Vraag & Antwoord

Beveiliging & privacy

virus?

Anoniem
pimvandenderen
11 antwoorden
  • Hieronder een log.
    Volgens mij heb ik last van een virus.
    Hoe kom ik er weer van af.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:27:56, on 27-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\pjbrvgyl.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$PAP\Binn\sqlservr.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
    C:\Program Files\Blokker Bestelsoftware\Agent.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\WINDOWS\Fonts\svchost.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\phonostar\ps_timer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Siemens\Gigaset USB Adapter 108\OdHost.exe
    C:\Program Files\PCzapper\MediaManager\pbMediaCenter.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\yvooffgr.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Blokker Bestelsoftware\Agent.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\videostudio 11\uvPL.exe
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify
    O4 - HKLM\..\Run: [18ba94f0] rundll32.exe "C:\WINDOWS\system32\psejbcbb.dll",b
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: OpenOffice.org 2.2 .lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: PCzapper Media Manager.lnk = C:\Program Files\PCzapper\MediaManager\pbMediaCenter.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
    O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
    O9 - Extra button: eBay Startseite - {8B69DB2E-015D-4c4f-B97E-95EF5326BDA8} - http://adfarm.mediaplex.com/ad/ck/707-1170-5704-77?RedirectEnter&partner=36420&loc=http://pages.ebay.de (file missing)
    O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.nl/static/download/pixacodndupload.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159039035265
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CTpvr Recorder - Unknown owner - C:\Program Files\CTpvr\CTpvrRecorder.exe (file missing)
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\pjbrvgyl.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


    End of file - 12039 bytes
  • Ga naar start –> configuratiescherm –> software en verwijder daar, indien aanwezig:
    [b:382c10f245]
    AskTBar
    [/b:382c10f245]

    Download Combofix naar je Bureaublad.
    [list:382c10f245]
    Dubbelklik [b:382c10f245]Combofix.exe[/b:382c10f245]
    Volg de instructies, aanvaard de disclaimer door "[b:382c10f245]1[/b:382c10f245]" te typen en te bevestigen via "[b:382c10f245]Enter[/b:382c10f245]".
    Tijdens het runnen van de fix, [b:382c10f245]NIET[/b:382c10f245] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:382c10f245]

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    [i:382c10f245]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:382c10f245]

    [b:382c10f245]Note:[/b:382c10f245] Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.

    Succes!

    Pim :)
  • Hieronder de gevraagde log's.
    Alvast bedankt.

    ComboFix 07-11-19.4 - Compaq_Eigenaar 2007-11-27 18:00:49.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.449 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Compaq_Eigenaar\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Menu Start\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Menu Start\Online Security Guide.lnk
    C:\Documents and Settings\Compaq_Eigenaar\Bureaublad\Live Safety Center.lnk
    C:\Documents and Settings\Compaq_Eigenaar\Bureaublad\Online Security Guide.lnk
    C:\Documents and Settings\Compaq_Eigenaar\Favorieten\Online Security Guide.lnk
    C:\WINDOWS\system32\nsm12.dll
    C:\WINDOWS\system32\opqss.ini
    C:\WINDOWS\system32\opqss.ini2
    C:\WINDOWS\system32\ssqpo.dll
    C:\WINDOWS\system32\yvooffgr.dllbox
    D:\Autorun.inf
    K:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    ——-\LEGACY_DOMAINSERVICE
    ——-\DomainService


    (((((((((((((((((((( Bestanden Gemaakt van 2007-10-27 to 2007-11-27 ))))))))))))))))))))))))))))))
    .

