Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Problemen met trojan-downloader.conhook en Virtumondo

Anoniem
juisterr
17 antwoorden
  • Ik heb sinds een week problemen met trojan-downloader.conhook, Trojan.Agent en Trojan Virtumondo. Ik gebruik Norton virusscanner en de PC Tools SpywareDoctor. Daarnaast heb ik ook al Hitman Pro laten draaien. De genoemde virussen en/ of spyware worden steeds verwijderd maar komen na elke herstart direct weer terug. Ik heb hierdoor een zeer traag systeem en veel problemen met de Internet Explorer; traag en oneindig veel pop ups. Hierbij mijn HijackThis log. Ik hoop dat u mij kunt helpen.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:15:24, on 31-5-2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Utilities\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xs4all.nl/~mjkoster/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=3070927
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
    vsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [Visual Subst] "C:\Utilities\VisualSubst\Install\VSubst.exe" /startup
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\wij\AppData\Local\Temp\yaywxYom.dll,#1
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\wij\AppData\Local\Temp\rqRIaBSi.dll,c
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Users\wij\AppData\Roaming\Microsoft\dtsc\3181.exe
    O4 - HKCU\..\Run: [2ab91582] rundll32.exe "C:\Users\wij\AppData\Local\Temp\ehscchet.dll",b
    O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\wij\AppData\Local\Temp
    wnpkqoy.dll",run
    O4 - HKCU\..\Run: [BM298a261e] Rundll32.exe "C:\Users\wij\AppData\Local\Temp\cvtfokhu.dll",s
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device… - C:\Utilities\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device… - C:\Utilities\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Utilities\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin
    pjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin
    pjpi160.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Utilities\Ad-Aware 2007\aawservice.exe
    O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
    O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe


    End of file - 9326 bytes



  • Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
    Kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:d8a62150bc]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\wij\AppData\Local\Temp\yaywxYom.dll,#1
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\wij\AppData\Local\Temp\rqRIaBSi.dll,c
    O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Users\wij\AppData\Roaming\Microsoft\dtsc\3181.exe
    O4 - HKCU\..\Run: [2ab91582] rundll32.exe "C:\Users\wij\AppData\Local\Temp\ehscchet.dll",b
    O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\wij\AppData\Local\Temp
    wnpkqoy.dll",run
    O4 - HKCU\..\Run: [BM298a261e] Rundll32.exe "C:\Users\wij\AppData\Local\Temp\cvtfokhu.dll",s
    [/b:d8a62150bc]
    Klik op 'Fix checked' om de items te verwijderen.

    Download ATF cleaner (gemaakt door Atribune)
    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij [b:d8a62150bc]Select All[/b:d8a62150bc].
    Klik op de knop [b:d8a62150bc]Empty Selected[/b:d8a62150bc].

    Het volgende doen als je ook FireFox als browser hebt:
    Klik op tabblad "Firefox", plaats een vinkje bij [b:d8a62150bc]Select All[/b:d8a62150bc].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords";)
    Klik op de knop [b:d8a62150bc]Empty Selected[/b:d8a62150bc].

    Het volgende doen als je ook Opera als browser hebt:
    Klik op tabblad "Opera", plaats een vinkje bij [b:d8a62150bc]Select All[/b:d8a62150bc].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:d8a62150bc]Empty Selected[/b:d8a62150bc].
    Ga naar het tabblad "Main" en klik op de knop [b:d8a62150bc]Exit[/b:d8a62150bc] om het programma af te sluiten.

    Download Malwarebytes' Anti-Malware via [b:d8a62150bc]hier[/b:d8a62150bc] of [b:d8a62150bc]hier[/b:d8a62150bc].

