Hallo heb een trojan die ik niet kwijtgeraak.

Win32:Trojan-gen(other)

Logfile of HijackThis v1.99.1
Scan saved at 20:00:59, on 16/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt) Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

Ok dit zou het moeten zijn.

ComboFix 07-06-13.3 - C:\Documents and Settings\Francis\Bureaublad\ComboFix.exe
"Francis" - 2007-06-17 11:48:17 - Service Pack 2 NTFS

((((((((((((((((((((((((( Files Created from 2007-05-17 to 2007-06-17 )))))))))))))))))))))))))))))))

2007-06-17 11:48 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-17 11:39 <DIR> dr-h----- C:\DOCUME~1\Francis\Onlangs geopend
2007-06-16 19:58 <DIR> d-------- C:\Program Files\Hijack This
2007-06-09 12:13 <DIR> d-------- C:\DOCUME~1\Francis\Contacts
2007-06-07 21:25 55,808 --a------ C:\WINDOWS\system32\lfpsd13n.dll
2007-06-07 21:20 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-06-07 21:19 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-06-07 21:19 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-06-07 21:19 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-06-07 21:19 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-06-07 21:19 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-06-07 21:19 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-06-07 21:19 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-06-07 14:40 <DIR> d-------- C:\DOCUME~1\Jolien\APPLIC~1\Lavasoft
2007-06-05 21:32 <DIR> d-------- C:\DOCUME~1\Jolien\APPLIC~1\U3
2007-06-01 17:11 <DIR> d-------- C:\Program Files\CCleaner
2007-05-31 22:06 47,616 --a------ C:\WINDOWS\system\IYUV_32.DLL
2007-05-31 21:56 515,803 --a------ C:\WINDOWS\system32\drivers\Ca533av.sys
2007-05-31 21:56 131,072 --a------ C:\WINDOWS\system32\SP5X_32.DLL
2007-05-31 21:56 131,072 --a------ C:\WINDOWS\system\SP5X_32.DLL
2007-05-31 21:56 11,144 --a------ C:\WINDOWS\system32\drivers\Bulk533.sys
2007-05-31 21:56 <DIR> d-------- C:\WINDOWS\SETUP533
2007-05-31 21:56 <DIR> d-------- C:\Program Files\MD7467
2007-05-31 21:55 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-05-31 21:51 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-05-27 20:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
2007-05-27 20:43 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-05-27 20:41 974,848 --------- C:\WINDOWS\system32\mfc70.dll
2007-05-27 20:41 57,344 --------- C:\WINDOWS\system32\mfc70enu.dll
2007-05-27 20:41 344,064 --------- C:\WINDOWS\system32\msvcr70.dll
2007-05-27 20:41 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
2007-05-27 13:59 1,156 --a------ C:\WINDOWS\mozver.dat
2007-05-27 13:03 <DIR> d-------- C:\DOCUME~1\Jolien\Contacts
2007-05-27 10:10 <DIR> d-------- C:\WINDOWS\system32\nl-nl
2007-05-27 10:08 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-05-27 09:25 <DIR> d--hs---- C:\DOCUME~1\Francis\UserData
2007-05-27 09:21 <DIR> d-------- C:\Program Files\Aldfaer
2007-05-26 20:32 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-05-26 20:32 <DIR> d-------- C:\Program Files\MSN Messenger
2007-05-26 19:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-26 19:39 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-26 19:39 <DIR> d-------- C:\DOCUME~1\Francis\APPLIC~1\Lavasoft
2007-05-26 19:37 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-05-26 19:23 0 --a------ C:\WINDOWS\nsreg.dat
2007-05-26 18:48 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-05-26 18:48 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-05-26 18:48 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-05-26 18:48 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-05-26 18:48 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-05-26 18:48 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-05-26 18:48 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-05-26 18:48 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-05-26 18:48 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-05-26 18:48 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-05-26 18:48 <DIR> d-------- C:\Program Files\Alwil Software
2007-05-26 18:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-05-26 17:45 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-05-26 17:41 2,359,296 --ah----- C:\DOCUME~1\Jolien\NTUSER.DAT
2007-05-26 17:41 <DIR> dr-h----- C:\DOCUME~1\Jolien\Onlangs geopend
2007-05-26 17:41 <DIR> dr------- C:\DOCUME~1\Jolien\Mijn documenten
2007-05-26 17:41 <DIR> dr------- C:\DOCUME~1\Jolien\Menu Start
2007-05-26 17:41 <DIR> dr------- C:\DOCUME~1\Jolien\Favorieten
2007-05-26 17:41 <DIR> d--h----- C:\DOCUME~1\Jolien\Sjablonen
2007-05-26 17:41 <DIR> d--h----- C:\DOCUME~1\Jolien\Netwerkprinteromgeving
2007-05-26 17:41 <DIR> d-------- C:\DOCUME~1\Jolien\Bureaublad
2007-05-26 17:37 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-05-26 17:30 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-05-26 17:30 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-05-26 17:30 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-05-26 17:29 308,224 --a------ C:\WINDOWS\IsUn0413.exe
2007-05-26 17:29 <DIR> d-------- C:\Program Files\Canon
2007-05-26 17:28 69,632 --a------ C:\WINDOWS\system32\CNQU70.DLL
2007-05-26 17:28 389,180 --a------ C:\WINDOWS\system32\UCS32P.DLL
2007-05-26 17:28 339,968 --a------ C:\WINDOWS\system32\N124UFW.dll
2007-05-26 17:28 <DIR> d--h----- C:\CanoScan
2007-05-26 17:23 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-05-26 17:22 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-05-26 16:48 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2007-05-26 16:45 670,203 --a------ C:\WINDOWS\system32\drivers\ctxs51.sys
2007-05-26 16:42 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-05-26 16:42 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-05-26 16:42 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-05-26 16:42 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-05-26 16:42 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-05-26 16:42 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-05-26 16:42 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-05-26 16:41 32,768 --a------ C:\WINDOWS\system32\drivers\sisnicxp.sys
2007-05-26 16:41 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-05-26 16:41 <DIR> d-------- C:\WINDOWS\SiS
2007-05-26 16:40 54,272 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-05-26 16:38 98,304 --a------ C:\WINDOWS\system32\34dialog.dll
2007-05-26 16:38 77,824 --a------ C:\WINDOWS\system32\34dd.dll
2007-05-26 16:38 73,728 --a------ C:\WINDOWS\Dit.exe
2007-05-26 16:38 69,632 --a------ C:\WINDOWS\system32\34TvCtrl.dll
2007-05-26 16:38 65,536 --a------ C:\WINDOWS\DitExp.exe
2007-05-26 16:38 65,536 --------- C:\WINDOWS\Dit.DLL
2007-05-26 16:38 350,752 --a------ C:\WINDOWS\system32\drivers\Cap7134.sys
2007-05-26 16:38 24,704 --a------ C:\WINDOWS\system32\drivers\PhTVTune.sys
2007-05-26 16:38 135,168 --a------ C:\WINDOWS\system32\34api.dll
2007-05-26 16:38 114,688 --a------ C:\WINDOWS\system32\34com.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
2007-05-26 16:26:50 54,464 ----a-w C:\WINDOWS\system32\perfc013.dat
2007-05-26 16:26:50 367,286 ----a-w C:\WINDOWS\system32\perfh013.dat
2007-04-25 14:22:52 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:15:26 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-03-17 13:45:54 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48]
"Dit"="Dit.exe" [2002-08-28 13:43 C:\WINDOWS\Dit.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 14:07 C:\WINDOWS\SOUNDMAN.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:03]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-05-10 13:01]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

