kan iemand dit eens bekijken.



hijaLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:49, on 25/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
C:\WINDOWS\system32\ASWL2K.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ISP Monitor\isp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://breedband.telenet.be/ (http://breedband.telenet.be/)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://go.microsoft.com/fwlink/?LinkId=69157)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://go.microsoft.com/fwlink/?LinkId=54896)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://go.microsoft.com/fwlink/?LinkId=54896)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab (http://downloads.ewido.net/ewidoOnlineScan.cab)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab (http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en /x86/client/wuweb_site.cab?1187725725687 (http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187725725687)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en /x86/client/muweb_site.cab?1187725714375 (http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187725714375)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://acs.pandasoftware.com/activescan/as5free/asinst.cab)O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.kodakimages.com/DesktopModules/SpectorAlbum/ImageUplo ader3.cab (http://www.kodakimages.com/DesktopModules/SpectorAlbum/ImageUploader3.cab)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab (http://game01.zylom.com/activex/zylomgamesplayer.cab)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swfla sh.cab (http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O20 - Winlogon Notify: ssqrs - C:\WINDOWS\
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7032 bytes
ck logfile

Alvast bedankt

Hallo jaenke,

Ik ga even voor je kijken... ;)

- Niek :cool:

Hallo jaenke,

Je bent geïnfecteerd met een Vundo infectie. - Laten we eens kijken... ;)



1. Download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) naar je bureaublad.
Dubbelklik VundoFix.exe om het te starten.
Klik op de Scan for Vundo knop.
Eenmaal gedaan met scannen, klik op de Remove Vundo knop.
Je zal een melding krijgen of je de bestanden wilt laten verwijderen, klik YES
Nadat je Yes hebt geklikt, zullen de icoontjes op je Bureaublad verdwijnen tijdens het verwijderen van Vundo.
Wanneer voltooid zal je de melding krijgen dat het je PC zal afsluiten, klik OK.
Start je pc terug opnieuw op.
Post de inhoud van C:\vundofix.txt en een nieuwe HijackThis log in je volgende post.Nota: Het is mogelijk dat VundoFix een bestand vindt dat niet kan verwijderd worden.
In dit geval zal VundoFix na het heropstarten van je pc nog eens opstarten. Dan moet je de instructies van hierboven nog eens uitvoeren vanaf:
Klik op Scan for Vundo.



Fijne feestdagen!
- Niek :cool:

