Ik heb enkele leuke mailtjes binnen gekregen :cry:
Ik kan er hier beneden zo al 3 uihalen denk ik maar voor de zekerheid heb ik ze laten staan. Alvast bedankt voor de moeite.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:23:57, on 20/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Programma's\HiJackThis.exe
C:\WINDOWS\system32\wscntfy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {437FEE55-6ADA-4FFF-9D71-DC827A64EBBD} - C:\WINDOWS\system32\jkkIAPGa.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O2 - BHO: (no name) - {BE7E4CE1-8CBA-44A6-956F-462A667D3286} - C:\WINDOWS\system32\awtqnkhe.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [0471a8fb] rundll32.exe "C:\WINDOWS\system32\yjruxxmd.dll",b
O4 - HKLM\..\Run: [BM07429b67] Rundll32.exe "C:\WINDOWS\system32\ciftmlop.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Catalyst System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208531627421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213945159718
O17 - HKLM\System\CCS\Services\Tcpip\..\{3559F10A-E148-4E4F-9783-5DEF063D4144}: NameServer = 193.109.184.75 193.109.184.72
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: awtqnkhe - C:\WINDOWS\SYSTEM32\awtqnkhe.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
--
End of file - 8722 bytes

Hoi Licorne,

ik ga even naar je logje kijken ;)

Ik ben nog wel in Opleiding, en zal daarom mijn fix eerst moeten laten controleren. Het kan dus iets langer duren,

Roelof

Neem je tijd maar, het duurt toch een eeuwigheid voordat ik je antwoord kan lezen.
Enne, niet te bescheiden. ;)

hoezo duurt het een eeuwigheid.
Als ik het goed heb, heb je een hele gemene infectie te pakken.

Roelof

Het duurt idd een eeuwigheid om sommige pagina's te openen. Google is bv zo goed als onmogelijk.

Hoi Licorne,

Je hebt inderdaad een gemene infectie te pakken, maar met deze stappen moet we ver komen in het verwijderen.


1) Start HijackThis op.
- Kies nu voor "Do a system scan only..
- Zet nu een vinkje voor de volgende items:

O2 - BHO: (no name) - {437FEE55-6ADA-4FFF-9D71-DC827A64EBBD} - C:\WINDOWS\system32\jkkIAPGa.dll
O2 - BHO: (no name) - {BE7E4CE1-8CBA-44A6-956F-462A667D3286} - C:\WINDOWS\system32\awtqnkhe.dll
O4 - HKLM\..\Run: [0471a8fb] rundll32.exe "C:\WINDOWS\system32\yjruxxmd.dll",b
O4 - HKLM\..\Run: [BM07429b67] Rundll32.exe "C:\WINDOWS\system32\ciftmlop.dll",s
O20 - Winlogon Notify: awtqnkhe - C:\WINDOWS\SYSTEM32\awtqnkhe.dll- Sluit nu alle vensters behalve die van HijackThis en kies nu voor "fix checked".

2) Herstart je computer.

3) Volg deze instructies (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden) om Combofix te downloaden :

Voer de instructies op de BleepingComputer pagina uit, inclusief het installeren van de XP Recovery Console

Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe
Volg de instructies en aanvaard de disclaimer.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

4) Mag ik het Combofix logje en een nieuw Hijackthis logje van je.

Groetjes,

Roelof

Hallo Roelof,

Bloed zweet en tranen om die combofix te kunnen downloaden (ik heb de link gecopy-paste in word en vandaaruit ben ik eindelijk - na een paar uren- op de site gekomen). Aan die recovery ben ik zelfs niet geraakt...:cry:

Hier mijn logjes:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:03:46, on 22/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
D:\Programma's\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {0CB6CA1F-5166-4DEC-B47E-04D203D3E2B0} - C:\WINDOWS\system32\opnLDvSi.dll (file missing)
O2 - BHO: (no name) - {411F82BB-1441-4022-AAFE-FEAEB4AE2A44} - C:\WINDOWS\system32\cbXpnMde.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O2 - BHO: (no name) - {CA5D1294-2A64-48FB-9ABA-CF9F7352573F} - C:\WINDOWS\system32\qoMeBtrR.dll (file missing)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [0471a8fb] rundll32.exe "C:\WINDOWS\system32\yjruxxmd.dll",b
O4 - HKLM\..\Run: Rundll32.exe "C:\WINDOWS\system32\eeoufwpl.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Catalyst System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208531627421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213945159718
O17 - HKLM\System\CCS\Services\Tcpip\..\{3559F10A-E148-4E4F-9783-5DEF063D4144}: NameServer = 193.109.184.75 193.109.184.72
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
--
End of file - 9118 bytes

ComboFix 08-06-20.4 - Eigenaar 2008-06-22 22:53:38.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1585 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
* Resident AV is active