    Dubbelklik mbam-setup.exe om het programma te installeren.[list:d8a62150bc]
    [*:d8a62150bc]Zorg ervoor dat er een vinkje geplaatst is voor [b:d8a62150bc]Update Malwarebytes' Anti-Malware[/b:d8a62150bc] en [b:d8a62150bc]Launch Malwarebytes' Anti-Malware[/b:d8a62150bc], Klik daarna op "finish".
    [*:d8a62150bc]Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
    [*:d8a62150bc]Wanneer het programma volledig up to date is, selecteer "[b:d8a62150bc]Perform Quick Scan[/b:d8a62150bc]", daarna klik [b:d8a62150bc]Scan[/b:d8a62150bc].
    [*:d8a62150bc]Het scannen kan een tijdje duren, dus wees geduldig.
    [*:d8a62150bc]Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
    [*:d8a62150bc]Zorg ervoor dat daar [b:d8a62150bc]alles aangevinkt is[/b:d8a62150bc], daarna klik: [b:d8a62150bc]Remove Selected[/b:d8a62150bc].
    [*:d8a62150bc]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
    [*:d8a62150bc]De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
    [*:d8a62150bc]Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.
    [/list:u:d8a62150bc]
    Extra opmerking:
    [b:d8a62150bc]Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten… dus sta toe dat MBAM de computer opnieuw opstart.[/b:d8a62150bc]
    Herstart de computer en plaats ook een nieuw HJT logje
  • Beste juisterr. Fijn dat je me wilt helpen. Hierbij de logs.

    Malwarebytes' Anti-Malware 1.14
    Database versie: 824
    20:06:05 4-6-2008
    mbam-log-6-4-2008 (20-06-05).txt
    Scan type: Snelle Scan
    Objecten gescand: 49719
    Verstreken tijd: 9 minute(s), 15 second(s)
    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 39
    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)
    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)
    Registersleutels geïnfecteerd:
    (Geen kwaadaardige items gevonden)
    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)
    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)
    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)
    Bestanden geïnfecteerd:
    C:\Users\wij\AppData\Local\Temp\mgtsbwci.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp0000a10f (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp0000a5df (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp0000b309 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp0000b691 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp0000bfa6 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp0000cf9d (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp0000d73b (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp0000e53f (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp0000ebf3 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp0000fdbe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp00013f50 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp000181fb (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp0001e31d (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp00040f8a (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp000458d9 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp00067915 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp000c2155 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp0013193a (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp0013a1e9 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp002ad162 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp002d82e5 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp002db4be (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp003c6e7c (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp00424911 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp0051587c (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp005a533f (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp00606845 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp006ff9bb (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp008daee7 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp0120ff1b (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp012f237d (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp013c1116 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp01bc3635 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp01dbb3dd (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp01e2b8ad (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\AppData\Local\Temp\tmp01fdb110 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\Local Settings\Temporary Internet Files\Content.IE5\UZHIESR0\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\wij\Local Settings\Temporary Internet Files\Content.IE5\UZHIESR0\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:31:24, on 4-6-2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Utilities\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xs4all.nl/~mjkoster/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=3070927
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
    vsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [Visual Subst] "C:\Utilities\VisualSubst\Install\VSubst.exe" /startup
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\wij\AppData\Local\Temp\rqRIaBSi.dll,c
    O4 - HKCU\..\Run: [BM298a261e] Rundll32.exe "C:\Users\wij\AppData\Local\Temp\ksybgjui.dll",s
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device… - C:\Utilities\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device… - C:\Utilities\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Utilities\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin
    pjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin
    pjpi160.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Utilities\Ad-Aware 2007\aawservice.exe
    O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
    O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe


    End of file - 9161 bytes


  • Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
    Kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:9a8b1d41b9]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\wij\AppData\Local\Temp\rqRIaBSi.dll,c
    O4 - HKCU\..\Run: [BM298a261e] Rundll32.exe "C:\Users\wij\AppData\Local\Temp\ksybgjui.dll",s
    [/b:9a8b1d41b9]
    Klik op 'Fix checked' om de items te verwijderen.




    Volg de instructies zoals beschreven op de volgende pagina: hoe-dient-combofix-gebruikt-te-worden

    Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
    Is er iets niet duidelijk, dan vraag je het.
    Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • Beste juisterr.
    Via Hijackthis de regels die je aangeeft verwijderd. De regel "R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =" kan ik niet vinden.
    Vervolgens de gegevens van ComboFix doorgelezen en het programma gedownload.
    Omdat de problemen die ik heb voorkomen in het gebruikersaccount "wij" doe ik alle handelingen in dit account. Ik sluit alle antispyware en firewallprogramma's. Mijn Norton antivirusprogramma kan ik niet afsluiten, ook niet als ik dit als administrator probeer.
    Als ik het ComboFix icoon dubbelklik, kies voor uitvoeren en me inlog als administrator, verschijnt er een klein boxje met bovenin de naam combifix en hieronder een balkje dat in 3 seconden vol loopt. Hierna gebeurt er niets meer. Ik wacht nu een minuut of 10 maar de processor heeft geen enkele activiteit. De computer hangt niet en is gewoon te gebruiken.
    Ik durf de handelingen niet zonder jouw goedkeuring te proberen in het administrator account.

