't Was lang geleden...

**Licorne** · 23 June 2008, 21:31

De Jotti Scan:

Service load: 0% 100% File: iun6002.exe Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 456462905091db042141487fe030e3c9 Packers detected: -
Scanner results
Scan taken on 23 Jun 2008 19:28:47 (GMT) A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

**Roelof** · 23 June 2008, 21:37

oke,

En mag ik ook de andere logjes,

Roelof

**Licorne** · 23 June 2008, 21:41

Hier zijn de logjes. Even opmerken dat bij de upload naar de online virusscanner de browser 3x eigenaardig reageerde en melde dat de pagina niet te bereiken was...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:44, on 23/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
D:\Programma's\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BM07429b67] Rundll32.exe "C:\WINDOWS\system32\eeoufwpl.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Catalyst System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1208531627421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1213945159718
O17 - HKLM\System\CCS\Services\Tcpip\..\{3559F10A-E148-4E4F-9783-5DEF063D4144}: NameServer = 193.109.184.75 193.109.184.72
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
--
End of file - 8282 bytes

ComboFix 08-06-20.4 - Eigenaar 2008-06-23 21:36:03.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1628 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Eigenaar\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
* Resident AV is active

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
FILE ::
C:\WINDOWS\system32\aheorbqo.dll
C:\WINDOWS\system32\bqmcokim.dll
C:\WINDOWS\system32\culemsoh.tmp
C:\WINDOWS\system32\eeoufwpl.dll
C:\WINDOWS\system32\fxlempdo.dll
C:\WINDOWS\system32\hosmeluc.dll
C:\WINDOWS\system32\qefbdwwp.dll
C:\WINDOWS\system32\rxhigois.dll
C:\WINDOWS\system32\sjmkiigr.dll
C:\WINDOWS\system32\wmpns.dll
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aheorbqo.dll
C:\WINDOWS\system32\bqmcokim.dll
C:\WINDOWS\system32\culemsoh.tmp
C:\WINDOWS\system32\eeoufwpl.dll
C:\WINDOWS\system32\fxlempdo.dll
C:\WINDOWS\system32\hosmeluc.dll
C:\WINDOWS\system32\qefbdwwp.dll
C:\WINDOWS\system32\rxhigois.dll
C:\WINDOWS\system32\sjmkiigr.dll
C:\WINDOWS\system32\wmpns.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-05-23 to 2008-06-23 ))))))))))))))))))))))))))))))
.
2008-06-23 21:23 . 2008-06-23 21:35 <DIR> dr-h----- C:\Documents and Settings\Eigenaar\Onlangs geopend
2008-06-21 00:55 . 2008-06-21 00:55 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-21 00:55 . 2008-06-21 01:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-20 09:23 . 2008-06-20 09:23 <DIR> d-------- C:\WINDOWS\system32\nl-nl
2008-06-20 09:23 . 2008-06-20 09:23 <DIR> d-------- C:\WINDOWS\system32\nl
2008-06-20 09:23 . 2008-06-20 09:23 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-20 09:23 . 2008-06-20 09:23 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-20 09:22 . 2008-06-20 09:22 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-20 09:18 . 2008-06-20 09:18 <DIR> d-------- C:\WINDOWS\EHome
2008-06-20 07:15 . 2008-06-20 07:15 0 --a------ C:\WINDOWS\BM07429b67.xml
2008-06-13 00:24 . 2008-06-22 22:37 616 --a------ C:\WINDOWS\wininit.ini
2008-06-13 00:22 . 2008-06-13 00:48 <DIR> d-------- C:\Program Files\HarvEX
2008-06-11 12:37 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 12:36 . 2008-06-14 19:36 272,640 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 12:36 . 2008-06-14 19:36 272,640 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-05 08:57 . 2008-06-05 08:57 <DIR> d-------- C:\Program Files\ZZultimativ-R-v1.3
2008-06-04 19:45 . 2008-06-04 19:46 <DIR> d-------- C:\Program Files\SubSync
2008-06-04 19:45 . 2008-06-04 19:45 249,856 --------- C:\WINDOWS\Setup1.exe
2008-06-04 19:45 . 2008-06-04 19:45 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-06-04 19:44 . 2008-06-04 19:45 <DIR> d-------- C:\Program Files\VisualSubSync
2008-06-03 10:38 . 2008-06-03 10:38 <DIR> d-------- C:\Program Files\Solveig Multimedia
2008-06-03 10:38 . 2008-06-03 10:38 <DIR> d-------- C:\Program Files\Common Files\Solveig Multimedia
2008-06-03 10:38 . 2008-06-03 10:38 <DIR> d-------- C:\Program Files\Common Files\Elecard
2008-06-02 11:08 . 2008-06-02 11:08 74,752 --a------ C:\WINDOWS\cadkasdeinst01e.exe
2008-06-02 10:58 . 2008-06-02 10:58 <DIR> d-------- C:\Program Files\Cuttermaran
2008-06-02 10:58 . 2008-06-02 11:00 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Cuttermaran
2008-05-30 18:49 . 2008-05-30 18:49 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\NeroDigital™
2008-05-27 10:04 . 2008-05-27 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-05-27 10:03 . 2008-05-27 10:03 <DIR> d-------- C:\Program Files\GRETECH
2008-05-27 10:03 . 2008-05-27 10:03 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\GRETECH
