Pagina 1 van 3 123 LaatsteLaatste
Weergegeven resultaten: 1 t/m 10 van 26
  1. #1
    Up-to-date  
    Geregistreerd
    21 April 2006
    Berichten
    96
    Bedankjes
    22
    Bedankt
    19 keer in 13 posts

    't Was lang geleden...

    Ik heb enkele leuke mailtjes binnen gekregen
    Ik kan er hier beneden zo al 3 uihalen denk ik maar voor de zekerheid heb ik ze laten staan. Alvast bedankt voor de moeite.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:23:57, on 20/06/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    D:\Programma's\HiJackThis.exe
    C:\WINDOWS\system32\wscntfy.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {437FEE55-6ADA-4FFF-9D71-DC827A64EBBD} - C:\WINDOWS\system32\jkkIAPGa.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
    O2 - BHO: (no name) - {BE7E4CE1-8CBA-44A6-956F-462A667D3286} - C:\WINDOWS\system32\awtqnkhe.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [0471a8fb] rundll32.exe "C:\WINDOWS\system32\yjruxxmd.dll",b
    O4 - HKLM\..\Run: [BM07429b67] Rundll32.exe "C:\WINDOWS\system32\ciftmlop.dll",s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Catalyst System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1208531627421
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1213945159718
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3559F10A-E148-4E4F-9783-5DEF063D4144}: NameServer = 193.109.184.75 193.109.184.72
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O20 - Winlogon Notify: awtqnkhe - C:\WINDOWS\SYSTEM32\awtqnkhe.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    --
    End of file - 8722 bytes

  2. #2
    Spyware Slayer   Roelof's schermafbeelding
    Geregistreerd
    19 May 2008
    Locatie
    Twente (Nederland)
    Berichten
    641
    Bedankjes
    25
    Bedankt
    129 keer in 109 posts
    Hoi Licorne,

    ik ga even naar je logje kijken

    Ik ben nog wel in Opleiding, en zal daarom mijn fix eerst moeten laten controleren. Het kan dus iets langer duren,

    Roelof

  3. De volgende gebruiker bedankt Roelof voor deze nuttige post:

    2B's (21 June 2008)

  4. #3
    Up-to-date  
    Geregistreerd
    21 April 2006
    Berichten
    96
    Bedankjes
    22
    Bedankt
    19 keer in 13 posts
    Neem je tijd maar, het duurt toch een eeuwigheid voordat ik je antwoord kan lezen.
    Enne, niet te bescheiden.

  5. #4
    Spyware Slayer   Roelof's schermafbeelding
    Geregistreerd
    19 May 2008
    Locatie
    Twente (Nederland)
    Berichten
    641
    Bedankjes
    25
    Bedankt
    129 keer in 109 posts
    hoezo duurt het een eeuwigheid.
    Als ik het goed heb, heb je een hele gemene infectie te pakken.

    Roelof

  6. #5
    Up-to-date  
    Geregistreerd
    21 April 2006
    Berichten
    96
    Bedankjes
    22
    Bedankt
    19 keer in 13 posts
    Het duurt idd een eeuwigheid om sommige pagina's te openen. Google is bv zo goed als onmogelijk.

  7. #6
    Spyware Slayer   Roelof's schermafbeelding
    Geregistreerd
    19 May 2008
    Locatie
    Twente (Nederland)
    Berichten
    641
    Bedankjes
    25
    Bedankt
    129 keer in 109 posts
    Hoi Licorne,

    Je hebt inderdaad een gemene infectie te pakken, maar met deze stappen moet we ver komen in het verwijderen.