    Ik heb wel een Hijackthis log gemaakt.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:28:24, on 5-6-2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal
    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Utilities\Ad-Aware 2007\aawservice.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\Windows\system32\CTsvcCDA.exe
    C:\Windows\system32\dlcxcoms.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\PSIService.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Windows\system32\svchost.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\rundll32.exe
    C:\Utilities\HijackThis\HijackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xs4all.nl/~mjkoster/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe –hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
    vsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'wij')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [Visual Subst] "C:\Utilities\VisualSubst\Install\VSubst.exe" /startup (User 'wij')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'wij')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [MS Juan] rundll32 "C:\Users\wij\AppData\Local\Temp\xtpbgwrj.dll",run (User 'wij')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [2ab91582] rundll32.exe "C:\Users\wij\AppData\Local\Temp\vwrhwhnv.dll",b (User 'wij')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [BM298a261e] Rundll32.exe "C:\Users\wij\AppData\Local\Temp\bnborpsg.dll",s (User 'wij')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [cmds] rundll32.exe C:\Users\wij\AppData\Local\Temp\rqRIaBSi.dll,c (User 'wij')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Utilities\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin
    pjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin
    pjpi160.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Utilities\Ad-Aware 2007\aawservice.exe
    O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
    O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

    End of file - 11938 bytes


  • Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
    Kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:8a09f79789]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [Visual Subst] "C:\Utilities\VisualSubst\Install\VSubst.exe" /startup (User 'wij')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [MS Juan] rundll32 "C:\Users\wij\AppData\Local\Temp\xtpbgwrj.dll",run (User 'wij')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [2ab91582] rundll32.exe "C:\Users\wij\AppData\Local\Temp\vwrhwhnv.dll",b (User 'wij')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [BM298a261e] Rundll32.exe "C:\Users\wij\AppData\Local\Temp\bnborpsg.dll",s (User 'wij')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [cmds] rundll32.exe C:\Users\wij\AppData\Local\Temp\rqRIaBSi.dll,c (User 'wij')
    [/b:8a09f79789]
    Klik op 'Fix checked' om de items te verwijderen.


    Run combofix als administrator <<<<<<
  • -ingelogd als gebruiker "wij"
    -hijackthis uitvoeren als admin en de opgegeven regels verwijderd.
    -afgemeld en ingelogt als admin
    -alle scanners afgesloten en zoveel mogelijk in de norton virusscanner afgesloten
    -combofix opgestart, op "onbekende uitgever" uitvoeren geklikt, UAC waarschuwing ook gezien en op "doorgaan" geklikt
    -het eerder genoemde combofix boxje verschijnt en loopt weer vol
    -de iconen op mijn bureaublad gaan een keer uit en weer aan
    -hierna gebeurt er niets meer :oops:
    -na 10 minuten afmelden en terug naar "wij" account
    -hijackthis uitvoeren als admin en de volgende, teruggekomen regels weer verwijderd:
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [BM298a261e] Rundll32.exe "C:\Users\wij\AppData\Local\Temp\bnborpsg.dll",s (User 'wij')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [cmds] rundll32.exe C:\Users\wij\AppData\Local\Temp\rqRIaBSi.dll,c (User 'wij')
    -de andere 3 regels zijn nu weg
    -een nieuwe log gemaakt

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:57:11, on 7-6-2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Utilities\Ad-Aware 2007\aawservice.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\Windows\system32\CTsvcCDA.exe
    C:\Windows\system32\dlcxcoms.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\PSIService.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Utilities\HijackThis\HijackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xs4all.nl/~mjkoster/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
    vsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'wij')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'wij')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [cmds] rundll32.exe C:\Users\wij\AppData\Local\Temp\rqRIaBSi.dll,c (User 'wij')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [BM298a261e] Rundll32.exe "C:\Users\wij\AppData\Local\Temp\ponhwnqs.dll",s (User 'wij')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Utilities\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin
    pjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin
    pjpi160.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Utilities\Ad-Aware 2007\aawservice.exe
    O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
    O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe


    End of file - 11413 bytes


  • Hallo, start opnieuw op als gebruiker ‘wij’

    Ga naar Start - Uitvoeren en geef daar het volgende in:
    [b:d0e1011fb9]%appdata%\Local\Temp
    [/b:d0e1011fb9]
    Druk op OK.
    Er zal een map openen, verwijder alles dat zich in deze map bevindt.