2008-05-27 09:32 . 2008-05-27 09:32 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-26 22:08 . 2008-05-26 22:08 <DIR> d-------- C:\Program Files\SyncView
2008-05-26 22:08 . 2003-08-18 12:25 1,344,512 --a------ C:\WINDOWS\system32\COMCTL32.OCX
2008-05-26 22:08 . 2004-03-09 00:00 152,848 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-05-26 22:07 . 2008-05-26 22:07 796,672 --a------ C:\WINDOWS\GPInstall.exe
2008-05-26 22:07 . 2000-07-29 08:53 8,520 --a------ C:\WINDOWS\Dutch.gpl
2008-05-26 17:25 . 2008-05-26 22:38 3,993,423,872 --a------ C:\dvdimage.img
2008-05-26 15:14 . 2008-05-26 15:14 <DIR> d-------- C:\Program Files\DVD Shrink
2008-05-26 15:14 . 2008-06-17 09:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-26 15:01 . 2008-05-26 15:01 <DIR> d-------- C:\Program Files\Musclesoft
2008-05-25 23:07 . 2002-04-22 19:51 503,296 --a------ C:\Program Files\WeetHetBitRates.exe
2008-05-25 23:03 . 2008-05-25 23:03 <DIR> d-------- C:\Program Files\Sun
2008-05-25 23:03 . 2008-05-25 23:03 <DIR> d-------- C:\Program Files\Java
2008-05-25 23:03 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-25 23:01 . 2008-05-25 23:01 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-25 11:51 . 2008-05-26 22:35 4,096 --a------ C:\aaaa.bin
2008-05-24 13:38 . 2008-05-24 13:38 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2008-05-24 13:37 . 2008-05-24 13:37 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-05-24 13:34 . 2008-05-24 13:34 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-24 13:32 . 2008-05-24 13:32 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\CyberLink
2008-05-23 23:48 . 2008-05-23 23:48 <DIR> d-------- C:\Program Files\GoldWave
2008-05-23 00:20 . 2008-05-23 00:20 105,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-05-23 00:20 . 2008-05-23 00:20 103,936 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-05-23 00:20 . 2008-05-23 00:20 86,016 --------- C:\WINDOWS\system32\pxwma.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-21 09:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-15 01:00 --------- d-----w C:\Program Files\The FilmMachine
2008-06-06 14:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-23 20:49 --------- d-----w C:\Program Files\DVDlabPro2
2008-05-22 22:20 --------- d-----w C:\Program Files\Pegasys Inc
2008-05-19 21:37 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Pegasys Inc
2008-05-17 08:29 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-16 17:23 --------- d-----w C:\Program Files\Common Files\Nero
2008-05-16 17:23 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Nero
2008-05-16 17:22 --------- d-----w C:\Program Files\Nero
2008-05-16 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-15 22:11 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-15 19:33 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Ahead
2008-05-14 22:40 --------- d-----w C:\Program Files\CCleaner
2008-05-14 22:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-05-14 21:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 16:05 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Talkback
2008-05-09 13:48 --------- d-----w C:\Program Files\directX
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 22:07 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Apple Computer
2008-05-07 22:06 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Media Player Classic
2008-05-07 20:29 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-05-07 20:18 --------- d-----w C:\Program Files\Custom Technology
2008-05-07 20:09 --------- d-----w C:\Program Files\Real Alternative
2008-05-07 20:06 --------- d-----w C:\Program Files\QuickTime
2008-05-07 20:06 --------- d-----w C:\Program Files\Apple Software Update
2008-05-07 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-07 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-07 19:56 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-07 05:12 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 07:19 --------- d-----w C:\Program Files\VideoLAN
2008-05-06 07:19 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\vlc
2008-05-04 21:48 --------- d-----w C:\Program Files\Switch Off
2008-04-24 19:30 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-04-23 21:39 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-23 21:35 --------- d-----w C:\Program Files\UnderCoverXP
2008-04-23 21:35 --------- d-----w C:\Program Files\DVD Decrypter
2008-04-23 21:31 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-04-23 21:29 --------- d-----w C:\Program Files\ScanSoft
2008-04-23 21:29 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-04-23 21:29 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\ScanSoft
2008-04-23 21:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\SSScanWizard
2008-04-23 21:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2008-04-23 21:28 --------- d-----w C:\Program Files\Canon
2008-04-23 21:28 --------- d-----w C:\Program Files\ArcSoft
