Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Help! Ik krijg Malware niet weg

None
22 antwoorden
  • Hallo,

    Ik kreeg een paar dagen terug tijdens het internetten een virusmelding en ervaar sindsdien veel problemen met mn laptop. Ik heb zelf van alles geprobeerd, maar het lijkt alleen maar van kwaad naar erger te gaan.
    Zou iemand mij alsjeblieft willen helpen mn pc weer voor elkaar te krijgen?

    Symptomen:
    - Pc is super traag
    - Kopieren/plakken of het slepen van bestanden kan niet meer
    - Taakbalk geeft de geopende mappen niet meer
    - Veel programma's werken niet meer goed of worden direct weer afgesloten.
    - Geluid werkt niet meer

    Ik heb zelf al een aantal dingen geprobeerd, waaronder scannen met Antivir, McAfee, CureIt, HitmanPro 2, Spyware Doctor en ik heb al iets geprobeer met Killbox en Combofix

    Tijdens het scannen kwam ik de naam Vundo, Virtumonde en ConHook vaak tegen maar ook allerlei anderen virussen die telkens leken te veranderen.
    Op internet heb ik al iets gevonden over Rootkits die telkens allerlei ook rotzooi instaleren, dat gevoel krijg ik wel bij deze situatie.
    Uiteindelijk heb ik meer geprobeerd dan ik er eigenlijk vanaf weet, dus ik hoop dat iemand mij kan helpen dit aan te pakken.

    Alexander
  • Hierbij wat informatie.

    Kijk eens op dit onderwerp waarbij Gerben het een en ander uitgebreid vertelt.
    In het bijzonder het onderdeel over HijackThis, lees dat onderwerp aandachtig, download het programma, maak een scan en post de logfile zoals aangegeven.
    http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=115358

    Van de specialisten krijg je ongetwijfeld reactie, wees niet ongeduldig het is tenslotte zondag en men zit niet 24 uur per dag achter de computer.(hoewel het soms wel lijkt bij de helpers, gelukkig maar.)

    Mijn kennis op dat vlak is onvolledig om iemand accuraat verder te helpen.
  • Ten eerste bedankt voor je reactie.

    Ik heb Hijack gedraait vanaf een USB stick, omdat ik dus geen bestanden kan verplaatsen. Het leek erop dat dit niet voor problemen zorgde en er is deze logfile uit gerold:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:16, on 2007-12-17
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    G:\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.nsc.utwente.nl/
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    unkey
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKUS\S-1-5-21-3757651771-2700334224-1376242083-1003\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
    O4 - HKUS\S-1-5-21-3757651771-2700334224-1376242083-1003\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.utstart.nl
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156503411890
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156507324031
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{79CB2A13-4D01-4175-B1E8-157569A1E95B}: NameServer = 10.0.0.138
    O17 - HKLM\System\CS1\Services\Tcpip\..\{79CB2A13-4D01-4175-B1E8-157569A1E95B}: NameServer = 10.0.0.138
    O17 - HKLM\System\CS2\Services\Tcpip\..\{79CB2A13-4D01-4175-B1E8-157569A1E95B}: NameServer = 10.0.0.138
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe


    End of file - 7832 bytes


  • 1. Ik zie drie actieve virussccanners in je logfile staan:[b:9ac1b82eb5]Avira[/b:9ac1b82eb5], [b:9ac1b82eb5]Mcafee[/b:9ac1b82eb5] en [b:9ac1b82eb5]Nod32[/b:9ac1b82eb5].
    Meerdere virusscanners leiden tot onnodige traagheid en veroorzaken conflicten. Maak daarom een keuze
    tussen één van de virusscanners en verwijder de overige via start –> configuratiescherm –> software.

    2. Herstart je PC.

    3. Download [b:9ac1b82eb5]Combofix[/b:9ac1b82eb5] naar je [b:9ac1b82eb5]bureaublad[/b:9ac1b82eb5]

    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:9ac1b82eb5]download Combofix opnieuw[/b:9ac1b82eb5]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    Dubbelklik op [u:9ac1b82eb5]combofix.exe[/u:9ac1b82eb5]
    Kies voor "Continue" door [b:9ac1b82eb5]1[/b:9ac1b82eb5] te typen gevolgd door [b:9ac1b82eb5]ENTER[/b:9ac1b82eb5].
    Tijdens het runnen van de fix, [b:9ac1b82eb5]NIET[/b:9ac1b82eb5] in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log [b:9ac1b82eb5]combofix.txt[/b:9ac1b82eb5] openen.
    [i:9ac1b82eb5]Plaats in je volgende antwoord het logje van combofix (combofix.txt) tesamen met een vers Hijackthis log. [/i:9ac1b82eb5]

    Succes!

    Pim
  • [quote:09a6da205a="pimvandenderen"]1. Ik zie drie actieve virussccanners in je logfile staan:[b:09a6da205a]Avira[/b:09a6da205a], [b:09a6da205a]Mcafee[/b:09a6da205a] en [b:09a6da205a]Nod32[/b:09a6da205a].
    Meerdere virusscanners leiden tot onnodige traagheid en veroorzaken conflicten. Maak daarom een keuze
    tussen één van de virusscanners en verwijder de overige via start –> configuratiescherm –> software. [/quote:09a6da205a]
    Ik weet dat het onverstandig is meerdere virusscanners te instaleren. Ik had altijd Mcafee maar deze kon niks meer vinden en ik had het gevoel dat deze beschadigd was, daarom had ik Antivir geinstaleerd. NOD32 zat volgens mij bij Hitmanpro in en had ik niet meer aangedacht. NOD32 heb ik normaal kunnen verwijderen, maar bij McAfee wilde dit echt niet lukken en heb ik geprobeerd het met de hand te verwijderen, wat min of meer gelukt is.

    ComboFix is gelukt alleen gaf hij wel na de regel "Completed Stage_10" de melding "Acces Denied" en in de regel daarna stond "grep: writing output: invalid argument". Na regel "Completed Stage_19" stond er weer "Acces Denied."
    Dit is de ComboFix log:

    ComboFix 07-12-18.1 - Student 2007-12-19 15:43:14.2 - NTFSx86
    Running from: C:\Documents and Settings\dell image\Desktop\ComboFix.exe
    .
    /wow section - STAGE 10

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\Temp\30587899.exe

    .
    ((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
    .

