[OPGELOST] trojan horse generic 10.UVD

De computer van een vriendin meldde voortdurend dat hij besmet was met een virus en dat ze een virusscan moest uitvoeren. Op de computer waren verschillende scanners aanwezig, maar die werkten blijkbaar niet naar behoren. Ik verwijderde alle scanners en plaatste AVG 8.0. Bij het scannen met AVG 8.0 stelde ik vast dat bovenvermeld virus op de computer aanwezig is (trojan horse generic 10.UVD tot 14 maal toe). Wat ik ook doe ik blijf de melding krijgen dat een virus aanwezig is...

Ondertussenn heb ik ook gescand met NOD32 en met Spywarefighter. Telkens moest iets verwijderd of hersteld worden maar tevergeefs.

Ik verwijderde ook al veel overtollige programma's en ik werkte ook nog met ccleaner. Bij het opstarten blijft de computer soms hangen en het is zeer moeilijk om te werken met google of yahoo (het duurt soms meer dan een uur voor hij de sites vindt)

ik heb reeds een log gemaakt met hijackthis welke ik hieronder heb bijgevoegd. Kan mij iemand van het probleem afhelpen?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:41:22, on 05/20/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Home Cinema\PowerCinema\PCMService.exe

C:\WINDOWS\mHotkey.exe

C:\WINDOWS\CNYHKey.exe

C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: (no name) - - (no file)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [sMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Tom\Application Data\Deskbar_{EF19FA65-E2CC-4dfe-8BBB-4ACDB46235C0}\starter.exe

O4 - HKLM\..\Run: [08ac1c2a] rundll32.exe "C:\WINDOWS\system32\odustgvj.dll",b

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [bM0b9f2fb6] Rundll32.exe "C:\WINDOWS\system32\ynxfqkqr.dll",s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://blacknr72.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/23b2b94751f7cd2f3306/netzip/RdxIE601.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124359675203

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://blacknr72.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {82CF9738-0BDA-4AAF-AB08-5AC5875FF3BB} (YMultiRecord Class) - http://www.biovoorjou.be/cdrom/BVJ_1/werkbestanden/localplayer/recording/yrecording.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game17.zylomgames.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://sonypictures.com/games/heavyweapon/popcaploader_v6.cab

O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--

End of file - 10385 bytes

Dank bij voorbaat

groetjes

Sjarlie

xxx

Download SDFix en klik op "uitvoeren".

Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R3 - URLSearchHook: (no name) - - (no file)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Tom\Application Data\Deskbar_{EF19FA65-E2CC-4dfe-8BBB-4ACDB46235C0}\starter.exe

O4 - HKLM\..\Run: [08ac1c2a] rundll32.exe "C:\WINDOWS\system32\odustgvj.dll",b

O4 - HKLM\..\Run: [bM0b9f2fb6] Rundll32.exe "C:\WINDOWS\system32\ynxfqkqr.dll",s

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Herstart je PC in veilige modus.

Open de SDFix map en dubbelklik op RunThis.bat om het tooltje te starten.

Typ Y om het schoonmaakproces te starten.

Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.

De computer zal dan herstarten (dit duurt langer dan gewoonlijk).

Wanneer de pc herstart zal het tooltje opnieuw runnen en het verwijderingsproces vervolgen, tot de melding Finished getoond wordt. Druk dan op eender welke toets om het script te beëindigen en je bureaubladiconen weer te laden.

Wanneer je bureaubladiconen verschijnen zal het rapportje van SDFix openen. Dit zal dan ook te vinden zijn in de SDFix map als Report.txt.

Plak de inhoud van dat rapportje van SDFix hier met een nieuw HJT-log.

Bij het opstarten van internet krijg ik nog melding van de site VeiligheidsAgent - Antivirusbescherming tegen alle soorten virussen, hackers, spyware

hieronder vind je de twee logjes

SDFix: Version 1.184

Run by Karin on 05/20/2008 at 22:01

Microsoft Windows XP [versie 5.1.2600]

Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\Documents and Settings\Karin\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk - Deleted

C:\WINDOWS\system32\oreplv\csrss.ini - Deleted

C:\WINDOWS\system32\pac.txt - Deleted

Folder C:\WINDOWS\system32\bkEur05 - Removed

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-20 22:20:13

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\iMesh\\Client\\iMeshClient.exe"="C:\\Program Files\\iMesh\\Client\\iMeshClient.exe:*:Enabled:iMesh Client for PC platforms"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\WINDOWS\\abcdefg.exe"="C:\\WINDOWS\\abcdefg.exe:*:Enabled:abcdefg"

"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"

"C:\\WINDOWS\\system32\\muzapp.exe"="C:\\WINDOWS\\system32\\muzapp.exe:*:Enabled:MUZ AOD APP player"

"C:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"="C:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe:*:Disabled:speed"

"C:\\Program Files\\Valve\\Steam\\Steam.exe"="C:\\Program Files\\Valve\\Steam\\Steam.exe:*:Disabled:Steam"

"C:\\Program Files\\Soulseek-Test\\slsk.exe"="C:\\Program Files\\Soulseek-Test\\slsk.exe:*:Enabled:SoulSeek"

"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"

"C:\\Program Files\\Call of Duty\\CoDMP.exe"="C:\\Program Files\\Call of Duty\\CoDMP.exe:*:Disabled:CoDMP"

"C:\\Program Files\\Call of Duty\\CoDUOMP.exe"="C:\\Program Files\\Call of Duty\\CoDUOMP.exe:*:Enabled:CoDUOMP"

