Het is nu za apr 19, 2014 5:25 pm

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles




Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  [ 13 berichten ] 
Auteur Bericht
 Berichttitel: Voor Roelof
BerichtGeplaatst: ma aug 04, 2008 1:19 pm 
Offline
Lid

Geregistreerd: di apr 10, 2007 4:15 pm
Berichten: 31
Hoi Roelof,

Betreft het inmiddels gesloten topic:
http://www.hijackthis.nl/forum/viewtopic.php?t=17664

Ik heb de laatste stappen gedaan en log zal nu dus schoon zijn, alleen als mijn vrouw in haar account nu inlogt komen er drie foutmeldingen:

RunDll fout bij laden
c:\Windows\system32\mcldhrqr.dll
kan opgegeven module niet vinden

RunDll fout bij laden
c:\docume~1\Karin\locals~1\temp\ljJAsPFX.dll
kan opgegeven module niet vinden

RunDll fout bij laden
c:\Windows\system32\yhgcgyvf.dll
kan opgegen module niet vinden

Heb jij enig idee hoe dit op te lossen is?

Alvast bedankt!

-------------------------------------------------
Hijack logje vanaf haar account...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:21:17, on 4-8-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Karin\Application Data\Smilebox\SmileboxTray.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toddler.nl/content/pages/home.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\Karin\Application Data\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [1ca27d79] rundll32.exe "C:\WINDOWS\system32\yhgcgyvf.dll",b
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\DOCUME~1\Karin\LOCALS~1\Temp\ljJAsPFX.dll,#1
O4 - HKCU\..\Run: [BM1f914ee5] Rundll32.exe "C:\WINDOWS\system32\mcldhrqr.dll",s
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Snelkoppeling naar Wanadoo Cable.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.nl
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en ... nicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20B68B0C-B018-48D5-B767-06561C6BAEBA} (SWING.Integrator) - https://www.arboslim.net/ArboSlim/AS-Tr ... rator4.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Shared ... vSniff.cab
O16 - DPF: {400B0651-A911-11D5-A762-008048B70674} (SwIntOffice.SwIntOfficeWeb) - https://www.arboslim.net/ArboSlim/AS-Tr ... iceWeb.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL ... 586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://asp.photoprintit.de/microsite/51 ... oader4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Shared ... /cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp02.photoprintit.de/microsite/ ... loader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Karin/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 10477 bytes


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: ma aug 04, 2008 3:56 pm 
Offline
Helper
Avatar gebruiker

Geregistreerd: vr jun 15, 2007 11:09 pm
Berichten: 3298
Hoi,

We zullen dit varkentje ook even wassen.

1) Start HijackThis op.
- Kies nu voor "Do a system scan only..
- Zet nu een vinkje voor de volgende items:
  • O4 - HKCU\..\Run: [1ca27d79] rundll32.exe "C:\WINDOWS\system32\yhgcgyvf.dll",b
  • O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\DOCUME~1\Karin\LOCALS~1\Temp\ljJAsPFX.dll,#1
  • O4 - HKCU\..\Run: [BM1f914ee5] Rundll32.exe "C:\WINDOWS\system32\mcldhrqr.dll",s

- Sluit nu alle vensters behalve die van HijackThis en kies nu voor "fix checked".

2) Volg deze instructies om Combofix te downloaden :
Voer de instructies op de BleepingComputer pagina uit, inclusief het installeren van de XP Recovery Console
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe
Volg de instructies en aanvaard de disclaimer.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Groetjes,

Roelof


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: di aug 05, 2008 2:14 pm 
Offline
Lid

Geregistreerd: di apr 10, 2007 4:15 pm
Berichten: 31
Hierbij het logje....

ComboFix 08-08-04.01 - Karin 2008-08-05 13:55:54.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.232 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Karin\Bureaublad\ComboFix.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-07-05 to 2008-08-05 ))))))))))))))))))))))))))))))
.

2008-08-01 15:24 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\SYSTEM32\drivers\mbamswissarmy.sys
2008-07-23 08:53 . 2008-07-23 08:53 <DIR> d-------- C:\Program Files\CCleaner
2008-07-22 09:41 . 2008-07-22 09:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-21 16:39 . 2008-07-21 18:28 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-07-21 15:42 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-07-21 15:40 . 2008-07-21 15:40 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-16 14:12 . 2008-08-01 15:24 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-16 14:12 . 2008-07-16 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-16 14:12 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\SYSTEM32\drivers\mbam.sys
2008-07-16 11:11 . 2008-07-16 11:11 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-07-16 11:11 . 2008-07-16 11:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-16 09:50 . 2008-07-16 09:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-15 13:52 . 2008-07-21 15:38 <DIR> d-------- C:\WINDOWS\Governor of Poker