    2007-12-15 23:30 . 2007-12-15 23:32 74,240 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-12-15 23:30 . 2007-12-15 23:32 56,832 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-12-15 23:30 . 2007-10-18 00:14 41,288 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-12-15 23:30 . 2007-10-18 00:16 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2007-12-15 23:29 . 2007-12-16 18:12 <DIR> d——– C:\Program Files\Spyware Doctor
    2007-12-15 23:29 . 2007-12-15 23:29 <DIR> d——– C:\Documents and Settings\dell image\Application Data\PC Tools
    2007-12-15 23:01 . 2007-12-19 15:33 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-15 22:05 . 2007-12-15 22:05 <DIR> d——– C:\Documents and Settings\dell image\Application Data\Lavasoft
    2007-12-15 21:35 . 2007-03-01 19:54 144,960 –a—— C:\WINDOWS\system32\drivers\ssidrv.sys
    2007-12-15 21:35 . 2007-03-01 19:54 22,080 –a—— C:\WINDOWS\system32\drivers\sshrmd.sys
    2007-12-15 21:35 . 2007-03-01 19:54 21,056 –a—— C:\WINDOWS\system32\drivers\sskbfd.sys
    2007-12-15 21:35 . 2007-03-01 19:54 20,544 –a—— C:\WINDOWS\system32\drivers\SSFS0509.sys
    2007-12-15 21:34 . 2007-12-15 21:34 <DIR> d——– C:\Program Files\Webroot
    2007-12-15 21:34 . 2007-12-15 21:34 <DIR> d——– C:\Documents and Settings\dell image\Application Data\Webroot
    2007-12-15 21:34 . 2007-12-15 21:34 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Webroot
    2007-12-15 21:34 . 2007-12-15 21:34 164 –a—— C:\install.dat
    2007-12-15 21:33 . 2007-12-15 21:33 <DIR> d——– C:\Program Files\Lavasoft
    2007-12-15 21:33 . 2007-12-15 22:31 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-15 21:32 . 2007-12-15 21:36 <DIR> d——– C:\Program Files\SpywareBlaster
    2007-12-15 21:32 . 2005-08-25 18:19 115,920 –a—— C:\WINDOWS\system32\MSINET.OCX
    2007-12-15 21:25 . 2007-12-15 21:25 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Prevx
    2007-12-15 21:15 . 2007-12-15 21:15 <DIR> d——– C:\WINDOWS\system32\GroupPolicy
    2007-12-15 21:15 . 2007-12-19 15:34 <DIR> d——– C:\Program Files\Hitman Pro
    2007-12-14 19:15 . 2005-09-23 08:29 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-12-14 15:18 . 2007-12-14 15:18 <DIR> d——– C:\Program Files\Avira
    2007-12-14 15:05 . 2007-12-15 23:32 7,423 –ahs—- C:\WINDOWS\system32\qtutv.ini2
    2007-12-14 14:36 . 2007-12-15 20:54 941,885 –ahs—- C:\WINDOWS\system32\mcsqruug.ini
    2007-12-14 09:16 . 2007-12-14 15:18 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Avira
    2007-12-13 22:30 . 2007-12-13 22:38 <DIR> d——– C:\Documents and Settings\dell image\DoctorWeb
    2007-12-13 22:04 . 2007-12-13 22:04 <DIR> d——– C:\Program Files\Windows Live
    2007-12-13 22:04 . 2007-12-13 22:04 <DIR> d–hsc— C:\Program Files\Common Files\WindowsLiveInstaller
    2007-12-13 22:04 . 2007-12-13 22:04 <DIR> d——– C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-12-13 22:01 . 2007-12-13 22:01 <DIR> d–h—– C:\WINDOWS\PIF
    2007-12-13 14:10 . 2007-12-13 14:10 <DIR> d——– C:\Program Files\MSECache
    2007-12-13 13:34 . 2007-12-14 15:15 100,180 –ahs—- C:\WINDOWS\system32\qqtwa.ini2
    2007-12-13 13:34 . 2007-12-14 15:15 100,180 –ahs—- C:\WINDOWS\system32\qqtwa.ini
    2007-12-13 02:04 . 2007-12-13 02:04 35,840 –a—— C:\WINDOWS\system32
    nnllml.dll__DELETE_ON_REBOOT
    2007-12-10 14:31 . 2007-12-10 14:31 <DIR> d——– C:\Documents and Settings\dell image\Application Data\vlc
    2007-12-10 14:29 . 2007-12-10 14:29 <DIR> d——– C:\Program Files\VideoLAN
    2007-12-10 14:25 . 2007-12-10 14:25 7,680 –ahs—- C:\WINDOWS\Thumbs.db
    2007-12-05 00:54 . 2007-12-05 00:54 <DIR> d——– C:\Documents and Settings\dell image\Application Data\DivX
    2007-12-05 00:12 . 2007-12-05 00:12 <DIR> d——– C:\Program Files\7-Zip
    2007-11-30 17:06 . 1998-09-02 09:02 194,320 –a—— C:\WINDOWS\system32\qcut.dll
    2007-11-30 17:06 . 1998-08-27 05:51 182,032 –a—— C:\WINDOWS\system32\dxtmsft3.dll
    2007-11-30 17:06 . 1998-08-20 12:02 140,800 –a—— C:\WINDOWS\system32\tm20dec.ax
    2007-11-30 17:06 . 1998-09-02 09:28 63,488 –a—— C:\WINDOWS\system32\unam4ie.exe
    2007-11-30 17:06 . 1998-09-02 09:28 38,160 –a—— C:\WINDOWS\system32\LMRTREND.dll
    2007-11-30 17:06 . 1998-08-17 10:21 11,776 –a—— C:\WINDOWS\system32\mciqtz.drv
    2007-11-30 17:06 . 1998-08-17 10:21 10,240 –a—— C:\WINDOWS\system32\vidx16.dll
    2007-11-30 17:06 . 1998-08-17 10:21 5,672 –a—— C:\WINDOWS\system32\quartz.vxd
    2007-11-30 17:06 . 2007-11-30 17:06 4,608 –a—— C:\WINDOWS\system32\w95inf32.dll
    2007-11-30 17:06 . 2007-11-30 17:06 2,272 –a—— C:\WINDOWS\system32\w95inf16.dll
    2007-11-30 17:01 . 1998-10-09 14:36 327,168 –a—— C:\WINDOWS\IsUn0413.exe
    2007-11-29 10:29 . 2007-12-10 14:38 <DIR> d——– C:\Program Files\DivX
    2007-11-26 14:21 . 2007-12-14 09:50 <DIR> d——– C:\WINDOWS\system32\ActiveScan
    2007-11-26 14:21 . 2007-12-13 21:16 30,590 –a—— C:\WINDOWS\system32\pavas.ico
    2007-11-26 14:21 . 2007-12-13 21:16 2,550 –a—— C:\WINDOWS\system32\Uninstall.ico
    2007-11-26 14:21 . 2007-12-13 21:16 1,406 –a—— C:\WINDOWS\system32\Help.ico
    2007-11-25 21:24 . 2006-04-10 14:03 38,400 –a—— C:\WINDOWS\system32\hpz3l054.dll
    2007-11-25 20:51 . 2007-11-25 20:51 111,969 ——— C:\WINDOWS\hpoins11.dat.temp
    2007-11-25 20:51 . 2006-05-06 09:25 6,947 ——— C:\WINDOWS\hpomdl11.dat.temp
    2007-11-25 20:43 . 2007-11-25 20:43 <DIR> d——– C:\Program Files\Hewlett-Packard
    2007-11-25 20:43 . 2007-11-25 20:43 <DIR> d——– C:\Program Files\Common Files\Hewlett-Packard
    2007-11-25 20:43 . 1998-10-29 16:45 306,688 –a—— C:\WINDOWS\IsUninst.exe
    2007-11-25 20:43 . 2006-03-03 21:03 282,680 –a—— C:\WINDOWS\system32\HPZidr12.dll
    2007-11-25 20:43 . 2006-03-03 21:02 204,800 –a—— C:\WINDOWS\system32\HPZipr12.dll
    2007-11-25 20:43 . 2006-03-03 21:02 94,208 –a—— C:\WINDOWS\system32\HPZipt12.dll
    2007-11-25 20:43 . 2006-03-03 21:03 69,632 –a—— C:\WINDOWS\system32\HPZipm12.exe
    2007-11-25 20:43 . 2006-03-03 21:03 65,536 –a—— C:\WINDOWS\system32\HPZinw12.exe
    2007-11-25 20:43 . 2006-03-03 21:02 57,344 –a—— C:\WINDOWS\system32\HPZisn12.dll
    2007-11-25 20:42 . 2007-11-25 20:43 <DIR> d——– C:\Program Files\HP
    2007-11-25 20:42 . 2007-11-25 21:25 111,969 –a—— C:\WINDOWS\hpoins11.dat
    2007-11-25 20:40 . 2005-07-19 02:39 98,304 –a—— C:\WINDOWS\system32\hpzjsn01.dll
    2007-11-25 20:40 . 2006-01-04 09:12 77,824 –a—— C:\WINDOWS\system32\HPZIDS01.dll
    2007-11-25 20:40 . 2006-05-06 09:25 6,947 ——— C:\WINDOWS\hpomdl11.dat
    2007-11-19 22:27 . 2007-12-10 14:25 <DIR> d——– C:\Program Files\StuffPlug3