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Documents and Settings\\Karin\\Local Settings\\Temporary Internet Files\\Content.IE5\\EHEIH43F\\incredimail_install[1].exe"="C:\\Documents and Settings\\Karin\\Local Settings\\Temporary Internet Files\\Content.IE5\\EHEIH43F\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"

"C:\\Documents and Settings\\Karin\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install[1].exe"="C:\\Documents and Settings\\Karin\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"

"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 9 Aug 2001 64,512 A..H. --- "C:\WINDOWS\system32\PackethSvc.exe"

Sun 31 Oct 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Sun 11 Feb 2007 48,098,304 ...H. --- "C:\Documents and Settings\Karin\Mijn documenten\~WRL0535.tmp"

Mon 22 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Tue 20 May 2008 96 A..H. --- "C:\Program Files\Common Files\X10\Common\x10prod.sys"

Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a282fd7b00204b775909f4664bd74484\BIT1.tmp"

Tue 18 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b04031f0b83ee952189dd8beb4ee929a\BIT22E.tmp"

Sat 30 Apr 2005 140,288 ...H. --- "C:\Documents and Settings\Karin\Application Data\Microsoft\Sjablonen\~WRL0509.tmp"

Sat 12 Aug 2006 161,792 ...H. --- "C:\Documents and Settings\Karin\Application Data\Microsoft\Word\~WRL0174.tmp"

Sat 12 Aug 2006 154,112 ...H. --- "C:\Documents and Settings\Karin\Application Data\Microsoft\Word\~WRL0287.tmp"

Sun 12 Dec 2004 43,520 ...H. --- "C:\Documents and Settings\Karin\Application Data\Microsoft\Word\~WRL0850.tmp"

Sat 12 Aug 2006 4,900,864 ...H. --- "C:\Documents and Settings\Karin\Application Data\Microsoft\Word\~WRL2214.tmp"

Sun 12 Dec 2004 46,592 ...H. --- "C:\Documents and Settings\Karin\Application Data\Microsoft\Word\~WRL3636.tmp"

Sun 12 Dec 2004 40,960 ...H. --- "C:\Documents and Settings\Karin\Application Data\Microsoft\Word\~WRL3969.tmp"

Fri 29 Dec 2006 41,888,256 ...H. --- "C:\Documents and Settings\Karin\Mijn documenten\Biologie Theorie\Cursus biologie 5 TTW\~WRL0469.tmp"

Sun 8 Apr 2007 46,645,760 ...H. --- "C:\Documents and Settings\Karin\Mijn documenten\Biologie Theorie\Cursus biologie 5 TTW\~WRL1183.tmp"

Sun 4 Mar 2007 46,572,544 ...H. --- "C:\Documents and Settings\Karin\Mijn documenten\Biologie Theorie\Cursus biologie 5 TTW\~WRL1599.tmp"

Wed 31 May 2006 102,912 ...H. --- "C:\Documents and Settings\Karin\Mijn documenten\Biologie Theorie\Labo cursus 5TTW\~WRL2357.tmp"

Finished!

nu de hijackthis log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:27:33, on 05/20/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\notepad.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Home Cinema\PowerCinema\PCMService.exe

C:\WINDOWS\mHotkey.exe

C:\WINDOWS\CNYHKey.exe

C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\msiexec.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [sMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://blacknr72.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/23b2b94751f7cd2f3306/netzip/RdxIE601.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124359675203

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://blacknr72.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {82CF9738-0BDA-4AAF-AB08-5AC5875FF3BB} (YMultiRecord Class) - http://www.biovoorjou.be/cdrom/BVJ_1/werkbestanden/localplayer/recording/yrecording.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game17.zylomgames.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://sonypictures.com/games/heavyweapon/popcaploader_v6.cab

O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--

End of file - 9670 bytes

grtjs

xxx

Ha, onze "Veiligheidsagent", dat is een "goede" bekende op dit forum ... maar wel het gevolg van een besmetting.

Doe eerst even dit :

. Leeg de Cache and Cookies in IE:

• Sluit Internet Explorer.
  
• Ga naar Configuratiescherm > Internet Opties > tab Algemeen
  
• Klik de Cookies verwijderen knop
  
• Klik op de Bestanden verwijderen knop ernaast
  
• Vink aan: Ook alle off line items verwijderen, klik OK
  

* Leeg de Cache and Cookies in Firefox (In geval Firefox geïnstalleerd is):

• Ga naar Extra > Opties.
  
• Klik Privacy in het menu.
  
• Klik op de knop Wissen (Geschiedenis, Cookies, Cache).
  
• Klik OK om het venster opnieuw te sluiten.
  

* Leeg andere Temporary files + Prullenbak

• Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
  
• Laat het je systeem scannen op bestanden die moeten verwijderd worden
  
• Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
  
• Klik daarna op OK.
  

Download Combofix en zet het op je Bureaublad.

Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

Indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Hang het log van Combofix aan je volgende bericht.

Als ik deze morgen de computer bekeek kreeg ik nog van nod32 de vermelding dat de computer geïnfecteerd was;

Ik heb ondertussen heb ik je raadgevingen uitgevoerd en ik zend u zoals gevraagd de log van conbofix

ComboFix 08-05-20.5 - Karin 2008-05-21 13:39:58.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.135 [GMT 2:00]

Gestart vanuit: C:\Documents and Settings\Karin\Bureaublad\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

* Resident AV is active

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\iMeshBar

C:\Program Files\iMeshBar\bar\History\search

C:\Program Files\iMeshBar\bar\Settings\settings.dat

C:\Program Files\iMeshBar\bar\Settings\settings.htm

C:\WINDOWS\BM0b9f2fb6.xml

C:\WINDOWS\cookies.ini

C:\WINDOWS\Downloaded Program Files\setup.inf

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\bacJStwa.ini

C:\WINDOWS\system32\bacJStwa.ini2

C:\WINDOWS\system32\cckeicbm.ini

C:\WINDOWS\system32\edvhekya.ini

C:\WINDOWS\system32\jvgtsudo.ini

C:\WINDOWS\system32\llhcuudm.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\MSINET.oca

C:\WINDOWS\system32\nheulevd.ini

C:\WINDOWS\system32\owcddiic.ini

C:\WINDOWS\system32\sdpiqlka.ini

C:\WINDOWS\system32\uxltkxct.ini

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-04-21 to 2008-05-21 ))))))))))))))))))))))))))))))

.