    1) Start HijackThis op.
    - Kies nu voor "Do a system scan only..
    - Zet nu een vinkje voor de volgende items:
    • O2 - BHO: (no name) - {437FEE55-6ADA-4FFF-9D71-DC827A64EBBD} - C:\WINDOWS\system32\jkkIAPGa.dll
    • O2 - BHO: (no name) - {BE7E4CE1-8CBA-44A6-956F-462A667D3286} - C:\WINDOWS\system32\awtqnkhe.dll
    • O4 - HKLM\..\Run: [0471a8fb] rundll32.exe "C:\WINDOWS\system32\yjruxxmd.dll",b
    • O4 - HKLM\..\Run: [BM07429b67] Rundll32.exe "C:\WINDOWS\system32\ciftmlop.dll",s
    • O20 - Winlogon Notify: awtqnkhe - C:\WINDOWS\SYSTEM32\awtqnkhe.dll
    - Sluit nu alle vensters behalve die van HijackThis en kies nu voor "fix checked".

    2) Herstart je computer.

    3) Volg deze instructies om Combofix te downloaden :

    Voer de instructies op de BleepingComputer pagina uit, inclusief het installeren van de XP Recovery Console

    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
    schakel dan deze scanner uit en download Combofix opnieuw.
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    Dubbelklik op Combofix.exe
    Volg de instructies en aanvaard de disclaimer.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

    4) Mag ik het Combofix logje en een nieuw Hijackthis logje van je.

    Groetjes,

    Roelof

  8. De volgende gebruiker bedankt Roelof voor deze nuttige post:

    Licorne (23 June 2008)

  9. #7
    Up-to-date  
    Geregistreerd
    21 April 2006
    Berichten
    96
    Bedankjes
    22
    Bedankt
    19 keer in 13 posts
    Hallo Roelof,

    Bloed zweet en tranen om die combofix te kunnen downloaden (ik heb de link gecopy-paste in word en vandaaruit ben ik eindelijk - na een paar uren- op de site gekomen). Aan die recovery ben ik zelfs niet geraakt...

    Hier mijn logjes:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:03:46, on 22/06/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\Programma's\HiJackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {0CB6CA1F-5166-4DEC-B47E-04D203D3E2B0} - C:\WINDOWS\system32\opnLDvSi.dll (file missing)
    O2 - BHO: (no name) - {411F82BB-1441-4022-AAFE-FEAEB4AE2A44} - C:\WINDOWS\system32\cbXpnMde.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
    O2 - BHO: (no name) - {CA5D1294-2A64-48FB-9ABA-CF9F7352573F} - C:\WINDOWS\system32\qoMeBtrR.dll (file missing)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [0471a8fb] rundll32.exe "C:\WINDOWS\system32\yjruxxmd.dll",b
    O4 - HKLM\..\Run: [BM07429b67] Rundll32.exe "C:\WINDOWS\system32\eeoufwpl.dll",s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Catalyst System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1208531627421
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1213945159718
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3559F10A-E148-4E4F-9783-5DEF063D4144}: NameServer = 193.109.184.75 193.109.184.72
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    --
    End of file - 9118 bytes

    ComboFix 08-06-20.4 - Eigenaar 2008-06-22 22:53:38.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1585 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    * Resident AV is active

    WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\aGPAIkkj.ini
    C:\WINDOWS\system32\aGPAIkkj.ini2
    C:\WINDOWS\system32\awtqnkhe.dll
    C:\WINDOWS\system32\culemsoh.ini
    C:\WINDOWS\system32\dmxxurjy.ini
    C:\WINDOWS\system32\edMnpXbc.ini
    C:\WINDOWS\system32\edMnpXbc.ini2
    C:\WINDOWS\system32\iSvDLnpo.ini
    C:\WINDOWS\system32\iSvDLnpo.ini2
    C:\WINDOWS\system32\odpmelxf.ini
    C:\WINDOWS\system32\RrtBeMoq.ini
    C:\WINDOWS\system32\RrtBeMoq.ini2
    C:\WINDOWS\system32\vqunjvfj.ini
    C:\WINDOWS\system32\ynirbaxj.ini
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-05-22 to 2008-06-22 ))))))))))))))))))))))))))))))
    .
    2008-06-22 22:57 . 2008-06-22 22:57 <DIR> dr-h----- C:\Documents and Settings\Eigenaar\Onlangs geopend
    2008-06-22 10:52 . 2008-06-22 10:52 80,384 --a------ C:\WINDOWS\system32\fxlempdo.dll
    2008-06-22 10:50 . 2008-06-22 10:50 99,328 --a------ C:\WINDOWS\system32\aheorbqo.dll
    2008-06-22 10:50 . 2008-06-22 10:50 90,624 --a------ C:\WINDOWS\system32\eeoufwpl.dll
    2008-06-21 20:44 . 2008-06-21 20:44 99,328 --a------ C:\WINDOWS\system32\sjmkiigr.dll
    2008-06-21 20:44 . 2008-06-21 20:44 90,112 --a------ C:\WINDOWS\system32\bqmcokim.dll
    2008-06-21 11:53 . 2008-06-21 11:53 99,328 --a------ C:\WINDOWS\system32\qefbdwwp.dll
    2008-06-21 11:53 . 2008-06-21 11:53 90,112 --a------ C:\WINDOWS\system32\rxhigois.dll
    2008-06-21 11:53 . 2008-06-21 11:53 81,408 --a------ C:\WINDOWS\system32\hosmeluc.dll
    2008-06-21 11:53 . 2008-06-21 11:53 0 --a------ C:\WINDOWS\system32\culemsoh.tmp
    2008-06-21 00:55 . 2008-06-21 00:55 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-06-21 00:55 . 2008-06-21 01:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-20 09:28 . 2008-04-14 19:02 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2008-06-20 09:23 . 2008-06-20 09:23 <DIR> d-------- C:\WINDOWS\system32\nl-nl
    2008-06-20 09:23 . 2008-06-20 09:23 <DIR> d-------- C:\WINDOWS\system32\nl
    2008-06-20 09:23 . 2008-06-20 09:23 <DIR> d-------- C:\WINDOWS\system32\bits
    2008-06-20 09:23 . 2008-06-20 09:23 <DIR> d-------- C:\WINDOWS\l2schemas
    2008-06-20 09:22 . 2008-06-20 09:22 <DIR> d-------- C:\WINDOWS\ServicePackFiles
    2008-06-20 09:18 . 2008-06-20 09:18 <DIR> d-------- C:\WINDOWS\EHome
    2008-06-20 07:15 . 2008-06-20 07:15 0 --a------ C:\WINDOWS\BM07429b67.xml
    2008-06-13 00:24 . 2008-06-22 22:37 616 --a------ C:\WINDOWS\wininit.ini
    2008-06-13 00:22 . 2008-06-13 00:48 <DIR> d-------- C:\Program Files\HarvEX
    2008-06-11 12:37 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-06-11 12:36 . 2008-06-14 19:36 272,640 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-11 12:36 . 2008-06-14 19:36 272,640 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-05 08:57 . 2008-06-05 08:57 <DIR> d-------- C:\Program Files\ZZultimativ-R-v1.3
    2008-06-04 19:45 . 2008-06-04 19:46 <DIR> d-------- C:\Program Files\SubSync
    2008-06-04 19:45 . 2008-06-04 19:45 249,856 --------- C:\WINDOWS\Setup1.exe
    2008-06-04 19:45 . 2008-06-04 19:45 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
    2008-06-04 19:44 . 2008-06-04 19:45 <DIR> d-------- C:\Program Files\VisualSubSync
    2008-06-03 10:38 . 2008-06-03 10:38 <DIR> d-------- C:\Program Files\Solveig Multimedia
    2008-06-03 10:38 . 2008-06-03 10:38 <DIR> d-------- C:\Program Files\Common Files\Solveig Multimedia
    2008-06-03 10:38 . 2008-06-03 10:38 <DIR> d-------- C:\Program Files\Common Files\Elecard
    2008-06-02 11:08 . 2008-06-02 11:08 74,752 --a------ C:\WINDOWS\cadkasdeinst01e.exe
    2008-06-02 10:58 . 2008-06-02 10:58 <DIR> d-------- C:\Program Files\Cuttermaran
    2008-06-02 10:58 . 2008-06-02 11:00 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Cuttermaran
    2008-05-30 18:49 . <DIR> C:\Documents and Settings\Eigenaar\Application Data\NeroDigitalT
    2008-05-27 10:04 . 2008-05-27 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
    2008-05-27 10:03 . 2008-05-27 10:03 <DIR> d-------- C:\Program Files\GRETECH
    2008-05-27 10:03 . 2008-05-27 10:03 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\GRETECH
    2008-05-27 09:32 . 2008-05-27 09:32 1,160 --a------ C:\WINDOWS\mozver.dat
    2008-05-26 22:08 . 2008-05-26 22:08 <DIR> d-------- C:\Program Files\SyncView
    2008-05-26 22:08 . 2003-08-18 12:25 1,344,512 --a------ C:\WINDOWS\system32\COMCTL32.OCX