Alvast bedankt.vundofix geeft aan dat hij niets gevonden heeft


ComboFix 07-12-21.4 - frank 2007-12-26 11:32:33.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.940 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\frank\Bureaublad\downloads\Nieuwe map\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\powercodec
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-11-26 to 2007-12-26 ))))))))))))))))))))))))))))))
.
2007-12-26 11:28 . 2007-12-26 11:28 <DIR> d-------- C:\WINDOWS\LastGood
2007-12-25 16:03 . 2007-12-25 16:03 <DIR> d-------- C:\VundoFix Backups
2007-12-25 12:06 . 2007-12-25 12:06 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-25 11:43 . 2007-12-25 11:43 <DIR> d-------- C:\Documents and Settings\frank\DoctorWeb
2007-12-25 09:41 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-12-25 09:41 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-12-25 09:41 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-12-25 09:41 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-12-25 09:41 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-12-25 09:41 . 2006-09-28 16:03 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-12-25 08:08 . 2007-12-25 08:08 <DIR> d-------- C:\FF
2007-12-25 08:04 . 2007-12-25 08:05 <DIR> d-------- C:\Program Files\USB Vibration Joystick
2007-12-22 14:17 . 2007-12-22 14:17 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-12-22 14:16 . 2007-12-22 14:16 <DIR> d-------- C:\Program Files\QuickTime
2007-12-21 08:02 . 2007-12-21 09:59 261 --a------ C:\WINDOWS\LEXSTAT.INI
2007-12-20 20:59 . 2007-12-20 20:59 1,005 --a------ C:\WINDOWS\system32\Layo1 Electro.cfg
2007-12-20 20:58 . 2007-12-20 20:58 <DIR> d-------- C:\Program Files\Baas Electronics
2007-12-20 20:22 . 2007-12-20 20:22 512 --a------ C:\WINDOWS\randseed.rnd
2007-12-20 20:22 . 2007-12-20 20:22 134 --a------ C:\WINDOWS\PGP_sdk.prf
2007-12-15 20:03 . 2007-12-15 20:03 <DIR> d-------- C:\Documents and Settings\LocalService\Bureaublad
2007-12-14 21:14 . 2007-12-14 21:14 <DIR> d-------- C:\download
2007-12-14 20:30 . 2007-12-14 20:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2007-12-14 20:23 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-12-13 20:34 . 2007-12-13 20:34 <DIR> d-------- C:\Program Files\IrfanView
2007-12-12 20:43 . 2007-12-12 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2007-12-11 21:14 . 2007-12-11 21:14 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-12-11 21:14 . 2007-12-11 21:14 <DIR> d-------- C:\Program Files\A9Tech
2007-12-11 20:57 . 2007-12-11 20:57 <DIR> d-------- C:\Documents and Settings\frank\Application Data\FreeCAD
2007-12-11 20:26 . 1998-12-08 18:53 31,744 --a------ C:\WINDOWS\system32\hlp95en.dll
2007-12-11 18:24 . 2007-12-11 18:24 <DIR> d-------- C:\Documents and Settings\frank\System
2007-12-11 18:24 . 2007-12-11 18:24 <DIR> d-------- C:\Documents and Settings\frank\Application Data\SmartDraw
2007-12-10 21:14 . 2007-09-09 22:17 4,856,344 --------- C:\WINDOWS\dwgview.CAB
2007-12-10 21:14 . 2000-07-15 00:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-12-10 21:14 . 2007-12-10 21:14 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-12-10 21:14 . 2007-12-10 21:14 819 --a------ C:\WINDOWS\ST6UNST.000
2007-12-10 20:58 . 2007-12-10 20:58 <DIR> d-------- C:\Program Files\Google
2007-12-10 20:46 . 2007-12-10 20:46 <DIR> d-------- C:\Program Files\Apperson
2007-12-10 18:04 . 2006-07-20 15:45 139,264 --a------ C:\WINDOWS\MGSConf.dll
2007-12-10 18:04 . 2005-07-07 10:05 5,193 --a------ C:\WINDOWS\MGSConf.fra
2007-12-10 18:04 . 2005-07-07 10:07 5,191 --a------ C:\WINDOWS\MGSConf.esp
2007-12-10 18:04 . 2005-07-07 10:02 5,189 --a------ C:\WINDOWS\MGSConf.eng
2007-12-10 18:04 . 2005-07-07 10:04 5,189 --a------ C:\WINDOWS\MGSConf.deu
2007-12-10 18:04 . 2005-07-07 09:58 5,179 --a------ C:\WINDOWS\MGSConf.ita
2007-12-10 17:54 . 2007-12-10 17:54 <DIR> d-------- C:\COMPEN
2007-12-08 21:31 . 2007-12-08 21:31 <DIR> d-------- C:\CNCWINT
2007-12-08 20:22 . 2002-10-03 18:19 284,672 --a------ C:\WINDOWS\INSTMG.EXE
2007-12-08 20:19 . 2007-12-09 15:13 84 --a------ C:\WINDOWS\LDTTool.ini
2007-12-08 20:08 . 2007-12-26 11:23 8,405,015 --a------ C:\WINDOWS\TempFile
2007-12-08 20:08 . 2005-04-06 15:49 685,056 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2007-12-08 20:08 . 2007-12-08 20:08 304,640 --a------ C:\WINDOWS\system32\hlvdd.dll
2007-12-08 20:07 . 1999-05-21 10:53 686,176 --a------ C:\WINDOWS\system32\PVDTB60.OCX
2007-12-08 20:07 . 2002-09-28 15:56 410,832 --a------ C:\WINDOWS\system32\vsprint8.ocx
2007-12-08 20:07 . 2001-09-04 10:53 362,128 --a------ C:\WINDOWS\system32\VSPRINT7.ocx
2007-12-08 20:07 . 2002-01-10 10:31 173,776 --a------ C:\WINDOWS\system32\vsPDF.ocx
2007-12-07 20:38 . 2007-12-07 20:38 <DIR> d-------- C:\Ced_Comet
2007-12-07 19:33 . 2007-12-07 19:33 <DIR> d-------- C:\COMET
2007-12-07 19:27 . 2007-12-07 19:27 <DIR> d-------- C:\JOB
2007-12-07 19:26 . 2007-12-07 19:26 <DIR> d-------- C:\CAMplus
2007-12-07 16:42 . 2007-12-07 16:42 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2007-12-07 16:34 . 2007-12-07 16:34 <DIR> d-------- C:\Documents and Settings\frank\Application Data\U3
2007-12-06 18:44 . 2007-12-10 17:55 485,152 --a------ C:\WINDOWS\OWL250.DLL
2007-12-06 18:44 . 2007-12-10 17:55 220,672 --a------ C:\WINDOWS\BC450RTL.DLL
2007-12-06 18:44 . 2007-12-10 17:55 60,758 --a------ C:\WINDOWS\BIDS45.DLL
2007-12-05 20:41 . 2007-12-10 18:09 505 --a------ C:\WINDOWS\MGSConf.xml
2007-12-05 20:32 . 2007-12-10 18:05 452 --a------ C:\WINDOWS\EMMEGISOFT.INI
2007-12-05 19:48 . 2002-12-23 01:01 110,592 --a------ C:\WINDOWS\system32\tsccvid.dll
2007-12-05 18:34 . 2007-12-05 18:34 221 --a------ C:\WINDOWS\SOFTEK.INI
2007-12-05 18:33 . 2007-12-25 18:32 118 --a------ C:\WINDOWS\Job.INI
2007-12-05 18:32 . 2005-06-16 12:34 3,174,400 --a------ C:\WINDOWS\system32\hinstd.dll
2007-12-05 18:32 . 2005-06-07 10:39 1,867,183 --a------ C:\WINDOWS\system32\haspds_windows.dll
2007-12-05 18:32 . 2001-09-28 19:00 164,864 --a------ C:\WINDOWS\system32\UNWISE.EXE
2007-12-05 18:32 . 2005-06-21 12:17 28,672 --a------ C:\WINDOWS\system32\hlduinst.exe
2007-12-05 18:31 . 2005-07-07 10:02 5,189 --a------ C:\WINDOWS\MGSCONF.MSG
2007-12-05 18:26 . 2007-12-10 17:54 36,864 --a------ C:\ANTIWOW.EXE
2007-12-05 18:26 . 1993-08-16 15:22 21,648 --a------ C:\WINDOWS\CTL3DV2.DLL
2007-12-02 11:09 . 2005-04-20 04:52 18,628 --------- C:\WINDOWS\system32\drivers\AVIDUMSS.sys
