Heb een map gedownload met muziek, kan die niet verwijderen, telkens geeft die aan er is een fout opgetreden met de explorer en drwatson, ik moet het sluiten.:damn:


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:18:15, on 15/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\ClocX\ClocX.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
C:\Program Files\Symantec\Norton AntiBot\agent\bin\NABMonitor.exe
C:\Program Files\Norton GoBack\GBTray.exe
C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\gandalf\Mijn documenten\cleanersandseekers\HiJackThis_v2\HiJack This_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browster BrwIEConnector - {908A31E8-2A6E-4736-8E8A-AAF00C4AE38F} - C:\Program Files\Browster\Browster.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Browster - {2EF39867-654F-48b6-8F93-B4FC3E8C6844} - C:\Program Files\Browster\Browster.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NortonAntiBot] "C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: StartupFaster
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton GoBack\GBTray.exe
O4 - Global Startup: StartupFaster
O4 - Global Startup: Trojan Guarder Gold Version.lnk = C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\RapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\RapidownGet.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Pop up Blocker Pro - {CC01A047-BBAF-4413-AFFC-0E02C8D290EC} - C:\WINDOWS\system32\shdocvw.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PAVSRV - Unknown owner - (no file)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymantecAntiBotAgent - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

--
End of file - 8457 bytes

Open deze link in IE: http://www.eset.com/onlinescan/scanner.php?i_agree=14
Voer een volledige systeemscan uit en post het resultaat hier.

11 treats, maar dat posten hier is een andere zaak, kader waar het instaat, wat die 11 treats zijn is te klein om er een screenscan ervan te maken, kan je niet vergroten. Heb gezocht of ik een logje kan krijgen van het resultaat, maar ik vind niets.
Het grootste gedeelte waren trojans, waar ik java zag tussen staan verschillende keren.
Dus kan jij me zeggen hoe ik die resultaat hier op het forum kan krijgen, ik zou toch weer een nieuwe scan moeten maken, want door het zoeken naar een logje, ben ik natuurlijk het resultaat kwijt.
Maar ik kan mss met men eigen NOD32 scannen, dat lijkt me gemakkelijker om een logje te krijgen?
Ik hoor het wel.;)

Hmm we zullen het anders proberen:

* Download Dr.Web CureIt naar je bureaublad:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Dubbelklik drweb-cureit.exe en sta het toe om de express scan te starten.
Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
Eenmaal de korte scan is beeïndigd, Klik Options > Change Settings
Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
Klik daarna de groene pijl rechts om de scan te starten.
Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: Move incurable zoals je zal zien in volgende afbeelding:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik file en kies save report list. Bewaar de log op je bureaublad.
Sluit daarna Dr.Web Cureit.
Herstart je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

Curb 01.exe C:\Documents and Settings\All Users.WINDOWS\Application Data\Bags Balm Pile Bind Trojan.Packed.149 Niet repareerbaar.Verplaatst. !! because the night remix 19.wma C:\Documents and Settings\benny\Mijn documenten\Mijn muziek\jan wayne Trojan.Isbar.389 Verwijderd.
(livestream) because the night remix 09.wma C:\Documents and Settings\benny\Mijn documenten\Mijn muziek\jan wayne Trojan.Isbar.389 Verwijderd.
(uncensored) because the night remix 00.wma C:\Documents and Settings\benny\Mijn documenten\Mijn muziek\jan wayne Trojan.Isbar.389 Verwijderd.
---------because the night remix 56.wma C:\Documents and Settings\benny\Mijn documenten\Mijn muziek\jan wayne Trojan.Isbar.389 Verwijderd.
www.torrented.to...because the night remix 53.wma C:\Documents and Settings\benny\Mijn documenten\Mijn muziek\jan wayne Trojan.Isbar.389 Verwijderd.
hdxprhnl.exe C:\Documents and Settings\gandalf\Application Data\PARTWARNMEDIA Trojan.Packed.149 Niet repareerbaar.Verplaatst. Nounbinpop.exe C:\Documents and Settings\gandalf\Application Data\PARTWARNMEDIA Trojan.Packed.149 Niet repareerbaar.Verplaatst. restart.exe C:\Documents and Settings\gandalf\Mijn documenten\cleanersandseekers\SmitfraudFix\Smitfra udFix Tool.ShutDown.11 Niet repareerbaar.Verplaatst. DVDRegion_ CSSFree_558_patch.exe C:\Program Files\DVD Region+CSS Free Tool.DVTPatch Niet repareerbaar.Verplaatst. 2M0XHGDA.NQF C:\Program Files\ESET\infected Tool.Netcat Niet repareerbaar.Verplaatst. WB2SZDBA.NQF C:\Program Files\ESET\infected Adware.SaveNow Niet repareerbaar.Verplaatst. Launch.exe C:\Program Files\Mystery of Shark Island Tool.CleanDisk Niet repareerbaar.Verplaatst. restart.exe C:\Program Files\XP Smoker Tool.ShutDown.11 Niet repareerbaar.Verplaatst. A0048179.exe C:\System Volume Information\_restore{6763B991-4C6C-4C8D-A674-19BB9C16458B}\RP65 Trojan.Click.2798 Verwijderd.
A0048486.exe C:\System Volume Information\_restore{6763B991-4C6C-4C8D-A674-19BB9C16458B}\RP68 Trojan.Packed.149 Niet repareerbaar.Verplaatst. A0048487.exe C:\System Volume Information\_restore{6763B991-4C6C-4C8D-A674-19BB9C16458B}\RP68 Trojan.Packed.149 Niet repareerbaar.Verplaatst. A0048488.exe C:\System Volume Information\_restore{6763B991-4C6C-4C8D-A674-19BB9C16458B}\RP68 Trojan.Packed.149 Niet repareerbaar.Verplaatst.