[B]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aGPAIkkj.ini
C:\WINDOWS\system32\aGPAIkkj.ini2
C:\WINDOWS\system32\awtqnkhe.dll
C:\WINDOWS\system32\culemsoh.ini
C:\WINDOWS\system32\dmxxurjy.ini
C:\WINDOWS\system32\edMnpXbc.ini
C:\WINDOWS\system32\edMnpXbc.ini2
C:\WINDOWS\system32\iSvDLnpo.ini
C:\WINDOWS\system32\iSvDLnpo.ini2
C:\WINDOWS\system32\odpmelxf.ini
C:\WINDOWS\system32\RrtBeMoq.ini
C:\WINDOWS\system32\RrtBeMoq.ini2
C:\WINDOWS\system32\vqunjvfj.ini
C:\WINDOWS\system32\ynirbaxj.ini
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-05-22 to 2008-06-22 ))))))))))))))))))))))))))))))
.
2008-06-22 22:57 . 2008-06-22 22:57 <DIR> dr-h----- C:\Documents and Settings\Eigenaar\Onlangs geopend
2008-06-22 10:52 . 2008-06-22 10:52 80,384 --a------ C:\WINDOWS\system32\fxlempdo.dll
2008-06-22 10:50 . 2008-06-22 10:50 99,328 --a------ C:\WINDOWS\system32\aheorbqo.dll
2008-06-22 10:50 . 2008-06-22 10:50 90,624 --a------ C:\WINDOWS\system32\eeoufwpl.dll
2008-06-21 20:44 . 2008-06-21 20:44 99,328 --a------ C:\WINDOWS\system32\sjmkiigr.dll
2008-06-21 20:44 . 2008-06-21 20:44 90,112 --a------ C:\WINDOWS\system32\bqmcokim.dll
2008-06-21 11:53 . 2008-06-21 11:53 99,328 --a------ C:\WINDOWS\system32\qefbdwwp.dll
2008-06-21 11:53 . 2008-06-21 11:53 90,112 --a------ C:\WINDOWS\system32\rxhigois.dll
2008-06-21 11:53 . 2008-06-21 11:53 81,408 --a------ C:\WINDOWS\system32\hosmeluc.dll
2008-06-21 11:53 . 2008-06-21 11:53 0 --a------ C:\WINDOWS\system32\culemsoh.tmp
2008-06-21 00:55 . 2008-06-21 00:55 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-21 00:55 . 2008-06-21 01:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-20 09:28 . 2008-04-14 19:02 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-20 09:23 . 2008-06-20 09:23 <DIR> d-------- C:\WINDOWS\system32\nl-nl
2008-06-20 09:23 . 2008-06-20 09:23 <DIR> d-------- C:\WINDOWS\system32\nl
2008-06-20 09:23 . 2008-06-20 09:23 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-20 09:23 . 2008-06-20 09:23 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-20 09:22 . 2008-06-20 09:22 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-20 09:18 . 2008-06-20 09:18 <DIR> d-------- C:\WINDOWS\EHome
2008-06-20 07:15 . 2008-06-20 07:15 0 --a------ C:\WINDOWS\BM07429b67.xml
2008-06-13 00:24 . 2008-06-22 22:37 616 --a------ C:\WINDOWS\wininit.ini
2008-06-13 00:22 . 2008-06-13 00:48 <DIR> d-------- C:\Program Files\HarvEX
2008-06-11 12:37 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 12:36 . 2008-06-14 19:36 272,640 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 12:36 . 2008-06-14 19:36 272,640 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-05 08:57 . 2008-06-05 08:57 <DIR> d-------- C:\Program Files\ZZultimativ-R-v1.3
2008-06-04 19:45 . 2008-06-04 19:46 <DIR> d-------- C:\Program Files\SubSync
2008-06-04 19:45 . 2008-06-04 19:45 249,856 --------- C:\WINDOWS\Setup1.exe
2008-06-04 19:45 . 2008-06-04 19:45 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-06-04 19:44 . 2008-06-04 19:45 <DIR> d-------- C:\Program Files\VisualSubSync
2008-06-03 10:38 . 2008-06-03 10:38 <DIR> d-------- C:\Program Files\Solveig Multimedia
2008-06-03 10:38 . 2008-06-03 10:38 <DIR> d-------- C:\Program Files\Common Files\Solveig Multimedia
2008-06-03 10:38 . 2008-06-03 10:38 <DIR> d-------- C:\Program Files\Common Files\Elecard
2008-06-02 11:08 . 2008-06-02 11:08 74,752 --a------ C:\WINDOWS\cadkasdeinst01e.exe
2008-06-02 10:58 . 2008-06-02 10:58 <DIR> d-------- C:\Program Files\Cuttermaran
2008-06-02 10:58 . 2008-06-02 11:00 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Cuttermaran
2008-05-30 18:49 . <DIR> C:\Documents and Settings\Eigenaar\Application Data\NeroDigitalT
2008-05-27 10:04 . 2008-05-27 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-05-27 10:03 . 2008-05-27 10:03 <DIR> d-------- C:\Program Files\GRETECH
2008-05-27 10:03 . 2008-05-27 10:03 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\GRETECH
2008-05-27 09:32 . 2008-05-27 09:32 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-26 22:08 . 2008-05-26 22:08 <DIR> d-------- C:\Program Files\SyncView
2008-05-26 22:08 . 2003-08-18 12:25 1,344,512 --a------ C:\WINDOWS\system32\COMCTL32.OCX
2008-05-26 22:08 . 2004-03-09 00:00 152,848 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-05-26 22:07 . 2008-05-26 22:07 796,672 --a------ C:\WINDOWS\GPInstall.exe
2008-05-26 22:07 . 2000-07-29 08:53 8,520 --a------ C:\WINDOWS\Dutch.gpl
2008-05-26 17:25 . 2008-05-26 22:38 3,993,423,872 --a------ C:\dvdimage.img
2008-05-26 15:14 . 2008-05-26 15:14 <DIR> d-------- C:\Program Files\DVD Shrink
2008-05-26 15:14 . 2008-06-17 09:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-26 15:01 . 2008-05-26 15:01 <DIR> d-------- C:\Program Files\Musclesoft
2008-05-25 23:07 . 2002-04-22 19:51 503,296 --a------ C:\Program Files\WeetHetBitRates.exe
2008-05-25 23:03 . 2008-05-25 23:03 <DIR> d-------- C:\Program Files\Sun
2008-05-25 23:03 . 2008-05-25 23:03 <DIR> d-------- C:\Program Files\Java
2008-05-25 23:03 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-25 23:01 . 2008-05-25 23:01 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-25 11:51 . 2008-05-26 22:35 4,096 --a------ C:\aaaa.bin
2008-05-24 13:38 . 2008-05-24 13:38 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2008-05-24 13:37 . 2008-05-24 13:37 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-05-24 13:34 . 2008-05-24 13:34 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-24 13:32 . 2008-05-24 13:32 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\CyberLink
2008-05-23 23:48 . 2008-05-23 23:48 <DIR> d-------- C:\Program Files\GoldWave
2008-05-23 00:20 . 2008-05-23 00:20 105,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-05-23 00:20 . 2008-05-23 00:20 103,936 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-05-23 00:20 . 2008-05-23 00:20 86,016 --------- C:\WINDOWS\system32\pxwma.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-21 09:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-15 01:00 --------- d-----w C:\Program Files\The FilmMachine
2008-06-06 14:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-30 16:49 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\NeroDigital™
2008-05-23 20:49 --------- d-----w C:\Program Files\DVDlabPro2
2008-05-22 22:20 --------- d-----w C:\Program Files\Pegasys Inc
2008-05-19 21:37 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Pegasys Inc