    Plaats een nieuw HJT logje
  • Er opent een temp map waaruit ik 182 items kan verwijderen.
    2 bestanden krijg ik niet weg, ook niet als admin nml.
    ponhwnqs.dll en rqRIaBSi.dll

    Hier de nieuwe HJT log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:36:13, on 7-6-2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Utilities\Ad-Aware 2007\aawservice.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\Windows\system32\CTsvcCDA.exe
    C:\Windows\system32\dlcxcoms.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\PSIService.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Utilities\HijackThis\HijackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xs4all.nl/~mjkoster/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
    vsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'wij')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'wij')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [cmds] rundll32.exe C:\Users\wij\AppData\Local\Temp\rqRIaBSi.dll,c (User 'wij')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [BM298a261e] Rundll32.exe "C:\Users\wij\AppData\Local\Temp\ponhwnqs.dll",s (User 'wij')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Utilities\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin
    pjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin
    pjpi160.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Utilities\Ad-Aware 2007\aawservice.exe
    O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
    O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe


    End of file - 11567 bytes


  • Ook niet in veilige modus ????
  • Ja, ze zijn nu wel weg te halen.
    Als ik daarna terug ga naar het "wij" account om een nieuwe HJT log te maken, krijg ik 2 foutmeldingen waarin aangegeven wordt dat de 2 verwijderde dll files niet gevonden worden.

    Nieuwe log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:51:40, on 7-6-2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Utilities\Ad-Aware 2007\aawservice.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\Windows\system32\CTsvcCDA.exe
    C:\Windows\system32\dlcxcoms.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\PSIService.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Utilities\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xs4all.nl/~mjkoster/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
    vsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'wij')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'wij')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [cmds] rundll32.exe C:\Users\wij\AppData\Local\Temp\rqRIaBSi.dll,c (User 'wij')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [BM298a261e] Rundll32.exe "C:\Users\wij\AppData\Local\Temp\ponhwnqs.dll",s (User 'wij')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Utilities\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin
    pjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin
    pjpi160.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Utilities\Ad-Aware 2007\aawservice.exe
    O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
    O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe


    End of file - 11594 bytes


  • Natuurlijk zegt hij dat.


    Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
    Kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:700a7d2499]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [cmds] rundll32.exe C:\Users\wij\AppData\Local\Temp\rqRIaBSi.dll,c (User 'wij')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [BM298a261e] Rundll32.exe "C:\Users\wij\AppData\Local\Temp\ponhwnqs.dll",s (User 'wij')
    [/b:700a7d2499]
    Klik op 'Fix checked' om de items te verwijderen.



    Volg de instructies zoals beschreven op de volgende pagina: hoe-dient-combofix-gebruikt-te-worden

    Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
    Is er iets niet duidelijk, dan vraag je het.
    Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • Hallo juisterr
    De items verwijderd. Daarna in het "wij" account Combofix gestart. Dit keer is dit gelukt. :D
    Hier de beide logs.

    ComboFix 08-06-05.3 - beheerder 10-06-2008 18:58:06.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.863 [GMT 2:00]
    Gestart vanuit: C:\Users\wij\Desktop\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
    C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat

    —– BITS: Mogelijk geïnfecteerde sites —–

    hxxp://theinstalls.com
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-05-10 to 2008-06-10 ))))))))))))))))))))))))))))))
    .

