Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:42, on 27/09/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\sv.exe
C:\WINDOWS\svzip.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\svhoster.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\services.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zita.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [netsv32] C:\WINDOWS\sv.exe
O4 - HKLM\..\Run: [netzip] C:\WINDOWS\svzip.exe
O4 - HKLM\..\Run: [net64] C:\WINDOWS\svhoster.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185274287653
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rolejo.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Application Layer Gateway-service ALGRDSessMgr (ALGRDSessMgr) - Unknown owner - C:\WINDOWS\System32\1031r.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: TCP/IP NetBIOS Helper LmHostsClipSrv (LmHostsClipSrv) - Unknown owner - C:\WINDOWS\System32\adsldpz.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Windows Installer MSIServerSENS (MSIServerSENS) - Unknown owner - C:\WINDOWS\System32\ahuil.exe
O23 - Service: Network DDE DSDM NetDDEdsdmBrowser (NetDDEdsdmBrowser) - Unknown owner - C:\WINDOWS\System32\2052j.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Helpsessiebeheer voor Extern bureaublad RDSessMgrWmiApSrv (RDSessMgrWmiApSrv) - Unknown owner - C:\WINDOWS\System32\1028b.exe
O23 - Service: Performance Logs and Alerts SysmonLogNetman (SysmonLogNetman) - Unknown owner - C:\WINDOWS\System32\3com_dmit.exe
O23 - Service: Performance Logs and Alerts SysmonLogUMWdf (SysmonLogUMWdf) - Unknown owner - C:\WINDOWS\System32\7_exceptionf.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6450 bytes

Christof, er is al eerder gezegd dat je systeem totaal out-of-date is. Zowel SP1 als SP2 ontbreken, dié zijn nodig om je windows veiliger te houden. Ik vraag me trouwens af of latere updates ooit binnen raken?
Begin alvast bij SP1, dan kunnen onze spyware slayers je verder helpen bij eventuele besmettingen, nu is het dweilen met de kraan open. Beide servicepacks zijn gratis, het kost je geen cent, enkel wat dataverkeer.

Christof, er is al eerder gezegd dat je systeem totaal out-of-date is. Zowel SP1 als SP2 ontbreken, dié zijn nodig om je windows veiliger te houden. Ik vraag me trouwens af of latere updates ooit binnen raken?
Begin alvast bij SP1, dan kunnen onze spyware slayers je verder helpen bij eventuele besmettingen, nu is het dweilen met de kraan open. Beide servicepacks zijn gratis, het kost je geen cent, enkel wat dataverkeer.
Soms blokkeert spyware het pdaten van Windows ook hé ;)

hoe komt het dan dat het mij niet lukt om die te installeren en waar kan ik die vinden SP1 en SP2

http://www.update.microsoft.com/windowsupdate

Schakel alles van defensie tijdelijk uit: firewall, antivirus, want die kunnen idd download en installeren van updates verhinderen.
Service Pack 1 IE kan je hier (http://www.microsoft.com/downloads/details.aspx?displaylang=nl&FamilyID=1E1550CB-5E5D-48F5-B02B-20B602228DE6) vinden, voor Service Pack 2 is het best dat je eerst naleest wat je daarvoor allemaal doet, klik hierop (http://www.microsoft.com/netherlands/windowsxp/sp2/default.aspx) om dat te doen.

Denk eraan dat je moet rebooten tussendoor en dat het dan mogelijk is dat firewall en antivirus dan terug actief kunnen zijn.
Hopelijk heb je nu succes, want normaal gezien kan élke legale xp geupdate worden.

Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) en klik op "uitvoeren".
Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).

Herstart de pc in de veilige modus.
Safe mode for Windows XP
Herstart de computer
Zodra uw computer klaar is met het laden van de BIOS (zwarte scherm en witte letters, of een ander beginscherm)en vlak voordat Windows wordt geladen
Tap op de F8-toets (of de F5)-toets totdat u in het Windows option-menu terechtkomt
Kies hier voor opstarten in veilige modus (Safe mode) door het gebruik van de pijltjestoetsen en daarna Enter