2008-05-21 13:48 . 2008-05-21 13:48 294 ---hs---- C:\WINDOWS\system32\edvhekya.ini

2008-05-21 13:47 . 2008-05-21 13:48 109,807 --a------ C:\WINDOWS\BM0b9f2fb6.xml

2008-05-21 13:47 . 2008-05-21 13:47 22 --a------ C:\WINDOWS\pskt.ini

2008-05-20 22:46 . 2008-05-20 22:46 94,720 --a------ C:\WINDOWS\system32\aykehvde.dll

2008-05-20 22:43 . 2008-05-20 22:43 109,056 --a------ C:\WINDOWS\system32\dtnkbjsv.dll

2008-05-20 21:54 . 2008-05-20 21:54 <DIR> d-------- C:\WINDOWS\ERUNT

2008-05-20 21:40 . 2008-05-20 22:25 <DIR> d----c--- C:\SDFix

2008-05-20 16:41 . 2008-05-20 16:41 <DIR> d----c--- C:\Program Files\Trend Micro

2008-05-20 08:24 . 2008-05-20 08:24 <DIR> dr-h----- C:\Documents and Settings\Karin\Onlangs geopend

2008-05-19 23:50 . 2008-05-19 23:50 <DIR> d----c--- C:\Program Files\ESET

2008-05-19 23:50 . 2008-05-19 23:50 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\ESET

2008-05-19 23:34 . 2008-05-19 23:34 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Avg8

2008-05-19 22:49 . 2008-05-19 22:49 94,208 --a------ C:\WINDOWS\system32\odustgvj.dll

2008-05-19 22:40 . 2008-05-19 22:40 109,056 --a------ C:\WINDOWS\system32\ynxfqkqr.dll

2008-05-18 22:40 . 2008-05-18 22:40 109,568 --a------ C:\WINDOWS\system32\kbnapnia.dll

2008-05-17 22:40 . 2008-05-17 22:40 109,568 --a------ C:\WINDOWS\system32\pdleyjfq.dll

2008-05-16 22:39 . 2008-05-16 22:39 108,544 --a------ C:\WINDOWS\system32\dxpmjgwp.dll

2008-05-14 23:43 . 2008-05-14 23:43 <DIR> d----c--- C:\Program Files\AVG

2008-05-13 20:59 . 2008-05-13 22:39 <DIR> d-------- C:\Documents and Settings\Karin\Application Data\AVGTOOLBAR

2008-05-13 20:41 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-05-13 20:24 . 2008-05-13 22:34 414 ---hs---- C:\WINDOWS\system32\qewlpuev.ini

2008-05-13 19:50 . 2008-05-13 19:50 <DIR> d----c--- C:\Program Files\CCleaner

2008-05-12 00:43 . 2008-05-12 00:43 8 --a------ C:\WINDOWS\system32\08ac0ea4

2008-05-10 23:54 . 2008-05-10 23:54 <DIR> d----c--- C:\Documents and Settings\LocalService\Mijn documenten

2008-05-10 11:25 . 2008-05-10 11:25 110,080 --a------ C:\WINDOWS\system32\xensutep.dll

2008-05-08 22:49 . 2008-05-08 22:49 <DIR> d----c--- C:\Program Files\WinUpdater

2008-05-08 22:27 . 2008-05-08 22:27 <DIR> d----c--- C:\Westwood

2008-05-08 22:27 . 2008-05-08 22:27 <DIR> d----c--- C:\Program Files\FLVPlayer4Free

2008-05-08 22:27 . 2008-05-08 22:27 <DIR> d----c--- C:\Program Files\DNA

2008-05-08 18:54 . 2008-05-08 18:54 375,808 --------- C:\WINDOWS\system32\awtSJcab.dll

2008-05-08 18:49 . 2008-05-08 18:49 <DIR> d-------- C:\WINDOWS\system32\sX1

2008-05-08 18:49 . 2008-05-08 18:49 <DIR> d-------- C:\WINDOWS\system32\ob3

2008-05-08 18:49 . 2008-05-13 19:50 <DIR> d-------- C:\WINDOWS\system32\mBL

2008-05-08 18:49 . 2008-05-08 18:49 <DIR> d-------- C:\WINDOWS\system32\20467

2008-05-03 21:16 . 2008-05-03 21:16 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers

2008-05-03 21:16 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll

2008-05-03 21:16 . 2007-05-02 11:12 109,704 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys

2008-05-03 21:16 . 2007-05-02 11:12 83,592 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys

2008-05-03 21:16 . 2007-05-02 11:12 15,112 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys

2008-05-03 21:16 . 2007-05-02 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys

2008-05-03 21:16 . 2007-05-02 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys

2008-05-03 21:16 . 2007-05-02 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys

2008-05-03 21:16 . 2007-05-02 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys

2008-05-03 21:15 . 2008-05-03 21:22 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys

2008-05-03 21:15 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-19 06:44 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-05-18 20:33 --------- dc----w C:\Program Files\Spybot - Search & Destroy

2008-05-18 20:23 --------- dc-h--w C:\Program Files\InstallShield Installation Information

2008-05-18 20:17 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-05-18 19:24 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard

2008-05-18 19:19 --------- dc----w C:\Program Files\Common Files\Adobe

2008-05-18 19:18 --------- dc----w C:\Program Files\EA GAMES

2008-05-14 19:55 --------- dc----w C:\Program Files\Zylom Games

2008-05-14 19:55 --------- dc----w C:\Program Files\Telenet EasyCare

2008-05-14 19:55 --------- d-----w C:\Program Files\Yahoo!