2008-04-21 06:57 669,184 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-18 15:04 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-17 17:24 89,600 ----a-w C:\WINDOWS\system32\atl71.dll
2008-04-17 17:24 503,808 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-17 17:24 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-17 17:24 258,352 ----a-w C:\WINDOWS\system32\unicows.dll
2008-04-17 17:24 1,053,184 ----a-w C:\WINDOWS\system32\mfc71u.dll
2008-04-14 20:33 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 20:32 424,448 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 20:32 1,001,472 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 17:19 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 17:06 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 17:02 99,840 ----a-w C:\WINDOWS\system32\winscard.dll
2008-04-14 17:01 763,904 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 17:00 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 17:00 3,584 ----a-w C:\WINDOWS\system32\icmp.dll
2008-04-14 17:00 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 17:00 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 17:00 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 17:00 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 16:41 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 16:41 2,149,888 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 16:41 2,028,544 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 16:39 88,064 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 16:38 78,336 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 16:38 2,965,504 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-04-14 16:37 50,176 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 16:36 566,784 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 16:36 189,952 ----a-w C:\WINDOWS\system32\wmerror.dll
2008-04-14 16:35 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 16:34 67,584 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 16:34 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 16:33 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-04-14 16:32 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
2008-04-14 16:31 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:40 437,248 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 18:37 2,962,432 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:35 196,096 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-04-01 22:28 2,102,272 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-22_22.59.03.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-22 20:57:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-23 19:23:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:02 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-04-23 00:01 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-04-23 18:19 1189104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-06-23 05:21 847872]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 13:43 45056]
"GameFace Messenger"="C:\Program Files\GameFace Messenger\GameFace.exe" [ ]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-23 00:06 29744]
"NWEReboot"="" []
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 09:29 729088]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"BM07429b67"="C:\WINDOWS\system32\eeoufwpl.dll " [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:02 15360]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Catalyst System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [12-8-2005 13:43:58 45056]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [23-4-2008 0:01:54 124400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~ 1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= msaud32_divx.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Emule\\Morph 8.10\\Ultimativ-MoD F-25c.exe"=
"C:\\Program Files\\ZZultimativ-R-v1.3\\emule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 mv61xx;mv61xx;C:\WINDOWS\system32\DRIVERS\mv61xx.s ys [2006-07-28 08:59]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfw tdir.sys [2008-03-13 16:52]
S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-23 00:06]
S3 SkLaggProtocol;SysKonnect Link Aggregation Protocol (LAGG) Support;C:\WINDOWS\system32\DRIVERS\yk51lagg.sys []
S3 SkVlanProtocol;SysKonnect Virtual LAN (VLAN) Support;C:\WINDOWS\system32\DRIVERS\skvlan.sys [2005-11-30 02:15]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys []
*Newly Created Service* - CATCHME
.
Inhoud van de 'Gedeelde Taken' map
"2008-06-20 08:58:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 21:37:24
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2008-06-23 21:37:54
ComboFix-quarantined-files.txt 2008-06-23 19:37:49
ComboFix2.txt 2008-06-22 21:10:08
ComboFix3.txt 2008-06-22 20:59:13
Pre-Run: 26,285,645,824 bytes beschikbaar
Post-Run: 26,275,971,072 bytes beschikbaar
275 --- E O F --- 2008-06-20 07:05:35