2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-25 10:56 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-12-25 08:41 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-05 17:30 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-05 17:30 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-05 17:30 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-05 17:30 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-23 18:19 5,139,757 ----a-w C:\WINDOWS\Faredo.exe
2007-11-23 18:19 402,720 ----a-w C:\WINDOWS\Faredo.scr
2007-11-23 18:19 30,208 ----a-w C:\WINDOWS\mickey32.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 14:11 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-11-08 19:52 --------- d-----w C:\Documents and Settings\frank\Application Data\ISP Monitor
2007-11-04 16:43 30,464 ----a-w C:\WINDOWS\macromix.dll
2007-10-30 23:27 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 18:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-30 18:55 39,856 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-10-30 18:55 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2007-10-30 18:55 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-10-30 18:55 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-30 18:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-30 18:55 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-30 18:55 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-10-30 18:55 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-10-30 18:24 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2007-10-30 18:24 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\system32\quartz.dll
2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:54 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:54 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:53 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:53 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:53 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:53 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:53 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:53 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:53 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:53 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:53 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:53 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:53 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:53 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 11:02 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 11:02 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-09-09 19:20 284 ----a-w C:\Documents and Settings\frank\Application Data\ViewerApp.dat
2007-01-05 19:06 5 --sha-w C:\WINDOWS\system32\bcfcfada_g.dll
2007-04-03 17:45 5 --sha-w C:\WINDOWS\system32\fddaee9_s.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"ISPMonitor"="C:\Program Files\ISP Monitor\isp.exe" [2007-11-04 23:42]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 19:22]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrs]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= sockspy.dll sockspy.dll sockspy.dll sockspy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ASUS ChkMail.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ASUS ChkMail.lnk
backup=C:\WINDOWS\pss\ASUS ChkMail.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Cnc Status Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Cnc Status Monitor.lnk
backup=C:\WINDOWS\pss\Cnc Status Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package VCD Maker.lnk
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
2003-09-19 12:54 172032 --a------ C:\Program Files\ASUS\ASUS Live Update\ALU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-05-31 21:05 344064 --a------ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2007-01-09 22:59 115816 --a------ C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Control Center]
2005-09-13 21:55 1668096 --a------ C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 14:00 15360 --------- C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 00:47 31016 --a------ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]
2005-07-28 09:29 102400 --a------ C:\WINDOWS\ATK0100\HControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-11-07 17:54 196608 --a------ C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus.exe /WinStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NB Probe]
2005-07-27 17:07 765952 --a------ C:\Program Files\ASUS\NB Probe\NBProbe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --------- C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net4Switch]
2005-08-31 15:47 1101824 --a------ C:\Program Files\ASUS\Net4Switch\Net4Switch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
2006-09-05 19:22 26248 --a------ C:\Program Files\Norton AntiVirus\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\smax4.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 10:11 1388544 --------- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
C:\Program Files\Spyware Doctor\swdoctor.exe /Q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"W32Time"=2 (0x2)
"SharedAccess"=2 (0x2)
R2 ISPMonitorSrv;ISP Monitor;C:\Program Files\ISP Monitor\ISPMonitorSrv.exe [2007-07-05 20:27]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 19:54]
S2 fpu2001;Field Processing Unit;C:\WINDOWS\system32\DRIVERS\fpu2001.sys []
S3 canenum;CANOpen Bus Enumerator;C:\WINDOWS\system32\DRIVERS\canenum.sys []
S3 ipswuio;ipswuio;C:\WINDOWS\system32\DRIVERS\ipswui o.sys [2005-06-08 15:55]
S3 SER120;DCU-11 Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys [2005-03-22 04:03]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{afe04ea6-a4d9-11dc-a4b4-0015f2ccfc77}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
*Newly Created Service* - CATCHME
.
Inhoud van de 'Gedeelde Taken' map
"2007-08-26 15:53:30 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
"2007-12-21 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan - frank.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
"2007-12-25 09:00:04 C:\WINDOWS\Tasks\At1.job"
- C:\AutoBack\backup1.bat
"2007-12-25 09:00:04 C:\WINDOWS\Tasks\At2.job"
- C:\AutoBack\backup1.bat
.
************************************************** ************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 11:34:05
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2007-12-26 11:34:36
C:\ComboFix2.txt ... 2007-04-05 18:40
C:\ComboFix-quarantined-files.txt ... 2007-04-05 18:40
.
2007-12-15 20:52:37 --- E O F ---