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-05 10:53 --------- d-----w C:\Program Files\Spamihilator
2008-08-04 12:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Retrospect
2008-07-22 13:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-21 13:42 --------- d-----w C:\Program Files\Java
2008-07-16 08:59 --------- d-----w C:\Program Files\MSN Messenger
2008-07-16 07:50 --------- d-----w C:\Program Files\Lavasoft
2008-07-16 07:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-03 22:00 --------- d-----w C:\Program Files\PokerStars.NET
2008-06-20 17:43 247,296 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:43 247,296 ------w C:\WINDOWS\SYSTEM32\dllcache\mswsock.dll
2008-06-20 17:43 148,992 ----a-w C:\WINDOWS\SYSTEM32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\dllcache\tcpip6.sys
2008-06-14 18:00 272,640 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 18:00 272,640 ------w C:\WINDOWS\SYSTEM32\dllcache\bthport.sys
2008-06-12 17:04 --------- d-----w C:\Documents and Settings\Karin\Application Data\uTorrent
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\SYSTEM32\lsdelete.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\SYSTEM32\dllcache\rmcast.sys
2008-05-07 05:16 1,291,776 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2008-05-07 05:16 1,291,776 ------w C:\WINDOWS\SYSTEM32\dllcache\quartz.dll
2007-06-19 19:02 100,464 ----a-w C:\Documents and Settings\Karin\Application Data\GDIPFONTCACHEV1.DAT
2002-11-05 18:16 55,097 --sha-w C:\WINDOWS\SYSTEM32\2loops_niw.dat
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"SmileboxTray"="C:\Documents and Settings\Karin\Application Data\Smilebox\SmileboxTray.exe" [2007-08-30 20:07 193160]
"Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" [2007-01-24 15:49 619008]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-30 00:56 28739]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2001-06-15 23:34 212992]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2001-08-08 00:36 90112]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2001-07-03 21:13 81920]
"MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2003-05-21 15:30 45056]
"MXO Auto Loader"="C:\WINDOWS\MXOALDR.EXE" [2003-04-07 18:09 118784]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2004-03-10 15:21 406016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 12:36 229376]
"CaAvTray"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" [2006-09-20 15:58 230512]
"CAVRID"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [2006-09-20 15:58 185456]
"VetTray"="C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe" [2004-04-19 17:16 106496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-10-04 21:50 77824]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-05 09:47 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"S3TRAY2"="S3tray2.exe" [2001-12-17 22:09 69632 C:\WINDOWS\SYSTEM32\S3tray2.exe]
"PCTVOICE"="pctspk.exe" [2001-08-02 02:37 155648 C:\WINDOWS\SYSTEM32\pctspk.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 10:03 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 18:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mxmc"= MimicICM.DLL
"msacm.enc"= ITIG726.acm
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Casema SnelHelp.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Casema SnelHelp.lnk
backup=C:\WINDOWS\pss\Casema SnelHelp.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--------- 2001-08-08 01:25 143360 C:\WINDOWS\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2004-04-21 20:00 16384 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
--a------ 2002-12-10 19:32 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
--a------ 2002-12-10 19:31 61440 C:\Program Files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2003-08-29 15:17 188416 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2003-08-29 15:20 77824 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--------- 2000-08-30 00:56 28739 C:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2004-05-12 12:27 385024 C:\PROGRA~1\CASEMA~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-10-04 21:50 77824 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2002-02-02 03:46 303104 C:\WINDOWS\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\WINDOWS\\SYSTEM32\\CIMSVR.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\WINDOWS\\SYSTEM32\\rtcshare.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Utorrent\\utorrent.exe"=
"C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ousbehci.sys [2002-11-15 15:54]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2002-11-15 15:54]
S3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2002-01-17 16:18]

*Newly Created Service* - CATCHME
.
Inhoud van de 'Gedeelde Taken' map

2002-08-12 C:\WINDOWS\Tasks\Herinnering voor aanmelding bij Internet-provider 1.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2004-08-04 10:03]

2002-08-15 C:\WINDOWS\Tasks\Herinnering voor aanmelding bij Internet-provider 2.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2004-08-04 10:03]

2002-08-16 C:\WINDOWS\Tasks\Herinnering voor aanmelding bij Internet-provider 3.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2004-08-04 10:03]

2002-08-14 C:\WINDOWS\Tasks\Herinnering voor registratie 1.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2004-08-04 10:03]