**Roelof** · 24 June 2008, 13:56

Hoi Licorne,

Het raar doen , kan komen omdat de site druk was of omdat er nog resten aanwezig zijn in je computer.

Open Kladblok, kopiëer en plak de onderstaande tekst in een leeg venster:

Code:

 
File::
C:\WINDOWS\system32\eeoufwpl.dll
C:\WINDOWS\BM07429b67.xml

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM07429b67"=-

Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

Groetjes,

Roelof

**Licorne** · 24 June 2008, 21:50

Hier gaan we.

Heb gemerkt dat tijdens het runnen van Combofix, NOD32 een virus heeft detecteerd en gedeleted.

ComboFix 08-06-20.4 - Eigenaar 2008-06-24 21:45:50.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1559 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Eigenaar\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
* Resident AV is active

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
FILE ::
C:\WINDOWS\BM07429b67.xml
C:\WINDOWS\system32\eeoufwpl.dll
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM07429b67.xml
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-05-24 to 2008-06-24 ))))))))))))))))))))))))))))))
.
2008-06-24 21:42 . 2008-06-24 21:45 <DIR> dr-h----- C:\Documents and Settings\Eigenaar\Onlangs geopend
2008-06-21 00:55 . 2008-06-21 00:55 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-21 00:55 . 2008-06-21 01:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-20 09:23 . 2008-06-20 09:23 <DIR> d-------- C:\WINDOWS\system32\nl-nl
2008-06-20 09:23 . 2008-06-20 09:23 <DIR> d-------- C:\WINDOWS\system32\nl
2008-06-20 09:23 . 2008-06-20 09:23 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-20 09:23 . 2008-06-20 09:23 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-20 09:22 . 2008-06-20 09:22 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-20 09:18 . 2008-06-20 09:18 <DIR> d-------- C:\WINDOWS\EHome
2008-06-13 00:24 . 2008-06-22 22:37 616 --a------ C:\WINDOWS\wininit.ini
2008-06-13 00:22 . 2008-06-13 00:48 <DIR> d-------- C:\Program Files\HarvEX
2008-06-11 12:37 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 12:36 . 2008-06-14 19:36 272,640 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 12:36 . 2008-06-14 19:36 272,640 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-05 08:57 . 2008-06-05 08:57 <DIR> d-------- C:\Program Files\ZZultimativ-R-v1.3
2008-06-04 19:45 . 2008-06-04 19:46 <DIR> d-------- C:\Program Files\SubSync
2008-06-04 19:45 . 2008-06-04 19:45 249,856 --------- C:\WINDOWS\Setup1.exe
2008-06-04 19:45 . 2008-06-04 19:45 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-06-04 19:44 . 2008-06-04 19:45 <DIR> d-------- C:\Program Files\VisualSubSync
2008-06-03 10:38 . 2008-06-03 10:38 <DIR> d-------- C:\Program Files\Solveig Multimedia
2008-06-03 10:38 . 2008-06-03 10:38 <DIR> d-------- C:\Program Files\Common Files\Solveig Multimedia
2008-06-03 10:38 . 2008-06-03 10:38 <DIR> d-------- C:\Program Files\Common Files\Elecard
2008-06-02 11:08 . 2008-06-02 11:08 74,752 --a------ C:\WINDOWS\cadkasdeinst01e.exe
2008-06-02 10:58 . 2008-06-02 10:58 <DIR> d-------- C:\Program Files\Cuttermaran
2008-06-02 10:58 . 2008-06-02 11:00 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Cuttermaran
2008-05-30 18:49 . 2008-05-30 18:49 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\NeroDigital™
2008-05-27 10:04 . 2008-05-27 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-05-27 10:03 . 2008-05-27 10:03 <DIR> d-------- C:\Program Files\GRETECH
2008-05-27 10:03 . 2008-05-27 10:03 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\GRETECH
2008-05-27 09:32 . 2008-05-27 09:32 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-26 22:08 . 2008-05-26 22:08 <DIR> d-------- C:\Program Files\SyncView
2008-05-26 22:08 . 2003-08-18 12:25 1,344,512 --a------ C:\WINDOWS\system32\COMCTL32.OCX
2008-05-26 22:08 . 2004-03-09 00:00 152,848 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-05-26 22:07 . 2008-05-26 22:07 796,672 --a------ C:\WINDOWS\GPInstall.exe
2008-05-26 22:07 . 2000-07-29 08:53 8,520 --a------ C:\WINDOWS\Dutch.gpl
2008-05-26 17:25 . 2008-05-26 22:38 3,993,423,872 --a------ C:\dvdimage.img
2008-05-26 15:14 . 2008-05-26 15:14 <DIR> d-------- C:\Program Files\DVD Shrink