* Download dit bestand: Deljob.exe (http://home.hetnet.nl/~stefsmeenk/tools/deljob.exe) (mirror (http://members.lycos.nl/deljob/))
Plaats het op je bureaublad.
Indien je virusscanner de download van deljob.exe blokkeert,
schakel dan tijdelijk je virusscanner uit of download de zip-versie
deljob.zip (http://members.lycos.nl/deljob/deljob.zip) en pak deze uit naar je Bureaublad.
Dubbelklik Deljob.exe.
Een logje(logit.txt) zal openen, het bestandje kan je ook terugvinden op je bureaublad.
Post de inhoud van logit.txt in je volgende bericht.

--------------------------------------------------------
No LOP jobs found
--------------------------------------------------------
Files remaining after cleaning

Easy Onderhoud.job
ParetoLogic Anti-Spyware.job
--------------------------------------------------------
App data folders

Het volume in station C heeft geen naam.
Het volumenummer is D48F-5572

Map van C:\Documents and Settings\gandalf\Application Data

11/08/2007 12:27 <DIR> .
11/08/2007 12:27 <DIR> ..
14/06/2007 18:22 <DIR> Adobe
10/01/2007 12:41 <DIR> AdobeUM
08/01/2007 22:16 <DIR> Ahead
10/01/2007 11:56 <DIR> albumart
01/06/2007 20:32 <DIR> AMBIEN~1 Ambient Design
12/08/2007 01:06 <DIR> AMULET~1 AmuletAdventure
15/06/2007 17:18 <DIR> APPLEC~1 Apple Computer
09/05/2007 22:41 <DIR> Ashampoo
29/07/2007 01:34 <DIR> BIGFIS~1 Big Fish Games
22/01/2007 22:32 <DIR> BINARY~1 BinarySense
26/06/2007 00:32 <DIR> BITDEF~1 Bitdefender
18/02/2007 14:38 <DIR> CFISHE~1 CFi ShellToys
24/03/2007 01:32 <DIR> CTXM
04/03/2007 01:01 <DIR> CYBERL~1 CyberLink
11/02/2007 18:34 <DIR> DESKTO~1 Desktop Sidebar
30/03/2007 18:58 <DIR> DivX
18/02/2007 13:36 <DIR> EPSON
25/05/2007 23:41 <DIR> Esteem Technology
30/07/2007 21:50 <DIR> FVSTemp
24/01/2007 01:03 <DIR> Gena01
08/03/2007 00:01 <DIR> GENIE-~1 Genie-Soft
16/04/2007 11:50 <DIR> GeoVid
29/04/2007 17:12 <DIR> Google
07/08/2007 00:21 <DIR> Grisoft
17/04/2007 22:53 <DIR> gtopala
21/01/2007 15:26 <DIR> Help
07/01/2007 17:00 <DIR> IDENTI~1 Identities
26/06/2007 23:40 <DIR> iolo
17/06/2007 00:33 <DIR> JASCSO~1 Jasc Software Inc
06/07/2007 17:05 <DIR> Lavasoft
28/05/2007 21:21 <DIR> LimeWire
11/08/2007 14:43 <DIR> LIMEWI~1 LimeWireTurbo
16/06/2007 13:52 <DIR> MACROM~1 Macromedia
03/03/2007 17:48 <DIR> MEDIAP~1 Media Player Classic
02/06/2007 13:13 <DIR> METAPR~1 MetaProducts
28/06/2007 22:40 <DIR> MICROS~1 Microsoft
07/01/2007 18:59 <DIR> Mozilla
02/08/2007 21:12 <DIR> MYSTER~1 Mysteryville2
11/04/2007 21:36 <DIR> Opera
16/08/2007 19:47 <DIR> PARTWA~1 PARTWARNMEDIA
09/04/2007 13:47 <DIR> PEGASY~1 Pegasys Inc
30/07/2007 00:18 <DIR> PLAYFI~1 PlayFirst
03/08/2007 13:16 <DIR> Sammsoft
10/01/2007 10:03 <DIR> SIMPLY~1 Simply Super Software
21/05/2007 16:58 <DIR> Songbird
07/08/2007 12:24 <DIR> SPACET~1 SpaceTime 3D
23/01/2007 23:45 <DIR> SPYEME~1 Spy Emergency
12/01/2007 22:40 <DIR> Sun
22/07/2007 00:33 <DIR> Symantec
07/01/2007 18:59 <DIR> Talkback
10/01/2007 11:28 <DIR> Teleca
24/02/2007 12:54 <DIR> Tenebril
28/04/2007 21:55 <DIR> Thinstall
07/01/2007 18:59 <DIR> THUNDE~1 Thunderbird
21/01/2007 18:53 <DIR> TROJAN~1 TrojanHunter
23/01/2007 21:37 <DIR> TUNEUP~1 TuneUp Software
20/06/2007 13:59 <DIR> TYPING~1 TypingMaster7
08/04/2007 22:34 <DIR> Uniblue
22/01/2007 12:59 <DIR> URSEGA~1 URSE Games
25/07/2007 22:18 <DIR> URSoft
26/01/2007 18:09 <DIR> VanDale
14/06/2007 01:35 <DIR> Vso
26/06/2007 01:12 <DIR> Webroot
02/06/2007 00:40 <DIR> WinRAR
0 bestand(en) 0 bytes
66 map(pen) 97.610.158.080 bytes beschikbaar
Het volume in station C heeft geen naam.
Het volumenummer is D48F-5572

