Trojaanse paarden

[DSVD]

Ik heb een aantal trojaanse paarden op pc. Virusscanner Mcaffee geeft melding maar ze blijven actief. Malwarebytes heeft ze gevonden maar niet allemaal verwijderd, ad-aware heeft er ook in quarataine geplaatst en toch blijf ik fouten krijgen in system32, internet valt weg pc zit dan uiteindelijk vast. Wat kan ik nog proberen?

[kape]

Download HijackThis

Klik bij "HijackThis Downloads" op "Installer".

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Klik op de snelkoppeling om HijackThis te starten

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

[DSVD]

Beste

hierbij de log van systeem.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:55:21, on 4/03/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe

C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

C:\Program Files\UltraMon\UltraMon.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\Pure Networks\Network Magic\nmapp.exe

C:\Program Files\Belgium Identity Card\beid35gui.exe

C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\Program Files\UltraMon\UltraMonTaskbar.exe

C:\Program Files\MacroData Inc\NetDrive\netdrive.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\DisplayFusion\DisplayFusion.exe

C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Hans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Synology Data Replicator 3\SynoDrService.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe

C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Documents and Settings\Hans\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE

C:\Documents and Settings\Hans\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: DIALux 3.1 ULDBrowserHelper Class - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Program Files\DIALux\DLXShellExtension.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101111083325.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [HPWQTOOLBOX] C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe "-i"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

O4 - HKLM\..\Run: [ultraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

O4 - HKLM\..\Run: [Netdrive] C:\Program Files\MacroData Inc\NetDrive\netdrive.exe -tray

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files\DisplayFusion\DisplayFusion.exe"

O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Hans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: automount.bat

O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe

O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/59.20/uploader2.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.be/s/v/52.09/uploader2.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://colruyt.fujiprint.be/Colruyt/UserControls/Part/Upload/ImageUploader5.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://colruyt.fujiprint.be/Colruyt/UserControls/Part/Upload/ImageUploader4.cab

O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} (kasRmtHlp Class) - http://www.manit.be/inc/kaxRemote.dll

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://eu.ntrsupport.com/inquiero/mod/setup/ntractivex118_28.cab

O16 - DPF: {E7E87499-8B30-46DF-BD3C-23F3DD48A5A6} (CafcaDataLink.CDL) - http://www.cafca.be/private/catalog/CafcaDataLink.CAB

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: FireF1212ox Driver (121221ox) - Unknown owner - C:\WINDOWS\system32\212fox.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: DIAL Communication Service (DialComService) - Unknown owner - C:\Program Files\DIAL GmbH\DIAL Communication Framework\DialComService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: MS93 Media Confvop Center (Media93) - ©360.cn Inc.All Rights Reserved. - C:\Program Files\Internet Explorer\Anti93.exe

O23 - Service: MS94 Media Confvop Center (Media94) - ???? - C:\Program Files\Internet Explorer\Anti94.exe

O23 - Service: MS95 Media Confvop Center (Media95) - ???? - C:\Program Files\Internet Explorer\Anti95.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

O23 - Service: Microsoft Updatelby Software is private services (Microsoft Updatexub12) - ©360.cn Inc.All Rights Reserved. - C:\Program Files\Internet Explorer\12nnw.exe

O23 - Service: Microsoft Updateqbp Software is private services (Microsoft Updateyzq.exe) - ©360.cn Inc.All Rights Reserved. - C:\Program Files\Internet Explorer\lqbcvm.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: NetDrive Service (ndsvc) - MacroData Inc. - C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OKI OPHG DCS Loader - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHGLDCS.EXE

O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\Program Files\Radmin\r_server.exe (file missing)

O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe

O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SynoDrService - Unknown owner - C:\Program Files\Synology Data Replicator 3\SynoDrService.exe

O23 - Service: Windows93 (WinHe93) - ©360.cn Inc.All Rights Reserved. - C:\WINDOWS\system32\WinH932.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 18643 bytes

[kape]

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop "Microsoft Updatexub12"

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete "Microsoft Updatexub12"

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop "Microsoft Updateyzq.exe"

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete "Microsoft Updateyzq.exe"

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop WinHe93

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete WinHe93

Druk op Enter.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} –

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

---------- Post toegevoegd om 10:51 ---------- Vorige post was om 10:51 ----------

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop "Microsoft Updatexub12"

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete "Microsoft Updatexub12"

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop "Microsoft Updateyzq.exe"