Hallo jaenke,

Ziet er goed uit, nog even voor de zekerheid... ;)


Download Dr.Web CureIt (ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe) en sla het op je bureaublad op.
Dubbelklik drweb-cureit.exe en sta het toe om te express scan te starten.
Indien er een popup verschijnt met het voorstel tot kopen/50% korting mag je deze sluiten.
De express scan zal de bestanden scannen die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt klik op 'alles selecteren' kies nu voor 'repareren' en uit het kleine menutje dat verschijnt kies je 'verplaatsen'.
Kies bovenaan in het menu voor Language/Taal en wijzig deze naar Dutch (Nederlands) indien deze bij jou anders staat ingesteld.
Druk op F9, kies daarna voor het tabblad Acties en stel daar het volgende in onder Malware:

Adware: Verplaats
Dialers: Verplaats
Jokes: Rapportage
Riskware: Rapportage
Hacktools: Verplaats
Haal dan het vinkje weg bij 'Prompt bij actie'.
Kies daarna voor het tabblad Scan en verwijder het vinkje bij Heuristische analyse.
Druk vervolgens op Toepassen gevolgd door OK.
Eenmaal als de korte scan is beëindigd vink je aan: Volledige scan.
Druk daarna op het groene pijltje (start knop) om de scan te starten.
Gevonden bestanden worden naar '%USERPROFILE%\DocterWeb\Quarantine' -map verplaatst indien het herstellen niet mogelijk is.
Nadat de scan gedaan is ga dan naar Bestand en kies Rapportage lijst opslaan.
Bewaar deze op je bureaublad en sluit daarna Dr.Web CureIt.
Herstart vervolgens de computer!! Dit is een belangrijke stap want het kan zijn dat Dr.Web CureIt bestanden zal verplaatsen/verwijderen tijdens herstart.
Na het herstarten, kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

Ondervind je nog problemen?

- Niek :cool: