiting weer te activeren! Als ik de logjes erbij doe, dan wordt het een heel pakket ! :lol:

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.