2008-05-17 08:29 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-16 17:23 --------- d-----w C:\Program Files\Common Files\Nero
2008-05-16 17:23 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Nero
2008-05-16 17:22 --------- d-----w C:\Program Files\Nero
2008-05-16 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-15 22:11 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-15 19:33 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Ahead
2008-05-14 22:40 --------- d-----w C:\Program Files\CCleaner
2008-05-14 22:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-05-14 21:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 16:05 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Talkback
2008-05-09 13:48 --------- d-----w C:\Program Files\directX
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 22:07 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Apple Computer
2008-05-07 22:06 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Media Player Classic
2008-05-07 20:29 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-05-07 20:18 --------- d-----w C:\Program Files\Custom Technology
2008-05-07 20:09 --------- d-----w C:\Program Files\Real Alternative
2008-05-07 20:06 --------- d-----w C:\Program Files\QuickTime
2008-05-07 20:06 --------- d-----w C:\Program Files\Apple Software Update
2008-05-07 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-07 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-07 19:56 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-06 07:19 --------- d-----w C:\Program Files\VideoLAN
2008-05-06 07:19 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\vlc
2008-05-04 21:48 --------- d-----w C:\Program Files\Switch Off
2008-04-24 19:30 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-04-23 21:39 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-23 21:35 --------- d-----w C:\Program Files\UnderCoverXP
2008-04-23 21:35 --------- d-----w C:\Program Files\DVD Decrypter
2008-04-23 21:31 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-04-23 21:29 --------- d-----w C:\Program Files\ScanSoft
2008-04-23 21:29 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-04-23 21:29 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\ScanSoft
2008-04-23 21:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\SSScanWizard
2008-04-23 21:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2008-04-23 21:28 --------- d-----w C:\Program Files\Canon
2008-04-23 21:28 --------- d-----w C:\Program Files\ArcSoft
2008-04-22 22:47 --------- d-----w C:\Program Files\Emule
2008-04-22 22:07 --------- d-----w C:\Program Files\Picasa2
2008-04-22 22:06 --------- d-----w C:\Program Files\Google
2008-04-22 21:51 --------- d-----w C:\Program Files\ESET
2008-04-22 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-04-18 15:04 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-14 17:03 70,144 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 17:03 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 17:03 287,232 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 17:03 153,088 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 17:03 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 17:02 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 17:02 1,037,312 ----a-w C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CB6CA1F-5166-4DEC-B47E-04D203D3E2B0}]
C:\WINDOWS\system32\opnLDvSi.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{411F82BB-1441-4022-AAFE-FEAEB4AE2A44}]
C:\WINDOWS\system32\cbXpnMde.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{437FEE55-6ADA-4FFF-9D71-DC827A64EBBD}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E5793C6-130F-434C-A7AF-8A1498EC106F}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52D27CF8-DDC8-4124-A5BA-8F128FA73C4E}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE7E4CE1-8CBA-44A6-956F-462A667D3286}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA5D1294-2A64-48FB-9ABA-CF9F7352573F}]
C:\WINDOWS\system32\qoMeBtrR.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:02 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-04-23 00:01 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-04-23 18:19 1189104]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-06-23 05:21 847872]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 13:43 45056]
"GameFace Messenger"="C:\Program Files\GameFace Messenger\GameFace.exe" [ ]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-23 00:06 29744]
"NWEReboot"="" []
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 09:29 729088]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"0471a8fb"="C:\WINDOWS\system32\yjruxxmd.dll" [ ]
"BM07429b67"="C:\WINDOWS\system32\eeoufwpl.dll" [2008-06-22 10:50 90624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:02 15360]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Catalyst System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [12-8-2005 13:43:58 45056]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [23-4-2008 0:01:54 124400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= msaud32_divx.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Emule\\Morph 8.10\\Ultimativ-MoD F-25c.exe"=
"C:\\Program Files\\ZZultimativ-R-v1.3\\emule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 mv61xx;mv61xx;C:\WINDOWS\system32\DRIVERS\mv61xx.s ys [2006-07-28 08:59]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfw tdir.sys [2008-03-13 16:52]
S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-23 00:06]
S3 SkLaggProtocol;SysKonnect Link Aggregation Protocol (LAGG) Support;C:\WINDOWS\system32\DRIVERS\yk51lagg.sys []
S3 SkVlanProtocol;SysKonnect Virtual LAN (VLAN) Support;C:\WINDOWS\system32\DRIVERS\skvlan.sys [2005-11-30 02:15]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0DA3B9B7-3DB5-97A1-DA31-969D6950BB42}]
C:\WINDOWS\system32:winsock32.exe
.
Inhoud van de 'Gedeelde Taken' map
"2008-06-20 08:58:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 22:57:23
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
.
************************************************** ************************
.
Voltooingstijd: 2008-06-22 22:59:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-22 20:59:09
Pre-Run: 26,411,380,736 bytes beschikbaar
Post-Run: 26,327,289,856 bytes beschikbaar
258 --- E O F --- 2008-06-20 07:05:35