Dubbelklik de map SDFix en dubbelklik op RunThis.bat om het script te starten.
Typ Y en klik enter om het schoonmaakproces te starten.
Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.
De computer zal dan herstarten; dit duurt langer dan gewoonlijk.
De Fixtool zal opnieuw gaan werken en het verwijderingproces vervolgen, dan wordt Finished, getoond, wacht geduldig af totdat je weer een toets moeten indrukken om het script te beëindigen en je bureaubladiconen weer te laden.
Zodra je bureaublad weer normaal is zal het SDFix report openen en ook te vinden zijn in de SDFix folder als Report.txt.
Copy/paste de inhoud van dit report Report.txt in je volgende antwoord hier samen met een nieuw HijackThis log

SDFix: Version 1.107
Run by christof on wo 03/10/2007 at 13:57
Microsoft Windows XP [versie 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:

Infected Winlogon.exe Found!
Winlogon File Locations:
"C:\WINDOWS\SoftwareDistribution\Download\e3ae9c47f e2d587c4f8623a201f595da\winlogon.exe" 504832 04/08/2004 10:03
"C:\WINDOWS\system32\winlogon.exe" 433152 17/09/2007 20:30
"C:\WINDOWS\system32\dllcache\winlogon.exe" 433152 24/09/2007 11:01
Modified Files Are Listed Below:
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\dllcache\winlogon.exe

Note: SDFix Does Not Repair This File!

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...

Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\SYSTEM32\DLLH8J~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\KERNEL32.EXE - Deleted
C:\DOCUME~1\christof\LOCALS~1\Temp\0wl.tmp - Deleted
C:\wintemp.log - Deleted
C:\WINDOWS\svhoster.exe - Deleted
C:\WINDOWS\system32\dllh8jkd1q8.exe - Deleted
C:\WINDOWS\system32\Kernel32.exe - Deleted
C:\WINDOWS\system32\mstscex.dll - Deleted
C:\WINDOWS\system32\oleauth32.dll - Deleted

Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.


Final Check:
Remaining Services:
------------------


Authorized Application Key Export:
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Wed 19 Sep 2007 48,419 ..SHR --- "C:\WINDOWS\system32\1028b.exe"
Sun 23 Sep 2007 39,424 ..SHR --- "C:\WINDOWS\system32\1031r.exe"
Wed 3 Oct 2007 39,050 ..SHR --- "C:\WINDOWS\system32\1041r.exe"
Sun 23 Sep 2007 39,424 ..SHR --- "C:\WINDOWS\system32\2052j.exe"
Sun 23 Sep 2007 39,424 ..SHR --- "C:\WINDOWS\system32\3com_dmit.exe"
Sun 23 Sep 2007 39,424 ..SHR --- "C:\WINDOWS\system32\7_exceptionf.exe"
Mon 24 Sep 2007 39,424 ..SHR --- "C:\WINDOWS\system32\adsldpz.exe"
Sun 23 Sep 2007 39,424 ..SHR --- "C:\WINDOWS\system32\ahuil.exe"
Tue 25 Sep 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 20 Jan 2007 17,874,288 A..H. --- "C:\Documents and Settings\mattijs\Local Settings\Temp\BIT9B.tmp"
Finished!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:17:46, on 3/10/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\sv.exe
C:\WINDOWS\svzip.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zita.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [netsv32] C:\WINDOWS\sv.exe
O4 - HKLM\..\Run: [netzip] C:\WINDOWS\svzip.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185274287653
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rolejo.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{164139F9-95D3-47E7-A0C8-5473CDCB0101}: NameServer = 85.255.116.174,85.255.112.82
O17 - HKLM\System\CCS\Services\Tcpip\..\{B833BF14-547B-40A5-98BC-414B1D9040B4}: NameServer = 85.255.116.174,85.255.112.82
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.174 85.255.112.82
O17 - HKLM\System\CS1\Services\Tcpip\..\{164139F9-95D3-47E7-A0C8-5473CDCB0101}: NameServer = 85.255.116.174,85.255.112.82
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.174 85.255.112.82
O17 - HKLM\System\CS2\Services\Tcpip\..\{164139F9-95D3-47E7-A0C8-5473CDCB0101}: NameServer = 85.255.116.174,85.255.112.82
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.174 85.255.112.82
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Application Layer Gateway-service ALGRDSessMgr (ALGRDSessMgr) - Unknown owner - C:\WINDOWS\System32\1031r.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Help en ondersteuning helpsvcALGRDSessMgr (helpsvcALGRDSessMgr) - Unknown owner - C:\WINDOWS\System32\1041r.exe
O23 - Service: TCP/IP NetBIOS Helper LmHostsClipSrv (LmHostsClipSrv) - Unknown owner - C:\WINDOWS\System32\adsldpz.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Windows Installer MSIServerSENS (MSIServerSENS) - Unknown owner - C:\WINDOWS\System32\ahuil.exe
O23 - Service: Network DDE DSDM NetDDEdsdmBrowser (NetDDEdsdmBrowser) - Unknown owner - C:\WINDOWS\System32\2052j.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Helpsessiebeheer voor Extern bureaublad RDSessMgrWmiApSrv (RDSessMgrWmiApSrv) - Unknown owner - C:\WINDOWS\System32\1028b.exe
O23 - Service: Performance Logs and Alerts SysmonLogNetman (SysmonLogNetman) - Unknown owner - C:\WINDOWS\System32\3com_dmit.exe
O23 - Service: Performance Logs and Alerts SysmonLogUMWdf (SysmonLogUMWdf) - Unknown owner - C:\WINDOWS\System32\7_exceptionf.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7901 bytes

Hmm er is wat bijgekomen lijkt het wel.



Print de onderstaande instructies uit omdat je de computer tijdens het fixen moet herstarten.
(kopieer de tekst naar bijv. Word en print dit uit)

Download FixWareout van één van de volgende links:
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
http://downloads.subratam.org/Fixwareout.exe

Sla het op je bureaublad op en dubbelklik op Fixwareout.exe.
Klik op "Next", daarna op "Install".
Zorg dat "Run Fixit" aangevinkt is en klik dan op "Finish".
Volg de aanwijzingen op het scherm.
Als je gevraagd wordt om de computer opnieuw te starten doe je dit.
Het zal wat langer duren voor de computer opnieuw volledig opgestart is. Dit is normaal.
Zodra je Bureaublad geladen is, zal een tekstbestand openen (report.txt).

Let op! Als je antivirus een scriptblokker heeft krijg je een waarschuwing zoals "malicious script warning" wanneer je dit tooltje gaat draaien. Je kunt deze waarschuwing negeren.

Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.


Als je problemen hebt met de internet verbinding, voer dan het volgende uit:
Ga naar het Configuratiescherm en klik op "Netwerkverbindingen". Rechtsklik op je standaard verbinding en kies "Eigenschappen".
Klik op het tabblad "Algemeen" en dubbelklik op "Internet-Protocol (TCP/IP)". Selecteer "Automatisch een DNS-serveradres laten toewijzen".

Ga naar het Configuratiescherm en klik op "Netwerkverbindingen". Rechtsklik op je standaard verbinding en kies "Eigenschappen".
Klik op het tabblad "Algemeen" en dubbelklik op "Internet-Protocol (TCP/IP)". Selecteer "Automatisch een DNS-serveradres laten toewijzen".
Ga naar Start – Uitvoeren en tik in "cmd"
Druk op enter.
Daarna tik je in: ipconfig /flushdns
Druk op enter.
Sluit het venster.

Herstart je computer nogmaals.

Plaats de inhoud van het log dat je hier kan vinden: C:\fixwareout\report.txt, post ook een nieuw HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:24, on 4/10/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\sv.exe
C:\WINDOWS\svzip.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zita.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [netsv32] C:\WINDOWS\sv.exe
O4 - HKLM\..\Run: [netzip] C:\WINDOWS\svzip.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185274287653
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rolejo.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Application Layer Gateway-service ALGRDSessMgr (ALGRDSessMgr) - Unknown owner - C:\WINDOWS\System32\1031r.exe
O23 - Service: Help en ondersteuning helpsvcALGRDSessMgr (helpsvcALGRDSessMgr) - Unknown owner - C:\WINDOWS\System32\1041r.exe
O23 - Service: TCP/IP NetBIOS Helper LmHostsClipSrv (LmHostsClipSrv) - Unknown owner - C:\WINDOWS\System32\adsldpz.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Windows Installer MSIServerSENS (MSIServerSENS) - Unknown owner - C:\WINDOWS\System32\ahuil.exe
O23 - Service: Network DDE DSDM NetDDEdsdmBrowser (NetDDEdsdmBrowser) - Unknown owner - C:\WINDOWS\System32\2052j.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Helpsessiebeheer voor Extern bureaublad RDSessMgrWmiApSrv (RDSessMgrWmiApSrv) - Unknown owner - C:\WINDOWS\System32\1028b.exe
O23 - Service: Performance Logs and Alerts SysmonLogNetman (SysmonLogNetman) - Unknown owner - C:\WINDOWS\System32\3com_dmit.exe
O23 - Service: Performance Logs and Alerts SysmonLogUMWdf (SysmonLogUMWdf) - Unknown owner - C:\WINDOWS\System32\7_exceptionf.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6177 bytes

Username "christof" - 04/10/2007 11:28:07 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters
"nameserver"="85.255.116.174 85.255.112.82" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{164139F9-95D3-47E7-A0C8-5473CDCB0101}
"nameserver"="85.255.116.174,85.255.112.82" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{B833BF14-547B-40A5-98BC-414B1D9040B4}
"nameserver"="85.255.116.174,85.255.112.82" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{164139F9-95D3-47E7-A0C8-5473CDCB0101}
"DhcpNameServer"="85.255.116.174,85.255.112.82" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{51FF87AB-7739-4F78-925B-B337B070511F}
"DhcpNameServer"="85.255.116.174,85.255.112.82" <Value cleared.
De DNS-omzettingscache is leeggemaakt.

System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
C:\WINDOWS\System32\pwail.exe Deleted
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"LVCOMSX"="\"C:\\Program Files\\Common Files\\Logitech\\LComMgr\\LVComSX.exe\""
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"netsv32"="C:\\WINDOWS\\sv.exe"
"netzip"="C:\\WINDOWS\\svzip.exe"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73, 79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

O4 - HKLM\..\Run: [netsv32] C:\WINDOWS\sv.exe
O4 - HKLM\..\Run: [netzip] C:\WINDOWS\svzip.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

Klik op 'Fix checked' om de items te verwijderen.


Open de verkenner ("Mijn Computer") en kies Extra -> Mapopties...
Controleer onder Weergave de volgende instellingen:

Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
Uitzetten: Extensies voor bekende bestandstypen verbergen

Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
Selecteer: Verborgen bestanden en mappen weergeven

Verwijder de volgende bestanden:
C:\WINDOWS\sv.exe
C:\WINDOWS\svzip.exe


run nogmaals de wareoutfix start opnieuw op en doe een windows update haal minimaal SP1 op en installeer dit.

Plaats dan een nieuw HJT logje, zonder die update kan ik wel aan de gang blijven met fixen je bent zo weer terug besmet.

ik update mijn pc regelmatig en heb sp1 snap hoe dat komt dat je dat niet kan zien

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:31:16, on 4/10/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\9c6cee25c 3b92a7dea3075f13494a5e8\update\update.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zita.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185274287653
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rolejo.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Application Layer Gateway-service ALGRDSessMgr (ALGRDSessMgr) - Unknown owner - C:\WINDOWS\System32\1031r.exe
O23 - Service: Help en ondersteuning helpsvcALGRDSessMgr (helpsvcALGRDSessMgr) - Unknown owner - C:\WINDOWS\System32\1041r.exe
O23 - Service: TCP/IP NetBIOS Helper LmHostsClipSrv (LmHostsClipSrv) - Unknown owner - C:\WINDOWS\System32\adsldpz.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Windows Installer MSIServerSENS (MSIServerSENS) - Unknown owner - C:\WINDOWS\System32\ahuil.exe
O23 - Service: Network DDE DSDM NetDDEdsdmBrowser (NetDDEdsdmBrowser) - Unknown owner - C:\WINDOWS\System32\2052j.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Helpsessiebeheer voor Extern bureaublad RDSessMgrWmiApSrv (RDSessMgrWmiApSrv) - Unknown owner - C:\WINDOWS\System32\1028b.exe
O23 - Service: Performance Logs and Alerts SysmonLogNetman (SysmonLogNetman) - Unknown owner - C:\WINDOWS\System32\3com_dmit.exe
O23 - Service: Performance Logs and Alerts SysmonLogUMWdf (SysmonLogUMWdf) - Unknown owner - C:\WINDOWS\System32\7_exceptionf.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 5958 bytes

Download: RemoveVideoActiveXObject.exe (http://home.hetnet.nl/~stefsmeenk/RemoveVideoActiveXObject.exe)
Sla het bestand op je bureaublad op, daarna dubbelklikken.
Mogelijk start de uninstaller van een rogue scanner op, sluit deze niet af maar laat deze zijn werk doen.