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-17 19:14 ——— d—–w C:\Program Files\Alcohosoft
    2007-12-13 18:47 ——— d—–w C:\Documents and Settings\dell image\Application Data\uTorrent
    2007-12-13 18:47 ——— d—–w C:\Documents and Settings\All Users\Application Data\WinZip
    2007-12-10 13:38 ——— d—–w C:\Program Files\Windows Media Connect 2
    2007-12-10 13:38 ——— d—–w C:\Program Files\V-Direct v2.0b4
    2007-11-26 13:47 ——— d—–w C:\Program Files\MSN Messenger
    2007-11-26 13:41 ——— d—–w C:\Program Files\DAEMON Tools
    2007-11-18 15:44 ——— d—–w C:\Documents and Settings\dell image\Application Data\Apple Computer
    2007-11-16 19:09 ——— d—–w C:\Program Files\Common Files\McAfee
    2007-11-16 09:59 ——— d—–w C:\Program Files\Google
    2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-12 17:37 ——— d—–w C:\Program Files\Intel
    2007-11-12 16:51 ——— d—–w C:\Program Files\Alfa & Ariss
    2007-11-12 12:05 ——— d—–w C:\Documents and Settings\dell image\Application Data\U3
    2007-11-07 14:15 ——— d—–w C:\Documents and Settings\dell image\Application Data\Winamp
    2007-11-05 09:51 ——— d—–w C:\Program Files\Guitar Pro 5
    2007-11-05 07:50 ——— d—–w C:\Documents and Settings\dell image\Application Data\atitray
    2007-11-05 07:41 ——— d—–w C:\Program Files\MultiRes
    2007-11-05 07:40 451,072 —-a-w C:\WINDOWS\Radeon Omega Drivers v3.8.421 Uninstall.exe
    2007-11-05 07:40 ——— d—–w C:\Program Files\Radeon Omega Drivers
    2007-11-03 21:16 ——— d—–w C:\Documents and Settings\All Users\Application Data\Zylom
    2007-11-02 15:25 ——— d—–w C:\Documents and Settings\dell image\Application Data\Atari
    2007-11-02 15:21 98,304 —-a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-11-02 15:20 ——— d—–w C:\Documents and Settings\dell image\Application Data\Leadertech
    2007-11-02 15:16 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-11-02 15:12 ——— d—–w C:\Program Files\Common Files\PocketSoft
    2007-11-02 14:58 685,816 —-a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-10-31 20:42 ——— d—–w C:\Program Files\HammerHead
    2007-10-31 15:19 ——— d—–w C:\Program Files\Winamp
    2007-10-30 08:09 ——— d—–w C:\Documents and Settings\dell image\Application Data\Teleca
    2007-10-29 22:43 1,287,680 —-a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 21:12 ——— d—–w C:\Documents and Settings\dell image\Application Data\Sony Ericsson
    2007-10-29 21:09 ——— d—–w C:\Program Files\Common Files\Teleca Shared
    2007-10-29 21:09 ——— d—–w C:\Program Files\Common Files\Sony Ericsson Shared
    2007-10-29 21:09 ——— d—–w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
    2007-10-29 21:08 ——— d—–w C:\Program Files\Sony Ericsson
    2007-10-29 21:08 ——— d—–w C:\Documents and Settings\All Users\Application Data\Teleca
    2007-10-29 21:07 ——— d—–w C:\Program Files\Common Files\InstallShield
    2007-10-29 19:32 ——— d—–w C:\Program Files\uTorrent
    2007-10-29 19:18 ——— d—–w C:\Program Files\Java
    2007-10-29 19:17 ——— d—–w C:\Program Files\Common Files\Java
    2007-10-29 18:53 ——— d—–w C:\Program Files\QuickTime
    2007-10-29 18:52 ——— d—–w C:\Program Files\Apple Software Update
    2007-10-29 18:52 ——— d—–w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-10-29 18:52 ——— d—–w C:\Documents and Settings\All Users\Application Data\Apple
    2007-10-29 18:07 ——— d—–w C:\Documents and Settings\dell image\Application Data\fretsonfire
    2007-10-29 17:46 ——— d—–w C:\Documents and Settings\dell image\Application Data\ATI
    2007-10-29 17:37 ——— d—–w C:\Program Files\ATI
    2007-10-29 14:41 ——— d—–w C:\Program Files\Common Files\Adobe
    2007-10-29 12:14 ——— d—–w C:\Program Files\Mozilla
    2007-10-29 12:14 ——— d—–w C:\Documents and Settings\dell image\Application Data\Thunderbird
    2007-10-29 12:14 ——— d—–w C:\Documents and Settings\dell image\Application Data\Talkback
    2007-10-29 11:28 ——— d—–w C:\Documents and Settings\All Users\Application Data\McAfee
    2007-10-29 09:22 ——— d—–w C:\Program Files\MSXML 4.0
    2007-10-27 16:40 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-22 02:39 267,272 —-a-w C:\WINDOWS\system32\xactengine2_10.dll
    2007-10-22 02:37 17,928 —-a-w C:\WINDOWS\system32\X3DAudio1_2.dll
    2007-10-20 00:56 524,288 —-a-w C:\WINDOWS\system32\DivXsm.exe
    2007-10-20 00:56 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-10-20 00:56 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
    2007-10-20 00:56 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
    2007-10-20 00:54 823,296 —-a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-10-20 00:54 823,296 —-a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-10-20 00:54 81,920 —-a-w C:\WINDOWS\system32\dpl100.dll
    2007-10-20 00:54 802,816 —-a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-10-20 00:54 739,840 —-a-w C:\WINDOWS\system32\DivX.dll
    2007-10-20 00:54 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
    2007-10-18 09:06 156,992 —-a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-10-18 09:03 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-10-18 09:03 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
    2007-10-18 09:03 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-10-18 09:03 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
    2007-10-18 09:03 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
    2007-10-18 09:03 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
    2007-10-18 09:02 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-10-12 14:14 3,734,536 —-a-w C:\WINDOWS\system32\d3dx9_36.dll
    2007-10-12 14:14 1,374,232 —-a-w C:\WINDOWS\system32\D3DCompiler_36.dll
    2007-10-02 08:56 444,776 —-a-w C:\WINDOWS\system32\d3dx10_36.dll
    2007-09-29 04:21 9,854,976 —-a-w C:\WINDOWS\system32\atioglx2.dll
    2007-09-29 04:07 356,352 —-a-w C:\WINDOWS\system32\ATIDEMGX.dll
    2007-09-29 04:06 268,800 —-a-w C:\WINDOWS\system32\ati2dvag.dll
    2007-09-29 03:58 43,520 —-a-w C:\WINDOWS\system32\ati2edxx.dll
    2007-09-29 03:58 26,112 —-a-w C:\WINDOWS\system32\Ati2mdxx.exe
    2007-09-29 03:58 143,360 —-a-w C:\WINDOWS\system32\atipdlxx.dll
    2007-09-29 03:58 122,880 —-a-w C:\WINDOWS\system32\Oemdspif.dll
    2007-09-29 03:57 122,880 —-a-w C:\WINDOWS\system32\ati2evxx.dll
    2007-09-29 03:56 483,328 —-a-w C:\WINDOWS\system32\ati2evxx.exe
    2007-09-29 03:55 53,248 —-a-w C:\WINDOWS\system32\ATIDDC.DLL
    2007-09-29 03:49 307,200 —-a-w C:\WINDOWS\system32\atiiiexx.dll
    2007-09-29 03:47 3,130,720 —-a-w C:\WINDOWS\system32\ati3duag.dll
    2007-09-29 03:47 172,032 —-a-w C:\WINDOWS\system32\atiok3x2.dll
    2007-09-29 03:36 1,593,600 —-a-w C:\WINDOWS\system32\ativvaxx.dll
    2007-09-29 03:23 5,435,392 —-a-w C:\WINDOWS\system32\atioglxx.dll
    2007-09-29 03:22 376,832 —-a-w C:\WINDOWS\system32\atikvmag.dll
    2007-09-29 03:20 17,408 —-a-w C:\WINDOWS\system32\atitvo32.dll
    2007-09-29 03:14 499,712 —-a-w C:\WINDOWS\system32\ati2cqag.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-01-09 18:33 C:\WINDOWS\stsystra.exe]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-17 10:43]
    "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^dell image^Start Menu^Programs^Startup^RollerCoaster Tycoon 3_ Wild Registration.lnk]
    path=C:\Documents and Settings\dell image\Start Menu\Programs\Startup\RollerCoaster Tycoon 3_ Wild Registration.lnk
    backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3_ Wild Registration.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2007-10-10 19:51 39792 –a—— C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
    C:\WINDOWS\p_981116.exe /Q:A

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\QTTask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2007-09-25 01:11 132496 –a—— C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-10-29 11:26:46 C:\WINDOWS\Tasks\McDefragTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe
    "2007-10-29 11:26:45 C:\WINDOWS\Tasks\McQcTask.job"
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-19 15:47:02
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-19 15:48:33
    .
    2007-12-12 20:23:27 — E O F —



    [b:09a6da205a]Dit is de HijackThis log die daarna gemaakt heb:[/b:09a6da205a]
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:51:58, on 19-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\explorer.exe
    G:\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.nsc.utwente.nl/
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKUS\S-1-5-21-3757651771-2700334224-1376242083-1003\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
    O4 - HKUS\S-1-5-21-3757651771-2700334224-1376242083-1003\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.utstart.nl
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156503411890
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156507324031
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{79CB2A13-4D01-4175-B1E8-157569A1E95B}: NameServer = 10.0.0.138
    O17 - HKLM\System\CS1\Services\Tcpip\..\{79CB2A13-4D01-4175-B1E8-157569A1E95B}: NameServer = 10.0.0.138
    O17 - HKLM\System\CS2\Services\Tcpip\..\{79CB2A13-4D01-4175-B1E8-157569A1E95B}: NameServer = 10.0.0.138
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe


    End of file - 6662 bytes
  • Lijkt goed gegaan te zijn!

    Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:
    [b:99d0b89fe9]
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    [/b:99d0b89fe9]

    Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:99d0b89fe9]
    File::
    C:\WINDOWS\system32
    nnllml.dll__DELETE_ON_REBOOT
    [/b:99d0b89fe9]
    Sla dit op op je Bureaublad als [b:99d0b89fe9]CFScript.txt[/b:99d0b89fe9]

    Sleep [b:99d0b89fe9]CFScript.txt[/b:99d0b89fe9] in [b:99d0b89fe9]ComboFix.exe[/b:99d0b89fe9] zoals getoond in onderstaand voorbeeld :

    [img:99d0b89fe9]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:99d0b89fe9]

    Dit zal [b:99d0b89fe9]ComboFix[/b:99d0b89fe9] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de [b:99d0b89fe9]Combofix.txt[/b:99d0b89fe9] in je volgende antwoord samen met een nieuw HijackThislogje.

    Hoe werkt het inmiddels?

    Pim
  • [quote:1e52443a68="pimvandenderen"]Sleep [b:1e52443a68]CFScript.txt[/b:1e52443a68] in [b:1e52443a68]ComboFix.exe[/b:1e52443a68] zoals getoond in onderstaand voorbeeld :

    [img:1e52443a68]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:1e52443a68][/quote:1e52443a68]
    Zoals eerder vermeldt kan ik geen bestanden slepen, het lijkt wel alsof de icoontjes zitten vast geroest.
    Kan ik op een andere manier, bijvoorbeeld met een oprachtregel o.i.d., het script in combofix laden?
  • Dat was ik even vergeten :oops:

    Download OTMoveIt (by OldTimer) naar je Bureaublad.
      Dubbelklik op [b:7dcddb7134]OTMoveIt.exe[/b:7dcddb7134] om de tool te starten. Kopiëer (selecteren en druk Ctrl-C) alle onderstaande, vetgedrukte tekst: [b:7dcddb7134] C:\WINDOWS\system32
      nnllml.dll [/b:7dcddb7134] Plak de gekopiëerde tekst (druk Ctrl-V) in het "[b:7dcddb7134]Paste List of Files/Folders to be moved" venster[/b:7dcddb7134] Klik op de rode
  • [quote:f148aa0aa4="pimvandenderen"][b:f148aa0aa4]Kopiëer en plak de inhoud van het rechter resultaat-venster in je volgende antwoord.[/b:f148aa0aa4][/quote:f148aa0aa4]
    Toen ik op MoveIt klikte kreeg ik een virus waarschuwing van Antivir, aangezien ik dit bestand al veel vaker tegen kwam met een virus en ik er toen niets mee kon, heb ik op Ignore geklikt.
    Resultaat MoveIt:
    C:\WINDOWS\system32
    nnllml.dll__DELETE_ON_REBOOT moved succesfuly.

    Created on 12-20-2007 17:19:13


    [b:f148aa0aa4]Daarna heb ik nog een HijackThis scan gedaan:[/b:f148aa0aa4]

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:26:35, on 20-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    G:\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.nsc.utwente.nl/
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKUS\S-1-5-21-3757651771-2700334224-1376242083-1003\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
    O4 - HKUS\S-1-5-21-3757651771-2700334224-1376242083-1003\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.utstart.nl
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156503411890
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156507324031
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{79CB2A13-4D01-4175-B1E8-157569A1E95B}: NameServer = 10.0.0.138
    O17 - HKLM\System\CS1\Services\Tcpip\..\{79CB2A13-4D01-4175-B1E8-157569A1E95B}: NameServer = 10.0.0.138
    O17 - HKLM\System\CS2\Services\Tcpip\..\{79CB2A13-4D01-4175-B1E8-157569A1E95B}: NameServer = 10.0.0.138
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe


    End of file - 6429 bytes
  • Prima, kun je dit eens uitvoeren:
    http://www.hijackthis.nl/forum/viewtopic.php?t=12603

    Plaats daarna een nieuw Combofix logje en vertel even hoe het met je problemen gaat :)
  • [quote:e840f17138="pimvandenderen"]Prima, kun je dit eens uitvoeren:
    http://www.hijackthis.nl/forum/viewtopic.php?t=12603

    Plaats daarna een nieuw Combofix logje en vertel even hoe het met je problemen gaat :)[/quote:e840f17138]

    Ik heb HitmanPro en alle onderdelen gedeinstaleerd, dit ging prima. Helaas merk ik nog geen verbetering.. Het geluid is nog steeds weg, de taakbalk is nog niet goed en ik kan nog niet kopieren en plakken. Het systeem lijkt niet zo instabiel als dat het eerst was, maar ik heb nog niet weer internet aangesloten omdat ik bang ben dat het nog steeds niet is opgelost. Misschien dat het virus wel weg is, maar windows nog steeds ernstig beschadigd is?
    [b:e840f17138]Dit is de log van ComboFix:[/b:e840f17138]
    ComboFix 07-12-15.1 - Student 2007-12-20 22:20:43.3 - NTFSx86
    Running from: G:\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2007-11-20 to 2007-12-20 )))))))))))))))))))))))))))))))
    .

    2007-12-15 23:01 . 2007-12-20 22:01 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-15 22:05 . 2007-12-20 22:00 <DIR> d——– C:\Documents and Settings\dell image\Application Data\Lavasoft
    2007-12-15 21:35 . 2007-03-01 19:54 21,056 –a—— C:\WINDOWS\system32\drivers\sskbfd.sys
    2007-12-15 21:34 . 2007-12-15 21:34 164 –a—— C:\install.dat
    2007-12-15 21:33 . 2007-12-20 22:00 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-15 21:32 . 2005-08-25 18:19 115,920 –a—— C:\WINDOWS\system32\MSINET.OCX
    2007-12-15 21:25 . 2007-12-15 21:25 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Prevx
    2007-12-15 21:15 . 2007-12-15 21:15 <DIR> d——– C:\WINDOWS\system32\GroupPolicy
    2007-12-15 21:15 . 2007-12-20 22:01 <DIR> d——– C:\Program Files\Hitman Pro
    2007-12-14 19:15 . 2005-09-23 08:29 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-12-14 15:18 . 2007-12-14 15:18 <DIR> d——– C:\Program Files\Avira
    2007-12-14 15:05 . 2007-12-15 23:32 7,423 –ahs—- C:\WINDOWS\system32\qtutv.ini2
    2007-12-14 14:36 . 2007-12-15 20:54 941,885 –ahs—- C:\WINDOWS\system32\mcsqruug.ini
    2007-12-14 09:16 . 2007-12-14 15:18 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Avira
    2007-12-13 22:30 . 2007-12-13 22:38 <DIR> d——– C:\Documents and Settings\dell image\DoctorWeb
    2007-12-13 22:04 . 2007-12-13 22:04 <DIR> d——– C:\Program Files\Windows Live
    2007-12-13 22:04 . 2007-12-13 22:04 <DIR> d–hsc— C:\Program Files\Common Files\WindowsLiveInstaller
    2007-12-13 22:04 . 2007-12-13 22:04 <DIR> d——– C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-12-13 22:01 . 2007-12-13 22:01 <DIR> d–h—– C:\WINDOWS\PIF
    2007-12-13 14:10 . 2007-12-13 14:10 <DIR> d——– C:\Program Files\MSECache
    2007-12-13 13:34 . 2007-12-14 15:15 100,180 –ahs—- C:\WINDOWS\system32\qqtwa.ini2
    2007-12-13 13:34 . 2007-12-14 15:15 100,180 –ahs—- C:\WINDOWS\system32\qqtwa.ini
    2007-12-10 14:31 . 2007-12-10 14:31 <DIR> d——– C:\Documents and Settings\dell image\Application Data\vlc
    2007-12-10 14:29 . 2007-12-10 14:29 <DIR> d——– C:\Program Files\VideoLAN
    2007-12-10 14:25 . 2007-12-10 14:25 7,680 –ahs—- C:\WINDOWS\Thumbs.db
    2007-12-05 00:54 . 2007-12-05 00:54 <DIR> d——– C:\Documents and Settings\dell image\Application Data\DivX
    2007-12-05 00:12 . 2007-12-05 00:12 <DIR> d——– C:\Program Files\7-Zip
    2007-11-30 17:06 . 1998-09-02 09:02 194,320 –a—— C:\WINDOWS\system32\qcut.dll
    2007-11-30 17:06 . 1998-08-27 05:51 182,032 –a—— C:\WINDOWS\system32\dxtmsft3.dll
    2007-11-30 17:06 . 1998-08-20 12:02 140,800 –a—— C:\WINDOWS\system32\tm20dec.ax
    2007-11-30 17:06 . 1998-09-02 09:28 63,488 –a—— C:\WINDOWS\system32\unam4ie.exe
    2007-11-30 17:06 . 1998-09-02 09:28 38,160 –a—— C:\WINDOWS\system32\LMRTREND.dll
    2007-11-30 17:06 . 1998-08-17 10:21 11,776 –a—— C:\WINDOWS\system32\mciqtz.drv
    2007-11-30 17:06 . 1998-08-17 10:21 10,240 –a—— C:\WINDOWS\system32\vidx16.dll
    2007-11-30 17:06 . 1998-08-17 10:21 5,672 –a—— C:\WINDOWS\system32\quartz.vxd
    2007-11-30 17:06 . 2007-11-30 17:06 4,608 –a—— C:\WINDOWS\system32\w95inf32.dll
    2007-11-30 17:06 . 2007-11-30 17:06 2,272 –a—— C:\WINDOWS\system32\w95inf16.dll
    2007-11-30 17:01 . 1998-10-09 14:36 327,168 –a—— C:\WINDOWS\IsUn0413.exe
    2007-11-29 10:29 . 2007-12-10 14:38 <DIR> d——– C:\Program Files\DivX
    2007-11-26 14:21 . 2007-12-14 09:50 <DIR> d——– C:\WINDOWS\system32\ActiveScan
    2007-11-26 14:21 . 2007-12-13 21:16 30,590 –a—— C:\WINDOWS\system32\pavas.ico
    2007-11-26 14:21 . 2007-12-13 21:16 2,550 –a—— C:\WINDOWS\system32\Uninstall.ico
    2007-11-26 14:21 . 2007-12-13 21:16 1,406 –a—— C:\WINDOWS\system32\Help.ico
    2007-11-25 21:24 . 2006-04-10 14:03 38,400 –a—— C:\WINDOWS\system32\hpz3l054.dll
    2007-11-25 20:51 . 2007-11-25 20:51 111,969 ——— C:\WINDOWS\hpoins11.dat.temp
    2007-11-25 20:51 . 2006-05-06 09:25 6,947 ——— C:\WINDOWS\hpomdl11.dat.temp
    2007-11-25 20:43 . 2007-11-25 20:43 <DIR> d——– C:\Program Files\Hewlett-Packard
    2007-11-25 20:43 . 2007-11-25 20:43 <DIR> d——– C:\Program Files\Common Files\Hewlett-Packard
    2007-11-25 20:43 . 1998-10-29 16:45 306,688 –a—— C:\WINDOWS\IsUninst.exe
    2007-11-25 20:43 . 2006-03-03 21:03 282,680 –a—— C:\WINDOWS\system32\HPZidr12.dll
    2007-11-25 20:43 . 2006-03-03 21:02 204,800 –a—— C:\WINDOWS\system32\HPZipr12.dll
    2007-11-25 20:43 . 2006-03-03 21:02 94,208 –a—— C:\WINDOWS\system32\HPZipt12.dll
    2007-11-25 20:43 . 2006-03-03 21:03 69,632 –a—— C:\WINDOWS\system32\HPZipm12.exe
    2007-11-25 20:43 . 2006-03-03 21:03 65,536 –a—— C:\WINDOWS\system32\HPZinw12.exe
    2007-11-25 20:43 . 2006-03-03 21:02 57,344 –a—— C:\WINDOWS\system32\HPZisn12.dll
    2007-11-25 20:42 . 2007-11-25 20:43 <DIR> d——– C:\Program Files\HP
    2007-11-25 20:42 . 2007-11-25 21:25 111,969 –a—— C:\WINDOWS\hpoins11.dat
    2007-11-25 20:40 . 2005-07-19 02:39 98,304 –a—— C:\WINDOWS\system32\hpzjsn01.dll
    2007-11-25 20:40 . 2006-01-04 09:12 77,824 –a—— C:\WINDOWS\system32\HPZIDS01.dll
    2007-11-25 20:40 . 2006-05-06 09:25 6,947 ——— C:\WINDOWS\hpomdl11.dat