2002-08-12 C:\WINDOWS\Tasks\Herinnering voor registratie 3.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2004-08-04 10:03]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.toddler.nl/content/pages/home.php
R1 -: HKCU-Internet Settings,ProxyOverride = localhost
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 -: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {003FADA5-8FEE-11D6-AFB7-0004768F6183} - hxxps://www.p3.postbank.nl/sesam/CAX.cab
C:\WINDOWS\Downloaded Program Files\cryptorsa.ocx

O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll

O16 -: {20B68B0C-B018-48D5-B767-06561C6BAEBA} - hxxps://www.arboslim.net/ArboSlim/AS-Tr ... rator4.CAB
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\Integrator4.INF
C:\WINDOWS\SYSTEM32\msvbvm60.dll
C:\WINDOWS\SYSTEM32\oleaut32.dll
C:\WINDOWS\SYSTEM32\olepro32.dll
C:\WINDOWS\SYSTEM32\asycfilt.dll
C:\WINDOWS\SYSTEM32\stdole2.tlb
C:\WINDOWS\SYSTEM32\comcat.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\bszip.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\Integrator4.ocx

O16 -: {400B0651-A911-11D5-A762-008048B70674} - hxxps://www.arboslim.net/ArboSlim/AS-Tr ... iceWeb.CAB
C:\WINDOWS\Downloaded Program Files\SwIntOfficeWeb.INF
C:\WINDOWS\system32\MSVBVM60.DLL
C:\WINDOWS\system32\OLEAUT32.DLL
C:\WINDOWS\system32\OLEPRO32.DLL
C:\WINDOWS\system32\ASYCFILT.DLL
C:\WINDOWS\system32\STDOLE2.TLB
C:\WINDOWS\system32\COMCAT.DLL
C:\WINDOWS\Downloaded Program Files\bszip.dll
C:\WINDOWS\Downloaded Program Files\SwIntOfficeWeb.ocx

O16 -: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://asp.photoprintit.de/microsite/51 ... oader4.cab
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\IPSUploader.inf
C:\WINDOWS\unicows.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\IPSUploader.ocx

O16 -: {DE591B16-A452-11D6-AED1-0001030A4E46} - hxxps://gto.postbank.nl/GTO/PBGNX.cab
C:\WINDOWS\Downloaded Program Files\PBGNX.ocx

O16 -: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp02.photoprintit.de/microsite/ ... loader.cab
C:\WINDOWS\Downloaded Program Files\IPSUploader.inf
C:\WINDOWS\Downloaded Program Files\ImageUploader_3.ocx
C:\WINDOWS\unicows.dll
C:\WINDOWS\Downloaded Program Files\IPSUploader.ocx


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 14:00:21
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-08-05 14:06:11
ComboFix-quarantined-files.txt 2008-08-05 12:04:57
ComboFix2.txt 2008-08-01 14:10:45

Pre-Run: 31,166,554,112 bytes beschikbaar
Post-Run: 31,226,433,536 bytes beschikbaar

210 --- E O F --- 2008-07-09 13:19:59
----------------------------------------------------------------------------
Hijackthisfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:16:09, on 5-8-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe
C:\Documents and Settings\Karin\Application Data\Smilebox\SmileboxTray.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toddler.nl/content/pages/home.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\Karin\Application Data\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Snelkoppeling naar Wanadoo Cable.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.nl
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en ... nicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20B68B0C-B018-48D5-B767-06561C6BAEBA} (SWING.Integrator) - https://www.arboslim.net/ArboSlim/AS-Tr ... rator4.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Shared ... vSniff.cab
O16 - DPF: {400B0651-A911-11D5-A762-008048B70674} (SwIntOffice.SwIntOfficeWeb) - https://www.arboslim.net/ArboSlim/AS-Tr ... iceWeb.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL ... 586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://asp.photoprintit.de/microsite/51 ... oader4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Shared ... /cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp02.photoprintit.de/microsite/ ... loader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Karin/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 11242 bytes
----------------------------------------------

Foutmeldingen zijn weg.. dus uninstal combofix maar?


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: di aug 05, 2008 2:27 pm 
Offline
Helper
Avatar gebruiker

Geregistreerd: vr jun 15, 2007 11:09 pm
Berichten: 3298
Yep,

Alles is weg.

Verwijder ComboFix via Start > Uitvoeren, kopiƫer en plak Combofix /U, en Enter.
Dit verwijdert zowel ComboFix als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

Lees om herhaling te voorkomen deze beveiligingstips nog eens door.

Groetjes,

Roelof


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: di aug 05, 2008 3:03 pm 
Offline
Lid

Geregistreerd: di apr 10, 2007 4:15 pm
Berichten: 31
okay.. bedankt voor je snelle hulp..

laatste vraagje: normaal als wij onze digitale camera aansluiten geeft de pc gelijk een schermpje met opties wat je wilt doen... (hetzelfde als je bijvoorbeeld een cd inlaad)
Dit doet hij nu niet meer...

weet jij wellicht een oplossing? ergens een vinkje zetten ofzo?

ik hoor het graag van je!