************************************************** ************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-17 11:49:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
Completion time: 2007-06-17 11:49:55
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 11:50:48, on 17/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

* Download Dr.Web CureIt naar je bureaublad:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Dubbelklik drweb-cureit.exe en sta het toe om de express scan te starten.
Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
Eenmaal de korte scan is beeïndigd, Klik Options > Change Settings
Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
Klik daarna de groene pijl rechts om de scan te starten.
Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: Move incurable zoals je zal zien in volgende afbeelding:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik file en kies save report list. Bewaar de log op je bureaublad.
Sluit daarna Dr.Web Cureit.
Herstart je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post met een nieuw hijackthis logje.

Ik denk dat we er zijn.

VBAOL11.CHM\html/olobjAddressEntries.htmC:\Program Files\Microsoft Office\OFFICE11\1043\VBAOL11.CHMModification of VBS.PetikVBAOL11.CHMC:\Program Files\Microsoft Office\OFFICE11\1043Archive contains infected objectsMoved.Need for Speed Most Wanted +1 Trainer.exeD:\lennert 2\Mijn downloadsTool.GameCrackIncurable.Moved.Di10.exeD:\ RECYCLER\S-1-5-21-4269483969-3402799377-1653462319-1009Tool.GameCrackIncurable.Moved.

Logfile of HijackThis v1.99.1
Scan saved at 14:53:06, on 17/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

Deze moet je nog fixen:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Voor de rest ziet het er goed uit, hoe werkt alles verder?

Werkt uitstekend.
Nog even een logfile.

Logfile of HijackThis v1.99.1
Scan saved at 17:31:55, on 17/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

Nog een paar tips om problemen te voorkomen in de toekomst:

Installeer alvast volgende GRATIS programmatjes indien je ze nog niet hebt:

Spywareblaster (http://www.javacoolsoftware.com/spywareblaster.html)
Adaware se (http://www.majorgeeks.com/download506.html)
Spybot s&d (http://www.safer-networking.org/en/index.html)


Tijdens het surfen, klik niet overal klakkeloos op ja als je dit gevraagd wordt... doe dit enkel wanneer je het volledig vertrouwt.

En kies eventueel een alternatieve browser zoals Opera (http://www.opera.com) of Firefox (http://www.mozilla.org/products/firefox/).

En ik raad je ook aan om af en toe een online virusscan uit te voeren. housecall (http://housecall.trendmicro.com/) en/of Bitdefender (http://nl.bitdefender.com/scan8/). Want, wat de ene scanner niet kan vinden, kan een andere misschien wel.
Zorg er ook voor dat je virusscanner die op je systeem geïnstalleerd is altijd up to date is!!

En... geregeld eens een bezoekje brengen aan: http://windowsupdate.microsoft.com/

Bekijk ook eens deze 2 filmpjes.. Heel interessant:
http://www2.trosradar.nl/mediaplayer/player.php?videoID=524&mode=dossier#
http://www.benedelman.org/spyware/security-111804.wmv


Meer preventietips zijn ook op volgende sites te vinden:

http://www.bluemedicine.be
http://users.telenet.be/marcvn/spyware
How did I get infected in the first place (http://castlecops.com/postitle7736-0-0-.html) (article by TonyKlein)
Het voorkomen van spyware-infecties en browserhijacking (http://www.antispywareoffensief.nl/forum/showthread.php?t=55)

Hartelijk bedankt voor deze nuttige tips Jurgen.
En vooral de stap voor stap uitleg bleek zeer handig bij de voor mij onbekende programma's.