Ik krijg nu volgende foutmelding bij opstarten:

RUNDLL
Er is een fout opgetreden tijdens het laden van
c:\WINDOWS\system32\yjruxxmd.dll
Kan opgegeven module niet vinden

Dat is normaal, dat is de malware die graag weer opstarten wil. Niks van aantrekken. Roelof komt met een nieuwe fix voor U.

En hier de nieuwe fix :

Hoi Licorne,

Ik zie helaas nog steeds resten. Het is het beste als je nu snel werkt.
Hoe sneller je deze instructies uitvoert, hoe sneller we de infectie weghebben.

1) Zet TeaTimer van Spybot even uit tijdens de fix want hij kan veranderingen in de weg staan.
- Start Spybot S&D
- Ga naar het Mode menu en selecteer Ädvanced Mode”
- Aan de linkerkant, kies “Tools” > Resident
- Uitvinken “Resident TeaTimer” en klik OK
- Herstart de computer.

2) Scan het volgende bestand bij Jotti: http://virusscan.jotti.org/ (http://virusscan.jotti.org/)

C:\WINDOWS\iun6002.exe

Post het resultaat even aub.


3 )Start HijackThis op.
- Kies nu voor "Do a system scan only..

- Zet nu een vinkje voor de volgende items:



O2 - BHO: (no name) - {0CB6CA1F-5166-4DEC-B47E-04D203D3E2B0} - C:\WINDOWS\system32\opnLDvSi.dll (file missing)
O2 - BHO: (no name) - {411F82BB-1441-4022-AAFE-FEAEB4AE2A44} - C:\WINDOWS\system32\cbXpnMde.dll (file missing)
O2 - BHO: (no name) - {CA5D1294-2A64-48FB-9ABA-CF9F7352573F} - C:\WINDOWS\system32\qoMeBtrR.dll (file missing)
O4 - HKLM\..\Run: [0471a8fb] rundll32.exe "C:\WINDOWS\system32\yjruxxmd.dll",b
O4 - HKLM\..\Run: [BM07429b67] Rundll32.exe "C:\WINDOWS\system32\eeoufwpl.dll",s- Sluit nu alle vensters behalve die van HijackThis en kies nu voor "fix checked.