    2007-11-27 17:54 245,760 –a—— C:\Program Files\Uninstall Ask Toolbar.dll
    2007-11-26 23:00 <DIR> d——– C:\Program Files\Dcads Advanced Toolbar
    2007-11-26 19:41 784,546 —hs—- C:\WINDOWS\system32\bbcbjesp.ini
    2007-11-26 19:32 145,984 –a—— C:\WINDOWS\system32\yvooffgr.dll
    2007-11-26 18:54 <DIR> d——– C:\Program Files\Trend Micro
    2007-11-26 18:53 194,372 –a—— C:\WINDOWS\system32\adssitesuggest_uninstall.exe
    2007-11-26 16:51 327,680 –a—— C:\WINDOWS\system32\adssitesuggest.dll
    2007-11-26 09:29 40,960 –a—— C:\Documents and Settings\Compaq_Eigenaar\f.exe
    2007-11-25 15:20 <DIR> d——– C:\Documents and Settings\Compaq_Eigenaar\Application Data\Dcads Advanced Toolbar
    2007-11-25 15:20 80,105 –a—— C:\WINDOWS\system32\dcads-remove.exe
    2007-11-24 21:35 147,456 –a—— C:\WINDOWS\system32\vbzip10.dll
    2007-11-24 21:32 120 –a—— C:\n.bat
    2007-11-24 21:31 839,700 –a—— C:\Crack.exe
    2007-11-24 21:31 37,376 –a—— C:\WINDOWS\system32\urqoppm.dll
    2007-11-24 21:31 5,579 –a—— C:\x.dat
    2007-11-24 21:31 4,074 –a—— C:\z.dat
    2007-11-24 20:07 <DIR> d——– C:\Documents and Settings\Compaq_Eigenaar\Shared
    2007-11-24 20:07 <DIR> d——– C:\Documents and Settings\Compaq_Eigenaar\Incomplete
    2007-11-24 20:06 <DIR> d——– C:\Documents and Settings\Compaq_Eigenaar\Application Data\LimeWire
    2007-11-23 15:24 327,680 –a—— C:\WINDOWS\system32\dcadssuggest.dll
    2007-11-21 15:56 <DIR> d——– C:\Documents and Settings\All Users\Application Data\InterVideo
    2007-11-21 15:54 <DIR> d——– C:\Program Files\videostudio 11
    2007-11-21 12:07 <DIR> d——– C:\Program Files\DVD Flick
    2007-11-21 12:07 <DIR> d——– C:\Documents and Settings\Compaq_Eigenaar\Application Data\DVD Flick
    2007-11-20 13:18 1,431,040 –a—— C:\WINDOWS\siemens.scr
    2007-11-20 13:18 1,180,128 –a—— C:\WINDOWS\kvv.scr
    2007-11-20 13:18 1,034,368 –a—— C:\WINDOWS\sbb.scr
    2007-11-20 13:18 829,368 –a—— C:\WINDOWS\bahnd103.scr
    2007-11-20 13:18 689,088 –a—— C:\WINDOWS\fern-scr.scr
    2007-11-20 13:18 688,928 –a—— C:\WINDOWS\bahnd200.scr
    2007-11-20 13:18 659,136 –a—— C:\WINDOWS\alcatel.scr
    2007-11-20 13:18 609,696 –a—— C:\WINDOWS\dbag.scr
    2007-11-20 13:18 331,552 –a—— C:\WINDOWS\vvs.scr
    2007-11-20 13:17 <DIR> d——– C:\Program Files\Traffic
    2007-11-20 13:17 2,342,912 –a—— C:\WINDOWS\Traffic.scr
    2007-11-20 13:17 1,163,325 –a—— C:\WINDOWS\system32\cmax20tr.ocx
    2007-11-20 13:17 782,400 –a—— C:\WINDOWS\system32\cmax20u.dll
    2007-11-20 13:17 327,680 –a—— C:\WINDOWS\TrafScrA.dll
    2007-11-16 19:41 <DIR> d——– C:\Program Files\test
    2007-11-16 19:40 299,520 –a—— C:\WINDOWS\uninst.exe
    2007-11-08 07:49 <DIR> d——– C:\r14817en[1]
    2007-11-05 20:21 <DIR> d——– C:\eredienst hoofddorp
    2007-10-31 21:11 <DIR> d——– C:\Documents and Settings\Compaq_Eigenaar\Application Data\Apple Computer
    2007-10-29 10:49 <DIR> d——– C:\Program Files\Common Files\Ankiro
    2007-10-29 10:48 <DIR> d——– C:\Program Files\Common Files\Application
    2007-10-29 10:47 <DIR> d——– C:\Program Files\SPAMfighter