Map van C:\Documents and Settings\All Users.WINDOWS\Application Data

05/08/2007 00:46 <DIR> .
05/08/2007 00:46 <DIR> ..
26/07/2007 00:08 <DIR> Adobe
08/01/2007 01:01 <DIR> APPLEC~1 Apple Computer
09/05/2007 22:41 <DIR> Ashampoo
02/03/2007 18:21 <DIR> B-News
16/08/2007 19:32 <DIR> BAGSBA~1 Bags Balm Pile Bind
26/06/2007 00:32 <DIR> BITDEF~1 BitDefender
04/03/2007 00:56 <DIR> CYBERL~1 CyberLink
15/06/2007 18:04 <DIR> DFX
22/07/2007 00:29 <DIR> DOWNLO~1 Downloaded Installations
04/07/2007 21:39 <DIR> DVDXST~1 DVD X Studios
26/05/2007 00:42 <DIR> Esteem Technology
13/06/2007 01:06 <DIR> FLEXnet
08/03/2007 00:02 <DIR> GENIE-~1 Genie-Soft
03/07/2007 23:37 <DIR> Google
30/06/2007 19:33 <DIR> Grisoft
17/06/2007 00:35 <DIR> INSTAL~1 InstallShield
26/06/2007 23:40 <DIR> iolo
12/06/2007 20:25 <DIR> KASPER~1 Kaspersky Lab Setup Files
25/07/2007 23:31 <DIR> LACONI~1 Laconic Software
19/04/2007 21:13 <DIR> MICROS~1 Microsoft
30/05/2007 10:19 <DIR> NVIDIA
09/03/2007 20:35 <DIR> PARETO~1 ParetoLogic Anti-Spyware
30/07/2007 00:18 <DIR> PLAYFI~1 PlayFirst
19/04/2007 13:39 <DIR> RFA_Backups
10/08/2007 15:25 <DIR> SNAPST~1 SnapStream
18/05/2007 13:38 <DIR> SongbirdVLC
10/01/2007 11:22 <DIR> SONYER~1 Sony Ericsson
09/08/2007 00:15 <DIR> SPYBOT~1 Spybot - Search & Destroy
11/01/2007 08:44 <DIR> SRSLabs
08/01/2007 15:09 <DIR> Symantec
10/01/2007 10:54 <DIR> Teleca
01/08/2007 10:39 <DIR> TEMP
26/03/2007 21:32 <DIR> Trymedia
23/01/2007 21:36 <DIR> TUNEUP~1 TuneUp Software
07/01/2007 23:24 <DIR> UDL
26/06/2007 01:12 <DIR> Webroot
09/01/2007 12:48 <DIR> WINDOW~1 Windows Genuine Advantage
11/01/2007 11:01 <DIR> WinZip
0 bestand(en) 0 bytes
40 map(pen) 97.610.141.696 bytes beschikbaar
--------------------------------------------------------

Hoe moet het nu verder Jurgen?

Mijn excuses, ik heb je logje over het hoofd gezien.


Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt) Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

Had een paar vraagjes Jurgen, iedere keer als je me iets laat downloaden, moet ik het opslaan op het bureaublad, maakt dat verschil uit als je het ergens anders op je pc opslaat?
Die combofix, wat doet die juist, zoek die achter specifieke virussen ofzo?
Logje volgt nog.

Tooltje toont wat meer wat er aan de hand is. :) zolang je geen specifieke opdracht krijgt om het bestand ergens te plaatsen maakt het totaal niet uit idd.

Der is iets raars gebeurt, tijdens die combofix verdween mijn werkbalk vanonder, hoe combofix bezig was om het logje te creeren, kwam mijn Norton antibot ertussen, heeft iets verwijderd, maar ik weet niet wat en vroeg mijn om de pc opnieuw op te starten, dat heb ik nu nog niet gedaan, maar hoe moet het verder nu, want ik heb nog steeds geen werkbalk onder.

Je zal combofix opnieuw moeten downloaden, want dat wat norton tegenhield was wss Combofix... :) En natuurlijk tijdens de scan onderbreken zal explorer.exe doen crashen...

Zo te zien heeft die mijn logje verwijderd, ik ga Antibot eens uitzetten en opnieuw combofix laten draaien, wat vind jij daarvan?

Proberen waard.

ComboFix 07-08-14.4 - "gandalf" 2007-08-18 21:58:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.92 [GMT 2:00]


((((((((((((((((((((((((( Files Created from 2007-07-18 to 2007-08-18 )))))))))))))))))))))))))))))))


2007-08-18 21:23 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-18 16:38 <DIR> d-------- C:\DOCUME~1\gandalf\APPLIC~1\Pioneer
2007-08-18 16:18 <DIR> d-------- C:\WINDOWS\system32\ipp20
2007-08-18 16:16 <DIR> d-------- C:\Program Files\Pioneer
2007-08-18 01:01 <DIR> d--hs---- C:\DOCUME~1\gandalf\Onlangs geopend
2007-08-17 13:54 <DIR> d-------- C:\Program Files\MatchWare
2007-08-16 14:39 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2007-08-16 10:44 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2007-08-16 10:44 20,480 --a------ C:\WINDOWS\system32\wbload.dll
2007-08-15 00:10 <DIR> d-------- C:\Program Files\Easy Banner Creator 1.0
2007-08-14 16:20 <DIR> d-------- C:\Program Files\GameHouse
2007-08-11 21:56 <DIR> d-------- C:\Program Files\Desktop Butterflies 3D Screensaver
2007-08-11 12:27 <DIR> d-------- C:\DOCUME~1\gandalf\APPLIC~1\LimeWireTurbo
2007-08-11 12:26 <DIR> d-------- C:\Program Files\LimeWire Turbo
2007-08-11 11:56 <DIR> d-------- C:\DOCUME~1\gandalf\APPLIC~1\AmuletAdventure
2007-08-11 11:55 <DIR> d-------- C:\Program Files\Wiredplane games
2007-08-11 01:11 <DIR> d-------- C:\Program Files\CryptLoad
2007-08-10 15:51 <DIR> d-------- C:\Program Files\Mystery Case Files Prime Suspects
2007-08-10 13:42 <DIR> d-------- C:\Program Files\Mirror Magic
2007-08-09 17:11 <DIR> d-------- C:\fretten
2007-08-08 16:49 <DIR> d-------- C:\Program Files\MessengerDiscovery
2007-08-08 16:30 19,456 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll
2007-08-07 12:24 <DIR> dr------- C:\DOCUME~1\gandalf\APPLIC~1\SpaceTime 3D
2007-08-07 01:08 <DIR> d-------- C:\Program Files\blackmagic
2007-08-07 00:21 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-05 13:50 <DIR> d-------- C:\Program Files\TopDesk
2007-08-05 00:48 <DIR> d-------- C:\Program Files\ATI Multimedia
2007-08-05 00:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SnapStream
2007-08-05 00:45 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-05 00:43 <DIR> d-------- C:\Program Files\SnapStream Media
2007-08-05 00:21 <DIR> d-------- C:\Program Files\ClocX
2007-08-03 20:46 <DIR> d-------- C:\WINDOWS\Clean MemXP
2007-08-03 20:45 <DIR> d-------- C:\Program Files\Clean MemXP
2007-08-03 13:16 <DIR> d-------- C:\DOCUME~1\gandalf\APPLIC~1\Sammsoft
2007-08-03 13:15 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer
2007-08-02 21:11 <DIR> d-------- C:\DOCUME~1\gandalf\APPLIC~1\Mysteryville2
2007-08-02 21:10 <DIR> d-------- C:\Program Files\Mysteryville 2
2007-08-02 20:33 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-08-02 20:32 <DIR> d-------- C:\Program Files\Styrateg
2007-08-02 18:11 253,952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll
2007-08-02 18:11 241,664 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll
2007-08-02 14:30 <DIR> d-------- C:\Program Files\WinDriver Ghost
2007-08-02 00:19 <DIR> d-------- C:\Program Files\Rapidown
2007-07-30 23:58 <DIR> d-------- C:\Program Files\Premium Booster
2007-07-30 22:53 <DIR> d-------- C:\Program Files\Flash Particle Studio 1.0
2007-07-30 21:36 <DIR> d--h----- C:\DOCUME~1\gandalf\APPLIC~1\FVSTemp
2007-07-30 21:34 <DIR> d-------- C:\Program Files\Flash Fluid Effect 1.0
2007-07-30 00:17 <DIR> d-------- C:\Program Files\Mystery of Shark Island
2007-07-29 22:48 <DIR> d-------- C:\Program Files\Longgame
2007-07-29 01:34 <DIR> d-------- C:\DOCUME~1\gandalf\APPLIC~1\Big Fish Games
2007-07-27 18:57 <DIR> d-------- C:\Program Files\Dream Chronicles
2007-07-27 15:49 225,355 --a------ C:\WINDOWS\system32\lnod32apiW.dll
2007-07-27 15:49 196,683 --a------ C:\WINDOWS\system32\lnod32apiA.dll
2007-07-26 06:09 <DIR> d-------- C:\DOCUME~1\sonia\APPLIC~1\URSoft
2007-07-25 23:26 0 --a------ C:\WINDOWS\system32\sys_dll.dll
2007-07-25 23:22 <DIR> d-------- C:\Program Files\Trojan Guarder Gold Version
2007-07-24 00:58 <DIR> d-------- C:\Program Files\ALCATech
2007-07-22 22:11 4,759,552 --a------ C:\WINDOWS\system32\Desktop Butterflies 3D Screensaver.scr
2007-07-22 00:33 <DIR> d-------- C:\Program Files\Symantec
2007-07-22 00:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Downloaded Installations
2007-07-21 01:02 <DIR> d-------- C:\Program Files\DatawareGames
2007-07-19 23:29 <DIR> d-------- C:\Program Files\Northern Lights Software Associates
2007-07-19 22:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Laconic Software
2007-07-19 11:43 <DIR> d-------- C:\Program Files\Wondershare


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-08-18 14:23 --------- d-------- C:\Program Files\GetSmile
2007-08-17 13:51 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-16 23:52 --------- d-------- C:\Program Files\DVD Region+CSS Free
2007-08-16 19:47 --------- d-------- C:\DOCUME~1\gandalf\APPLIC~1\PARTWARNMEDIA
2007-08-08 16:50 --------- d-------- C:\Program Files\MSN Messenger
2007-08-01 21:07 --------- d-------- C:\Program Files\FastStone Capture
2007-08-01 12:17 --------- d-------- C:\Program Files\CD Catalog Expert
2007-07-30 00:18 --------- d-------- C:\DOCUME~1\gandalf\APPLIC~1\PlayFirst
2007-07-25 23:49 --------- d-------- C:\Program Files\DFX
2007-07-25 23:35 --------- d-------- C:\Program Files\Aurora Media Workshop
2007-07-25 22:18 --------- d-------- C:\DOCUME~1\gandalf\APPLIC~1\URSoft
2007-07-22 00:33 --------- d-------- C:\DOCUME~1\gandalf\APPLIC~1\Symantec
2007-07-18 06:11 --------- d-------- C:\Program Files\Google
2007-07-17 18:55 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-17 12:43 --------- d-------- C:\Program Files\Kryptile ScreenSavers
2007-07-17 00:17 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-16 06:58 --------- d-------- C:\Program Files\Banner Maker Pro 6
2007-07-15 23:19 --------- d-------- C:\Program Files\MVP Software
2007-07-15 00:33 12288 --a------ C:\WINDOWS\impborl.dll
2007-07-14 13:02 --------- d-------- C:\Program Files\PF3DEN
2007-07-14 11:33 --------- d-------- C:\Program Files\MDCCindia Technologies
2007-07-10 16:45 --------- d-------- C:\Program Files\JlgSolera
2007-07-06 23:23 286720 --a------ C:\WINDOWS\iun506.exe
2007-07-06 23:23 --------- d-------- C:\Program Files\The Stone of Destiny
2007-07-06 18:54 --------- d-------- C:\Program Files\Russian New Logic
2007-07-06 17:05 --------- d-------- C:\DOCUME~1\gandalf\APPLIC~1\Lavasoft
2007-07-06 17:03 --------- d-------- C:\Program Files\Lavasoft
2007-07-05 17:20 --------- d-------- C:\Program Files\7art
2007-07-05 15:47 37 --a------ C:\WINDOWS\IIEsv44JBS5X2.dll
2007-07-05 15:47 18 --a------ C:\WINDOWS\XMMR810eno.dll
2007-07-04 21:40 14 --a------ C:\WINDOWS\system32\SystemInfo32.sys
2007-07-04 21:39 --------- d-------- C:\Program Files\DVD X Studios
2007-07-04 17:43 4 --a------ C:\WINDOWS\IIEsv44JBS5X.dll
2007-07-04 17:43 --------- d-------- C:\Program Files\Xeno Assault II
2007-07-01 00:36 --------- d-------- C:\Program Files\PlayFirst
2007-06-30 19:30 --------- d-------- C:\Program Files\a-squared Free
2007-06-30 19:24 --------- d-------- C:\Program Files\Sunbelt Software
2007-06-30 19:24 --------- d-------- C:\Program Files\Oberon Games
2007-06-30 19:24 --------- d-------- C:\Program Files\New Folder
2007-06-30 19:24 --------- d-------- C:\Program Files\MASC Software BV
2007-06-30 19:24 --------- d-------- C:\Program Files\Desktop Notepad
2007-06-30 19:24 --------- d-------- C:\Program Files\DATA
2007-06-30 19:24 --------- d-------- C:\Program Files\Bodrag
2007-06-30 19:24 --------- d-------- C:\Program Files\Astral Masters
2007-06-30 19:24 --------- d-------- C:\Program Files\Abra Academy
2007-06-30 19:24 --------- d-------- C:\Program Files\ABBYY PDF Transformer 2.00
2007-06-29 21:37 8 -r-hs---- C:\WINDOWS\system32\fgxp9.dll
2007-06-28 11:30 --------- d-------- C:\Program Files\Any Medias to MP3 Converter
2007-06-28 09:47 --------- d-------- C:\Program Files\MultiStage Recovery
2007-06-27 21:33 512096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-06-27 21:33 298104 --a------ C:\WINDOWS\system32\imon.dll
2007-06-27 21:33 15424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-06-26 23:40 --------- d-------- C:\DOCUME~1\gandalf\APPLIC~1\iolo
2007-06-26 17:17 --------- d-------- C:\Program Files\Registry Purify
2007-06-26 01:17 --------- d-------- C:\Program Files\Common Files\stardock
2007-06-26 01:12 --------- d-------- C:\Program Files\Webroot
2007-06-26 01:12 --------- d-------- C:\DOCUME~1\gandalf\APPLIC~1\Webroot
2007-06-26 01:08 81984 --a------ C:\WINDOWS\system32\bdod.bin
2007-06-26 01:08 --------- d-------- C:\Program Files\Common Files\Softwin(2)
2007-06-26 00:32 --------- d-------- C:\DOCUME~1\gandalf\APPLIC~1\Bitdefender
2007-06-24 19:03 --------- d-------- C:\Program Files\Smart PC Solutions
2007-06-23 14:22 --------- d-------- C:\Program Files\Planet Quest
2007-06-20 13:59 --------- d-------- C:\DOCUME~1\gandalf\APPLIC~1\TypingMaster7
2007-06-14 01:35 94080 --a------ C:\DOCUME~1\gandalf\APPLIC~1\ezplay.sys
2007-06-14 01:35 81920 --a------ C:\DOCUME~1\gandalf\APPLIC~1\ezpinst.exe
2007-06-13 11:10 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe
2007-06-07 10:34 64512 --ah----- C:\DOCUME~1\gandalf\APPLIC~1\dach100.dll
2007-06-05 20:45 87608 --a------ C:\DOCUME~1\gandalf\APPLIC~1\inst.exe
2007-06-05 20:45 47360 --a------ C:\DOCUME~1\gandalf\APPLIC~1\pcouffin.sys
2007-06-02 16:20 71680 --a------ C:\WINDOWS\ST5UNST.EXE
2007-05-31 08:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 08:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 08:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 08:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 08:44 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-29 12:06 220586 --a------ C:\WINDOWS\uninstall 3dfiction (sxga) mind travel.exe
2007-05-28 12:39 48 --a------ C:\WINDOWS\system32\swctl.dll
2007-05-24 22:33 49 --a------ C:\WINDOWS\system32\uppim.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-27 21:33]
"NortonAntiBot"="C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe" [2007-06-29 20:40]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 21:43]
"nwiz"="nwiz.exe" [2006-08-11 21:43 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48]
"ClocX"="C:\Program Files\ClocX\ClocX.exe" [2007-07-26 17:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"AWMON"="C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" [2005-05-25 12:12]
"SkinClock"="C:\Program Files\Clock Tray Skins\ClockTraySkins.exe" [2007-01-30 14:39]

C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
Norton GoBack.lnk - C:\Program Files\Norton GoBack\GBTray.exe [2004-08-13 11:26:46]
Trojan Guarder Gold Version.lnk - C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe [2007-07-19 05:29:22]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableClock"=0 (0x0)
"NoDispCPL"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoInstrumentation"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~2\DVDShell.dll [2004-10-09 15:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2006-07-14 14:46 45056 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-03-05 16:36 140976 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^gandalf^Menu Start^Programma's^Opstarten^AntiCrash.lnk]
backup=C:\WINDOWS\pss\AntiCrash.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^gandalf^Menu Start^Programma's^Opstarten^Stardock ObjectDock.lnk]
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^gandalf^Menu Start^Programma's^Opstarten^Y'z ToolBar.lnk]
backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00ERSRRRNKY]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bitsonline]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DesktopSpirit]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNP]
a

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD43]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4200 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA EE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBMPro7Agent]
C:\Program Files\Genie-Soft\GBMPro7\GBMAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ParetoLogic Anti-Spyware]
"C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" -NM -hidesplash

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC-Checkup]
"C:\PC-Checkup\PCCheckUp.exe" -mini

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pile bind meow seek]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
C:\Program Files\CursorXP\CursorXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
"C:\Program Files\RFA Platinum\rfagent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeePassword]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShellToys XP Clipboard History]
"C:\PROGRA~1\CFi\SHELLT~1\cliphook.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShellToys XP Utility Manager]
"C:\PROGRA~1\CFi\SHELLT~1\CFiShlMan.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIDEBAR]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PSIMSVC"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"StyleXPService"=2 (0x2)
"SpyEmrgSrv"=2 (0x2)
"RichVideo"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"Uniblue SpeedUpMyPC"=C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s

R0 GBDevice;GBDevice;C:\WINDOWS\system32\drivers\GBDe vice.sys
R0 GoBack2K;GoBack2K;C:\WINDOWS\system32\drivers\GoBa ck2K.sys
R0 hotcore;hotcore;C:\WINDOWS\system32\drivers\hotcor e.sys
R1 sdpiosys;sdpiosys;C:\WINDOWS\system32\drivers\sdpi osys.sys
R1 SpyEmrg;Spy Emergency Driver;C:\WINDOWS\system32\Drivers\spyemrg.sys
R2 GBFSHook;GBFSHook;C:\WINDOWS\system32\drivers\GBFS Hook.sys
R2 pavdrv;pavdrv;\??\C:\WINDOWS\system32\Drivers\pavd rv51.sys
R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);C:\WINDOWS\system32\inetsrv\inetinfo.exe
R2 SymantecAntiBotWatcher;SymantecAntiBotWatcher;C:\P rogram Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
R2 TVicPort;TVicPort;C:\WINDOWS\system32\drivers\TVic Port.sys
R3 SymantecAntiBotDriver;SymantecAntiBotDriver;\??\C: \Program Files\Symantec\Norton AntiBot\agent\driver\platform_XP\AntiBotDriver.sys
R3 SymantecAntiBotFilter;SymantecAntiBotFilter;\??\C: \Program Files\Symantec\Norton AntiBot\agent\driver\platform_XP\AntiBotFilter.sys
R3 SymantecAntiBotShim;SymantecAntiBotShim;\??\C:\Pro gram Files\Symantec\Norton AntiBot\agent\driver\platform_XP\AntiBotShim.sys
S2 SymantecAntiBotAgent;SymantecAntiBotAgent;"C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe" SymantecAntiBotAgent
S3 drhard;DRHARD;\??\C:\WINDOWS\system32\DRIVERS\DRHA RD.SYS
S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;C:\WINDOWS\system32\Drivers\spyemrg_guard.s ys
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys

*Newly Created Service* - SDPIOSYS

Contents of the 'Scheduled Tasks' folder
2007-08-17 15:15:00 C:\WINDOWS\Tasks\Easy Onderhoud.job
2007-05-11 01:00:00 C:\WINDOWS\Tasks\ParetoLogic Anti-Spyware.job - C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe

************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-18 22:04:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

************************************************** ************************

Completion time: 2007-08-18 22:07:06
C:\ComboFix-quarantined-files.txt ... 2007-08-18 22:06

--- E O F ---

Hij gaf op een bepaalde moment aan dat hij niet door kon gaan omdat de lijst te lang was.

Download OTMoveIt.exe (http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe) en plaats het op je bureaublad:

Start OTMoveIt door dubbel te klikken op OTMoveIt.exe
In het linkerpaneel, waar het zegt: Paste List of Files/Folders to be Moved ,kopieer en plak je onderstaand gedeelte:

C:\WINDOWS\IIEsv44JBS5X2.dll
C:\WINDOWS\XMMR810eno.dll
C:\WINDOWS\system32\SystemInfo32.sys
C:\WINDOWS\IIEsv44JBS5X.dll
C:\WINDOWS\system32\fgxp9.dll
C:\WINDOWS\system32\bdod.bin

Klik daarna op de knop MoveIt onderaan.
Wanneer voltooid zal het een log aanmaken (********_******.log -- de * staat voor datum en tijd) in de volgende map: C:\_OTMoveIt\MovedFiles.
Post de inhoud daarvan in je volgende bericht met een nieuw hijackthis logje.

heb geen logje gekregen, maar dat stond rechts van het venster,
LoadLibrary failed for C:\WINDOWS\IIEsv44JBS5X2.dll
C:\WINDOWS\IIEsv44JBS5X2.dll NOT unregistered.
C:\WINDOWS\IIEsv44JBS5X2.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\XMMR810eno.dll
C:\WINDOWS\XMMR810eno.dll NOT unregistered.
C:\WINDOWS\XMMR810eno.dll moved successfully.
C:\WINDOWS\system32\SystemInfo32.sys moved successfully.
LoadLibrary failed for C:\WINDOWS\IIEsv44JBS5X.dll
C:\WINDOWS\IIEsv44JBS5X.dll NOT unregistered.
C:\WINDOWS\IIEsv44JBS5X.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\fgxp9.dll
C:\WINDOWS\system32\fgxp9.dll NOT unregistered.
C:\WINDOWS\system32\fgxp9.dll moved successfully.
C:\WINDOWS\system32\bdod.bin moved successfully.

Created on 08/18/2007 22:50:14

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:54:27, on 18/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
C:\Program Files\Norton GoBack\GBTray.exe
C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Ashampoo\ASHAMP~1\bin\DEFRAG~3.EXE
C:\WINDOWS\system32\winlogon.exe
C:\PROGRA~1\Ashampoo\ASHAMP~1\bin\defragActivityMo nitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\gandalf\Bureaublad\OTMoveIt.exe
C:\Documents and Settings\gandalf\Mijn documenten\cleanersandseekers\HiJackThis_v2\HiJack This_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browster BrwIEConnector - {908A31E8-2A6E-4736-8E8A-AAF00C4AE38F} - C:\Program Files\Browster\Browster.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Browster - {2EF39867-654F-48b6-8F93-B4FC3E8C6844} - C:\Program Files\Browster\Browster.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NortonAntiBot] "C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-21-299502267-813497703-839522115-1004\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User 'sonia')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-299502267-813497703-839522115-1004 Startup: StartupFaster (User 'sonia')
O4 - S-1-5-21-299502267-813497703-839522115-1004 User Startup: StartupFaster (User 'sonia')
O4 - Startup: StartupFaster
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton GoBack\GBTray.exe
O4 - Global Startup: StartupFaster
O4 - Global Startup: Trojan Guarder Gold Version.lnk = C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\RapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\RapidownGet.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Pop up Blocker Pro - {CC01A047-BBAF-4413-AFFC-0E02C8D290EC} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PAVSRV - Unknown owner - (no file)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymantecAntiBotAgent - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

--
End of file - 8700 bytes

Dat zal het wel zijn vermoed ik, Hartelijk bedankt Jurgen.

Hoe werkt alles verder ondertussen?

Als normaal zou ik zeggen!

Ok dan. :)

Nog een paar tips om problemen te voorkomen in de toekomst:

Installeer alvast volgende GRATIS programmatjes indien je ze nog niet hebt:

Spywareblaster (http://www.javacoolsoftware.com/spywareblaster.html)
Adaware se (http://www.majorgeeks.com/download506.html)
Spybot s&d (http://www.safer-networking.org/en/index.html)


Tijdens het surfen, klik niet overal klakkeloos op ja als je dit gevraagd wordt... doe dit enkel wanneer je het volledig vertrouwt.

En kies eventueel een alternatieve browser zoals Opera (http://www.opera.com) of Firefox (http://www.mozilla.org/products/firefox/).

En ik raad je ook aan om af en toe een online virusscan uit te voeren. housecall (http://housecall.trendmicro.com/) en/of Bitdefender (http://nl.bitdefender.com/scan8/). Want, wat de ene scanner niet kan vinden, kan een andere misschien wel.
Zorg er ook voor dat je virusscanner die op je systeem geïnstalleerd is altijd up to date is!!

En... geregeld eens een bezoekje brengen aan: http://windowsupdate.microsoft.com/

Bekijk ook eens deze 2 filmpjes.. Heel interessant:
http://www2.trosradar.nl/mediaplayer/player.php?videoID=524&mode=dossier#
http://www.benedelman.org/spyware/security-111804.wmv


Meer preventietips zijn ook op volgende sites te vinden:

http://www.bluemedicine.be
http://users.telenet.be/marcvn/spyware
How did I get infected in the first place (http://castlecops.com/postitle7736-0-0-.html) (article by TonyKlein)
Het voorkomen van spyware-infecties en browserhijacking (http://www.antispywareoffensief.nl/forum/showthread.php?t=55)