    2008-05-26 22:08 . 2004-03-09 00:00 152,848 --a------ C:\WINDOWS\system32\COMDLG32.OCX
    2008-05-26 22:07 . 2008-05-26 22:07 796,672 --a------ C:\WINDOWS\GPInstall.exe
    2008-05-26 22:07 . 2000-07-29 08:53 8,520 --a------ C:\WINDOWS\Dutch.gpl
    2008-05-26 17:25 . 2008-05-26 22:38 3,993,423,872 --a------ C:\dvdimage.img
    2008-05-26 15:14 . 2008-05-26 15:14 <DIR> d-------- C:\Program Files\DVD Shrink
    2008-05-26 15:14 . 2008-06-17 09:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-05-26 15:01 . 2008-05-26 15:01 <DIR> d-------- C:\Program Files\Musclesoft
    2008-05-25 23:07 . 2002-04-22 19:51 503,296 --a------ C:\Program Files\WeetHetBitRates.exe
    2008-05-25 23:03 . 2008-05-25 23:03 <DIR> d-------- C:\Program Files\Sun
    2008-05-25 23:03 . 2008-05-25 23:03 <DIR> d-------- C:\Program Files\Java
    2008-05-25 23:03 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-05-25 23:01 . 2008-05-25 23:01 <DIR> d-------- C:\Program Files\Common Files\Java
    2008-05-25 11:51 . 2008-05-26 22:35 4,096 --a------ C:\aaaa.bin
    2008-05-24 13:38 . 2008-05-24 13:38 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
    2008-05-24 13:37 . 2008-05-24 13:37 <DIR> d-------- C:\Program Files\DAEMON Tools
    2008-05-24 13:34 . 2008-05-24 13:34 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-05-24 13:32 . 2008-05-24 13:32 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\CyberLink
    2008-05-23 23:48 . 2008-05-23 23:48 <DIR> d-------- C:\Program Files\GoldWave
    2008-05-23 00:20 . 2008-05-23 00:20 105,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
    2008-05-23 00:20 . 2008-05-23 00:20 103,936 --------- C:\WINDOWS\system32\pxinsi64.exe
    2008-05-23 00:20 . 2008-05-23 00:20 86,016 --------- C:\WINDOWS\system32\pxwma.dll
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2008-06-21 09:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-06-15 01:00 --------- d-----w C:\Program Files\The FilmMachine
    2008-06-06 14:16 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-05-30 16:49 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\NeroDigital™
    2008-05-23 20:49 --------- d-----w C:\Program Files\DVDlabPro2
    2008-05-22 22:20 --------- d-----w C:\Program Files\Pegasys Inc
    2008-05-19 21:37 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Pegasys Inc
    2008-05-17 08:29 --------- d-----w C:\Program Files\MSXML 4.0
    2008-05-16 17:23 --------- d-----w C:\Program Files\Common Files\Nero
    2008-05-16 17:23 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Nero
    2008-05-16 17:22 --------- d-----w C:\Program Files\Nero
    2008-05-16 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2008-05-15 22:11 --------- d-----w C:\Program Files\Common Files\Ahead
    2008-05-15 19:33 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Ahead
    2008-05-14 22:40 --------- d-----w C:\Program Files\CCleaner
    2008-05-14 22:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
    2008-05-14 21:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-09 16:05 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Talkback
    2008-05-09 13:48 --------- d-----w C:\Program Files\directX
    2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-05-07 22:07 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Apple Computer
    2008-05-07 22:06 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Media Player Classic
    2008-05-07 20:29 --------- d-----w C:\Program Files\K-Lite Codec Pack
    2008-05-07 20:18 --------- d-----w C:\Program Files\Custom Technology
    2008-05-07 20:09 --------- d-----w C:\Program Files\Real Alternative
    2008-05-07 20:06 --------- d-----w C:\Program Files\QuickTime
    2008-05-07 20:06 --------- d-----w C:\Program Files\Apple Software Update
    2008-05-07 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-05-07 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2008-05-07 19:56 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-05-06 07:19 --------- d-----w C:\Program Files\VideoLAN
    2008-05-06 07:19 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\vlc
    2008-05-04 21:48 --------- d-----w C:\Program Files\Switch Off
    2008-04-24 19:30 --------- d-----w C:\Program Files\Common Files\LightScribe
    2008-04-23 21:39 --------- d-----w C:\Program Files\Microsoft.NET
    2008-04-23 21:35 --------- d-----w C:\Program Files\UnderCoverXP
    2008-04-23 21:35 --------- d-----w C:\Program Files\DVD Decrypter