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-17 19:14 ——— d—–w C:\Program Files\Alcohosoft
    2007-12-13 18:47 ——— d—–w C:\Documents and Settings\dell image\Application Data\uTorrent
    2007-12-13 18:47 ——— d—–w C:\Documents and Settings\All Users\Application Data\WinZip
    2007-12-10 13:38 ——— d—–w C:\Program Files\Windows Media Connect 2
    2007-12-10 13:38 ——— d—–w C:\Program Files\V-Direct v2.0b4
    2007-12-10 13:25 ——— d—–w C:\Program Files\StuffPlug3
    2007-11-26 13:47 ——— d—–w C:\Program Files\MSN Messenger
    2007-11-26 13:41 ——— d—–w C:\Program Files\DAEMON Tools
    2007-11-18 15:44 ——— d—–w C:\Documents and Settings\dell image\Application Data\Apple Computer
    2007-11-16 19:09 ——— d—–w C:\Program Files\Common Files\McAfee
    2007-11-16 09:59 ——— d—–w C:\Program Files\Google
    2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-12 17:37 ——— d—–w C:\Program Files\Intel
    2007-11-12 16:51 ——— d—–w C:\Program Files\Alfa & Ariss
    2007-11-12 12:05 ——— d—–w C:\Documents and Settings\dell image\Application Data\U3
    2007-11-07 14:15 ——— d—–w C:\Documents and Settings\dell image\Application Data\Winamp
    2007-11-05 09:51 ——— d—–w C:\Program Files\Guitar Pro 5
    2007-11-05 07:50 ——— d—–w C:\Documents and Settings\dell image\Application Data\atitray
    2007-11-05 07:41 ——— d—–w C:\Program Files\MultiRes
    2007-11-05 07:40 451,072 —-a-w C:\WINDOWS\Radeon Omega Drivers v3.8.421 Uninstall.exe
    2007-11-05 07:40 ——— d—–w C:\Program Files\Radeon Omega Drivers
    2007-11-03 21:16 ——— d—–w C:\Documents and Settings\All Users\Application Data\Zylom
    2007-11-02 15:25 ——— d—–w C:\Documents and Settings\dell image\Application Data\Atari
    2007-11-02 15:21 98,304 —-a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-11-02 15:20 ——— d—–w C:\Documents and Settings\dell image\Application Data\Leadertech
    2007-11-02 15:16 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-11-02 15:12 ——— d—–w C:\Program Files\Common Files\PocketSoft
    2007-11-02 14:58 685,816 —-a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-10-31 20:42 ——— d—–w C:\Program Files\HammerHead
    2007-10-31 15:19 ——— d—–w C:\Program Files\Winamp
    2007-10-30 08:09 ——— d—–w C:\Documents and Settings\dell image\Application Data\Teleca
    2007-10-29 22:43 1,287,680 —-a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 21:12 ——— d—–w C:\Documents and Settings\dell image\Application Data\Sony Ericsson
    2007-10-29 21:09 ——— d—–w C:\Program Files\Common Files\Teleca Shared
    2007-10-29 21:09 ——— d—–w C:\Program Files\Common Files\Sony Ericsson Shared
    2007-10-29 21:09 ——— d—–w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
    2007-10-29 21:08 ——— d—–w C:\Program Files\Sony Ericsson
    2007-10-29 21:08 ——— d—–w C:\Documents and Settings\All Users\Application Data\Teleca
    2007-10-29 21:07 ——— d—–w C:\Program Files\Common Files\InstallShield
    2007-10-29 19:32 ——— d—–w C:\Program Files\uTorrent
    2007-10-29 19:18 ——— d—–w C:\Program Files\Java
    2007-10-29 19:17 ——— d—–w C:\Program Files\Common Files\Java
    2007-10-29 18:53 ——— d—–w C:\Program Files\QuickTime
    2007-10-29 18:52 ——— d—–w C:\Program Files\Apple Software Update
    2007-10-29 18:52 ——— d—–w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-10-29 18:52 ——— d—–w C:\Documents and Settings\All Users\Application Data\Apple
    2007-10-29 18:07 ——— d—–w C:\Documents and Settings\dell image\Application Data\fretsonfire
    2007-10-29 17:46 ——— d—–w C:\Documents and Settings\dell image\Application Data\ATI
    2007-10-29 17:37 ——— d—–w C:\Program Files\ATI
    2007-10-29 14:41 ——— d—–w C:\Program Files\Common Files\Adobe
    2007-10-29 12:14 ——— d—–w C:\Program Files\Mozilla
    2007-10-29 12:14 ——— d—–w C:\Documents and Settings\dell image\Application Data\Thunderbird
    2007-10-29 12:14 ——— d—–w C:\Documents and Settings\dell image\Application Data\Talkback
    2007-10-29 11:28 ——— d—–w C:\Documents and Settings\All Users\Application Data\McAfee
    2007-10-29 09:22 ——— d—–w C:\Program Files\MSXML 4.0
    2007-10-27 16:40 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-22 02:39 267,272 —-a-w C:\WINDOWS\system32\xactengine2_10.dll
    2007-10-22 02:37 17,928 —-a-w C:\WINDOWS\system32\X3DAudio1_2.dll
    2007-10-20 00:56 524,288 —-a-w C:\WINDOWS\system32\DivXsm.exe
    2007-10-20 00:56 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-10-20 00:56 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
    2007-10-20 00:56 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
    2007-10-20 00:54 823,296 —-a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-10-20 00:54 823,296 —-a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-10-20 00:54 81,920 —-a-w C:\WINDOWS\system32\dpl100.dll
    2007-10-20 00:54 802,816 —-a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-10-20 00:54 739,840 —-a-w C:\WINDOWS\system32\DivX.dll
    2007-10-20 00:54 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
    2007-10-18 09:06 156,992 —-a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-10-18 09:03 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-10-18 09:03 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
    2007-10-18 09:03 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-10-18 09:03 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
    2007-10-18 09:03 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
    2007-10-18 09:03 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
    2007-10-18 09:02 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-10-12 14:14 3,734,536 —-a-w C:\WINDOWS\system32\d3dx9_36.dll
    2007-10-12 14:14 1,374,232 —-a-w C:\WINDOWS\system32\D3DCompiler_36.dll
    2007-10-02 08:56 444,776 —-a-w C:\WINDOWS\system32\d3dx10_36.dll
    2007-09-29 04:21 9,854,976 —-a-w C:\WINDOWS\system32\atioglx2.dll
    2007-09-29 04:07 356,352 —-a-w C:\WINDOWS\system32\ATIDEMGX.dll
    2007-09-29 04:06 268,800 —-a-w C:\WINDOWS\system32\ati2dvag.dll
    2007-09-29 03:58 43,520 —-a-w C:\WINDOWS\system32\ati2edxx.dll
    2007-09-29 03:58 26,112 —-a-w C:\WINDOWS\system32\Ati2mdxx.exe
    2007-09-29 03:58 143,360 —-a-w C:\WINDOWS\system32\atipdlxx.dll
    2007-09-29 03:58 122,880 —-a-w C:\WINDOWS\system32\Oemdspif.dll
    2007-09-29 03:57 122,880 —-a-w C:\WINDOWS\system32\ati2evxx.dll
    2007-09-29 03:56 483,328 —-a-w C:\WINDOWS\system32\ati2evxx.exe
    2007-09-29 03:55 53,248 —-a-w C:\WINDOWS\system32\ATIDDC.DLL
    2007-09-29 03:49 307,200 —-a-w C:\WINDOWS\system32\atiiiexx.dll
    2007-09-29 03:47 3,130,720 —-a-w C:\WINDOWS\system32\ati3duag.dll
    2007-09-29 03:47 172,032 —-a-w C:\WINDOWS\system32\atiok3x2.dll
    2007-09-29 03:36 1,593,600 —-a-w C:\WINDOWS\system32\ativvaxx.dll
    2007-09-29 03:23 5,435,392 —-a-w C:\WINDOWS\system32\atioglxx.dll
    2007-09-29 03:22 376,832 —-a-w C:\WINDOWS\system32\atikvmag.dll
    2007-09-29 03:20 17,408 —-a-w C:\WINDOWS\system32\atitvo32.dll
    2007-09-29 03:14 499,712 —-a-w C:\WINDOWS\system32\ati2cqag.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2007-12-19_15.47.24.20 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-12-19 14:33:08 32,768 —-a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2007-12-20 20:38:58 32,768 —-a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2007-12-19 14:33:08 32,768 —-a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2007-12-20 20:38:58 32,768 —-a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2007-12-19 14:33:08 32,768 —-a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2007-12-20 20:38:58 32,768 —-a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-01-09 18:33 C:\WINDOWS\stsystra.exe]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-17 10:43]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^dell image^Start Menu^Programs^Startup^RollerCoaster Tycoon 3_ Wild Registration.lnk]
    path=C:\Documents and Settings\dell image\Start Menu\Programs\Startup\RollerCoaster Tycoon 3_ Wild Registration.lnk
    backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3_ Wild Registration.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2007-10-10 19:51 39792 –a—— C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
    C:\WINDOWS\p_981116.exe /Q:A