Daarna de PC herstarten en nogmaals RemoveVideoActiveXObject.exe dubbelklikken.
Post daarna het logje C:\RVAXO-results.log in je volgende bericht tesamen met een nieuw logje van HijackThis.

hoe ik dat zien kan.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:31:16, on 4/10/2007
Platform: Windows XP (WinNT 5.01.2600) <<<< geen SP1
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal

----------------RVAXO.exe first run-------------

Files found:

C:\WINDOWS\system32\nusrmgr.exe
C:\Documents and Settings\christof\Bureau~1\Internet.lnk

Uninstallers Rogue scanners:


Folders Found:


Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------

Files found:

Folders Found:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:49, on 6/10/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zita.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185274287653
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rolejo.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Application Layer Gateway-service ALGRDSessMgr (ALGRDSessMgr) - Unknown owner - C:\WINDOWS\System32\1031r.exe
O23 - Service: Help en ondersteuning helpsvcALGRDSessMgr (helpsvcALGRDSessMgr) - Unknown owner - C:\WINDOWS\System32\1041r.exe
O23 - Service: TCP/IP NetBIOS Helper LmHostsClipSrv (LmHostsClipSrv) - Unknown owner - C:\WINDOWS\System32\adsldpz.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Windows Installer MSIServerSENS (MSIServerSENS) - Unknown owner - C:\WINDOWS\System32\ahuil.exe
O23 - Service: Network DDE DSDM NetDDEdsdmBrowser (NetDDEdsdmBrowser) - Unknown owner - C:\WINDOWS\System32\2052j.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Helpsessiebeheer voor Extern bureaublad RDSessMgrWmiApSrv (RDSessMgrWmiApSrv) - Unknown owner - C:\WINDOWS\System32\1028b.exe
O23 - Service: Performance Logs and Alerts SysmonLogNetman (SysmonLogNetman) - Unknown owner - C:\WINDOWS\System32\3com_dmit.exe
O23 - Service: Performance Logs and Alerts SysmonLogUMWdf (SysmonLogUMWdf) - Unknown owner - C:\WINDOWS\System32\7_exceptionf.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 5956 bytes

ziet er goed uit, geen problemen meer?

Het is al veel beter

heb nog problemen als de pc opstart int begin geeft hij een aantal fouten zoals,
adsldpz.exe
ahuil.exe
2052j.exe

Scan het volgende bestand bij Jotti: http://virusscan.jotti.org/
C:\WINDOWS\System32\ahuil.exe

C:\WINDOWS\System32\2052j.exe
C:\WINDOWS\System32\adsldpz.exe


Post het resultaat aub

Ik snap het niet goed wat ik moet doen zenne ?

Nou je zoekt op je eigen pc dat bestand op en je laat dat uploaden naar jotti gebruik daarvoor de link die ik je gaf.

Service load: 0% 100% File: 2052j.exe Status: INFECTED/MALWARE
MD5: 1daade7b9f51d5fe5b461a812c888829 Packers detected: -
Bit9 reports: Not analyzed yet (more info (http://fileadvisor.bit9.com/services/extinfo.aspx?md5=1daade7b9f51d5fe5b461a812c888829) ) Scanner results
Scan taken on 16 Oct 2007 08:10:01 (GMT) A-Squared Found Trojan-PSW.Win32.Agent.rr
AntiVir Found TR/Spy.Bulkrec
ArcaVir Found Heur.W32
Avast Found nothing
AVG Antivirus Found Obfustat.QAM
BitDefender Found Trojan.PWS.Agent.RXY
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan-PSW.Win32.Agent.rr
Fortinet Found W32/Agent.RR!tr.pws
Kaspersky Anti-Virus Found Trojan-PSW.Win32.Agent.rr
NOD32 Found Win32/PSW.LdPinch.CVC
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found Mal/Generic-A
VirusBuster Found nothing
VBA32 Found Trojan-PSW.Win32.Agent.rr