2008-05-14 19:54 --------- dc----w C:\Program Files\QuickTime

2008-05-14 19:54 --------- dc----w C:\Program Files\LGGSM

2008-05-14 19:54 --------- dc----w C:\Program Files\Java

2008-05-14 19:54 --------- dc----w C:\Program Files\iMesh

2008-05-14 19:54 --------- dc----w C:\Program Files\Ahead

2008-05-14 19:52 --------- d-----w C:\Documents and Settings\Karin\Application Data\Lavasoft

2008-05-13 21:10 --------- dc----w C:\Program Files\Messenger Plus! 3

2008-05-13 20:37 --------- dc----w C:\Program Files\ContextEnhancer

2008-05-13 18:30 --------- dc----w C:\Program Files\Microsoft Works

2008-05-13 18:27 --------- dc----w C:\Program Files\Common Files\Symantec Shared

2008-05-09 18:25 1,528 -c--a-w C:\Documents and Settings\Andere\Application Data\wklnhst.dat

2008-05-08 20:41 --------- dc----w C:\Program Files\Activision

2008-05-05 18:30 --------- dc----w C:\Program Files\Samsung

2008-05-04 17:37 --------- dc----w C:\Documents and Settings\All Users\Application Data\Trymedia

2008-05-04 17:22 --------- dc----w C:\Program Files\Call of Duty

2008-05-04 17:21 --------- dc----w C:\Program Files\Shareaza

2008-05-04 17:21 --------- dc----w C:\Program Files\Qualcomm

2008-05-04 17:20 --------- dc----w C:\Program Files\Team Factor

2008-05-04 17:19 --------- dc----w C:\Program Files\Team6 game studios

2008-05-04 17:19 --------- dc----w C:\Program Files\Soulseek

2008-05-04 17:19 --------- dc----w C:\Program Files\Sony Ericsson

2008-05-04 17:07 --------- dc----w C:\Program Files\Dreamcatcher Interactive

2005-12-18 23:30 12,360 ----a-w C:\Documents and Settings\Karin\Application Data\wklnhst.dat

2004-11-22 21:56 90 -c--a-w C:\Documents and Settings\Gast\Application Data\wklnhst.dat

2004-07-22 09:51 3,432,656 -c--a-w C:\Program Files\ManagedDX.CAB

2004-07-19 21:58 1,156,363 -c--a-w C:\Program Files\BDANT.cab

2004-07-19 21:53 976,020 -c--a-w C:\Program Files\BDAXP.cab

2004-07-09 13:17 13,265,040 -c--a-w C:\Program Files\dxnt.cab

2004-07-09 08:13 703,080 -c--a-w C:\Program Files\BDA.cab

2004-07-09 08:13 15,493,481 -c--a-w C:\Program Files\DirectX.cab

2004-07-09 03:08 472,576 -c--a-w C:\Program Files\dxsetup.exe

2004-07-09 03:08 2,242,560 -c--a-w C:\Program Files\dsetup32.dll

2004-07-09 02:03 62,976 -c--a-w C:\Program Files\DSETUP.dll

2007-06-23 15:21 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012007062320070624\index.dat

2005-06-06 18:38 196 --sh--w C:\WINDOWS\system32\oreplv\csrss.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C6C4BA2-1646-0F3A-1FAE-B393C162C92E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FBFF4A37-D663-482D-9847-6333489C6D52}]

2008-05-08 18:54 375808 --------- C:\WINDOWS\system32\awtSJcab.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-27 15:30 335872]

"Cmaudio"="cmicnfg.cpl" [2004-01-07 16:14 2453504 C:\WINDOWS\CMICNFG.CPL]

"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2004-04-05 10:09 61440]

"CHotkey"="mHotkey.exe" [2004-02-24 14:05 508416 C:\WINDOWS\mHotkey.exe]

"ledpointer"="CNYHKey.exe" [2004-02-03 17:15 5794816 C:\WINDOWS\CNYHKey.exe]

"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2003-10-13 04:04 184320]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]

"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-19 14:03 45056]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 09:23 132624]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

"08ac1c2a"="C:\WINDOWS\system32\aykehvde.dll" [2008-05-20 22:46 94720]

"BM0b9f2fb6"="C:\WINDOWS\system32\dtnkbjsv.dll" [2008-05-20 22:43 109056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]

Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"AllowLegacyWebView"= 1 (0x1)

"AllowUnhashedWebView"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 17:51 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnoLDvV]

nnnoLDvV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.thx32"= thx32.acm

"wave.dvaudio"= dvaudio.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^MyWebSearch Email Plugin.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\MyWebSearch Email Plugin.lnk

backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Karin^Menu Start^Programma's^Opstarten^MyWebSearch Email Plugin.lnk]

path=C:\Documents and Settings\Karin\Menu Start\Programma's\Opstarten\MyWebSearch Email Plugin.lnk

backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csrss]

C:\WINDOWS\system32\oreplv\csrss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]