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-27 16:51 ——— d—–w C:\Documents and Settings\Compaq_Eigenaar\Application Data\OpenOffice.org2
    2007-11-27 16:50 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-25 13:40 ——— d—–w C:\Program Files\Elaborate Bytes
    2007-11-24 18:41 ——— d—–w C:\Documents and Settings\Compaq_Eigenaar\Application Data\gtk-2.0
    2007-11-24 18:39 ——— d—–w C:\Program Files\denemo
    2007-11-21 14:56 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-11-21 14:55 ——— d—–w C:\Program Files\Common Files\Ulead Systems
    2007-11-21 11:36 ——— d—–w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2007-11-21 04:35 ——— d—–w C:\Program Files\Monkey's Audio
    2007-11-16 18:55 ——— d—–w C:\Program Files\capella-software
    2007-11-14 12:26 ——— d—–w C:\Program Files\Blokker Bestelsoftware
    2007-11-14 11:31 ——— d—–w C:\Program Files\Google
    2007-11-10 08:36 ——— d—–w C:\Program Files\Tyre
    2007-11-08 08:22 ——— d—–w C:\Program Files\GIMP-2.0
    2007-11-01 15:48 ——— d—–w C:\Program Files\ACCESS
    2007-10-30 13:30 ——— d—–w C:\Program Files\MediaMonkey
    2007-10-27 17:27 ——— d—–w C:\Program Files\Blocks 5
    2007-10-25 14:02 ——— d—–w C:\Program Files\Easy Album Manager
    2007-10-24 10:44 ——— d—–w C:\Program Files\Winamp
    2007-10-23 19:26 ——— d—–w C:\Program Files\Burger
    2007-10-11 06:21 ——— d—–w C:\Program Files\Java
    2007-10-01 11:15 839,702 —-a-w C:\WINDOWS\Fonts\Crack.exe
    2007-10-01 11:15 839,701 –sh–w C:\WINDOWS\Fonts\svchost.exe
    2007-09-29 09:43 ——— d—–w C:\Program Files\DSC00718_002
    2007-09-29 09:42 ——— d—–w C:\Program Files\DSC00718_001
    2007-04-19 08:25 99,760 —-a-w C:\Documents and Settings\Compaq_Eigenaar\Application Data\GDIPFONTCACHEV1.DAT
    2007-04-04 11:28 342 —ha-w C:\Documents and Settings\Compaq_Eigenaar\hpothb07.dat
    2007-04-04 11:28 164 —ha-w C:\Documents and Settings\All Users\hpothb07.dat
    2006-04-12 08:21 8 —-a-w C:\Documents and Settings\Compaq_Eigenaar\Application Data\usb.dat.bin
    2006-03-14 13:16 0 —-a-w C:\Documents and Settings\Compaq_Eigenaar\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1777bbf7-9b92-420e-9dbc-0434224fd92a}]
    2007-11-26 19:38 80960 –a—— C:\WINDOWS\system32\oclbithq.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A2224A0-B114-4491-9305-FD0E4B55FA1E}]
    2007-11-24 21:31 37376 –a—— C:\WINDOWS\system32\urqoppm.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]
    2007-11-19 11:36 64000 –a—— C:\WINDOWS\system32\spads.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    2007-11-26 19:32 145984 –a—— C:\WINDOWS\system32\yvooffgr.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C004D9F0-A742-4DC7-AFD0-BC29CE3FE04A}]
    2007-11-26 16:51 327680 –a—— C:\WINDOWS\system32\adssitesuggest.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\yvooffgr.dll [2007-11-26 19:32 145984]

    [HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\yvooffgr.dll [2007-11-26 19:32 145984]

    [HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 00:24]
    "PhonostarTimer"="C:\Program Files\phonostar\ps_timer.exe" [2007-06-18 15:59]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 17:46]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14]
    "PCDrProfiler"="" []
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-11 15:03]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-11 11:52]
    "PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2005-05-11 19:58]
    "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 14:47]
    "ExtraFilmHemmaAgent"="C:\Program Files\Blokker Bestelsoftware\Agent.exe" [2005-05-27 14:59]
    "RegistryMechanic"="" []
    "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 10:12]
    "RTHDCPL"="RTHDCPL.EXE" [2006-03-08 04:54 C:\WINDOWS\RTHDCPL.EXE]
    "UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-06 23:52]
    "WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" []
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29]
    "UVS11 Preload"="C:\Program Files\videostudio 11\uvPL.exe" [2007-04-12 13:23]
    "Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-10-01 12:15]
    "spa_start"="C:\WINDOWS\System32\Rundll32.exe" [2004-08-04 13:00]
    "18ba94f0"="C:\WINDOWS\system32\psejbcbb.dll" [2007-11-26 19:41]

    C:\Documents and Settings\Compaq_Eigenaar\Menu Start\Programma's\Opstarten\
    Microsoft Office Snelzoeken.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-02-12 23:00:00]
    Office Opstarten.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-02-12 23:00:00]
    OpenOffice.org 2.2 .lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe [2006-03-14 16:38:42]
    Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-15 06:38:38]
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-15 06:38:38]
    Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 11:44:06]
    Gigaset WLAN Adapter Monitor.lnk - C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe [2006-07-15 12:50:29]
    InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-01-11 15:06:18]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]
    PCzapper Media Manager.lnk - C:\Program Files\PCzapper\MediaManager\pbMediaCenter.exe [2007-02-16 21:21:44]
    Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 21:07:32]

    [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{3A2224A0-B114-4491-9305-FD0E4B55FA1E}"= C:\WINDOWS\system32\urqoppm.dll [2007-11-24 21:31 37376]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqoppm]
    urqoppm.dll 2007-11-24 21:31 37376 C:\WINDOWS\system32\urqoppm.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yvooffgr]
    yvooffgr.dll 2007-11-26 19:32 145984 C:\WINDOWS\system32\yvooffgr.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtqo.dll

    R2 MSSQL$PAP;MSSQL$PAP;"C:\Program Files\Microsoft SQL Server\MSSQL$PAP\Binn\sqlservr.exe" -sPAP
    R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe"
    R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
    R3 AR5523;Gigaset USB Adapter 108;C:\WINDOWS\system32\DRIVERS\ar5523.sys
    R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\CBTNDIS5.SYS
    R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys
    S2 CTpvr Recorder;CTpvr Recorder;C:\Program Files\CTpvr\CTpvrRecorder.exe
    S3 SQLAgent$PAP;SQLAgent$PAP;"C:\Program Files\Microsoft SQL Server\MSSQL$PAP\Binn\sqlagent.EXE" -i PAP

    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-27 18:12:54
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-11-27 18:18:13 - machine was rebooted
    .
    — E O F —