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete "Microsoft Updateyzq.exe"

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop WinHe93

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete WinHe93

Druk op Enter.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} –

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

[DSVD]

Bedankt voor de info, we zijn ondertussen al een stuk verder en hieronder het resultaat. Hans.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:20:19, on 4/03/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe

C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe

C:\Program Files\UltraMon\UltraMon.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\Pure Networks\Network Magic\nmapp.exe

C:\Program Files\Belgium Identity Card\beid35gui.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\UltraMon\UltraMonTaskbar.exe

C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\MacroData Inc\NetDrive\netdrive.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\DisplayFusion\DisplayFusion.exe

C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

C:\Documents and Settings\Hans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Synology Data Replicator 3\SynoDrService.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe

C:\Program Files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe

C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: DIALux 3.1 ULDBrowserHelper Class - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Program Files\DIALux\DLXShellExtension.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101111083325.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [HPWQTOOLBOX] C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe "-i"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

O4 - HKLM\..\Run: [ultraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

O4 - HKLM\..\Run: [Netdrive] C:\Program Files\MacroData Inc\NetDrive\netdrive.exe -tray

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files\DisplayFusion\DisplayFusion.exe"

O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Hans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: automount.bat

O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe

O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/59.20/uploader2.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.be/s/v/52.09/uploader2.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://colruyt.fujiprint.be/Colruyt/UserControls/Part/Upload/ImageUploader5.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://colruyt.fujiprint.be/Colruyt/UserControls/Part/Upload/ImageUploader4.cab

O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} (kasRmtHlp Class) - http://www.manit.be/inc/kaxRemote.dll

O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://eu.ntrsupport.com/inquiero/mod/setup/ntractivex118_28.cab

O16 - DPF: {E7E87499-8B30-46DF-BD3C-23F3DD48A5A6} (CafcaDataLink.CDL) - http://www.cafca.be/private/catalog/CafcaDataLink.CAB

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: FireF1212ox Driver (121221ox) - Unknown owner - C:\WINDOWS\system32\212fox.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: DIAL Communication Service (DialComService) - Unknown owner - C:\Program Files\DIAL GmbH\DIAL Communication Framework\DialComService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: MS93 Media Confvop Center (Media93) - ©360.cn Inc.All Rights Reserved. - C:\Program Files\Internet Explorer\Anti93.exe

O23 - Service: MS94 Media Confvop Center (Media94) - ???? - C:\Program Files\Internet Explorer\Anti94.exe

O23 - Service: MS95 Media Confvop Center (Media95) - ???? - C:\Program Files\Internet Explorer\Anti95.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

O23 - Service: Microsoft Updateqbp Software is private services (Microsoft Updateyzq.exe) - ©360.cn Inc.All Rights Reserved. - C:\Program Files\Internet Explorer\lqbcvm.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: NetDrive Service (ndsvc) - MacroData Inc. - C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OKI OPHG DCS Loader - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHGLDCS.EXE

O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\Program Files\Radmin\r_server.exe (file missing)

O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe

O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SynoDrService - Unknown owner - C:\Program Files\Synology Data Replicator 3\SynoDrService.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 17887 bytes

alwarebytes' Anti-Malware 1.50.1.1100

Malwarebytes

Databaseversie: 5950

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/03/2011 16:17:09

mbam-log-2011-03-04 (16-17-09).txt

Scantype: Volledige scan (C:\|)

Objecten gescand: 296651

Verstreken tijd: 2 uur/uren, 12 minuut/minuten, 27 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

[kape]

Krijg je nu van één van je programma's nog meldingen over Trojaantjes ?

[DSVD]

Ja, toch wel en de netwerk- en internet connectie valt ook weg na een bepaalde tijd. Ze zijn wel niet meer zo talrijk.

Ook nog volgende fout generic host proces for win32 sevices. Daarnet stond de winhe 93 in een self extracting bestand van Winrar.

Nog suggesties wat ik kan doen?

[kape]

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[DSVD]

Hierbij het volledige logbestand. Bedankt voor de info.

ComboFix 11-03-05.01 - Hans 06/03/2011 7:59.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3070.2049 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Hans\Mijn documenten\Downloads\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: McAfee Antivirus en antispyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Menu Start\HP Image Zone .lnk

c:\documents and settings\Hans\3.exe

c:\windows\Install

c:\windows\Install\setup.iss

c:\windows\system32\cs.exe

c:\windows\system32\csftxctl.ocx

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\Legacy_FIREFOX

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-02-06 to 2011-03-06 ))))))))))))))))))))))))))))))

.

.

2011-03-05 12:35 . 2011-03-06 06:50 129821 ----a-w- c:\windows\admier.exe

2011-03-05 12:34 . 2011-03-06 06:50 129821 ----a-w- c:\windows\scrker.exe

2011-03-05 12:33 . 2011-03-05 19:10 92040 ----a-w- c:\windows\scrwer.exe

2011-03-05 12:00 . 2011-03-05 12:00 -------- d--h--r- c:\documents and settings\Hans\Onlangs geopend

2011-03-04 19:56 . 2011-03-04 19:56 -------- d-----w- C:\foutmeldingen

2011-03-04 05:54 . 2011-03-04 05:54 388096 ----a-r- c:\documents and settings\Hans\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-03-04 05:54 . 2011-03-04 05:54 -------- d-----w- c:\program files\Trend Micro

2011-03-03 07:52 . 2011-03-06 06:53 50379590 ----a-w- c:\windows\system32\WinH932.exe

2011-03-03 05:44 . 2011-03-03 05:45 -------- d-----w- c:\program files\CCleaner

2011-02-28 04:32 . 2011-02-28 17:35 31553712 ----a-w- c:\program files\Internet Explorer\12nnw.exe

2011-02-27 14:43 . 2011-02-27 19:12 31527840 ----a-w- c:\program files\Internet Explorer\Anti95.exe

2011-02-27 07:56 . 2011-02-28 20:30 62976244 ----a-w- c:\program files\Internet Explorer\Anti94.exe

2011-02-26 14:54 . 2011-02-27 11:20 49 ----a-w- c:\windows\system32\Lonely.sys

2011-02-25 19:43 . 2011-02-25 19:43 31528016 ----a-w- c:\program files\Internet Explorer\lqbcvm.exe

2011-02-25 09:42 . 2011-02-25 09:42 25208914 ----a-w- c:\windows\system32\212fox.exe

2011-02-25 09:37 . 2011-02-25 09:40 -------- d-----w- C:\symbols

2011-02-25 09:32 . 2011-02-25 09:37 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)

2011-02-25 09:32 . 2011-02-25 09:32 -------- d-----w- c:\program files\Microsoft SDKs

2011-02-25 07:25 . 2011-02-25 07:25 -------- d-----w- c:\documents and settings\Hans\Application Data\Malwarebytes

2011-02-25 04:56 . 2011-03-01 04:34 63012145 ----a-w- c:\program files\Internet Explorer\Anti93.exe

2011-02-24 20:55 . 2011-02-23 01:00 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-02-24 20:20 . 2011-02-23 01:00 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-02-24 20:20 . 2011-02-24 20:20 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-02-24 20:19 . 2011-02-24 20:19 -------- d-----w- c:\documents and settings\Hans\Local Settings\Application Data\Sunbelt Software

2011-02-24 20:10 . 2011-02-24 20:10 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E53F90E0-D7CA-4310-8844-F6E688407890}

2011-02-24 06:06 . 2011-02-24 18:46 -------- d-----w- c:\documents and settings\Hans\Application Data\DisplayFusion

2011-02-23 07:19 . 2011-02-23 07:19 -------- d-----w- c:\documents and settings\All Users\Application Data\DIAL GmbH

2011-02-23 07:19 . 2011-02-23 07:19 -------- d-----w- c:\program files\DIAL GmbH

2011-02-23 07:16 . 2011-02-26 21:23 130 ----a-w- c:\windows\system32\mcsql.vbs

2011-02-23 07:13 . 2011-02-23 07:13 -------- d-----w- c:\windows\DIALux

2011-02-17 15:08 . 2011-02-02 20:40 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-17 13:10 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-17 13:10 . 2011-02-17 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-02-17 13:10 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-17 13:10 . 2011-03-04 12:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-16 19:26 . 2011-02-27 14:08 -------- d-----w- c:\windows\system32\ISQL

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-01 20:06 . 2009-02-06 05:26 2263 ----a-w- c:\documents and settings\All Users\Application Data\xml87.tmp

2011-03-01 20:06 . 2008-01-31 08:57 13433 ----a-w- c:\documents and settings\All Users\Application Data\xml99.tmp

2011-03-01 20:06 . 2008-01-31 08:57 7415 ----a-w- c:\documents and settings\All Users\Application Data\xml98.tmp