4) Open Kladblok, kopiëer en plak de onderstaande tekst in een leeg venster:



File::
C:\WINDOWS\system32\fxlempdo.dll
C:\WINDOWS\system32\aheorbqo.dll
C:\WINDOWS\system32\eeoufwpl.dll
C:\WINDOWS\system32\sjmkiigr.dll
C:\WINDOWS\system32\bqmcokim.dll
C:\WINDOWS\system32\qefbdwwp.dll
C:\WINDOWS\system32\rxhigois.dll
C:\WINDOWS\system32\hosmeluc.dll
C:\WINDOWS\system32\culemsoh.tmp
C:\WINDOWS\system32\wmpns.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CB6CA1F-5166-4DEC-B47E-04D203D3E2B0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{411F82BB-1441-4022-AAFE-FEAEB4AE2A44}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{437FEE55-6ADA-4FFF-9D71-DC827A64EBBD}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E5793C6-130F-434C-A7AF-8A1498EC106F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52D27CF8-DDC8-4124-A5BA-8F128FA73C4E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE7E4CE1-8CBA-44A6-956F-462A667D3286}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA5D1294-2A64-48FB-9ABA-CF9F7352573F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"0471a8fb"=-
"BM07429b67"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0DA3B9B7-3DB5-97A1-DA31-969D6950BB42}]

Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

Groetjes,

Roelof

De Jotti Scan:

Service load: 0% 100% File: iun6002.exe Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 456462905091db042141487fe030e3c9 Packers detected: -
Scanner results
Scan taken on 23 Jun 2008 19:28:47 (GMT) A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

oke,

En mag ik ook de andere logjes,

Roelof

Hier zijn de logjes. Even opmerken dat bij de upload naar de online virusscanner de browser 3x eigenaardig reageerde en melde dat de pagina niet te bereiken was...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:44, on 23/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
D:\Programma's\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: Rundll32.exe "C:\WINDOWS\system32\eeoufwpl.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Catalyst System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208531627421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213945159718
O17 - HKLM\System\CCS\Services\Tcpip\..\{3559F10A-E148-4E4F-9783-5DEF063D4144}: NameServer = 193.109.184.75 193.109.184.72
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
--
End of file - 8282 bytes





ComboFix 08-06-20.4 - Eigenaar 2008-06-23 21:36:03.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1628 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Eigenaar\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
* Resident AV is active