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\QTTask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2007-09-25 01:11 132496 –a—— C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-10-29 11:26:46 C:\WINDOWS\Tasks\McDefragTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe'
    "2007-10-29 11:26:45 C:\WINDOWS\Tasks\McQcTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-20 22:21:45
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-20 22:22:10
    C:\ComboFix2.txt … 2007-12-19 15:48
    .
    2007-12-12 20:23:27 — E O F —
  • Hmm, ik zit een beetje te slapen hierzo :oops:

    Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:5214fe8367]
    File::
    C:\WINDOWS\system32\qtutv.ini2
    C:\WINDOWS\system32\mcsqruug.ini
    C:\WINDOWS\system32\qqtwa.ini2
    C:\WINDOWS\system32\qqtwa.ini

    Folder::
    C:\Program Files\Hitman Pro
    [/b:5214fe8367]
    Sla dit op op je Bureaublad als [b:5214fe8367]CFScript.txt[/b:5214fe8367]

    Sleep [b:5214fe8367]CFScript.txt[/b:5214fe8367] in [b:5214fe8367]ComboFix.exe[/b:5214fe8367] zoals getoond in onderstaand voorbeeld :

    [img:5214fe8367]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:5214fe8367]

    Dit zal [b:5214fe8367]ComboFix[/b:5214fe8367] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de [b:5214fe8367]Combofix.txt[/b:5214fe8367] in je volgende antwoord samen met een nieuw HijackThislogje.

    Hoe is het met je problemen?

    Pim
  • Ik ook een beetje, ik had bij mijn vorig antwoord moeten zetten dat ik ook nog steeds niet kan slepen en dus het tekst bestand niet in ComboFix kan slepen..
    Wat nu?
  • [list:f204918b3b]
    Dubbelklik op [b:f204918b3b]OTMoveIt.exe[/b:f204918b3b] om de tool te starten.
    Kopiëer (selecteren en druk Ctrl-C) alle onderstaande, vetgedrukte tekst:
    [b:f204918b3b]
    C:\WINDOWS\system32\qtutv.ini2
    C:\WINDOWS\system32\mcsqruug.ini
    C:\WINDOWS\system32\qqtwa.ini2
    C:\WINDOWS\system32\qqtwa.ini
    C:\Program Files\Hitman Pro
    [/b:f204918b3b]

    Plak de gekopiëerde tekst (druk Ctrl-V) in het "[b:f204918b3b]Paste List of Files/Folders to be moved" venster[/b:f204918b3b]
    Klik op de rode
  • Het is zover ik zie allemaal gelukt, ik hoop dat het nu snel voor elkaar komt..

    [b:a3c01ce73d]MoveIt results:[/b:a3c01ce73d]
    C:\WINDOWS\system32\qtutv.ini2 moved successfully.
    C:\WINDOWS\system32\mcsqruug.ini moved successfully.
    C:\WINDOWS\system32\qqtwa.ini moved successfully.
    C:\WINDOWS\system32\qqtwa.ini2 moved successfully.
    C:\Program Files\Hitman Pro moved successfully.

    Created on 12-21-2007 15:14:49

    [b:a3c01ce73d]Combofix log:[/b:a3c01ce73d]
    ComboFix 07-12-15.1 - Student 2007-12-21 15:17:03.4 - NTFSx86
    Running from: G:\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2007-11-21 to 2007-12-21 )))))))))))))))))))))))))))))))
    .