--a------ 2004-04-02 13:31 86016 C:\WINDOWS\Dit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

C:\WINDOWS\system32\oreplv\csrss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

C:\Program Files\Messenger Plus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]

C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]

C:\Program Files\Plaxo\2.2.3.5\InstallStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

C:\WINDOWS\system32\oreplv\csrss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\system32\\muzapp.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\DNA\\btdna.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]

R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 10:03]

R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 11:04]

R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 11:47]

R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 13:07]

S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2005-06-30 21:24]

S3 IIUSBISP;USB Mass Storage for USB ISP;C:\WINDOWS\system32\Drivers\iiusbisp.sys []

S3 P1120VID;Creative WebCam NX Ultra;C:\WINDOWS\system32\DRIVERS\P1120Vid.sys [2004-01-12 10:51]

S3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-01-16 10:31]

S3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 17:13]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

"2008-05-16 15:15:00 C:\WINDOWS\Tasks\Easy Onderhoud.job"

- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

"2008-05-21 10:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"

- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-21 13:47:03

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

C:\WINDOWS\BM0b9f2fb6.xml 0 bytes

C:\WINDOWS\pskt.ini 22 bytes

C:\WINDOWS\system32\edvhekya.ini 294 bytes

Scan succesvol afgerond

verborgen bestanden: 3

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\scardsvr.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\snmp.exe

C:\PROGRA~1\COMMON~1\X10\Common\X10NETS.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\WINDOWS\system32\msiexec.exe

.

**************************************************************************

.

Voltooingstijd: 2008-05-21 13:52:40 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-21 11:52:37

Pre-Run: 36,728,401,920 bytes beschikbaar

Post-Run: 36,953,534,464 bytes beschikbaar

263 --- E O F --- 2008-05-17 01:01:29

in iedere geval nu al bedankt dat u tijd wil investeren om mij te helpen. We komen er vast wel uit.

groetjes

xxx

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\WINDOWS\system32\edvhekya.ini

C:\WINDOWS\BM0b9f2fb6.xml

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\aykehvde.dll

C:\WINDOWS\system32\dtnkbjsv.dll

C:\WINDOWS\system32\odustgvj.dll

C:\WINDOWS\system32\ynxfqkqr.dll

C:\WINDOWS\system32\kbnapnia.dll

C:\WINDOWS\system32\pdleyjfq.dll

C:\WINDOWS\system32\dxpmjgwp.dll

C:\WINDOWS\system32\qewlpuev.ini

C:\WINDOWS\system32\xensutep.dll

C:\WINDOWS\system32\awtSJcab.dll

Folder::

C:\WINDOWS\system32\08ac0ea4

C:\WINDOWS\system32\sX1

C:\WINDOWS\system32\ob3

C:\WINDOWS\system32\mBL

C:\WINDOWS\system32\20467

C:\SDFix

Registry::

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C6C4BA2-1646-0F3A-1FAE-B393C162C92E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FBFF4A37-D663-482D-9847-6333489C6D52}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"08ac1c2a"=-

"BM0b9f2fb6"=-

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis en weet ook eens te vertellen of je nog meldingen krijgt van die “Trojaan”.

Hallo

nadat alles opnieuw was opgestart vond ik nog de 2 volgende meldingen:

Rundll

fout opgetreden tijdens het laden van:

C:\WINDOWS\system32\aykehvde.dll

kan opgegeven module niet vinden

en de tweede melding was dezelfde voor

C:\WINDOWS\system32\dtnkbjsv.dll

verder zijn er geen meldingen van visrussen of zo nog binnengelopen.

ik stuur u zoals gevraagd de twee logfiles

ComboFix 08-05-20.5 - Karin 2008-05-21 16:04:28.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.162 [GMT 2:00]

Gestart vanuit: C:\Documents and Settings\Karin\Bureaublad\ComboFix.exe

Command switches used :: C:\Documents and Settings\Karin\Bureaublad\CFScript.txt

* Nieuw herstelpunt werd aangemaakt

* Resident AV is active

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE ::