File: ahuil.exe Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 1daade7b9f51d5fe5b461a812c888829 Packers detected: -
Bit9 reports: Not analyzed yet (more info (http://fileadvisor.bit9.com/services/extinfo.aspx?md5=1daade7b9f51d5fe5b461a812c888829) ) Scanner results
Scan taken on 16 Oct 2007 08:25:09 (GMT) A-Squared Found Trojan-PSW.Win32.Agent.rr
AntiVir Found TR/Spy.Bulkrec
ArcaVir Found Heur.W32
Avast Found nothing
AVG Antivirus Found Obfustat.QAM
BitDefender Found Trojan.PWS.Agent.RXY
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan-PSW.Win32.Agent.rr
Fortinet Found W32/Agent.RR!tr.pws
Kaspersky Anti-Virus Found Trojan-PSW.Win32.Agent.rr
NOD32 Found Win32/PSW.LdPinch.CVC
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found Mal/Generic-A
VirusBuster Found nothing
VBA32 Found Trojan-PSW.Win32.Agent.rr

adsldpz.exe Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 1daade7b9f51d5fe5b461a812c888829 Packers detected: -
Bit9 reports: Not analyzed yet (more info (http://fileadvisor.bit9.com/services/extinfo.aspx?md5=1daade7b9f51d5fe5b461a812c888829) ) Scanner results
Scan taken on 16 Oct 2007 08:29:44 (GMT) A-Squared Found Trojan-PSW.Win32.Agent.rr
AntiVir Found TR/Spy.Bulkrec
ArcaVir Found Heur.W32
Avast Found nothing
AVG Antivirus Found Obfustat.QAM
BitDefender Found Trojan.PWS.Agent.RXY
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan-PSW.Win32.Agent.rr
Fortinet Found W32/Agent.RR!tr.pws
Kaspersky Anti-Virus Found Trojan-PSW.Win32.Agent.rr
NOD32 Found Win32/PSW.LdPinch.CVC
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found Mal/Generic-A
VirusBuster Found nothing
VBA32 Found Trojan-PSW.Win32.Agent.rr

Download http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe (http://[/FONT) (http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe)
Combofix naar je Bureaublad.
Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

File::

C:\WINDOWS\System32\2052j.exe
C:\WINDOWS\System32\ahuil.exe
C:\WINDOWS\System32\adsldpz.exeSla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

plaats ook een nieuw HJT logje aub

ik krijg die link niet open en kan het dus niet downloaden

http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

doe deze maar.