[b]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
FILE ::
C:\WINDOWS\system32\aheorbqo.dll
C:\WINDOWS\system32\bqmcokim.dll
C:\WINDOWS\system32\culemsoh.tmp
C:\WINDOWS\system32\eeoufwpl.dll
C:\WINDOWS\system32\fxlempdo.dll
C:\WINDOWS\system32\hosmeluc.dll
C:\WINDOWS\system32\qefbdwwp.dll
C:\WINDOWS\system32\rxhigois.dll
C:\WINDOWS\system32\sjmkiigr.dll
C:\WINDOWS\system32\wmpns.dll
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aheorbqo.dll
C:\WINDOWS\system32\bqmcokim.dll
C:\WINDOWS\system32\culemsoh.tmp
C:\WINDOWS\system32\eeoufwpl.dll
C:\WINDOWS\system32\fxlempdo.dll
C:\WINDOWS\system32\hosmeluc.dll
C:\WINDOWS\system32\qefbdwwp.dll
C:\WINDOWS\system32\rxhigois.dll
C:\WINDOWS\system32\sjmkiigr.dll
C:\WINDOWS\system32\wmpns.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-05-23 to 2008-06-23 ))))))))))))))))))))))))))))))
.
2008-06-23 21:23 . 2008-06-23 21:35 <DIR> dr-h----- C:\Documents and Settings\Eigenaar\Onlangs geopend
2008-06-21 00:55 . 2008-06-21 00:55 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-21 00:55 . 2008-06-21 01:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-20 09:23 . 2008-06-20 09:23 <DIR> d-------- C:\WINDOWS\system32\nl-nl
2008-06-20 09:23 . 2008-06-20 09:23 <DIR> d-------- C:\WINDOWS\system32\nl
2008-06-20 09:23 . 2008-06-20 09:23 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-20 09:23 . 2008-06-20 09:23 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-20 09:22 . 2008-06-20 09:22 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-20 09:18 . 2008-06-20 09:18 <DIR> d-------- C:\WINDOWS\EHome
2008-06-20 07:15 . 2008-06-20 07:15 0 --a------ C:\WINDOWS\BM07429b67.xml
2008-06-13 00:24 . 2008-06-22 22:37 616 --a------ C:\WINDOWS\wininit.ini
2008-06-13 00:22 . 2008-06-13 00:48 <DIR> d-------- C:\Program Files\HarvEX
2008-06-11 12:37 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 12:36 . 2008-06-14 19:36 272,640 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 12:36 . 2008-06-14 19:36 272,640 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-05 08:57 . 2008-06-05 08:57 <DIR> d-------- C:\Program Files\ZZultimativ-R-v1.3
2008-06-04 19:45 . 2008-06-04 19:46 <DIR> d-------- C:\Program Files\SubSync
2008-06-04 19:45 . 2008-06-04 19:45 249,856 --------- C:\WINDOWS\Setup1.exe
2008-06-04 19:45 . 2008-06-04 19:45 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-06-04 19:44 . 2008-06-04 19:45 <DIR> d-------- C:\Program Files\VisualSubSync
2008-06-03 10:38 . 2008-06-03 10:38 <DIR> d-------- C:\Program Files\Solveig Multimedia
2008-06-03 10:38 . 2008-06-03 10:38 <DIR> d-------- C:\Program Files\Common Files\Solveig Multimedia
2008-06-03 10:38 . 2008-06-03 10:38 <DIR> d-------- C:\Program Files\Common Files\Elecard
2008-06-02 11:08 . 2008-06-02 11:08 74,752 --a------ C:\WINDOWS\cadkasdeinst01e.exe
2008-06-02 10:58 . 2008-06-02 10:58 <DIR> d-------- C:\Program Files\Cuttermaran
2008-06-02 10:58 . 2008-06-02 11:00 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Cuttermaran
2008-05-30 18:49 . 2008-05-30 18:49 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\NeroDigital™
2008-05-27 10:04 . 2008-05-27 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-05-27 10:03 . 2008-05-27 10:03 <DIR> d-------- C:\Program Files\GRETECH
2008-05-27 10:03 . 2008-05-27 10:03 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\GRETECH
2008-05-27 09:32 . 2008-05-27 09:32 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-26 22:08 . 2008-05-26 22:08 <DIR> d-------- C:\Program Files\SyncView
2008-05-26 22:08 . 2003-08-18 12:25 1,344,512 --a------ C:\WINDOWS\system32\COMCTL32.OCX
2008-05-26 22:08 . 2004-03-09 00:00 152,848 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-05-26 22:07 . 2008-05-26 22:07 796,672 --a------ C:\WINDOWS\GPInstall.exe
2008-05-26 22:07 . 2000-07-29 08:53 8,520 --a------ C:\WINDOWS\Dutch.gpl
2008-05-26 17:25 . 2008-05-26 22:38 3,993,423,872 --a------ C:\dvdimage.img
2008-05-26 15:14 . 2008-05-26 15:14 <DIR> d-------- C:\Program Files\DVD Shrink
2008-05-26 15:14 . 2008-06-17 09:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-26 15:01 . 2008-05-26 15:01 <DIR> d-------- C:\Program Files\Musclesoft
2008-05-25 23:07 . 2002-04-22 19:51 503,296 --a------ C:\Program Files\WeetHetBitRates.exe
2008-05-25 23:03 . 2008-05-25 23:03 <DIR> d-------- C:\Program Files\Sun
2008-05-25 23:03 . 2008-05-25 23:03 <DIR> d-------- C:\Program Files\Java
2008-05-25 23:03 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-25 23:01 . 2008-05-25 23:01 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-25 11:51 . 2008-05-26 22:35 4,096 --a------ C:\aaaa.bin
2008-05-24 13:38 . 2008-05-24 13:38 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2008-05-24 13:37 . 2008-05-24 13:37 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-05-24 13:34 . 2008-05-24 13:34 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-24 13:32 . 2008-05-24 13:32 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\CyberLink
2008-05-23 23:48 . 2008-05-23 23:48 <DIR> d-------- C:\Program Files\GoldWave
2008-05-23 00:20 . 2008-05-23 00:20 105,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-05-23 00:20 . 2008-05-23 00:20 103,936 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-05-23 00:20 . 2008-05-23 00:20 86,016 --------- C:\WINDOWS\system32\pxwma.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-21 09:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-15 01:00 --------- d-----w C:\Program Files\The FilmMachine
2008-06-06 14:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-23 20:49 --------- d-----w C:\Program Files\DVDlabPro2
2008-05-22 22:20 --------- d-----w C:\Program Files\Pegasys Inc
2008-05-19 21:37 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Pegasys Inc
2008-05-17 08:29 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-16 17:23 --------- d-----w C:\Program Files\Common Files\Nero
2008-05-16 17:23 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Nero
2008-05-16 17:22 --------- d-----w C:\Program Files\Nero
2008-05-16 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-15 22:11 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-15 19:33 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Ahead
2008-05-14 22:40 --------- d-----w C:\Program Files\CCleaner
2008-05-14 22:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-05-14 21:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 16:05 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Talkback
2008-05-09 13:48 --------- d-----w C:\Program Files\directX
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 22:07 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Apple Computer
2008-05-07 22:06 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Media Player Classic
2008-05-07 20:29 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-05-07 20:18 --------- d-----w C:\Program Files\Custom Technology
2008-05-07 20:09 --------- d-----w C:\Program Files\Real Alternative
2008-05-07 20:06 --------- d-----w C:\Program Files\QuickTime
2008-05-07 20:06 --------- d-----w C:\Program Files\Apple Software Update
2008-05-07 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-07 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-07 19:56 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-07 05:12 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 07:19 --------- d-----w C:\Program Files\VideoLAN
2008-05-06 07:19 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\vlc
2008-05-04 21:48 --------- d-----w C:\Program Files\Switch Off
2008-04-24 19:30 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-04-23 21:39 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-23 21:35 --------- d-----w C:\Program Files\UnderCoverXP
2008-04-23 21:35 --------- d-----w C:\Program Files\DVD Decrypter
2008-04-23 21:31 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-04-23 21:29 --------- d-----w C:\Program Files\ScanSoft
2008-04-23 21:29 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-04-23 21:29 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\ScanSoft
2008-04-23 21:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\SSScanWizard
2008-04-23 21:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2008-04-23 21:28 --------- d-----w C:\Program Files\Canon
2008-04-23 21:28 --------- d-----w C:\Program Files\ArcSoft
2008-04-21 06:57 669,184 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-18 15:04 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-17 17:24 89,600 ----a-w C:\WINDOWS\system32\atl71.dll
2008-04-17 17:24 503,808 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-17 17:24 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-17 17:24 258,352 ----a-w C:\WINDOWS\system32\unicows.dll
2008-04-17 17:24 1,053,184 ----a-w C:\WINDOWS\system32\mfc71u.dll
2008-04-14 20:33 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 20:32 424,448 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 20:32 1,001,472 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 17:19 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 17:06 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 17:02 99,840 ----a-w C:\WINDOWS\system32\winscard.dll
2008-04-14 17:01 763,904 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 17:00 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 17:00 3,584 ----a-w C:\WINDOWS\system32\icmp.dll
2008-04-14 17:00 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 17:00 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 17:00 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 17:00 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 16:41 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 16:41 2,149,888 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 16:41 2,028,544 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 16:39 88,064 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 16:38 78,336 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 16:38 2,965,504 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-04-14 16:37 50,176 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 16:36 566,784 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 16:36 189,952 ----a-w C:\WINDOWS\system32\wmerror.dll
2008-04-14 16:35 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 16:34 67,584 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 16:34 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 16:33 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-04-14 16:32 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
2008-04-14 16:31 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:40 437,248 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 18:37 2,962,432 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:35 196,096 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-04-01 22:28 2,102,272 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-22_22.59.03.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-22 20:57:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-23 19:23:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:02 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-04-23 00:01 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-04-23 18:19 1189104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-06-23 05:21 847872]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 13:43 45056]
"GameFace Messenger"="C:\Program Files\GameFace Messenger\GameFace.exe" [ ]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-23 00:06 29744]
"NWEReboot"="" []
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 09:29 729088]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"BM07429b67"="C:\WINDOWS\system32\eeoufwpl.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:02 15360]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Catalyst System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [12-8-2005 13:43:58 45056]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [23-4-2008 0:01:54 124400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= msaud32_divx.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Emule\\Morph 8.10\\Ultimativ-MoD F-25c.exe"=
"C:\\Program Files\\ZZultimativ-R-v1.3\\emule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 mv61xx;mv61xx;C:\WINDOWS\system32\DRIVERS\mv61xx.s ys [2006-07-28 08:59]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfw tdir.sys [2008-03-13 16:52]
S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-23 00:06]
S3 SkLaggProtocol;SysKonnect Link Aggregation Protocol (LAGG) Support;C:\WINDOWS\system32\DRIVERS\yk51lagg.sys []
S3 SkVlanProtocol;SysKonnect Virtual LAN (VLAN) Support;C:\WINDOWS\system32\DRIVERS\skvlan.sys [2005-11-30 02:15]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys []
*Newly Created Service* - CATCHME
.
Inhoud van de 'Gedeelde Taken' map
"2008-06-20 08:58:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 21:37:24
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2008-06-23 21:37:54
ComboFix-quarantined-files.txt 2008-06-23 19:37:49
ComboFix2.txt 2008-06-22 21:10:08
ComboFix3.txt 2008-06-22 20:59:13
Pre-Run: 26,285,645,824 bytes beschikbaar
Post-Run: 26,275,971,072 bytes beschikbaar
275 --- E O F --- 2008-06-20 07:05:35