2008-05-26 15:14 . 2008-06-17 09:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-26 15:01 . 2008-05-26 15:01 <DIR> d-------- C:\Program Files\Musclesoft
2008-05-25 23:07 . 2002-04-22 19:51 503,296 --a------ C:\Program Files\WeetHetBitRates.exe
2008-05-25 23:03 . 2008-05-25 23:03 <DIR> d-------- C:\Program Files\Sun
2008-05-25 23:03 . 2008-05-25 23:03 <DIR> d-------- C:\Program Files\Java
2008-05-25 23:03 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-25 23:01 . 2008-05-25 23:01 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-25 11:51 . 2008-05-26 22:35 4,096 --a------ C:\aaaa.bin
2008-05-24 13:38 . 2008-05-24 13:38 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2008-05-24 13:37 . 2008-05-24 13:37 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-05-24 13:34 . 2008-05-24 13:34 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-24 13:32 . 2008-05-24 13:32 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\CyberLink
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-21 09:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-15 01:00 --------- d-----w C:\Program Files\The FilmMachine
2008-06-06 14:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-23 21:48 --------- d-----w C:\Program Files\GoldWave
2008-05-23 20:49 --------- d-----w C:\Program Files\DVDlabPro2
2008-05-22 22:20 86,016 ------w C:\WINDOWS\system32\pxwma.dll
2008-05-22 22:20 105,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-22 22:20 103,936 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-05-22 22:20 --------- d-----w C:\Program Files\Pegasys Inc
2008-05-19 21:37 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Pegasys Inc
2008-05-17 08:29 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-16 17:23 --------- d-----w C:\Program Files\Common Files\Nero
2008-05-16 17:23 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Nero
2008-05-16 17:22 --------- d-----w C:\Program Files\Nero
2008-05-16 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-15 22:11 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-15 19:33 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Ahead
2008-05-14 22:40 --------- d-----w C:\Program Files\CCleaner
2008-05-14 22:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-05-14 21:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 16:05 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Talkback
2008-05-09 13:48 --------- d-----w C:\Program Files\directX
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 22:07 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Apple Computer
2008-05-07 22:06 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Media Player Classic
2008-05-07 20:29 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-05-07 20:18 --------- d-----w C:\Program Files\Custom Technology
2008-05-07 20:09 --------- d-----w C:\Program Files\Real Alternative
2008-05-07 20:06 --------- d-----w C:\Program Files\QuickTime
2008-05-07 20:06 --------- d-----w C:\Program Files\Apple Software Update
2008-05-07 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-07 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-07 19:56 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-07 05:12 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 07:19 --------- d-----w C:\Program Files\VideoLAN
2008-05-06 07:19 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\vlc
2008-05-04 21:48 --------- d-----w C:\Program Files\Switch Off
2008-04-24 19:30 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-04-21 06:57 669,184 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-18 15:04 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-17 17:24 89,600 ----a-w C:\WINDOWS\system32\atl71.dll
2008-04-17 17:24 503,808 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-17 17:24 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-17 17:24 258,352 ----a-w C:\WINDOWS\system32\unicows.dll
2008-04-17 17:24 1,053,184 ----a-w C:\WINDOWS\system32\mfc71u.dll
2008-04-14 20:33 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 20:32 424,448 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 20:32 1,001,472 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 17:19 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 17:06 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 17:02 99,840 ----a-w C:\WINDOWS\system32\winscard.dll
2008-04-14 17:01 763,904 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 17:00 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 17:00 3,584 ----a-w C:\WINDOWS\system32\icmp.dll
2008-04-14 17:00 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 17:00 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 17:00 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 17:00 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 16:41 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 16:41 2,149,888 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 16:41 2,028,544 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 16:39 88,064 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 16:38 78,336 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 16:38 2,965,504 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-04-14 16:37 50,176 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 16:36 566,784 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 16:36 189,952 ----a-w C:\WINDOWS\system32\wmerror.dll
2008-04-14 16:35 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 16:34 67,584 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 16:34 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 16:33 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-04-14 16:32 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
2008-04-14 16:31 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:40 437,248 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 18:37 2,962,432 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:35 196,096 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-04-01 22:28 2,102,272 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-22_22.59.03.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-22 20:57:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-24 19:42:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:02 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-04-23 00:01 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-04-23 18:19 1189104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-06-23 05:21 847872]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 13:43 45056]
"GameFace Messenger"="C:\Program Files\GameFace Messenger\GameFace.exe" [ ]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-23 00:06 29744]
"NWEReboot"="" []
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 09:29 729088]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"BM07429b67"="C:\WINDOWS\system32\eeoufwpl.dll " [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:02 15360]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Catalyst System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [12-8-2005 13:43:58 45056]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [23-4-2008 0:01:54 124400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~ 1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= msaud32_divx.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Emule\\Morph 8.10\\Ultimativ-MoD F-25c.exe"=
"C:\\Program Files\\ZZultimativ-R-v1.3\\emule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 mv61xx;mv61xx;C:\WINDOWS\system32\DRIVERS\mv61xx.s ys [2006-07-28 08:59]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfw tdir.sys [2008-03-13 16:52]
S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-23 00:06]
S3 SkLaggProtocol;SysKonnect Link Aggregation Protocol (LAGG) Support;C:\WINDOWS\system32\DRIVERS\yk51lagg.sys []
S3 SkVlanProtocol;SysKonnect Virtual LAN (VLAN) Support;C:\WINDOWS\system32\DRIVERS\skvlan.sys [2005-11-30 02:15]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys []
.
Inhoud van de 'Gedeelde Taken' map
"2008-06-20 08:58:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 21:47:28
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2008-06-24 21:47:49
ComboFix-quarantined-files.txt 2008-06-24 19:47:46
ComboFix2.txt 2008-06-23 19:37:54
ComboFix3.txt 2008-06-22 21:10:08
ComboFix4.txt 2008-06-22 20:59:13
Pre-Run: 26,266,116,096 bytes beschikbaar
Post-Run: 26,255,773,696 bytes beschikbaar
245 --- E O F --- 2008-06-20 07:05:35

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:56, on 24/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Programma's\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BM07429b67] Rundll32.exe "C:\WINDOWS\system32\eeoufwpl.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Catalyst System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1208531627421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1213945159718
O17 - HKLM\System\CCS\Services\Tcpip\..\{3559F10A-E148-4E4F-9783-5DEF063D4144}: NameServer = 193.109.184.75 193.109.184.72
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
--
End of file - 8554 bytes

**Roelof** · 24 June 2008, 21:58

hoi,

Heb je ook kunnen zien welke virus NOD32 heeft verwijderd en heb je teatimer weer aangezet ?

Roelof

**Licorne** · 24 June 2008, 22:06

Hallo Roelof,

Ik zet em weer aan.

NOD 32:

24/06/2008 21:45:55 Real-time file system protection file C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\Av-test.txt Eicar test file cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32\CF27775.exe.
24/06/2008 10:08:21 Real-time file system protection file C:\System Volume Information\_restore{254EF869-67D1-433F-AFBD-5E9F8190D8B1}\RP87\A0014477.dll a variant of Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe.
24/06/2008 9:28:30 Real-time file system protection file C:\System Volume Information\_restore{254EF869-67D1-433F-AFBD-5E9F8190D8B1}\RP86\A0014360.dll Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
23/06/2008 22:55:07 Real-time file system protection file C:\System Volume Information\_restore{254EF869-67D1-433F-AFBD-5E9F8190D8B1}\RP86\A0014338.dll Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
23/06/2008 21:36:06 Real-time file system protection file C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\Av-test.txt Eicar test file cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32\CF5843.exe.
22/06/2008 22:55:14 Real-time file system protection file C:\Qoobox\Quarantine\C\WINDOWS\system32\awtqnkhe.d ll.vir a variant of Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\CF892.exe.
22/06/2008 22:53:41 Real-time file system protection file C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\Av-test.txt Eicar test file cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32\CF892.exe.
22/06/2008 21:46:40 Real-time file system protection file D:\Programma's\backups\backup-20080622-214635-575.dll a variant of Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: D:\Programma's\HiJackThis.exe.
21/06/2008 21:04:36 Real-time file system protection file C:\System Volume Information\_restore{254EF869-67D1-433F-AFBD-5E9F8190D8B1}\RP85\A0014244.dll a variant of Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe.
21/06/2008 20:16:12 Real-time file system protection file C:\System Volume Information\_restore{254EF869-67D1-433F-AFBD-5E9F8190D8B1}\RP85\A0014243.dll a variant of Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe.
21/06/2008 12:56:36 Real-time file system protection file C:\System Volume Information\_restore{254EF869-67D1-433F-AFBD-5E9F8190D8B1}\RP85\A0014242.dll a variant of Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe.
21/06/2008 11:56:44 Real-time file system protection file D:\Programma's\backups\backup-20080621-115637-787.dll a variant of Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: D:\Programma's\HiJackThis.exe.
21/06/2008 1:16:23 Real-time file system protection file D:\Programma's\backups\backup-20080621-011621-190.dll a variant of Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: D:\Programma's\HiJackThis.exe.
20/06/2008 9:31:01 Real-time file system protection file C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\removalfile.bat Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32:winsock32.exe.
20/06/2008 9:30:55 Real-time file system protection file C:\WINDOWS\system32\cbXRHyXP.dll a variant of Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32:winsock32.exe.
20/06/2008 7:21:08 HTTP filter file http://85.17.166.168/security/kb7678...14C349A8115F22 a variant of Win32/Adware.Virtumonde application connection terminated - quarantined HOME-BD8630E79A\Eigenaar Threat was detected upon access to web by the application: C:\WINDOWS\explorer.exe.

**Roelof** · 24 June 2008, 22:10

Oke,

Maar hij stond dus niet aan terwijl je de laatste fix draaide?

Roelof

**Licorne** · 24 June 2008, 22:12

Neen, hij stond niet aan.

**Roelof** · 25 June 2008, 09:34

hoi Licorne,

Gaan we het eens op een andere manier proberen. De laatste restjes willen niet weg.

Download MBAM (Malwarebytes' Anti-Malware) via hier of hier.

Dubbelklik op mbam-setup.exe om het programma te installeren.
- Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
- Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
- Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
- Het scannen kan een tijdje duren, dus wees geduldig.
- Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
- Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
- Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
- De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.
- Kopieer en plak de inhoud van het logje in je volgend antwoord, samen met een nieuw HijackThis log.
Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.