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: wo aug 06, 2008 8:34 pm 
Offline
Lid

Geregistreerd: di apr 10, 2007 4:15 pm
Berichten: 31
roelof,

wist jij een oplossing hiervoor of heeft dat weinig met dit forum te maken?

mvg.


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: wo aug 06, 2008 9:00 pm 
Offline
Helper
Avatar gebruiker

Geregistreerd: vr jun 15, 2007 11:09 pm
Berichten: 3298
yep,

de oplossing is dit :

Open kladblok en kopieer en plak volgende vetgedrukte erin:
(vergeet REGEDIT4 niet te kopieren en plakken!)

REGEDIT4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveAutoRun"=dword:00000000
"NoDriveTypeAutoRun"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveAutoRun"=dword:00000000
"NoDriveTypeAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun"=dword:00000001


Sla dit op als fix.reg kies voor opslaan als *alle bestanden en plaats het op je bureaublad.
Zo moet die regfix er nadien uitzien: Afbeelding
Dubbelklik erop.
Bij de vraag of je het wilt toevoegen aan het register, klik je op ja/ok.

Groetjes,

Roelof


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: wo aug 06, 2008 10:13 pm 
Offline
Lid

Geregistreerd: di apr 10, 2007 4:15 pm
Berichten: 31
okay... ben nu op me werk, maar is dat dan een autorun voor alleen de cd speler of ook voor de andere op een usb aangesloten apparaten? zoals die digitale camera en soms een scanner?

Want ook bij die mis ik dat menu opeens die vraagt "wat te doen":
open met...
wissard scanner openen
map openen en kopieeren naar...

dat soort opties...

in elk geval weer bedankt voor het meedenken...
als die weer werkt dan is de PC weer tiptop!


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: do aug 07, 2008 7:34 am 
Offline
Helper
Avatar gebruiker

Geregistreerd: vr jun 15, 2007 11:09 pm
Berichten: 3298
Dit is het inschakelen van autorun voor alle apparaten.

Roelof


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: vr aug 08, 2008 2:45 pm 
Offline
Lid

Geregistreerd: di apr 10, 2007 4:15 pm
Berichten: 31
Ik heb het gedaan zoals je vermeldde, maar het werkt nog steeds niet.

Ik zie wel dat als ik het dockingstation van de digitale camera aanzet dat hij even een "zandlopertje" toont. Daarna staat er in "mijn computer" wel de extra schijf, in dit geval G, maar dat gezochten keuze menu start hij niet automatisch.

Kan bij G > instellingen wel een keuze maken. Daar staat hij elke keer op muziekbestanden. Als ik dit wijzig naar afbeelding dat zien ik wel het menu wat ik zou willen hebben zodra ik de camera aanzet, maar het werkt niet.
Als ik dat probeer, gaan de instellingen vanzelf weer terug naar "muziekbestanden....."

Hopenlijk begrijp je wat ik bedoel...

Succes... en ik hoor het wel!


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: vr aug 08, 2008 6:02 pm 
Offline
Helper
Avatar gebruiker

Geregistreerd: vr jun 15, 2007 11:09 pm
Berichten: 3298
Hoi,

Ik begrijp wat je bedoelt.

Kun je het programma op deze pagina proberen.

Roelof


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: za aug 09, 2008 5:02 pm 
Offline
Lid

Geregistreerd: di apr 10, 2007 4:15 pm
Berichten: 31
Roelof,
Bedankt voor deze tip..

Het werkt nu weer allemaal!

Nogmaals bedankt voor al je hulp en succes verder met dit forum.
Jullie doen prima werk.


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: za aug 09, 2008 5:22 pm 
Offline
Helper
Avatar gebruiker

Geregistreerd: vr jun 15, 2007 11:09 pm
Berichten: 3298
geen dank, graag gedaan.

Roelof


Omhoog
 Profiel  
 
Geef de vorige berichten weer:  Sorteer op  
Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  [ 13 berichten ] 

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles


Wie is er online

Gebruikers op dit forum: Geen geregistreerde gebruikers. en 8 gasten


Je mag geen nieuwe onderwerpen in dit forum plaatsen
Je mag niet antwoorden op een onderwerp in dit forum
Je mag je berichten in dit forum niet wijzigen
Je mag je berichten niet uit dit forum verwijderen
Je mag geen bijlagen toevoegen in dit forum

Ga naar:  
Powered by phpBB® Forum Software © phpBB Group
phpBB.nl Vertaling