Hoi Licorne,

Het raar doen , kan komen omdat de site druk was of omdat er nog resten aanwezig zijn in je computer.

Open Kladblok, kopiëer en plak de onderstaande tekst in een leeg venster:



File::
C:\WINDOWS\system32\eeoufwpl.dll
C:\WINDOWS\BM07429b67.xml

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BM07429b67"=-


Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

Groetjes,

Roelof

Hier gaan we.

Heb gemerkt dat tijdens het runnen van Combofix, NOD32 een virus heeft detecteerd en gedeleted.

ComboFix 08-06-20.4 - Eigenaar 2008-06-24 21:45:50.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1559 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Eigenaar\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
* Resident AV is active

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
FILE ::
C:\WINDOWS\BM07429b67.xml
C:\WINDOWS\system32\eeoufwpl.dll
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM07429b67.xml
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-05-24 to 2008-06-24 ))))))))))))))))))))))))))))))
.
2008-06-24 21:42 . 2008-06-24 21:45 <DIR> dr-h----- C:\Documents and Settings\Eigenaar\Onlangs geopend
2008-06-21 00:55 . 2008-06-21 00:55 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-21 00:55 . 2008-06-21 01:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-20 09:23 . 2008-06-20 09:23 <DIR> d-------- C:\WINDOWS\system32\nl-nl
2008-06-20 09:23 . 2008-06-20 09:23 <DIR> d-------- C:\WINDOWS\system32\nl
2008-06-20 09:23 . 2008-06-20 09:23 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-20 09:23 . 2008-06-20 09:23 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-20 09:22 . 2008-06-20 09:22 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-20 09:18 . 2008-06-20 09:18 <DIR> d-------- C:\WINDOWS\EHome
2008-06-13 00:24 . 2008-06-22 22:37 616 --a------ C:\WINDOWS\wininit.ini
2008-06-13 00:22 . 2008-06-13 00:48 <DIR> d-------- C:\Program Files\HarvEX
2008-06-11 12:37 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 12:36 . 2008-06-14 19:36 272,640 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 12:36 . 2008-06-14 19:36 272,640 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-05 08:57 . 2008-06-05 08:57 <DIR> d-------- C:\Program Files\ZZultimativ-R-v1.3
2008-06-04 19:45 . 2008-06-04 19:46 <DIR> d-------- C:\Program Files\SubSync
2008-06-04 19:45 . 2008-06-04 19:45 249,856 --------- C:\WINDOWS\Setup1.exe
2008-06-04 19:45 . 2008-06-04 19:45 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-06-04 19:44 . 2008-06-04 19:45 <DIR> d-------- C:\Program Files\VisualSubSync
2008-06-03 10:38 . 2008-06-03 10:38 <DIR> d-------- C:\Program Files\Solveig Multimedia
2008-06-03 10:38 . 2008-06-03 10:38 <DIR> d-------- C:\Program Files\Common Files\Solveig Multimedia
2008-06-03 10:38 . 2008-06-03 10:38 <DIR> d-------- C:\Program Files\Common Files\Elecard
2008-06-02 11:08 . 2008-06-02 11:08 74,752 --a------ C:\WINDOWS\cadkasdeinst01e.exe
2008-06-02 10:58 . 2008-06-02 10:58 <DIR> d-------- C:\Program Files\Cuttermaran
2008-06-02 10:58 . 2008-06-02 11:00 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Cuttermaran
2008-05-30 18:49 . 2008-05-30 18:49 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\NeroDigital™
2008-05-27 10:04 . 2008-05-27 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-05-27 10:03 . 2008-05-27 10:03 <DIR> d-------- C:\Program Files\GRETECH
2008-05-27 10:03 . 2008-05-27 10:03 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\GRETECH
2008-05-27 09:32 . 2008-05-27 09:32 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-26 22:08 . 2008-05-26 22:08 <DIR> d-------- C:\Program Files\SyncView
2008-05-26 22:08 . 2003-08-18 12:25 1,344,512 --a------ C:\WINDOWS\system32\COMCTL32.OCX
2008-05-26 22:08 . 2004-03-09 00:00 152,848 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-05-26 22:07 . 2008-05-26 22:07 796,672 --a------ C:\WINDOWS\GPInstall.exe
2008-05-26 22:07 . 2000-07-29 08:53 8,520 --a------ C:\WINDOWS\Dutch.gpl
2008-05-26 17:25 . 2008-05-26 22:38 3,993,423,872 --a------ C:\dvdimage.img
2008-05-26 15:14 . 2008-05-26 15:14 <DIR> d-------- C:\Program Files\DVD Shrink
2008-05-26 15:14 . 2008-06-17 09:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-26 15:01 . 2008-05-26 15:01 <DIR> d-------- C:\Program Files\Musclesoft
2008-05-25 23:07 . 2002-04-22 19:51 503,296 --a------ C:\Program Files\WeetHetBitRates.exe
2008-05-25 23:03 . 2008-05-25 23:03 <DIR> d-------- C:\Program Files\Sun
2008-05-25 23:03 . 2008-05-25 23:03 <DIR> d-------- C:\Program Files\Java
2008-05-25 23:03 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-25 23:01 . 2008-05-25 23:01 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-25 11:51 . 2008-05-26 22:35 4,096 --a------ C:\aaaa.bin
2008-05-24 13:38 . 2008-05-24 13:38 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2008-05-24 13:37 . 2008-05-24 13:37 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-05-24 13:34 . 2008-05-24 13:34 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-24 13:32 . 2008-05-24 13:32 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\CyberLink
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-21 09:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-15 01:00 --------- d-----w C:\Program Files\The FilmMachine
2008-06-06 14:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-23 21:48 --------- d-----w C:\Program Files\GoldWave
2008-05-23 20:49 --------- d-----w C:\Program Files\DVDlabPro2
2008-05-22 22:20 86,016 ------w C:\WINDOWS\system32\pxwma.dll
2008-05-22 22:20 105,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-22 22:20 103,936 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-05-22 22:20 --------- d-----w C:\Program Files\Pegasys Inc
2008-05-19 21:37 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Pegasys Inc
2008-05-17 08:29 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-16 17:23 --------- d-----w C:\Program Files\Common Files\Nero
2008-05-16 17:23 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Nero
2008-05-16 17:22 --------- d-----w C:\Program Files\Nero
2008-05-16 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-15 22:11 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-15 19:33 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Ahead
2008-05-14 22:40 --------- d-----w C:\Program Files\CCleaner
2008-05-14 22:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-05-14 21:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 16:05 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Talkback
2008-05-09 13:48 --------- d-----w C:\Program Files\directX
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 22:07 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Apple Computer
2008-05-07 22:06 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Media Player Classic
2008-05-07 20:29 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-05-07 20:18 --------- d-----w C:\Program Files\Custom Technology
2008-05-07 20:09 --------- d-----w C:\Program Files\Real Alternative
2008-05-07 20:06 --------- d-----w C:\Program Files\QuickTime
2008-05-07 20:06 --------- d-----w C:\Program Files\Apple Software Update
2008-05-07 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-07 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-07 19:56 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-07 05:12 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 07:19 --------- d-----w C:\Program Files\VideoLAN
2008-05-06 07:19 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\vlc
2008-05-04 21:48 --------- d-----w C:\Program Files\Switch Off
2008-04-24 19:30 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-04-21 06:57 669,184 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-18 15:04 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-17 17:24 89,600 ----a-w C:\WINDOWS\system32\atl71.dll
2008-04-17 17:24 503,808 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-17 17:24 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-17 17:24 258,352 ----a-w C:\WINDOWS\system32\unicows.dll
2008-04-17 17:24 1,053,184 ----a-w C:\WINDOWS\system32\mfc71u.dll
2008-04-14 20:33 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 20:32 424,448 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 20:32 1,001,472 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 17:19 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 17:06 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 17:02 99,840 ----a-w C:\WINDOWS\system32\winscard.dll
2008-04-14 17:01 763,904 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 17:00 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 17:00 3,584 ----a-w C:\WINDOWS\system32\icmp.dll
2008-04-14 17:00 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 17:00 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 17:00 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 17:00 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 16:41 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 16:41 2,149,888 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 16:41 2,028,544 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 16:39 88,064 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 16:38 78,336 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 16:38 2,965,504 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-04-14 16:37 50,176 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 16:36 566,784 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 16:36 189,952 ----a-w C:\WINDOWS\system32\wmerror.dll
2008-04-14 16:35 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 16:34 67,584 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 16:34 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 16:33 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-04-14 16:32 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
2008-04-14 16:31 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:40 437,248 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 18:37 2,962,432 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:35 196,096 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-04-01 22:28 2,102,272 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-22_22.59.03.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-22 20:57:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-24 19:42:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:02 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-04-23 00:01 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-04-23 18:19 1189104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-06-23 05:21 847872]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 13:43 45056]
"GameFace Messenger"="C:\Program Files\GameFace Messenger\GameFace.exe" [ ]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-23 00:06 29744]
"NWEReboot"="" []
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 09:29 729088]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"BM07429b67"="C:\WINDOWS\system32\eeoufwpl.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:02 15360]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Catalyst System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [12-8-2005 13:43:58 45056]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [23-4-2008 0:01:54 124400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= msaud32_divx.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Emule\\Morph 8.10\\Ultimativ-MoD F-25c.exe"=
"C:\\Program Files\\ZZultimativ-R-v1.3\\emule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 mv61xx;mv61xx;C:\WINDOWS\system32\DRIVERS\mv61xx.s ys [2006-07-28 08:59]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfw tdir.sys [2008-03-13 16:52]
S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-23 00:06]
S3 SkLaggProtocol;SysKonnect Link Aggregation Protocol (LAGG) Support;C:\WINDOWS\system32\DRIVERS\yk51lagg.sys []
S3 SkVlanProtocol;SysKonnect Virtual LAN (VLAN) Support;C:\WINDOWS\system32\DRIVERS\skvlan.sys [2005-11-30 02:15]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys []
.
Inhoud van de 'Gedeelde Taken' map
"2008-06-20 08:58:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 21:47:28
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2008-06-24 21:47:49
ComboFix-quarantined-files.txt 2008-06-24 19:47:46
ComboFix2.txt 2008-06-23 19:37:54
ComboFix3.txt 2008-06-22 21:10:08
ComboFix4.txt 2008-06-22 20:59:13
Pre-Run: 26,266,116,096 bytes beschikbaar
Post-Run: 26,255,773,696 bytes beschikbaar
245 --- E O F --- 2008-06-20 07:05:35



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:56, on 24/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Programma's\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BM07429b67] Rundll32.exe "C:\WINDOWS\system32\eeoufwpl.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Catalyst System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208531627421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213945159718
O17 - HKLM\System\CCS\Services\Tcpip\..\{3559F10A-E148-4E4F-9783-5DEF063D4144}: NameServer = 193.109.184.75 193.109.184.72
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
--
End of file - 8554 bytes

hoi,

Heb je ook kunnen zien welke virus NOD32 heeft verwijderd en heb je teatimer weer aangezet ?

Roelof

Hallo Roelof,

Ik zet em weer aan.