ComboFix 07-10-20.7 - christof 2007-10-20 13:20:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.31.1043.18.49 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\christof\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\christof\Bureaublad\CFScript.txt..txt
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\christof\~tmp1174.exe
C:\Program Files\s2f.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\system32\drivers\bg_bg.gif
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\close_ico.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.g if
C:\WINDOWS\system32\drivers\header_red_free_scan_b g.gif
C:\WINDOWS\system32\drivers\header_red_protect_you r_pc.gif
C:\WINDOWS\system32\drivers\icon_warning_big.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jp g
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.g if
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.g if
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.g if
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\remove_spyware_header. gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\spyware_detected.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_ico.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\drivers\yellow_warning_ico.gif
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\kdnvp.exe
C:\WINDOWS\system32\kernel32.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-09-20 to 2007-10-20 ))))))))))))))))))))))))))))))
.
2007-10-20 13:12 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-19 15:31 <DIR> d-------- C:\Program Files\Adsense Helper Object
2007-10-19 15:31 14,848 --a------ C:\Program Files\msc.exe
2007-10-19 15:30 9,728 --a------ C:\Program Files\hlpsrv.exe
2007-10-12 13:05 <DIR> d-------- C:\Documents and Settings\christof\Application Data\InstallShield Installation Information
2007-10-12 13:04 <DIR> d-------- C:\Program Files\Rockstar Games
2007-10-07 11:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-07 11:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-07 11:08 <DIR> d-------- C:\Documents and Settings\christof\Application Data\Grisoft
2007-10-07 11:08 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-06 23:34 <DIR> d-------- C:\Program Files\Real
2007-10-06 23:34 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-10-06 23:34 <DIR> d-------- C:\Program Files\Common Files\Real
2007-10-03 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-03 13:56 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-03 13:06 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-10-03 13:05 <DIR> d-------- C:\WINDOWS\Windows Update Setup-bestanden
2007-10-03 13:05 <DIR> d-------- C:\WINDOWS\Geschiedenis
2007-09-27 12:47 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2007-09-27 12:19 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-24 23:00 <DIR> d-------- C:\Documents and Settings\mattijs\Contacts
2007-09-24 20:00 39,424 --a------ C:\sysarca.exe
2007-09-23 15:05 39,424 --a------ C:\sysywtz.exe
2007-09-23 15:05 39,424 --a------ C:\sysxlka.exe
2007-09-23 15:05 39,424 --a------ C:\sysxfsn.exe
2007-09-23 15:05 39,424 --a------ C:\sysxcxl.exe
2007-09-23 15:05 39,424 --a------ C:\sysaoyb.exe
2007-09-22 09:30 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-09-22 09:27 <DIR> d-------- C:\Program Files\Mijn Dierenpraktijk
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-07 09:20 --------- d-----w C:\Program Files\Lavasoft
2007-10-07 08:25 --------- d-----w C:\Program Files\Google
2007-10-03 15:06 --------- d-----w C:\Documents and Settings\christof\Application Data\Lavasoft
2007-09-17 18:30 433,152 ----a-w C:\WINDOWS\system32\winlogon.exe
2007-09-15 09:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-09-15 09:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-09-15 08:22 --------- d-----w C:\Documents and Settings\christof\Application Data\AVG7
2007-09-14 18:09 --------- d-----w C:\Program Files\MSN Messenger
2007-09-12 12:21 --------- d-----w C:\Documents and Settings\mattijs\Application Data\AVG7
2007-09-11 16:55 --------- d-----w C:\Program Files\Universal
2007-09-01 20:54 --------- d-----w C:\Documents and Settings\mattijs\Application Data\DivX
2007-09-01 11:47 --------- d-----w C:\Documents and Settings\christof\Application Data\Ahead
2007-09-01 11:46 --------- d-----w C:\Program Files\Ahead
2007-09-01 11:46 --------- d-----w C:\Documents and Settings\christof\Application Data\NeroVision
2007-09-01 11:43 --------- d-----w C:\Program Files\Common Files\Ahead
2007-08-24 10:38 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-08-23 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2007-08-23 10:59 --------- d-----w C:\Program Files\Recode Media
2007-08-16 01:34 18,224 ----a-w C:\Documents and Settings\mattijs\Application Data\GDIPFONTCACHEV1.DAT
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 17:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-26 08:05 17,144 ----a-w C:\Documents and Settings\christof\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18FA53D3-B7A8-4309-8045-D43D6AA2DCE9}]
2007-10-19 15:31 23040 --a------ C:\Program Files\Adsense Helper Object\aho.v5.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"@"="" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 12:22]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-12 15:12]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 22:01]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-06 23:34]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 14:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
@=
C:\Documents and Settings\christof\Menu Start\Programma's\Opstarten\
oespyldb.exe [2007-10-19 15:28:19]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"=0 (0x0)
R3 rtl8029;NT-stuurprogramma voor Realtek RTL8029(AS)-based PCI Ethernet Adapter;C:\WINDOWS\System32\DRIVERS\RTL8029.SYS
S2 ALGRDSessMgr;Application Layer Gateway-service ALGRDSessMgr;C:\WINDOWS\System32\1031r.exe srv
S2 helpsvcALGRDSessMgr;Help en ondersteuning helpsvcALGRDSessMgr;C:\WINDOWS\System32\1041r.exe srv
S2 LmHostsClipSrv;TCP/IP NetBIOS Helper LmHostsClipSrv;C:\WINDOWS\System32\adsldpz.exe srv
S2 MSIServerSENS;Windows Installer MSIServerSENS;C:\WINDOWS\System32\ahuil.exe srv
S2 NetDDEdsdmBrowser;Network DDE DSDM NetDDEdsdmBrowser;C:\WINDOWS\System32\2052j.exe srv
S2 RDSessMgrWmiApSrv;Helpsessiebeheer voor Extern bureaublad RDSessMgrWmiApSrv;C:\WINDOWS\System32\1028b.exe srv
S2 SysmonLogNetman;Performance Logs and Alerts SysmonLogNetman;C:\WINDOWS\System32\3com_dmit.exe srv
S2 SysmonLogUMWdf;Performance Logs and Alerts SysmonLogUMWdf;C:\WINDOWS\System32\7_exceptionf.ex e srv
S3 PciCon;PciCon;\??\D:\PciCon.sys
.
************************************************** ************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-20 13:29:55
Windows 5.1.2600 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2007-10-20 13:33:01 - machine was rebooted
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:57, on 20/10/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\christof\Menu Start\Programma's\Opstarten\oespyldb.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zita.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll
O2 - BHO: Adsense Helper Object - {18FA53D3-B7A8-4309-8045-D43D6AA2DCE9} - C:\Program Files\Adsense Helper Object\aho.v5.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: oespyldb.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185274287653
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rolejo.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{164139F9-95D3-47E7-A0C8-5473CDCB0101}: NameServer = 85.255.115.44,85.255.112.134
O17 - HKLM\System\CCS\Services\Tcpip\..\{B833BF14-547B-40A5-98BC-414B1D9040B4}: NameServer = 85.255.115.44,85.255.112.134
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{164139F9-95D3-47E7-A0C8-5473CDCB0101}: NameServer = 85.255.115.44,85.255.112.134
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{164139F9-95D3-47E7-A0C8-5473CDCB0101}: NameServer = 85.255.115.44,85.255.112.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Application Layer Gateway-service ALGRDSessMgr (ALGRDSessMgr) - Unknown owner - C:\WINDOWS\System32\1031r.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Help en ondersteuning helpsvcALGRDSessMgr (helpsvcALGRDSessMgr) - Unknown owner - C:\WINDOWS\System32\1041r.exe (file missing)
O23 - Service: TCP/IP NetBIOS Helper LmHostsClipSrv (LmHostsClipSrv) - Unknown owner - C:\WINDOWS\System32\adsldpz.exe (file missing)
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Windows Installer MSIServerSENS (MSIServerSENS) - Unknown owner - C:\WINDOWS\System32\ahuil.exe (file missing)
O23 - Service: Network DDE DSDM NetDDEdsdmBrowser (NetDDEdsdmBrowser) - Unknown owner - C:\WINDOWS\System32\2052j.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Helpsessiebeheer voor Extern bureaublad RDSessMgrWmiApSrv (RDSessMgrWmiApSrv) - Unknown owner - C:\WINDOWS\System32\1028b.exe (file missing)
O23 - Service: Performance Logs and Alerts SysmonLogNetman (SysmonLogNetman) - Unknown owner - C:\WINDOWS\System32\3com_dmit.exe (file missing)
O23 - Service: Performance Logs and Alerts SysmonLogUMWdf (SysmonLogUMWdf) - Unknown owner - C:\WINDOWS\System32\7_exceptionf.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7653 bytes