    Geen nieuwe bestanden aangemaakt in deze periode

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-10 16:58 6,736 —-a-w C:\Windows\system32\drivers\PROCEXP90.SYS
    2008-06-10 16:48 ——— d—–w C:\Program Files\Dl_cats
    2008-06-10 15:26 ——— d—a-w C:\ProgramData\TEMP
    2008-06-10 09:20 ——— d—–w C:\Program Files\Spyware Doctor
    2008-06-10 09:12 ——— d—–w C:\ProgramData\Google Updater
    2008-06-07 21:17 3,766 –sha-w C:\Windows\System32\KGyGaAvL.sys
    2008-06-05 20:04 ——— d—–w C:\Program Files\Norton Security Scan
    2008-06-04 21:22 ——— d—–w C:\Users\internet\AppData\Roaming\Winamp
    2008-06-04 17:45 ——— d—–w C:\Users\beheerder\AppData\Roaming\Malwarebytes
    2008-06-04 17:45 ——— d—–w C:\ProgramData\Malwarebytes
    2008-06-04 17:13 41,288 —-a-w C:\Windows\system32\drivers\ikfilesec.sys
    2008-06-03 15:50 805 —-a-w C:\Windows\system32\drivers\SYMEVENT.INF
    2008-06-03 15:50 123,952 —-a-w C:\Windows\system32\drivers\SYMEVENT.SYS
    2008-06-03 15:50 10,671 —-a-w C:\Windows\system32\drivers\SYMEVENT.CAT
    2008-06-03 15:50 ——— d—–w C:\Program Files\Symantec
    2008-06-02 18:18 ——— d—–w C:\Users\internet\AppData\Roaming\Corel
    2008-06-02 18:00 ——— d—–w C:\Users\internet\AppData\Roaming\Nero
    2008-06-01 21:45 ——— d—–w C:\Users\internet\AppData\Roaming\GrabIt
    2008-06-01 15:44 ——— d—–w C:\Users\wij\AppData\Roaming\GrabIt
    2008-05-31 11:39 ——— d—–w C:\Program Files\CommonTime
    2008-05-31 11:36 ——— d—–w C:\Program Files\Common Files\Real
    2008-05-30 12:43 ——— d—–w C:\Program Files\Microsoft.NET
    2008-05-30 07:38 ——— d–h–w C:\Users\internet\AppData\Roaming\GTek
    2008-05-29 23:06 34,296 —-a-w C:\Windows\system32\drivers\mbamcatchme.sys
    2008-05-29 23:06 15,864 —-a-w C:\Windows\system32\drivers\mbam.sys
    2008-05-29 16:24 74,240 —-a-w C:\Windows\system32\drivers\iksyssec.sys
    2008-05-29 16:24 56,832 —-a-w C:\Windows\system32\drivers\iksysflt.sys
    2008-05-29 15:59 ——— d—–w C:\Users\beheerder\AppData\Roaming\PC Tools
    2008-05-29 15:36 ——— d—–w C:\ProgramData\Spybot - Search & Destroy
    2008-05-29 15:32 ——— d—–w C:\Users\beheerder\AppData\Roaming\Lavasoft
    2008-05-28 15:42 ——— d—–w C:\ProgramData\Prevx
    2008-05-27 20:26 ——— d—–w C:\ProgramData\Symantec
    2008-05-25 09:49 ——— d—–w C:\Users\wij\AppData\Roaming\FrostWire
    2008-05-20 21:22 ——— d—–w C:\Program Files\Google
    2008-05-19 18:34 ——— d—–w C:\Users\wij\AppData\Roaming\NCH Swift Sound
    2008-05-17 12:06 ——— d—–w C:\ProgramData\NCH Swift Sound
    2008-05-17 12:06 ——— d—–w C:\Program Files\NCH Swift Sound
    2008-05-17 12:03 ——— d—–w C:\Users\beheerder\AppData\Roaming\NCH Swift Sound
    2008-05-14 19:54 ——— d—–w C:\Program Files\Windows Mail
    2008-05-12 19:52 ——— d—–w C:\Users\wij\AppData\Roaming\AVS4YOU
    2008-05-12 19:52 ——— d—–w C:\ProgramData\AVS4YOU
    2008-05-12 19:51 ——— d—–w C:\Program Files\Common Files\AVSMedia
    2008-05-12 19:43 ——— d—–w C:\Users\beheerder\AppData\Roaming\AccurateRip
    2008-05-12 19:38 4,230,520 —-a-w C:\Windows\System32\SpoonUninstall.exe
    2008-05-11 20:37 ——— d—–w C:\ProgramData\Hema Album Software Advanced
    2008-05-11 17:15 ——— d—–w C:\Users\wij\AppData\Roaming\ZoomBrowser EX
    2008-05-11 17:12 ——— d—–w C:\ProgramData\ZoomBrowser
    2008-05-04 20:27 ——— d—–w C:\Users\wij\AppData\Roaming\Zylom
    2008-04-22 17:36 ——— d—–w C:\Users\wij\AppData\Roaming\Switchball
    2008-04-22 17:35 ——— d—–w C:\ProgramData\Trymedia
    2008-04-22 17:30 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2008-04-12 18:40 ——— d—–w C:\ProgramData\TomTom
    2008-04-12 18:39 ——— d—–w C:\Users\wij\AppData\Roaming\TomTom
    2008-04-12 18:39 ——— d—–w C:\Program Files\TomTom HOME 2
    2008-03-10 19:37 307,968 —-a-w C:\Windows\System32\TuneUpDefragService.exe
    2007-10-07 18:00 104 —-a-w C:\Users\wij\AppData\Roaming\wklnhst.dat
    2007-10-02 17:45 174 –sha-w C:\Program Files\desktop.ini
    2008-02-13 15:50 16,384 –sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-02-13 15:50 32,768 –sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-02-13 15:50 16,384 –sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    2007-11-05 21:00 88 –sh–r C:\Windows\System32\927314FA20.sys
    .