    2008-04-23 21:31 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
    2008-04-23 21:29 --------- d-----w C:\Program Files\ScanSoft
    2008-04-23 21:29 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
    2008-04-23 21:29 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\ScanSoft
    2008-04-23 21:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\SSScanWizard
    2008-04-23 21:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
    2008-04-23 21:28 --------- d-----w C:\Program Files\Canon
    2008-04-23 21:28 --------- d-----w C:\Program Files\ArcSoft
    2008-04-22 22:47 --------- d-----w C:\Program Files\Emule
    2008-04-22 22:07 --------- d-----w C:\Program Files\Picasa2
    2008-04-22 22:06 --------- d-----w C:\Program Files\Google
    2008-04-22 21:51 --------- d-----w C:\Program Files\ESET
    2008-04-22 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
    2008-04-18 15:04 737,280 ----a-w C:\WINDOWS\iun6002.exe
    2008-04-14 17:03 70,144 ----a-w C:\WINDOWS\notepad.exe
    2008-04-14 17:03 32,866 ------w C:\WINDOWS\slrundll.exe
    2008-04-14 17:03 287,232 ----a-w C:\WINDOWS\winhlp32.exe
    2008-04-14 17:03 153,088 ----a-w C:\WINDOWS\regedit.exe
    2008-04-14 17:03 10,752 ----a-w C:\WINDOWS\hh.exe
    2008-04-14 17:02 50,688 ----a-w C:\WINDOWS\twain_32.dll
    2008-04-14 17:02 1,037,312 ----a-w C:\WINDOWS\explorer.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CB6CA1F-5166-4DEC-B47E-04D203D3E2B0}]
    C:\WINDOWS\system32\opnLDvSi.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{411F82BB-1441-4022-AAFE-FEAEB4AE2A44}]
    C:\WINDOWS\system32\cbXpnMde.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{437FEE55-6ADA-4FFF-9D71-DC827A64EBBD}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E5793C6-130F-434C-A7AF-8A1498EC106F}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52D27CF8-DDC8-4124-A5BA-8F128FA73C4E}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE7E4CE1-8CBA-44A6-956F-462A667D3286}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA5D1294-2A64-48FB-9ABA-CF9F7352573F}]
    C:\WINDOWS\system32\qoMeBtrR.dll
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:02 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-04-23 00:01 68856]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
    "ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-04-23 18:19 1189104]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-06-23 05:21 847872]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 13:43 45056]
    "GameFace Messenger"="C:\Program Files\GameFace Messenger\GameFace.exe" [ ]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
    "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-23 00:06 29744]
    "NWEReboot"="" []
    "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
    "OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 09:29 729088]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "0471a8fb"="C:\WINDOWS\system32\yjruxxmd.dll" [ ]
    "BM07429b67"="C:\WINDOWS\system32\eeoufwpl.dll " [2008-06-22 10:50 90624]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:02 15360]
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Catalyst System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [12-8-2005 13:43:58 45056]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [23-4-2008 0:01:54 124400]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~ 1.DLL
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.asv2"= asusasv2.dll
    "msacm.l3fhg"= mp3fhg.acm
    "msacm.divxa32"= msaud32_divx.acm
    "VIDC.X264"= x264vfw.dll
    "VIDC.HFYU"= huffyuv.dll
    "vidc.i263"= i263_32.drv
    "VIDC.YV12"= yv12vfw.dll
    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Emule\\Morph 8.10\\Ultimativ-MoD F-25c.exe"=
    "C:\\Program Files\\ZZultimativ-R-v1.3\\emule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    R0 mv61xx;mv61xx;C:\WINDOWS\system32\DRIVERS\mv61xx.s ys [2006-07-28 08:59]
    R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfw tdir.sys [2008-03-13 16:52]
    S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25]
    S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-23 00:06]
    S3 SkLaggProtocol;SysKonnect Link Aggregation Protocol (LAGG) Support;C:\WINDOWS\system32\DRIVERS\yk51lagg.sys []
    S3 SkVlanProtocol;SysKonnect Virtual LAN (VLAN) Support;C:\WINDOWS\system32\DRIVERS\skvlan.sys [2005-11-30 02:15]
    S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys []

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0DA3B9B7-3DB5-97A1-DA31-969D6950BB42}]
    C:\WINDOWS\system32:winsock32.exe
    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-06-20 08:58:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    ************************************************** ************************
    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-22 22:57:23
    Windows 5.1.2600 Service Pack 3 NTFS
    scannen van verborgen processen ...
    scannen van verborgen autostart items ...
    scannen van verborgen bestanden ...
    Scan succesvol afgerond
    verborgen bestanden: 0
    ************************************************** ************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    .
    ************************************************** ************************
    .
    Voltooingstijd: 2008-06-22 22:59:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-22 20:59:09
    Pre-Run: 26,411,380,736 bytes beschikbaar
    Post-Run: 26,327,289,856 bytes beschikbaar
    258 --- E O F --- 2008-06-20 07:05:35
    Laatst gewijzigd door Licorne; 22 June 2008 om 23:16

  10. #8
    Up-to-date  
    Geregistreerd
    21 April 2006
    Berichten
    96
    Bedankjes
    22
    Bedankt
    19 keer in 13 posts
    Ik krijg nu volgende foutmelding bij opstarten:

    RUNDLL
    Er is een fout opgetreden tijdens het laden van
    c:\WINDOWS\system32\yjruxxmd.dll
    Kan opgegeven module niet vinden

  11. #9
    Erelid   Juisterr's schermafbeelding
    Geregistreerd
    31 July 2006
    Locatie
    kotje aan de kust
    Berichten
    3.653
    Bedankjes
    1.008
    Bedankt
    2.268 keer in 1.411 posts
    Dat is normaal, dat is de malware die graag weer opstarten wil. Niks van aantrekken. Roelof komt met een nieuwe fix voor U.
    "
    "

  12. #10
    Spyware Slayer   Roelof's schermafbeelding
    Geregistreerd
    19 May 2008
    Locatie
    Twente (Nederland)
    Berichten
    641
    Bedankjes
    25
    Bedankt
    129 keer in 109 posts
    En hier de nieuwe fix :

    Hoi Licorne,

    Ik zie helaas nog steeds resten. Het is het beste als je nu snel werkt.
    Hoe sneller je deze instructies uitvoert, hoe sneller we de infectie weghebben.