Download: http://users.telenet.be/marcvn/tools/KillAFile.exe

Dubbelklik op KillAFile.exe en installeer dit op je bureaublad.
Er wordt een map gemaakt KillAFile.
Open deze map en dubbelklik op kill.bat

C:\sysarca.exe
C:\sysywtz.exe
C:\sysxlka.exe
C:\sysxfsn.exe
C:\sysxcxl.exe
C:\sysaoyb.exe

Geef het volledige pad en de bestandsnaam in van het bestand dat moet worden verwijderd.
Indien het bestand bestaat krijg je een melding om alle open vensters te sluiten en zodat de computer kan rebooten.
Druk op een toets om verder te gaan.... (dan zal de computer herstarten)


Download de FixWareOut van één van deze twee site's:
http://downloads.subratam.org/Fixwareout.exe (http://downloads.subratam.org/Fixwareout.exe)
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe (http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe)
Sla het op op je Bureaublad en laat het runnen.
Klik dan op Next, dan op Install,
wees zeker dat Run fixit is aangevinkt en klik op Finish.
De fix zal beginnen; volg de instructies die je krijgt.
Er zal gevraagd worden of je je pc wilt herstarten; doe dit ook.
Je computer zal nu wat trager opstarten, dit is normaal.

Zodra je Bureaublad geladen is, zal een tekstbestand openen (report.txt).

plaats de uitslag en een nieuw HJT logje aub.

en even een ps. zolang je niet update naar sp1 en dan sp2 blijf je besmet want je mist heel veel security updates en dit systeem is zo lek als een mandje. Ik heb zelfs het vermoeden dat je een niet helemaal legale versie hebt en dan kan je niet updaten. Het beste is dan om een windows cd te KOPEN en die te instaleren.

Ik heb een format gedaan leek mij het beste
toch bedankt voor alles en om er tijd in te steken

no problemo.