    ——- Sigcheck ——-

    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    31-01-2008 19:29 116088 –a—— C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [27-09-2007 11:15 77824]
    "NvSvc"="C:\Windows\system32
    vsvc.dll" [28-05-2007 06:59 86016]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [28-05-2007 06:59 81920]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [28-05-2007 06:58 8429568]
    "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01-03-2007 15:57 153136]
    "MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [04-11-2006 03:04 304008]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [31-01-2008 14:15 51048]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-2008 23:16 39792]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [29-05-2008 18:04 1065800]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Corel File Shell Monitor"=C:\Foto's\Corel\Paint Shop Pro X2 demo\CorelIOMonitor.exe
    "UpdReg"=C:\Windows\UpdReg.EXE
    "dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
    "dscactivate"=c:\dell\dsca.exe 3
    "ECenter"=C:\Dell\E-Center\EULALauncher.exe
    "FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" /s
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    "DLCXCATS"=rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
    "VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe"

    "RtHDVCpl"=RtHDVCpl.exe
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    "Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
    "Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{B3C078DB-B300-4177-AC34-BB382355351D}"= UDP:C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor
    "{ECEB57EC-F044-49CA-AE9E-F04BEEEFD269}"= TCP:C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor
    "{3C0C09CE-BC26-4067-BE60-D8FDD0AAF235}"= UDP:C:\Program Files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
    "{D1007CA5-E547-4107-AE41-BB41C809A0FC}"= TCP:C:\Program Files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
    "{BD69E679-B96F-4772-A4AC-41FC109E08DD}"= UDP:C:\Windows\System32\dlcxcoms.exe:Lexmark Communications System
    "{07E59648-0EAD-4793-8E6E-61179F6C978E}"= TCP:C:\Windows\System32\dlcxcoms.exe:Lexmark Communications System
    "{F70FD3DA-BA4E-4714-A802-8046015C0809}"= Disabled:UDP:135:TCP Port 135
    "{15C5DF8B-8018-4628-B15A-3B57B41808EB}"= Disabled:UDP:5000:TCP Port 5000
    "{9F36112A-A31D-46C8-A061-FC4DFA0AF453}"= Disabled:UDP:5001:TCP Port 5001
    "{27A8DC24-E5ED-4839-8C4A-86299CD898CE}"= Disabled:UDP:5002:TCP Port 5002
    "{F5E9CCAD-E88C-4539-9F9D-ED20CE26A45C}"= Disabled:UDP:5003:TCP Port 5003
    "{6058BD8A-A2C4-4C52-BEB1-1FC24D6E136C}"= Disabled:UDP:5004:TCP Port 5004
    "{F12BB214-D3C1-453F-8CB9-AC5DDC95D064}"= Disabled:UDP:5005:TCP Port 5005
    "{06E2F5F7-9230-4867-9384-2B613AB35206}"= Disabled:UDP:5006:TCP Port 5006
    "{AA060DB0-F559-4076-91F5-07F46D5FDA27}"= Disabled:UDP:5007:TCP Port 5007
    "{0DBDE849-2C73-4FB0-AC7F-CFCA48D44A49}"= Disabled:UDP:5008:TCP Port 5008
    "{502A7B0C-36B2-4B77-8E77-88293DDCD71E}"= Disabled:UDP:5009:TCP Port 5009
    "{EB25C0E6-F4D3-4F0D-AB40-49A1CF4A5E47}"= Disabled:UDP:5010:TCP Port 5010
    "{EFB21B16-1B4A-4FC8-83C0-CF1330571042}"= Disabled:UDP:5011:TCP Port 5011
    "{AEBACF19-7E9F-4FC0-98B2-61196E2090D0}"= Disabled:UDP:5012:TCP Port 5012
    "{D28143E9-F096-4E3A-897F-2D772FC7A460}"= Disabled:UDP:5013:TCP Port 5013
    "{B1F4ABF1-FE75-4AF6-8FBB-3A4BF0D5F9F8}"= Disabled:UDP:5014:TCP Port 5014
    "{AF9EDDBA-24BE-425D-8602-2277999A8041}"= Disabled:UDP:5015:TCP Port 5015