C:\WINDOWS\BM0b9f2fb6.xml

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\awtSJcab.dll

C:\WINDOWS\system32\aykehvde.dll

C:\WINDOWS\system32\dtnkbjsv.dll

C:\WINDOWS\system32\dxpmjgwp.dll

C:\WINDOWS\system32\edvhekya.ini

C:\WINDOWS\system32\kbnapnia.dll

C:\WINDOWS\system32\odustgvj.dll

C:\WINDOWS\system32\pdleyjfq.dll

C:\WINDOWS\system32\qewlpuev.ini

C:\WINDOWS\system32\xensutep.dll

C:\WINDOWS\system32\ynxfqkqr.dll

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\SDFix

C:\SDFix\apps\assosfix.reg

C:\SDFix\apps\cliptext.exe

C:\SDFix\apps\download.exe

C:\SDFix\apps\dummy.sys

C:\SDFix\apps\Enable_Command_Prompt.reg

C:\SDFix\apps\ERDNT.E_E

C:\SDFix\apps\ERDNTDOS.LOC

C:\SDFix\apps\ERDNTWIN.LOC

C:\SDFix\apps\ERUNT.EXE

C:\SDFix\apps\ERUNT.LOC

C:\SDFix\apps\fix.reg

C:\SDFix\apps\FixBH.reg

C:\SDFix\apps\FixComponents.reg

C:\SDFix\apps\FIXCU.reg

C:\SDFix\apps\FIXLM.reg

C:\SDFix\apps\FixPath.exe

C:\SDFix\apps\FixRedir.reg

C:\SDFix\apps\FixSchedule.reg

C:\SDFix\apps\FixWebCheck.reg

C:\SDFix\apps\fixXP.reg

C:\SDFix\apps\FixXPsp2.reg

C:\SDFix\apps\grep.exe

C:\SDFix\apps\HPFix.reg

C:\SDFix\apps\HPFix2.reg

C:\SDFix\apps\HPFix3.reg

C:\SDFix\apps\HPFix4.reg

C:\SDFix\apps\HPFix5.reg

C:\SDFix\apps\HPFix6.reg

C:\SDFix\apps\HPFix7.reg

C:\SDFix\apps\HPFix8.reg

C:\SDFix\apps\isadmin.exe

C:\SDFix\apps\leg2.txt

C:\SDFix\apps\legacy.txt

C:\SDFix\apps\legacybk.txt

C:\SDFix\apps\locate.com

C:\SDFix\apps\LS.exe

C:\SDFix\apps\MD5File.exe

C:\SDFix\apps\MyGcpvFix.reg

C:\SDFix\apps\MyGkFix2.reg

C:\SDFix\apps\Process.exe

C:\SDFix\apps\procs.exe

C:\SDFix\apps\psservice.exe

C:\SDFix\apps\Rem.txt

C:\SDFix\apps\Rem2.txt

C:\SDFix\apps\Replace\regedit.exe

C:\SDFix\apps\Replace\W2K.exe

C:\SDFix\apps\Replace\w2k\beep.sys

C:\SDFix\apps\Replace\w2k\null.sys

C:\SDFix\apps\Replace\XP.exe

C:\SDFix\apps\Replace\xp\beep.sys

C:\SDFix\apps\Replace\xp\null.sys

C:\SDFix\apps\Reset_AppInit_DLLs.reg

C:\SDFix\apps\RestartIt!.exe

C:\SDFix\apps\Restore_SecurityCenter.reg

C:\SDFix\apps\Restore_SharedAccess.reg

C:\SDFix\apps\sc.exe

C:\SDFix\apps\sed.exe

C:\SDFix\apps\SF.exe

C:\SDFix\apps\shutdown.exe

C:\SDFix\apps\srv2.txt

C:\SDFix\apps\srv2bk.txt

C:\SDFix\apps\svc.txt

C:\SDFix\apps\svcbk.txt

C:\SDFix\apps\swreg.exe

C:\SDFix\apps\swsc.exe

C:\SDFix\apps\unzip.exe

C:\SDFix\apps\vfind.exe

C:\SDFix\apps\WINMSG.EXE

C:\SDFix\apps\winsec.reg

C:\SDFix\apps\zip.exe

C:\SDFix\backups\backupreg.zip

C:\SDFix\backups\backups.zip

C:\SDFix\backups\HOSTS

C:\SDFix\catchme.exe

C:\SDFix\dummy.sys

C:\SDFix\Report.txt

C:\SDFix\RunThis.bat

C:\SDFix\SDFIX_ReadMe_Online.url

C:\WINDOWS\BM0b9f2fb6.xml

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\08ac0ea4\

C:\WINDOWS\system32\20467

C:\WINDOWS\system32\awtSJcab.dll

C:\WINDOWS\system32\aykehvde.dll

C:\WINDOWS\system32\dtnkbjsv.dll

C:\WINDOWS\system32\dxpmjgwp.dll

C:\WINDOWS\system32\edvhekya.ini

C:\WINDOWS\system32\kbnapnia.dll

C:\WINDOWS\system32\mBL

C:\WINDOWS\system32\ob3

C:\WINDOWS\system32\odustgvj.dll

C:\WINDOWS\system32\pdleyjfq.dll

C:\WINDOWS\system32\qewlpuev.ini

C:\WINDOWS\system32\sX1

C:\WINDOWS\system32\xensutep.dll

C:\WINDOWS\system32\ynxfqkqr.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-04-21 to 2008-05-21 ))))))))))))))))))))))))))))))

.

2008-05-20 21:54 . 2008-05-20 21:54 <DIR> d-------- C:\WINDOWS\ERUNT

2008-05-20 16:41 . 2008-05-20 16:41 <DIR> d----c--- C:\Program Files\Trend Micro

2008-05-20 08:24 . 2008-05-21 16:02 <DIR> dr-h----- C:\Documents and Settings\Karin\Onlangs geopend

2008-05-19 23:50 . 2008-05-19 23:50 <DIR> d----c--- C:\Program Files\ESET

2008-05-19 23:50 . 2008-05-19 23:50 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\ESET

2008-05-19 23:34 . 2008-05-19 23:34 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Avg8

2008-05-14 23:43 . 2008-05-14 23:43 <DIR> d----c--- C:\Program Files\AVG

2008-05-13 20:59 . 2008-05-13 22:39 <DIR> d-------- C:\Documents and Settings\Karin\Application Data\AVGTOOLBAR

2008-05-13 20:41 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-05-13 19:50 . 2008-05-13 19:50 <DIR> d----c--- C:\Program Files\CCleaner

2008-05-12 00:43 . 2008-05-12 00:43 8 --a------ C:\WINDOWS\system32\08ac0ea4

2008-05-10 23:54 . 2008-05-10 23:54 <DIR> d----c--- C:\Documents and Settings\LocalService\Mijn documenten

2008-05-08 22:49 . 2008-05-08 22:49 <DIR> d----c--- C:\Program Files\WinUpdater

2008-05-08 22:27 . 2008-05-08 22:27 <DIR> d----c--- C:\Westwood

2008-05-08 22:27 . 2008-05-08 22:27 <DIR> d----c--- C:\Program Files\FLVPlayer4Free