    1) Zet TeaTimer van Spybot even uit tijdens de fix want hij kan veranderingen in de weg staan.
    - Start Spybot S&D
    - Ga naar het Mode menu en selecteer Ädvanced Mode”
    - Aan de linkerkant, kies “Tools” > Resident
    - Uitvinken “Resident TeaTimer” en klik OK
    - Herstart de computer.

    2) Scan het volgende bestand bij Jotti: http://virusscan.jotti.org/

    C:\WINDOWS\iun6002.exe

    Post het resultaat even aub.


    3 )Start HijackThis op.
    - Kies nu voor "Do a system scan only..

    - Zet nu een vinkje voor de volgende items:


    • O2 - BHO: (no name) - {0CB6CA1F-5166-4DEC-B47E-04D203D3E2B0} - C:\WINDOWS\system32\opnLDvSi.dll (file missing)
    • O2 - BHO: (no name) - {411F82BB-1441-4022-AAFE-FEAEB4AE2A44} - C:\WINDOWS\system32\cbXpnMde.dll (file missing)
    • O2 - BHO: (no name) - {CA5D1294-2A64-48FB-9ABA-CF9F7352573F} - C:\WINDOWS\system32\qoMeBtrR.dll (file missing)
    • O4 - HKLM\..\Run: [0471a8fb] rundll32.exe "C:\WINDOWS\system32\yjruxxmd.dll",b
    • O4 - HKLM\..\Run: [BM07429b67] Rundll32.exe "C:\WINDOWS\system32\eeoufwpl.dll",s
    - Sluit nu alle vensters behalve die van HijackThis en kies nu voor "fix checked.

    4) Open Kladblok, kopiëer en plak de onderstaande tekst in een leeg venster:


    Code:
    File::
    C:\WINDOWS\system32\fxlempdo.dll
    C:\WINDOWS\system32\aheorbqo.dll
    C:\WINDOWS\system32\eeoufwpl.dll
    C:\WINDOWS\system32\sjmkiigr.dll
    C:\WINDOWS\system32\bqmcokim.dll
    C:\WINDOWS\system32\qefbdwwp.dll
    C:\WINDOWS\system32\rxhigois.dll
    C:\WINDOWS\system32\hosmeluc.dll
    C:\WINDOWS\system32\culemsoh.tmp
    C:\WINDOWS\system32\wmpns.dll
     
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CB6CA1F-5166-4DEC-B47E-04D203D3E2B0}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{411F82BB-1441-4022-AAFE-FEAEB4AE2A44}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{437FEE55-6ADA-4FFF-9D71-DC827A64EBBD}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E5793C6-130F-434C-A7AF-8A1498EC106F}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52D27CF8-DDC8-4124-A5BA-8F128FA73C4E}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE7E4CE1-8CBA-44A6-956F-462A667D3286}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA5D1294-2A64-48FB-9ABA-CF9F7352573F}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "0471a8fb"=- 
    "BM07429b67"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0DA3B9B7-3DB5-97A1-DA31-969D6950BB42}]
    Sla dit op op je Bureaublad als CFScript.txt
    Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :


    Dit zal ComboFix doen herstarten.
    Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

    Groetjes,

    Roelof
    Laatst gewijzigd door Juisterr; 24 June 2008 om 11:03 Reden: spatie verwijderd

Discussie informatie

Users Browsing this Thread

Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)

Soortgelijke discussies

  1. Reacties: 4
    Laatste bericht: 15 June 2008, 18:04
  2. het is weer een tijd geleden (nakijken?)
    Door gideon in forum HijackThis
    Reacties: 4
    Laatste bericht: 18 April 2008, 10:54
  3. da duurt zo lang
    Door fredje3 in forum HijackThis
    Reacties: 2
    Laatste bericht: 29 October 2007, 00:25
  4. startpagina openen duurd lang,zeeer lang
    Door styler in forum Internet
    Reacties: 4
    Laatste bericht: 9 May 2007, 08:57

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten

  • Je mag geen nieuwe discussies starten
  • Je mag niet reageren op berichten
  • Je mag geen bijlagen versturen
  • Je mag niet je berichten bewerken
  •