    "{0B35C11A-D547-49AA-9B06-F0B985A4301B}"= Disabled:UDP:5016:TCP Port 5016
    "{69BC28EA-599E-45DF-B707-C1A0CD85840E}"= Disabled:UDP:5017:TCP Port 5017
    "{59D4F47D-E68F-4B1B-A54D-55D6B419960A}"= Disabled:UDP:5018:TCP Port 5018
    "{6B61A0CD-FAF4-4BC8-946F-AB66FA6B2592}"= Disabled:UDP:5019:TCP Port 5019
    "{3B3B5807-63B6-4767-B88D-C09DA8589C46}"= Disabled:UDP:5020:TCP Port 5020
    "TCP Query User{F2DE2411-F6F9-4C61-9E12-B29AA2A95DBF}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire
    "UDP Query User{70DA0D45-E0D6-46FD-B0E8-68F120093A78}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire
    "{E9EB90D2-1E1A-4F1E-890E-35E51A73E54B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{FF860C12-E9F1-4EEC-B6DB-39315D97BB75}"= Disabled:UDP:C:\Program Files\GrabIt\GrabIt.exe:GrabIt
    "{C240E400-5A50-45F0-A506-F06BE39E49E6}"= Disabled:TCP:C:\Program Files\GrabIt\GrabIt.exe:GrabIt
    "{B7A722DF-5EC5-4FC7-B3A0-C8ABB2273A3E}"= UDP:C:\Games\Test Drive Unlimited\TestDriveUnlimited.exe:Test Drive Unlimited starten
    "{8A171F24-FB6C-4EE8-90A2-CA6188636AD0}"= TCP:C:\Games\Test Drive Unlimited\TestDriveUnlimited.exe:Test Drive Unlimited starten

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080607.001\IDSvix86.sys [13-02-2008 18:18]
    R2 dlcx_device;dlcx_device;C:\Windows\system32\dlcxcoms.exe [04-11-2006 03:07]
    R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
    R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [02-11-2006 11:45]
    R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [11-07-2007 09:15]
    R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\Windows\System32\svchost.exe [02-11-2006 11:45]
    R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [02-11-2006 11:45]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [13-08-2007 14:50]
    S3 btwaudio;Bluetooth-audioapparaat;C:\Windows\system32\drivers\btwaudio.sys [20-11-2006 14:59]
    S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [20-11-2006 14:59]
    S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [20-11-2006 14:59]
    S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [02-11-2006 09:36]
    S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\Windows\system32\DRIVERS\se46bus.sys [30-11-2006 16:11]
    S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\se46mdfl.sys [30-11-2006 16:11]
    S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\se46mdm.sys [30-11-2006 16:11]
    S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\se46mgmt.sys [30-11-2006 16:11]
    S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\Windows\system32\DRIVERS\se46nd5.sys [30-11-2006 16:11]
    S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\se46obex.sys [30-11-2006 16:11]
    S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\Windows\system32\DRIVERS\se46unic.sys [30-11-2006 16:11]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [10-03-2008 21:37]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    *Newly Created Service* - CATCHME
    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-06-02 18:00:00 C:\Windows\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - beheerder.job"
    - C:\Program Files\Norton AntiVirus\Navw32.exeB/TASK:
    "2008-06-10 16:50:13 C:\Windows\Tasks\User_Feed_Synchronization-{5D577E6B-684A-4940-8A88-E5C53E927F6E}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-10 19:03:10
    Windows 6.0.6000 NTFS

    detected NTDLL code modification:
    ZwClose

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 10-06-2008 19:04:54
    ComboFix-quarantined-files.txt 2008-06-10 17:04:48

    Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.
    Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

    225 — E O F — 2008-06-05 19:43:18


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:07:32, on 10-6-2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Utilities\Ad-Aware 2007\aawservice.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\Windows\system32\CTsvcCDA.exe
    C:\Windows\system32\dlcxcoms.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\PSIService.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\Explorer.exe
    C:\Utilities\HijackThis\HijackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xs4all.nl/~mjkoster/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
    vsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'wij')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'wij')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Utilities\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin
    pjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin
    pjpi160.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Utilities\Ad-Aware 2007\aawservice.exe
    O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
    O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe


    End of file - 10551 bytes




  • Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
    Kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:26d2ee912a]
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    [/b:26d2ee912a]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    Download [b:26d2ee912a].
    [list:26d2ee912a][*:26d2ee912a]Scroll omlaag naar : "[i:26d2ee912a]Java Runtime Environment (JRE) 6 Update 6[/i:26d2ee912a]".
    [*:26d2ee912a]Klik op de "[b:26d2ee912a]Download[/b:26d2ee912a]" knop aan de rechterkant.
    [*:26d2ee912a]Vink aan: "[b:26d2ee912a]Accept License Agreement[/b:26d2ee912a]", en klik op [b:26d2ee912a]Continue[/b:26d2ee912a].
    [*:26d2ee912a]De pagina zal herladen.
    [*:26d2ee912a]Klik op de [b:26d2ee912a]Windows Offline Installation, Multi-language[/b:26d2ee912a] link ONDER [b:26d2ee912a]Windows Platform - Java SE Runtime Environment 6 Update 6[/b:26d2ee912a] en bewaar het op je Bureaublad.
    [*:26d2ee912a]Sluit alle programma's die eventueel open zijn - Zeker je web browser!
    [*:26d2ee912a]Ga dan naar [b:26d2ee912a]Start[/b:26d2ee912a] > [b:26d2ee912a]Configuratiescherm[/b:26d2ee912a] > [b:26d2ee912a]Software[/b:26d2ee912a] en verwijder alle oudere versies van Java uit de Softwarelijst. (met Java Runtime Environment (JRE of J2SE) in de naam.
    [*:26d2ee912a]Herhaal dit tot alle oudere versies verdwenen zijn.
    [*:26d2ee912a]Na het verwijderen van alle oudere versies, [b:26d2ee912a]herstart[/b:26d2ee912a] je pc.
    [*:26d2ee912a]Dubbelklik vervolgens op [b:26d2ee912a]jre-6u6-windows-i586-p.exe[/b:26d2ee912a] op je Bureaublad om de nieuwste versie van Java te installeren.[/list:u:26d2ee912a]
  • Done.
    2 oude versies van Java verwijderd.
    opnieuw opgestart.
    nieuwste Java geinstalleerd.
    weer opnieuw opgestart.
    nieuwe hijackthis log gemaakt.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:30:39, on 10-6-2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Utilities\Ad-Aware 2007\aawservice.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\Windows\system32\CTsvcCDA.exe
    C:\Windows\system32\dlcxcoms.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\PSIService.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Utilities\HijackThis\HijackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xs4all.nl/~mjkoster/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
    vsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'wij')
    O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'wij')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Utilities\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Utilities\Ad-Aware 2007\aawservice.exe
    O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
    O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe


    End of file - 10421 bytes
  • Volgens mij toch weer terug schoon dit logje
  • computer snel, internet zonder pop-ups, diverse scanners geven geen meldingen meer bij scans. Ik denk dat alles weer OK is.
    Juisterr, heel veel dank voor je hulp. Je hebt me geweldig geholpen. :D

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.