2008-05-08 22:27 . 2008-05-08 22:27 <DIR> d----c--- C:\Program Files\DNA

2008-05-03 21:16 . 2008-05-03 21:16 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers

2008-05-03 21:16 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll

2008-05-03 21:16 . 2007-05-02 11:12 109,704 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys

2008-05-03 21:16 . 2007-05-02 11:12 83,592 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys

2008-05-03 21:16 . 2007-05-02 11:12 15,112 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys

2008-05-03 21:16 . 2007-05-02 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys

2008-05-03 21:16 . 2007-05-02 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys

2008-05-03 21:16 . 2007-05-02 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys

2008-05-03 21:16 . 2007-05-02 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys

2008-05-03 21:15 . 2008-05-03 21:22 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys

2008-05-03 21:15 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-19 06:44 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-05-18 20:33 --------- dc----w C:\Program Files\Spybot - Search & Destroy

2008-05-18 20:23 --------- dc-h--w C:\Program Files\InstallShield Installation Information

2008-05-18 20:17 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-05-18 19:24 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard

2008-05-18 19:19 --------- dc----w C:\Program Files\Common Files\Adobe

2008-05-18 19:18 --------- dc----w C:\Program Files\EA GAMES

2008-05-14 19:55 --------- dc----w C:\Program Files\Zylom Games

2008-05-14 19:55 --------- dc----w C:\Program Files\Telenet EasyCare

2008-05-14 19:55 --------- d-----w C:\Program Files\Yahoo!

2008-05-14 19:54 --------- dc----w C:\Program Files\QuickTime

2008-05-14 19:54 --------- dc----w C:\Program Files\LGGSM

2008-05-14 19:54 --------- dc----w C:\Program Files\Java

2008-05-14 19:54 --------- dc----w C:\Program Files\iMesh

2008-05-14 19:54 --------- dc----w C:\Program Files\Ahead

2008-05-14 19:52 --------- d-----w C:\Documents and Settings\Karin\Application Data\Lavasoft

2008-05-13 21:10 --------- dc----w C:\Program Files\Messenger Plus! 3

2008-05-13 20:37 --------- dc----w C:\Program Files\ContextEnhancer

2008-05-13 18:30 --------- dc----w C:\Program Files\Microsoft Works

2008-05-13 18:27 --------- dc----w C:\Program Files\Common Files\Symantec Shared

2008-05-09 18:25 1,528 -c--a-w C:\Documents and Settings\Andere\Application Data\wklnhst.dat

2008-05-08 20:41 --------- dc----w C:\Program Files\Activision

2008-05-05 18:30 --------- dc----w C:\Program Files\Samsung

2008-05-04 17:37 --------- dc----w C:\Documents and Settings\All Users\Application Data\Trymedia

2008-05-04 17:22 --------- dc----w C:\Program Files\Call of Duty

2008-05-04 17:21 --------- dc----w C:\Program Files\Shareaza

2008-05-04 17:21 --------- dc----w C:\Program Files\Qualcomm

2008-05-04 17:20 --------- dc----w C:\Program Files\Team Factor

2008-05-04 17:19 --------- dc----w C:\Program Files\Team6 game studios

2008-05-04 17:19 --------- dc----w C:\Program Files\Soulseek

2008-05-04 17:19 --------- dc----w C:\Program Files\Sony Ericsson

2008-05-04 17:07 --------- dc----w C:\Program Files\Dreamcatcher Interactive

2005-12-18 23:30 12,360 ----a-w C:\Documents and Settings\Karin\Application Data\wklnhst.dat

2004-11-22 21:56 90 -c--a-w C:\Documents and Settings\Gast\Application Data\wklnhst.dat

2004-07-22 09:51 3,432,656 -c--a-w C:\Program Files\ManagedDX.CAB

2004-07-19 21:58 1,156,363 -c--a-w C:\Program Files\BDANT.cab

2004-07-19 21:53 976,020 -c--a-w C:\Program Files\BDAXP.cab

2004-07-09 13:17 13,265,040 -c--a-w C:\Program Files\dxnt.cab

2004-07-09 08:13 703,080 -c--a-w C:\Program Files\BDA.cab

2004-07-09 08:13 15,493,481 -c--a-w C:\Program Files\DirectX.cab

2004-07-09 03:08 472,576 -c--a-w C:\Program Files\dxsetup.exe

2004-07-09 03:08 2,242,560 -c--a-w C:\Program Files\dsetup32.dll

2004-07-09 02:03 62,976 -c--a-w C:\Program Files\DSETUP.dll

2007-06-23 15:21 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012007062320070624\index.dat

2005-06-06 18:38 196 --sh--w C:\WINDOWS\system32\oreplv\csrss.dat

.

((((((((((((((((((((((((((((( snapshot@2008-05-21_13.52.24.50 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-21 11:46:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-21 14:08:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-21 14:09:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_64c.dat

+ 2008-05-21 14:09:12 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_724.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-27 15:30 335872]

"Cmaudio"="cmicnfg.cpl" [2004-01-07 16:14 2453504 C:\WINDOWS\CMICNFG.CPL]

"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2004-04-05 10:09 61440]

"CHotkey"="mHotkey.exe" [2004-02-24 14:05 508416 C:\WINDOWS\mHotkey.exe]

"ledpointer"="CNYHKey.exe" [2004-02-03 17:15 5794816 C:\WINDOWS\CNYHKey.exe]

"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2003-10-13 04:04 184320]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]

"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-19 14:03 45056]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 09:23 132624]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

"08ac1c2a"="C:\WINDOWS\system32\aykehvde.dll" [ ]

"BM0b9f2fb6"="C:\WINDOWS\system32\dtnkbjsv.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]

Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"AllowLegacyWebView"= 1 (0x1)

"AllowUnhashedWebView"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 17:51 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnoLDvV]

nnnoLDvV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.thx32"= thx32.acm

"wave.dvaudio"= dvaudio.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^MyWebSearch Email Plugin.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\MyWebSearch Email Plugin.lnk

backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Karin^Menu Start^Programma's^Opstarten^MyWebSearch Email Plugin.lnk]

path=C:\Documents and Settings\Karin\Menu Start\Programma's\Opstarten\MyWebSearch Email Plugin.lnk

backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csrss]

C:\WINDOWS\system32\oreplv\csrss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]

--a------ 2004-04-02 13:31 86016 C:\WINDOWS\Dit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

C:\WINDOWS\system32\oreplv\csrss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

C:\Program Files\Messenger Plus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]

C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]

C:\Program Files\Plaxo\2.2.3.5\InstallStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

C:\WINDOWS\system32\oreplv\csrss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\system32\\muzapp.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\DNA\\btdna.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]

R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 10:03]

R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 11:04]

R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 11:47]

R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 13:07]

S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2005-06-30 21:24]

S3 IIUSBISP;USB Mass Storage for USB ISP;C:\WINDOWS\system32\Drivers\iiusbisp.sys []

S3 P1120VID;Creative WebCam NX Ultra;C:\WINDOWS\system32\DRIVERS\P1120Vid.sys [2004-01-12 10:51]

S3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-01-16 10:31]

S3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 17:13]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

"2008-05-16 15:15:00 C:\WINDOWS\Tasks\Easy Onderhoud.job"

- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

"2008-05-21 14:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"

- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-21 17:00:04

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\scardsvr.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\snmp.exe

C:\PROGRA~1\COMMON~1\X10\Common\X10NETS.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\msiexec.exe

.

**************************************************************************

.

Voltooingstijd: 2008-05-21 17:05:56 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-21 15:05:52

ComboFix2.txt 2008-05-21 11:52:41

Pre-Run: 39,188,332,544 bytes beschikbaar

Post-Run: 39,156,568,064 bytes beschikbaar

340 --- E O F --- 2008-05-17 01:01:29

en

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:11:51, on 05/21/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Home Cinema\PowerCinema\PCMService.exe

C:\WINDOWS\mHotkey.exe

C:\WINDOWS\CNYHKey.exe

C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [sMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [08ac1c2a] rundll32.exe "C:\WINDOWS\system32\aykehvde.dll",b

O4 - HKLM\..\Run: [bM0b9f2fb6] Rundll32.exe "C:\WINDOWS\system32\dtnkbjsv.dll",s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://blacknr72.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/23b2b94751f7cd2f3306/netzip/RdxIE601.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124359675203

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://blacknr72.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {82CF9738-0BDA-4AAF-AB08-5AC5875FF3BB} (YMultiRecord Class) - http://www.biovoorjou.be/cdrom/BVJ_1/werkbestanden/localplayer/recording/yrecording.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game17.zylomgames.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://sonypictures.com/games/heavyweapon/popcaploader_v6.cab

O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O20 - Winlogon Notify: nnnoLDvV - nnnoLDvV.dll (file missing)

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--

End of file - 10060 bytes

groetjes

xxx

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O4 - HKLM\..\Run: [08ac1c2a] rundll32.exe "C:\WINDOWS\system32\aykehvde.dll",b

O4 - HKLM\..\Run: [bM0b9f2fb6] Rundll32.exe "C:\WINDOWS\system32\dtnkbjsv.dll",s

O20 - Winlogon Notify: nnnoLDvV - nnnoLDvV.dll (file missing)

Klik op 'Fix checked' om de items te verwijderen.

En dan hoor ik graag of je foutmeldingen nu al weg zijn ?

Hallo

de computer geeft bij het heropstarten geen enkele waarschuwing of probleemmeer weer.

Mag ik er dan van uitgaan dat alle problemen van de computer verdwenen zijn?

groetjes

en in ieder geval al bedankt voor de vele moeite.

XXX

de computer geeft bij het heropstarten geen enkele waarschuwing of probleemmeer weer. Mag ik er dan van uitgaan dat alle problemen van de computer verdwenen zijn?

Dat mag je zeker

Problemen van de baan, dan is het nog tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten. En je JAVA kan een update gebruiken.

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Download CCleaner.

Installeer het en start het op. Start CCleaner op en klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scannen voor fouten’. Als er fouten gevonden worden klik je op ”alle fouten herstellen” en ”OK”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

Je Java software is verouderd. Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem. Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren.

Download Java Runtime Environment (JRE) 6u6.

• Scroll omlaag naar : "Java Runtime Environment (JRE) 6u6".
  
• Klik op de "Download" knop aan de rechterkant.
  
• In het uitklapmenu rechts naast Platform, selecteer “Windows”.
  
• Vink aan: "I agree to the Java SE Runtime Environment 6 License Agreement", en klik op “Continue”.
  
• De pagina zal herladen.
  
• Klik op de jre-6u6-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
  
• Sluit alle programma's die eventueel open zijn, zeker je webbrowser.
  
• Ga dan naar Start -> Configuratiescherm -> Software en verwijder alle oudere versies van Java uit de Softwarelijst.
  
• Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
  
• Klik dan op “Verwijderen” of op de “Wijzig/Verwijder” knop.
  
• Herhaal dit tot alle oudere versies verdwenen zijn.
  
• Na het verwijderen van alle oudere versies, herstart je pc.
  
• Dubbelklik vervolgens op jre-6u6-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.
  

That’s it !