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:19:35, on 27-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$PAP\Binn\sqlservr.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
    C:\Program Files\Blokker Bestelsoftware\Agent.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\WINDOWS\System32\Rundll32.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\phonostar\ps_timer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Siemens\Gigaset USB Adapter 108\OdHost.exe
    C:\Program Files\PCzapper\MediaManager\pbMediaCenter.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\yvooffgr.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Blokker Bestelsoftware\Agent.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\videostudio 11\uvPL.exe
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify
    O4 - HKLM\..\Run: [18ba94f0] rundll32.exe "C:\WINDOWS\system32\psejbcbb.dll",b
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: OpenOffice.org 2.2 .lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: PCzapper Media Manager.lnk = C:\Program Files\PCzapper\MediaManager\pbMediaCenter.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
    O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
    O9 - Extra button: eBay Startseite - {8B69DB2E-015D-4c4f-B97E-95EF5326BDA8} - http://adfarm.mediaplex.com/ad/ck/707-1170-5704-77?RedirectEnter&partner=36420&loc=http://pages.ebay.de (file missing)
    O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.nl/static/download/pixacodndupload.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159039035265
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CTpvr Recorder - Unknown owner - C:\Program Files\CTpvr\CTpvrRecorder.exe (file missing)
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


    End of file - 11779 bytes
  • Zou je onderstaand bestand eens willen uploaden bij Jotti: http://virusscan.jotti.org
    Voer bij het invulveld 'File to upload & scan in': [b:53e33efed9]C:\WINDOWS\siemens.scr[/b:53e33efed9]
    Klik vervolgens op scan en post de resultaten in je volgende bericht.

    Start Hijackthis, kies voor [i:53e33efed9]'Do a system scan only'[/i:53e33efed9] en vink onderstaande regels aan:
    [b:53e33efed9]
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\yvooffgr.dll
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify
    O4 - HKLM\..\Run: [18ba94f0] rundll32.exe "C:\WINDOWS\system32\psejbcbb.dll",b
    O23 - Service: CTpvr Recorder - Unknown owner - C:\Program Files\CTpvr\CTpvrRecorder.exe (file missing)
    [/b:53e33efed9]
    Sluit nu [u:53e33efed9]alle[/u:53e33efed9] openstaande vensters, behalve Hijackthis en klik op [b:53e33efed9]Fix Checked[/b:53e33efed9].

    Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:53e33efed9]
    File::
    C:\Program Files\Uninstall Ask Toolbar.dll
    C:\WINDOWS\system32\bbcbjesp.ini
    C:\WINDOWS\system32\yvooffgr.dll
    C:\WINDOWS\system32\adssitesuggest_uninstall.exe
    C:\WINDOWS\system32\adssitesuggest.dll
    C:\Documents and Settings\Compaq_Eigenaar\f.exe
    C:\WINDOWS\system32\dcads-remove.exe
    C:\n.bat
    C:\Crack.exe
    C:\WINDOWS\system32\urqoppm.dll
    C:\x.dat
    C:\z.dat
    C:\WINDOWS\system32\dcadssuggest.dll
    C:\WINDOWS\Fonts\Crack.exe
    C:\WINDOWS\Fonts\svchost.exe

    Folder::
    C:\Program Files\Dcads Advanced Toolbar
    C:\Documents and Settings\Compaq_Eigenaar\Application Data\Dcads Advanced Toolbar
    C:\r14817en[1]
    C:\Program Files\CTpvr

    Dirlook::
    C:\Program Files\DSC00718_001
    C:\Program Files\DSC00718_002

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1777bbf7-9b92-420e-9dbc-0434224fd92a}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A2224A0-B114-4491-9305-FD0E4B55FA1E}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C004D9F0-A742-4DC7-AFD0-BC29CE3FE04A}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
    [-HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"=
    [-HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Host Process"=-
    "spa_start"=-
    "18ba94f0"=-
    [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{3A2224A0-B114-4491-9305-FD0E4B55FA1E}"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqoppm]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yvooffgr]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


    [/b:53e33efed9]
    Sla dit op op je Bureaublad als [b:53e33efed9]CFScript.txt[/b:53e33efed9]

    Sleep [b:53e33efed9]CFScript.txt[/b:53e33efed9] in [b:53e33efed9]ComboFix.exe[/b:53e33efed9] zoals getoond in onderstaand voorbeeld :

    [img:53e33efed9]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:53e33efed9]

    Dit zal [b:53e33efed9]ComboFix[/b:53e33efed9] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de [b:53e33efed9]Combofix.txt[/b:53e33efed9] in je volgende antwoord samen met een nieuw HijackThislogje.

    Succes :)

    Pim
  • Wat bedoel je precies met "onderstaand bestand" in de eerste regel?

    HG

    Klaas
  • hijackthis of combofix.exe waarschijnlijk
  • Ik weet nog steeds niet welk bestand ik moet uploaden.

    De rest van de instructies heb ik opgevolgd.
    De rust in mijn pc is terug gekeerd.

    Bedankt,

    Klaas

    Hieronder de logjes

    ComboFix 07-11-19.4 - Compaq_Eigenaar 2007-11-28 8:52:11.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.461 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Compaq_Eigenaar\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Compaq_Eigenaar\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt

    FILE
    C:\Crack.exe
    C:\Documents and Settings\Compaq_Eigenaar\f.exe
    C:\n.bat
    C:\Program Files\Uninstall Ask Toolbar.dll
    C:\WINDOWS\Fonts\Crack.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\WINDOWS\system32\adssitesuggest.dll
    C:\WINDOWS\system32\adssitesuggest_uninstall.exe
    C:\WINDOWS\system32\bbcbjesp.ini
    C:\WINDOWS\system32\dcads-remove.exe
    C:\WINDOWS\system32\dcadssuggest.dll
    C:\WINDOWS\system32\urqoppm.dll
    C:\WINDOWS\system32\yvooffgr.dll
    C:\x.dat
    C:\z.dat
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Crack.exe
    C:\Documents and Settings\All Users\Menu Start\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Menu Start\Online Security Guide.lnk
    C:\Documents and Settings\Compaq_Eigenaar\Application Data\Dcads Advanced Toolbar
    C:\Documents and Settings\Compaq_Eigenaar\Application Data\Dcads Advanced Toolbar\selected.xml
    C:\Documents and Settings\Compaq_Eigenaar\Bureaublad\Live Safety Center.lnk
    C:\Documents and Settings\Compaq_Eigenaar\Bureaublad\Online Security Guide.lnk
    C:\Documents and Settings\Compaq_Eigenaar\f.exe
    C:\Documents and Settings\Compaq_Eigenaar\Favorieten\Online Security Guide.lnk
    C:\n.bat
    C:\Program Files\CTpvr
    C:\Program Files\CTpvr\Channels.ini
    C:\Program Files\CTpvr\ctpvr.ini
    C:\Program Files\CTpvr\cttv.ini
    C:\Program Files\CTpvr\epgdata\epghd.ldb
    C:\Program Files\CTpvr\epgdata\epghd.mdb
    C:\Program Files\CTpvr\logs\CT070208.log
    C:\Program Files\Dcads Advanced Toolbar
    C:\r14817en[1]
    C:\r14817en[1]\disk1\disk1
    C:\r14817en[1]\disk1\oemsetup.dsc
    C:\r14817en[1]\disk1\OEMSETUP.INF
    C:\r14817en[1]\disk1\README.TXT
    C:\r14817en[1]\disk1\ric63a.cat
    C:\r14817en[1]\disk1\ric63a.hl_
    C:\r14817en[1]\disk1\ric63ac.dl_
    C:\r14817en[1]\disk1\ric63aj.dl_
    C:\r14817en[1]\disk1\ric63ak.dl_
    C:\r14817en[1]\disk1\ric63al.dl_
    C:\r14817en[1]\disk1\ric63ap.dl_
    C:\r14817en[1]\disk1\RIC63API.dl_
    C:\r14817en[1]\disk1\ric63aq.ex_
    C:\r14817en[1]\disk1\ric63as.dl_
    C:\r14817en[1]\disk1\ric63au.dl_
    C:\r14817en[1]\disk1\ric63awk.dl_
    C:\r14817en[1]\disk1\ric63awu.dl_
    C:\r14817en[1]\disk1\ric63ax.dl_
    C:\r14817en[1]\disk1\RIC63Ax.ex_
    C:\r14817en[1]\disk1\ric63azk.dl_
    C:\r14817en[1]\disk1\ric63azu.dl_
    C:\r14817en[1]\disk1\TIBase64.dl_
    C:\r14817en[1]\disk1\TIFmtA.dl_
    C:\r14817en[1]\disk1\TrackID.dl_
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\Fonts\Crack.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\WINDOWS\system32\adssitesuggest.dll
    C:\WINDOWS\system32\adssitesuggest_uninstall.exe
    C:\WINDOWS\system32\awtqo.dll
    C:\WINDOWS\system32\bbcbjesp.ini
    C:\WINDOWS\system32\c3
    C:\WINDOWS\system32\dcads-remove.exe
    C:\WINDOWS\system32\dcadssuggest.dll
    C:\WINDOWS\system32\h1
    C:\WINDOWS\system32\m4
    C:\WINDOWS\system32\m4\ejup83122.exe
    C:\WINDOWS\system32\oqtwa.ini
    C:\WINDOWS\system32\oqtwa.ini2
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\urqoppm.dll
    C:\WINDOWS\system32\yvooffgr.dll
    C:\WINDOWS\system32\yvooffgr.dllbox
    C:\x.dat
    C:\z.dat

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))
    .

    2007-11-27 18:17 225,790 –a—— C:\temp\e002A477.exe
    2007-11-27 18:16 <DIR> d——– C:\temp\abW9
    2007-11-26 18:54 <DIR> d——– C:\Program Files\Trend Micro
    2007-11-24 21:35 147,456 –a—— C:\WINDOWS\system32\vbzip10.dll
    2007-11-24 20:07 <DIR> d——– C:\Documents and Settings\Compaq_Eigenaar\Shared
    2007-11-24 20:07 <DIR> d——– C:\Documents and Settings\Compaq_Eigenaar\Incomplete
    2007-11-24 20:06 <DIR> d——– C:\Documents and Settings\Compaq_Eigenaar\Application Data\LimeWire
    2007-11-21 15:56 <DIR> d——– C:\Documents and Settings\All Users\Application Data\InterVideo
    2007-11-21 15:54 <DIR> d——– C:\Program Files\videostudio 11
    2007-11-21 12:07 <DIR> d——– C:\Program Files\DVD Flick
    2007-11-21 12:07 <DIR> d——– C:\Documents and Settings\Compaq_Eigenaar\Application Data\DVD Flick
    2007-11-20 13:18 1,431,040 –a—— C:\WINDOWS\siemens.scr
    2007-11-20 13:18 1,034,368 –a—— C:\WINDOWS\sbb.scr
    2007-11-20 13:18 331,552 –a—— C:\WINDOWS\vvs.scr
    2007-11-20 13:17 <DIR> d——– C:\Program Files\Traffic
    2007-11-20 13:17 2,342,912 –a—— C:\WINDOWS\Traffic.scr
    2007-11-20 13:17 1,163,325 –a—— C:\WINDOWS\system32\cmax20tr.ocx
    2007-11-20 13:17 782,400 –a—— C:\WINDOWS\system32\cmax20u.dll
    2007-11-20 13:17 327,680 –a—— C:\WINDOWS\TrafScrA.dll
    2007-11-16 19:41 <DIR> d——– C:\Program Files\test
    2007-11-16 19:40 299,520 –a—— C:\WINDOWS\uninst.exe
    2007-11-05 20:21 <DIR> d——– C:\eredienst hoofddorp
    2007-10-31 21:11 <DIR> d——– C:\Documents and Settings\Compaq_Eigenaar\Application Data\Apple Computer
    2007-10-29 10:49 <DIR> d——– C:\Program Files\Common Files\Ankiro
    2007-10-29 10:48 <DIR> d——– C:\Program Files\Common Files\Application
    2007-10-29 10:47 <DIR> d——– C:\Program Files\SPAMfighter

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-28 07:42 ——— d—–w C:\Documents and Settings\Compaq_Eigenaar\Application Data\OpenOffice.org2
    2007-11-28 07:17 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-27 17:11 ——— d—–w C:\Program Files\AskTBar
    2007-11-25 13:40 ——— d—–w C:\Program Files\Elaborate Bytes
    2007-11-24 18:41 ——— d—–w C:\Documents and Settings\Compaq_Eigenaar\Application Data\gtk-2.0
    2007-11-24 18:39 ——— d—–w C:\Program Files\denemo
    2007-11-21 14:56 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-11-21 14:55 ——— d—–w C:\Program Files\Common Files\Ulead Systems
    2007-11-21 11:36 ——— d—–w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2007-11-21 04:35 ——— d—–w C:\Program Files\Monkey's Audio
    2007-11-16 18:55 ——— d—–w C:\Program Files\capella-software
    2007-11-14 12:26 ——— d—–w C:\Program Files\Blokker Bestelsoftware
    2007-11-14 11:31 ——— d—–w C:\Program Files\Google
    2007-11-10 08:36 ——— d—–w C:\Program Files\Tyre
    2007-11-08 08:22 ——— d—–w C:\Program Files\GIMP-2.0
    2007-11-01 15:48 ——— d—–w C:\Program Files\ACCESS
    2007-10-30 13:30 ——— d—–w C:\Program Files\MediaMonkey
    2007-10-27 17:27 ——— d—–w C:\Program Files\Blocks 5
    2007-10-25 14:02 ——— d—–w C:\Program Files\Easy Album Manager
    2007-10-24 10:44 ——— d—–w C:\Program Files\Winamp
    2007-10-23 19:26 ——— d—–w C:\Program Files\Burger
    2007-10-11 06:21 ——— d—–w C:\Program Files\Java
    2007-09-29 09:43 ——— d—–w C:\Program Files\DSC00718_002
    2007-09-29 09:42 ——— d—–w C:\Program Files\DSC00718_001
    2007-04-19 08:25 99,760 —-a-w C:\Documents and Settings\Compaq_Eigenaar\Application Data\GDIPFONTCACHEV1.DAT
    2007-04-04 11:28 342 —ha-w C:\Documents and Settings\Compaq_Eigenaar\hpothb07.dat
    2007-04-04 11:28 164 —ha-w C:\Documents and Settings\All Users\hpothb07.dat
    2006-04-12 08:21 8 —-a-w C:\Documents and Settings\Compaq_Eigenaar\Application Data\usb.dat.bin
    2006-03-14 13:16 0 —-a-w C:\Documents and Settings\Compaq_Eigenaar\Application Data\wklnhst.dat
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    —- Directory of C:\Program Files\DSC00718_001 —-

    2007-09-29 10:42 3713186 –a—— C:\Program Files\DSC00718_001\data\buildinginstruction.html
    2007-09-29 10:42 1798 –a—— C:\Program Files\DSC00718_001\index.html
    2007-09-29 10:42 1512 –a—— C:\Program Files\DSC00718_001\data\additional.html

    —- Directory of C:\Program Files\DSC00718_002 —-

    2007-09-29 10:43 5034450 –a—— C:\Program Files\DSC00718_002\data\mosaic.xml
    2007-09-29 10:43 4327 –a—— C:\Program Files\DSC00718_002\data\billofmaterial.html
    2007-09-29 10:43 3713298 –a—— C:\Program Files\DSC00718_002\data\buildinginstruction.html
    2007-09-29 10:43 2287 –a—— C:\Program Files\DSC00718_002\index.html
    2007-09-29 10:43 1822 –a—— C:\Program Files\DSC00718_002\data\xml.html
    2007-09-29 10:43 1624 –a—— C:\Program Files\DSC00718_002\data\additional.html


    ((((((((((((((((((((((((((((( snapshot@2007-11-27_18.16.03.67 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-11-13 08:18:04 32,768 —-a-w C:\WINDOWS\system32\rMa05yy\rMa05yy1080.exe
    + 2007-11-27 17:16:36 36,864 —-a-w C:\WINDOWS\system32\vtutuss.dll
    + 2007-11-28 08:00:06 16,384 —-atw C:\WINDOWS\Temp\Perflib_Perfdata_520.dat
    + 2007-11-28 08:00:09 16,384 —-atw C:\WINDOWS\Temp\Perflib_Perfdata_7a8.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2CF00CD-5EB9-4C22-A3C4-DF9B71208EA6}]
    C:\Program Files\MSN Gaming Zone\qusozyluwC:\WINDOWS\system32\m4\ejup83122.exe.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 00:24]
    "PhonostarTimer"="C:\Program Files\phonostar\ps_timer.exe" [2007-06-18 15:59]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 17:46]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14]
    "PCDrProfiler"="" []
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-11 15:03]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-11 11:52]
    "PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2005-05-11 19:58]
    "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 14:47]
    "ExtraFilmHemmaAgent"="C:\Program Files\Blokker Bestelsoftware\Agent.exe" [2005-05-27 14:59]
    "RegistryMechanic"="" []
    "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 10:12]
    "RTHDCPL"="RTHDCPL.EXE" [2006-03-08 04:54 C:\WINDOWS\RTHDCPL.EXE]
    "UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-06 23:52]
    "WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" []
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29]
    "UVS11 Preload"="C:\Program Files\videostudio 11\uvPL.exe" [2007-04-12 13:23]

    C:\Documents and Settings\Compaq_Eigenaar\Menu Start\Programma's\Opstarten\
    Microsoft Office Snelzoeken.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-02-12 23:00:00]
    Office Opstarten.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-02-12 23:00:00]
    OpenOffice.org 2.2 .lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe [2006-03-14 16:38:42]
    Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-15 06:38:38]
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-15 06:38:38]
    Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 11:44:06]
    Gigaset WLAN Adapter Monitor.lnk - C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe [2006-07-15 12:50:29]
    InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-01-11 15:06:18]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]
    PCzapper Media Manager.lnk - C:\Program Files\PCzapper\MediaManager\pbMediaCenter.exe [2007-02-16 21:21:44]
    Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 21:07:32]

    R2 MSSQL$PAP;MSSQL$PAP;"C:\Program Files\Microsoft SQL Server\MSSQL$PAP\Binn\sqlservr.exe" -sPAP
    R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe"
    R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
    R3 AR5523;Gigaset USB Adapter 108;C:\WINDOWS\system32\DRIVERS\ar5523.sys
    R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\CBTNDIS5.SYS
    R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys
    S3 SQLAgent$PAP;SQLAgent$PAP;"C:\Program Files\Microsoft SQL Server\MSSQL$PAP\Binn\sqlagent.EXE" -i PAP
    S4 CTpvr Recorder;CTpvr Recorder;C:\Program Files\CTpvr\CTpvrRecorder.exe

    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-28 09:00:43
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-11-28 9:03:55 - machine was rebooted
    C:\ComboFix2.txt … 2007-11-27 18:18
    .
    — E O F —

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:15:44, on 28-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$PAP\Binn\sqlservr.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
    C:\Program Files\Blokker Bestelsoftware\Agent.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\phonostar\ps_timer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
    C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Siemens\Gigaset USB Adapter 108\OdHost.exe
    C:\Program Files\PCzapper\MediaManager\pbMediaCenter.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {C2CF00CD-5EB9-4C22-A3C4-DF9B71208EA6} - C:\Program Files\MSN Gaming Zone\qusozyluwC:\WINDOWS\system32\m4\ejup83122.exe.dll (file missing)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Blokker Bestelsoftware\Agent.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\videostudio 11\uvPL.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: OpenOffice.org 2.2 .lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: PCzapper Media Manager.lnk = C:\Program Files\PCzapper\MediaManager\pbMediaCenter.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
    O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
    O9 - Extra button: eBay Startseite - {8B69DB2E-015D-4c4f-B97E-95EF5326BDA8} - http://adfarm.mediaplex.com/ad/ck/707-1170-5704-77?RedirectEnter&partner=36420&loc=http://pages.ebay.de (file missing)
    O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.nl/static/download/pixacodndupload.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159039035265
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


    End of file - 11620 bytes
  • Met onderstaand bestand bedoel ik dit bestand: [b:d5132fb2f3]C:\WINDOWS\siemens.scr[/b:d5132fb2f3]
    Zou je die nog even kunnen laten scannen bij Jotti?

    Pim
  • Resultaat van de scan.

    Scan taken on 28 Nov 2007 15:36:00 (GMT)
    A-Squared Found nothing
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    CPsecure Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    Fortinet Found nothing
    Ikarus Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    Panda Antivirus Found nothing
    Rising Antivirus Found nothing
    Sophos Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing
  • Start Hijackthis, kies voor [i:fc29b9b9d9]'Do a system scan only'[/i:fc29b9b9d9] en vink onderstaande regels aan:
    [b:fc29b9b9d9]
    O2 - BHO: (no name) - {C2CF00CD-5EB9-4C22-A3C4-DF9B71208EA6} - C:\Program Files\MSN Gaming Zone\qusozyluwC:\WINDOWS\system32\m4\ejup83122.exe.dll (file missing)
    [/b:fc29b9b9d9]
    Sluit nu [u:fc29b9b9d9]alle[/u:fc29b9b9d9] openstaande vensters, behalve Hijackthis en klik op [b:fc29b9b9d9]Fix Checked[/b:fc29b9b9d9].

    Zorg dat verborgen mappen en bestanden worden weergeven:
    http://users.telenet.be/marcvn/spyware/1117602.htm

    Verwijder onderstaande mappen:
    C:\Program Files\MSN Gaming Zone\[b:fc29b9b9d9]qusozyluw[/b:fc29b9b9d9]
    C:\Program Files\[b:fc29b9b9d9]AskTBar[/b:fc29b9b9d9]

    Verwijder onderstaand bestand, indien aanwezig:
    C:\WINDOWS\system32\m4\[b:fc29b9b9d9]ejup83122.exe.dll[/b:fc29b9b9d9]

    Download ATF Cleaner (by Atribune)

    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij [b:fc29b9b9d9]Select All[/b:fc29b9b9d9].
    Klik op de knop [b:fc29b9b9d9]Empty Selected[/b:fc29b9b9d9].

    Het volgende doen als je ook [u:fc29b9b9d9]FireFox[/u:fc29b9b9d9] als browser hebt:
    Klik op tabblad "Firefox", plaats een vinkje bij [b:fc29b9b9d9]Select All[/b:fc29b9b9d9].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords";)
    Klik op de knop [b:fc29b9b9d9]Empty Selected.[/b:fc29b9b9d9]

    Het volgende doen als je ook [u:fc29b9b9d9]Opera[/u:fc29b9b9d9] als browser hebt:
    Klik op tabblad "Opera", plaats een vinkje bij [b:fc29b9b9d9]Select All[/b:fc29b9b9d9].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:fc29b9b9d9]Empty Selected[/b:fc29b9b9d9].
    Ga naar het tabblad "Main" en klik op de knop [b:fc29b9b9d9]Exit[/b:fc29b9b9d9] om het programma af te sluiten.

    Post vervolgens een nieuw Hijackthis logje en meldt gelijk hoe het met je problemen is :)

    Pim
  • Fix Checked op de opgegeven regel toegepast.

    Mappen en bestanden waren niet aanwezig.

    ATF gedraaid.

    Hieronder het Hijackthis logje.
    De rust in mijn PC was gisteren al teruggekeerd. :D

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:18:26, on 29-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$PAP\Binn\sqlservr.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
    C:\Program Files\Blokker Bestelsoftware\Agent.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\phonostar\ps_timer.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
    C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\PCzapper\MediaManager\pbMediaCenter.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Siemens\Gigaset USB Adapter 108\OdHost.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\zstatus.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Blokker Bestelsoftware\Agent.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\videostudio 11\uvPL.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: OpenOffice.org 2.2 .lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: PCzapper Media Manager.lnk = C:\Program Files\PCzapper\MediaManager\pbMediaCenter.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
    O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
    O9 - Extra button: eBay Startseite - {8B69DB2E-015D-4c4f-B97E-95EF5326BDA8} - http://adfarm.mediaplex.com/ad/ck/707-1170-5704-77?RedirectEnter&partner=36420&loc=http://pages.ebay.de (file missing)
    O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.nl/static/download/pixacodndupload.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159039035265
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


    End of file - 11491 bytes

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.