NOD 32:

24/06/2008 21:45:55 Real-time file system protection file C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\Av-test.txt Eicar test file cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32\CF27775.exe.
24/06/2008 10:08:21 Real-time file system protection file C:\System Volume Information\_restore{254EF869-67D1-433F-AFBD-5E9F8190D8B1}\RP87\A0014477.dll a variant of Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe.
24/06/2008 9:28:30 Real-time file system protection file C:\System Volume Information\_restore{254EF869-67D1-433F-AFBD-5E9F8190D8B1}\RP86\A0014360.dll Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
23/06/2008 22:55:07 Real-time file system protection file C:\System Volume Information\_restore{254EF869-67D1-433F-AFBD-5E9F8190D8B1}\RP86\A0014338.dll Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
23/06/2008 21:36:06 Real-time file system protection file C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\Av-test.txt Eicar test file cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32\CF5843.exe.
22/06/2008 22:55:14 Real-time file system protection file C:\Qoobox\Quarantine\C\WINDOWS\system32\awtqnkhe.d ll.vir a variant of Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\CF892.exe.
22/06/2008 22:53:41 Real-time file system protection file C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\Av-test.txt Eicar test file cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32\CF892.exe.
22/06/2008 21:46:40 Real-time file system protection file D:\Programma's\backups\backup-20080622-214635-575.dll a variant of Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: D:\Programma's\HiJackThis.exe.
21/06/2008 21:04:36 Real-time file system protection file C:\System Volume Information\_restore{254EF869-67D1-433F-AFBD-5E9F8190D8B1}\RP85\A0014244.dll a variant of Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe.
21/06/2008 20:16:12 Real-time file system protection file C:\System Volume Information\_restore{254EF869-67D1-433F-AFBD-5E9F8190D8B1}\RP85\A0014243.dll a variant of Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe.
21/06/2008 12:56:36 Real-time file system protection file C:\System Volume Information\_restore{254EF869-67D1-433F-AFBD-5E9F8190D8B1}\RP85\A0014242.dll a variant of Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe.
21/06/2008 11:56:44 Real-time file system protection file D:\Programma's\backups\backup-20080621-115637-787.dll a variant of Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: D:\Programma's\HiJackThis.exe.
21/06/2008 1:16:23 Real-time file system protection file D:\Programma's\backups\backup-20080621-011621-190.dll a variant of Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: D:\Programma's\HiJackThis.exe.
20/06/2008 9:31:01 Real-time file system protection file C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\removalfile.bat Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32:winsock32.exe.
20/06/2008 9:30:55 Real-time file system protection file C:\WINDOWS\system32\cbXRHyXP.dll a variant of Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32:winsock32.exe.
20/06/2008 7:21:08 HTTP filter file http://85.17.166.168/security/kb767887.dll?setid=th2o&affid=156530&uid=D10C1B363E2211DDA9ED156530CFFFFF&rid=mm2&guid=B01B8EA7CF19485A9714C349A8115F22 a variant of Win32/Adware.Virtumonde application connection terminated - quarantined HOME-BD8630E79A\Eigenaar Threat was detected upon access to web by the application: C:\WINDOWS\explorer.exe.

Oke,

Maar hij stond dus niet aan terwijl je de laatste fix draaide?

Roelof

Neen, hij stond niet aan.

hoi Licorne,

Gaan we het eens op een andere manier proberen. De laatste restjes willen niet weg.


Download MBAM (Malwarebytes' Anti-Malware) via hier (http://www.besttechie.net/tools/mbam-setup.exe) of hier (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html).
Dubbelklik op mbam-setup.exe om het programma te installeren.
Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.
Kopieer en plak de inhoud van het logje in je volgend antwoord, samen met een nieuw HijackThis log.
Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Groetjes,

Roelof

Hallo Roelof,

Hierbij de logjes:

Malwarebytes' Anti-Malware 1.18
Database versie: 889
14:12:33 25/06/2008
mbam-log-6-25-2008 (14-12-33).txt
Scan type: Snelle Scan
Objecten gescand: 36883
Verstreken tijd: 1 minute(s), 40 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 1
Registerwaarden geïnfecteerd: 1
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\BM07429b67 (Trojan.Agent) -> Quarantined and deleted successfully.
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:18:09, on 25/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\Programma's\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Catalyst System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208531627421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213945159718
O17 - HKLM\System\CCS\Services\Tcpip\..\{3559F10A-E148-4E4F-9783-5DEF063D4144}: NameServer = 193.109.184.75 193.109.184.72
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
--
End of file - 8654 bytes

Hoi Licorne,

Hoe is het nu met je problemen van traag laden van pagina's op internet?
En heb je nu nog andere problemen ?

Groetjes,

Roelof

Hey Roelof,

ik heb de indruk dat alles gesmeerd loopt nu. Geen rundll-fout bij opstarten, prompte laden van webpagina's, geen viruscanner meer die in actie schiet ;)

Zou het?

Hoi Licorne,

Je computer is weer schoon.
Hier een paar tips :

Nog een paar tips om problemen te voorkomen in de toekomst:

Installeer alvast volgende GRATIS programmatjes indien je ze nog niet hebt:

Spywareblaster (http://www.javacoolsoftware.com/spywareblaster.html)
Adaware se (http://www.majorgeeks.com/download506.html)
Spybot s&d (http://www.safer-networking.org/en/index.html)


Tijdens het surfen, klik niet overal klakkeloos op ja als je dit gevraagd wordt... doe dit enkel wanneer je het volledig vertrouwt.

En kies eventueel een alternatieve browser zoals Opera (http://www.opera.com/) of Firefox (http://www.mozilla.org/products/firefox/).

En ik raad je ook aan om af en toe een online virusscan uit te voeren. housecall (http://housecall.trendmicro.com/) en/of Bitdefender (http://nl.bitdefender.com/scan8/). Want, wat de ene scanner niet kan vinden, kan een andere misschien wel.
Zorg er ook voor dat je virusscanner die op je systeem geïnstalleerd is altijd up to date is!!

En... geregeld eens een bezoekje brengen aan: http://windowsupdate.microsoft.com/ (http://windowsupdate.microsoft.com/)

Bekijk ook eens deze 2 filmpjes.. Heel interessant:
http://www2.trosradar.nl/mediaplayer...&mode=dossier# (http://www2.trosradar.nl/mediaplayer/player.php?videoID=524&mode=dossier#)
http://www.benedelman.org/spyware/security-111804.wmv (http://www.benedelman.org/spyware/security-111804.wmv)


Meer preventietips zijn ook op volgende sites te vinden:

http://www.bluemedicine.be (http://www.bluemedicine.be/)
http://users.telenet.be/marcvn/spyware (http://users.telenet.be/marcvn/spyware)
How did I get infected in the first place (http://castlecops.com/postitle7736-0-0-.html) (article by TonyKlein)
Het voorkomen van spyware-infecties en browserhijacking (http://www.antispywareoffensief.nl/forum/showthread.php?t=55)

Groetjes,

Roelof

Voor mij ben je geslaagd als Spyware Slayer!:good:

Dank je voor het compliment

Roelof