    2007-12-15 23:01 . 2007-12-20 22:01 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-15 22:05 . 2007-12-20 22:00 <DIR> d——– C:\Documents and Settings\dell image\Application Data\Lavasoft
    2007-12-15 21:35 . 2007-03-01 19:54 21,056 –a—— C:\WINDOWS\system32\drivers\sskbfd.sys
    2007-12-15 21:34 . 2007-12-15 21:34 164 –a—— C:\install.dat
    2007-12-15 21:33 . 2007-12-20 22:00 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-15 21:32 . 2005-08-25 18:19 115,920 –a—— C:\WINDOWS\system32\MSINET.OCX
    2007-12-15 21:25 . 2007-12-15 21:25 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Prevx
    2007-12-15 21:15 . 2007-12-15 21:15 <DIR> d——– C:\WINDOWS\system32\GroupPolicy
    2007-12-14 19:15 . 2005-09-23 08:29 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-12-14 15:18 . 2007-12-14 15:18 <DIR> d——– C:\Program Files\Avira
    2007-12-14 09:16 . 2007-12-14 15:18 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Avira
    2007-12-13 22:30 . 2007-12-13 22:38 <DIR> d——– C:\Documents and Settings\dell image\DoctorWeb
    2007-12-13 22:04 . 2007-12-13 22:04 <DIR> d——– C:\Program Files\Windows Live
    2007-12-13 22:04 . 2007-12-13 22:04 <DIR> d–hsc— C:\Program Files\Common Files\WindowsLiveInstaller
    2007-12-13 22:04 . 2007-12-13 22:04 <DIR> d——– C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-12-13 22:01 . 2007-12-13 22:01 <DIR> d–h—– C:\WINDOWS\PIF
    2007-12-13 14:10 . 2007-12-13 14:10 <DIR> d——– C:\Program Files\MSECache
    2007-12-10 14:31 . 2007-12-10 14:31 <DIR> d——– C:\Documents and Settings\dell image\Application Data\vlc
    2007-12-10 14:29 . 2007-12-10 14:29 <DIR> d——– C:\Program Files\VideoLAN
    2007-12-10 14:25 . 2007-12-10 14:25 7,680 –ahs—- C:\WINDOWS\Thumbs.db
    2007-12-05 00:54 . 2007-12-05 00:54 <DIR> d——– C:\Documents and Settings\dell image\Application Data\DivX
    2007-12-05 00:12 . 2007-12-05 00:12 <DIR> d——– C:\Program Files\7-Zip
    2007-11-30 17:06 . 1998-09-02 09:02 194,320 –a—— C:\WINDOWS\system32\qcut.dll
    2007-11-30 17:06 . 1998-08-27 05:51 182,032 –a—— C:\WINDOWS\system32\dxtmsft3.dll
    2007-11-30 17:06 . 1998-08-20 12:02 140,800 –a—— C:\WINDOWS\system32\tm20dec.ax
    2007-11-30 17:06 . 1998-09-02 09:28 63,488 –a—— C:\WINDOWS\system32\unam4ie.exe
    2007-11-30 17:06 . 1998-09-02 09:28 38,160 –a—— C:\WINDOWS\system32\LMRTREND.dll
    2007-11-30 17:06 . 1998-08-17 10:21 11,776 –a—— C:\WINDOWS\system32\mciqtz.drv
    2007-11-30 17:06 . 1998-08-17 10:21 10,240 –a—— C:\WINDOWS\system32\vidx16.dll
    2007-11-30 17:06 . 1998-08-17 10:21 5,672 –a—— C:\WINDOWS\system32\quartz.vxd
    2007-11-30 17:06 . 2007-11-30 17:06 4,608 –a—— C:\WINDOWS\system32\w95inf32.dll
    2007-11-30 17:06 . 2007-11-30 17:06 2,272 –a—— C:\WINDOWS\system32\w95inf16.dll
    2007-11-30 17:01 . 1998-10-09 14:36 327,168 –a—— C:\WINDOWS\IsUn0413.exe
    2007-11-29 10:29 . 2007-12-10 14:38 <DIR> d——– C:\Program Files\DivX
    2007-11-26 14:21 . 2007-12-14 09:50 <DIR> d——– C:\WINDOWS\system32\ActiveScan
    2007-11-26 14:21 . 2007-12-13 21:16 30,590 –a—— C:\WINDOWS\system32\pavas.ico
    2007-11-26 14:21 . 2007-12-13 21:16 2,550 –a—— C:\WINDOWS\system32\Uninstall.ico
    2007-11-26 14:21 . 2007-12-13 21:16 1,406 –a—— C:\WINDOWS\system32\Help.ico
    2007-11-25 21:24 . 2006-04-10 14:03 38,400 –a—— C:\WINDOWS\system32\hpz3l054.dll
    2007-11-25 20:51 . 2007-11-25 20:51 111,969 ——— C:\WINDOWS\hpoins11.dat.temp
    2007-11-25 20:51 . 2006-05-06 09:25 6,947 ——— C:\WINDOWS\hpomdl11.dat.temp
    2007-11-25 20:43 . 2007-11-25 20:43 <DIR> d——– C:\Program Files\Hewlett-Packard
    2007-11-25 20:43 . 2007-11-25 20:43 <DIR> d——– C:\Program Files\Common Files\Hewlett-Packard
    2007-11-25 20:43 . 1998-10-29 16:45 306,688 –a—— C:\WINDOWS\IsUninst.exe
    2007-11-25 20:43 . 2006-03-03 21:03 282,680 –a—— C:\WINDOWS\system32\HPZidr12.dll
    2007-11-25 20:43 . 2006-03-03 21:02 204,800 –a—— C:\WINDOWS\system32\HPZipr12.dll
    2007-11-25 20:43 . 2006-03-03 21:02 94,208 –a—— C:\WINDOWS\system32\HPZipt12.dll
    2007-11-25 20:43 . 2006-03-03 21:03 69,632 –a—— C:\WINDOWS\system32\HPZipm12.exe
    2007-11-25 20:43 . 2006-03-03 21:03 65,536 –a—— C:\WINDOWS\system32\HPZinw12.exe
    2007-11-25 20:43 . 2006-03-03 21:02 57,344 –a—— C:\WINDOWS\system32\HPZisn12.dll
    2007-11-25 20:42 . 2007-11-25 20:43 <DIR> d——– C:\Program Files\HP
    2007-11-25 20:42 . 2007-11-25 21:25 111,969 –a—— C:\WINDOWS\hpoins11.dat
    2007-11-25 20:40 . 2005-07-19 02:39 98,304 –a—— C:\WINDOWS\system32\hpzjsn01.dll
    2007-11-25 20:40 . 2006-01-04 09:12 77,824 –a—— C:\WINDOWS\system32\HPZIDS01.dll
    2007-11-25 20:40 . 2006-05-06 09:25 6,947 ——— C:\WINDOWS\hpomdl11.dat

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-17 19:14 ——— d—–w C:\Program Files\Alcohosoft
    2007-12-13 18:47 ——— d—–w C:\Documents and Settings\dell image\Application Data\uTorrent
    2007-12-13 18:47 ——— d—–w C:\Documents and Settings\All Users\Application Data\WinZip
    2007-12-10 13:38 ——— d—–w C:\Program Files\Windows Media Connect 2
    2007-12-10 13:38 ——— d—–w C:\Program Files\V-Direct v2.0b4
    2007-12-10 13:25 ——— d—–w C:\Program Files\StuffPlug3
    2007-11-26 13:47 ——— d—–w C:\Program Files\MSN Messenger
    2007-11-26 13:41 ——— d—–w C:\Program Files\DAEMON Tools
    2007-11-18 15:44 ——— d—–w C:\Documents and Settings\dell image\Application Data\Apple Computer
    2007-11-16 19:09 ——— d—–w C:\Program Files\Common Files\McAfee
    2007-11-16 09:59 ——— d—–w C:\Program Files\Google
    2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-12 17:37 ——— d—–w C:\Program Files\Intel
    2007-11-12 16:51 ——— d—–w C:\Program Files\Alfa & Ariss
    2007-11-12 12:05 ——— d—–w C:\Documents and Settings\dell image\Application Data\U3
    2007-11-07 14:15 ——— d—–w C:\Documents and Settings\dell image\Application Data\Winamp
    2007-11-05 09:51 ——— d—–w C:\Program Files\Guitar Pro 5
    2007-11-05 07:50 ——— d—–w C:\Documents and Settings\dell image\Application Data\atitray
    2007-11-05 07:41 ——— d—–w C:\Program Files\MultiRes
    2007-11-05 07:40 451,072 —-a-w C:\WINDOWS\Radeon Omega Drivers v3.8.421 Uninstall.exe
    2007-11-05 07:40 ——— d—–w C:\Program Files\Radeon Omega Drivers
    2007-11-03 21:16 ——— d—–w C:\Documents and Settings\All Users\Application Data\Zylom
    2007-11-02 15:25 ——— d—–w C:\Documents and Settings\dell image\Application Data\Atari
    2007-11-02 15:21 98,304 —-a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-11-02 15:20 ——— d—–w C:\Documents and Settings\dell image\Application Data\Leadertech
    2007-11-02 15:16 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-11-02 15:12 ——— d—–w C:\Program Files\Common Files\PocketSoft
    2007-11-02 14:58 685,816 —-a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-10-31 20:42 ——— d—–w C:\Program Files\HammerHead
    2007-10-31 15:19 ——— d—–w C:\Program Files\Winamp
    2007-10-30 08:09 ——— d—–w C:\Documents and Settings\dell image\Application Data\Teleca
    2007-10-29 22:43 1,287,680 —-a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 21:12 ——— d—–w C:\Documents and Settings\dell image\Application Data\Sony Ericsson
    2007-10-29 21:09 ——— d—–w C:\Program Files\Common Files\Teleca Shared
    2007-10-29 21:09 ——— d—–w C:\Program Files\Common Files\Sony Ericsson Shared
    2007-10-29 21:09 ——— d—–w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
    2007-10-29 21:08 ——— d—–w C:\Program Files\Sony Ericsson
    2007-10-29 21:08 ——— d—–w C:\Documents and Settings\All Users\Application Data\Teleca
    2007-10-29 21:07 ——— d—–w C:\Program Files\Common Files\InstallShield
    2007-10-29 19:32 ——— d—–w C:\Program Files\uTorrent
    2007-10-29 19:18 ——— d—–w C:\Program Files\Java
    2007-10-29 19:17 ——— d—–w C:\Program Files\Common Files\Java
    2007-10-29 18:53 ——— d—–w C:\Program Files\QuickTime
    2007-10-29 18:52 ——— d—–w C:\Program Files\Apple Software Update
    2007-10-29 18:52 ——— d—–w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-10-29 18:52 ——— d—–w C:\Documents and Settings\All Users\Application Data\Apple
    2007-10-29 18:07 ——— d—–w C:\Documents and Settings\dell image\Application Data\fretsonfire
    2007-10-29 17:46 ——— d—–w C:\Documents and Settings\dell image\Application Data\ATI
    2007-10-29 17:37 ——— d—–w C:\Program Files\ATI
    2007-10-29 14:41 ——— d—–w C:\Program Files\Common Files\Adobe
    2007-10-29 12:14 ——— d—–w C:\Program Files\Mozilla
    2007-10-29 12:14 ——— d—–w C:\Documents and Settings\dell image\Application Data\Thunderbird
    2007-10-29 12:14 ——— d—–w C:\Documents and Settings\dell image\Application Data\Talkback
    2007-10-29 11:28 ——— d—–w C:\Documents and Settings\All Users\Application Data\McAfee
    2007-10-29 09:22 ——— d—–w C:\Program Files\MSXML 4.0
    2007-10-27 16:40 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-22 02:39 267,272 —-a-w C:\WINDOWS\system32\xactengine2_10.dll
    2007-10-22 02:37 17,928 —-a-w C:\WINDOWS\system32\X3DAudio1_2.dll
    2007-10-20 00:56 524,288 —-a-w C:\WINDOWS\system32\DivXsm.exe
    2007-10-20 00:56 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-10-20 00:56 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
    2007-10-20 00:56 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
    2007-10-20 00:54 823,296 —-a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-10-20 00:54 823,296 —-a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-10-20 00:54 81,920 —-a-w C:\WINDOWS\system32\dpl100.dll
    2007-10-20 00:54 802,816 —-a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-10-20 00:54 739,840 —-a-w C:\WINDOWS\system32\DivX.dll
    2007-10-20 00:54 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
    2007-10-18 09:06 156,992 —-a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-10-18 09:03 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-10-18 09:03 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
    2007-10-18 09:03 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-10-18 09:03 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
    2007-10-18 09:03 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
    2007-10-18 09:03 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
    2007-10-18 09:02 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-10-12 14:14 3,734,536 —-a-w C:\WINDOWS\system32\d3dx9_36.dll
    2007-10-12 14:14 1,374,232 —-a-w C:\WINDOWS\system32\D3DCompiler_36.dll
    2007-10-02 08:56 444,776 —-a-w C:\WINDOWS\system32\d3dx10_36.dll
    2007-09-29 04:21 9,854,976 —-a-w C:\WINDOWS\system32\atioglx2.dll
    2007-09-29 04:07 356,352 —-a-w C:\WINDOWS\system32\ATIDEMGX.dll
    2007-09-29 04:06 268,800 —-a-w C:\WINDOWS\system32\ati2dvag.dll
    2007-09-29 03:58 43,520 —-a-w C:\WINDOWS\system32\ati2edxx.dll
    2007-09-29 03:58 26,112 —-a-w C:\WINDOWS\system32\Ati2mdxx.exe
    2007-09-29 03:58 143,360 —-a-w C:\WINDOWS\system32\atipdlxx.dll
    2007-09-29 03:58 122,880 —-a-w C:\WINDOWS\system32\Oemdspif.dll
    2007-09-29 03:57 122,880 —-a-w C:\WINDOWS\system32\ati2evxx.dll
    2007-09-29 03:56 483,328 —-a-w C:\WINDOWS\system32\ati2evxx.exe
    2007-09-29 03:55 53,248 —-a-w C:\WINDOWS\system32\ATIDDC.DLL
    2007-09-29 03:49 307,200 —-a-w C:\WINDOWS\system32\atiiiexx.dll
    2007-09-29 03:47 3,130,720 —-a-w C:\WINDOWS\system32\ati3duag.dll
    2007-09-29 03:47 172,032 —-a-w C:\WINDOWS\system32\atiok3x2.dll
    2007-09-29 03:36 1,593,600 —-a-w C:\WINDOWS\system32\ativvaxx.dll
    2007-09-29 03:23 5,435,392 —-a-w C:\WINDOWS\system32\atioglxx.dll
    2007-09-29 03:22 376,832 —-a-w C:\WINDOWS\system32\atikvmag.dll
    2007-09-29 03:20 17,408 —-a-w C:\WINDOWS\system32\atitvo32.dll
    2007-09-29 03:14 499,712 —-a-w C:\WINDOWS\system32\ati2cqag.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2007-12-19_15.47.24.20 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-12-19 14:33:08 32,768 —-a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2007-12-21 13:36:42 32,768 —-a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2007-12-19 14:33:08 32,768 —-a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2007-12-21 13:36:42 32,768 —-a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2007-12-19 14:33:08 32,768 —-a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2007-12-21 13:36:42 32,768 –sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-01-09 18:33 C:\WINDOWS\stsystra.exe]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-17 10:43]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^dell image^Start Menu^Programs^Startup^RollerCoaster Tycoon 3_ Wild Registration.lnk]
    path=C:\Documents and Settings\dell image\Start Menu\Programs\Startup\RollerCoaster Tycoon 3_ Wild Registration.lnk
    backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3_ Wild Registration.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2007-10-10 19:51 39792 –a—— C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
    C:\WINDOWS\p_981116.exe /Q:A

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\QTTask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2007-09-25 01:11 132496 –a—— C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-10-29 11:26:46 C:\WINDOWS\Tasks\McDefragTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe'
    "2007-10-29 11:26:45 C:\WINDOWS\Tasks\McQcTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-21 15:18:04
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-21 15:18:30
    C:\ComboFix2.txt … 2007-12-20 22:22
    C:\ComboFix3.txt … 2007-12-19 15:48
    .
    2007-12-12 20:23:27 — E O F —
  • Leeg je Temp-mappen (Let op : de mappen [u:7a0861b527]leegmaken[/u:7a0861b527], niet verwijderen !!):


    C:\Windows\[b:7a0861b527]Temp[/b:7a0861b527]
    C:\Documents and Settings\<profielnaam>\Local Settings\[b:7a0861b527]Temp[/b:7a0861b527]
    C:\Documents and Settings\<profielnaam>\Local Settings\[b:7a0861b527]Temporary Internet Files[/b:7a0861b527]
    C:\Documents and Settings\<profielnaam>\Local Settings\Temporary Internet Files\[b:7a0861b527]content.ie5[/b:7a0861b527]
    Als de laatste map niet wordt weergegeven, ga dan naar de map Temporary Internet Files en type er [b:7a0861b527]\content.ie5[/b:7a0861b527] achter in de adresbalk en klik enter.

    Maak je prullenbak leeg.


    Hoe is het met je problemen?
    Pim
  • Ik heb de tijdelijke mappen geleegd. De temp mappen waren zo goed als leeg, dat was een van de eerste dingen die ik had gedaan om de problemen op lossen. Ik moet helaas zeggen dat het niks beter is geworden..
    Als de kopieer en/of sleep functie nou werkte, kon ik in ieder geval alles backuppen..
  • Download Dr.Web Cureit naar je bureaublad.
    [list:bb42017fc3]
    * Dubbelklik [b:bb42017fc3]drweb-cureit.exe[/b:bb42017fc3] en sta het toe om de express scan te starten.
    * Indien een popup verschijnt met het voorstel tot kopen/50% korting,
    mag je deze sluiten met het kruisje.
    * Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt,
    klik de [b:bb42017fc3]Yes to all[/b:bb42017fc3] knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
    * Kies bovenaan in het menu voor [b:bb42017fc3]Language/Taal[/b:bb42017fc3] en wijzig deze naar [b:bb42017fc3]Dutch (Nederlands)[/b:bb42017fc3] indien deze bij jou anders staat ingesteld.
    * Druk op [b:bb42017fc3]F9[/b:bb42017fc3] en kies daarna voor [b:bb42017fc3]Acties[/b:bb42017fc3] en stel daar het volgende in onder [b:bb42017fc3]Malware[/b:bb42017fc3] :
    o Adware: [b:bb42017fc3]Verplaats[/b:bb42017fc3]
    Dialers: [b:bb42017fc3]Verplaats[/b:bb42017fc3]
    Jokes: [b:bb42017fc3]Rapportage[/b:bb42017fc3]
    Riskware: [b:bb42017fc3]Rapportage[/b:bb42017fc3]
    Hacktools: [b:bb42017fc3]Verplaats[/b:bb42017fc3]
    Haal dan het [b:bb42017fc3]vinkje weg bij "Prompt bij actie"[/b:bb42017fc3].
    Druk dan op [b:bb42017fc3]OK[/b:bb42017fc3].
    * Druk op [b:bb42017fc3]F9[/b:bb42017fc3] en kies daarna voor [b:bb42017fc3]Scan[/b:bb42017fc3] en verwijder het vinkje bij [b:bb42017fc3]Heuristische analyse[/b:bb42017fc3] en klik op [b:bb42017fc3]OK[/b:bb42017fc3].
    * Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen (Selecteer stations).
    * Selecteer hier [b:bb42017fc3]alle stations[/b:bb42017fc3]. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
    * Klik daarna de
  • Ik denk dat de handleiding voor CureIt voor een oudere versie bestemd is, want er zijn enkele dingen anders. De instellingen heb ik overgenomen en toen een volledige scan gedraaid. Er is helemaal niks gevonden en ik kon ook geen Rapportage opslaan.
    Tussendoor heb ik nog een keer Antivir gedraaid en die kon ook niks meer vinden. Ik ga nu proberen windows te herstellen, zodat ik misschien in ieder geval kan backuppen.

    In ieder geval heel erg bedankt voor al uw moeite.
  • Voor de herstel optie van de windows cd heb je een diskette nodig en mijn laptop heeft helemaal geen diskette station.
    Ik zit er aan te denken om misschien een tweede Windows XP pro instalatie te doen om dan wel met de bestanden te kunnen werken. Is er iemand die mij kan uitleggen of dit kan?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.