2011-02-02 18:19 . 2007-10-21 17:57 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-01-21 14:44 . 2004-09-13 13:52 441344 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2004-09-13 13:52 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 14:04 . 2004-09-13 13:52 1855104 ----a-w- c:\windows\system32\win32k.sys

2010-12-22 12:34 . 2004-09-13 13:52 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 23:52 . 2004-09-13 13:52 916480 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:52 . 2004-09-13 13:52 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-20 23:52 . 2004-09-13 13:52 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-12-20 17:25 . 2004-09-13 13:52 735232 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55 . 2004-09-13 13:52 385024 ----a-w- c:\windows\system32\html.iec

2010-12-09 15:15 . 2004-09-13 13:52 739328 ----a-w- c:\windows\system32\ntdll.dll

2010-12-09 15:14 . 2004-08-04 00:58 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-12-09 15:14 . 2004-09-13 13:52 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-12-09 14:30 . 2004-09-13 13:52 33280 ----a-w- c:\windows\system32\csrsrv.dll

2010-12-08 12:12 . 2007-06-14 20:45 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2010-12-08 12:11 . 2007-06-14 20:45 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2010-12-08 12:11 . 2007-06-14 20:45 29568 ----a-w- c:\windows\system32\LMIport.dll

2010-12-08 12:11 . 2007-06-14 20:45 87424 ----a-w- c:\windows\system32\LMIinit.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]

"DisplayFusion"="c:\program files\DisplayFusion\DisplayFusion.exe" [2011-02-16 1516264]

"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-07-02 671608]

"Google Update"="c:\documents and settings\Hans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"HPWQTOOLBOX"="c:\program files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe" [2005-06-03 335872]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]

"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-02-24 479232]

"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-12 304640]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]

"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-02-05 2056192]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]

"Netdrive"="c:\program files\MacroData Inc\NetDrive\netdrive.exe" [2011-01-06 3284992]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Hans\Menu Start\Programma's\Opstarten\

automount.bat [2010-11-19 84]

Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2009-2-24 479232]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-4 11000]

BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 661776]

Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

Snelstart HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-11 73728]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2010-12-08 12:11 87424 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Hewlett-Packard\\HP Deskjet 9800 Series\\Toolbox\\HPWQTBX.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"c:\\Program Files\\Synology Data Replicator 3\\Backup.exe"=

"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=

"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

"c:\\Program Files\\MacroData Inc\\NetDrive\\ndsvc.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [24/02/2011 21:20 64512]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/05/2009 10:11 130936]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [27/04/2010 10:30 84072]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [1/10/2010 8:02 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [17/04/2007 13:00 12856]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [22/05/2009 16:55 206112]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [27/04/2010 10:30 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [27/04/2010 10:30 271480]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [27/04/2010 10:31 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [27/04/2010 10:30 141792]

R2 ndsvc;NetDrive Service;c:\program files\MacroData Inc\NetDrive\ndsvc.exe [6/01/2011 7:27 2113536]

R2 SynoDrService;SynoDrService;c:\program files\Synology Data Replicator 3\SynoDrService.exe [12/01/2010 10:45 245760]

R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [24/09/2006 20:22 11776]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [27/04/2010 10:30 55840]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [27/04/2010 10:30 313288]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [27/04/2010 10:30 88544]

R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [24/09/2006 20:23 3584]

S2 121221ox;FireF1212ox Driver;c:\windows\system32\212fox.exe [25/02/2011 10:42 25208914]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/02/2010 22:09 135664]

S2 Media93;MS93 Media Confvop Center;c:\program files\Internet Explorer\Anti93.exe [25/02/2011 5:56 63012145]

S2 Media94;MS94 Media Confvop Center;c:\program files\Internet Explorer\Anti94.exe [27/02/2011 8:56 62976244]

S2 Media95;MS95 Media Confvop Center;c:\program files\Internet Explorer\Anti95.exe [27/02/2011 15:43 31527840]

S2 Microsoft Updateyzq.exe;Microsoft Updateqbp Software is private services;c:\program files\Internet Explorer\lqbcvm.exe [25/02/2011 20:43 31528016]

S2 r_server;Remote Administrator Service;"c:\program files\Radmin\r_server.exe" /service --> c:\program files\Radmin\r_server.exe [?]

S2 sss27154330;sss27154330;c:\windows\System32\svchost.exe /k netsvcs [13/09/2004 14:52 14336]

S2 sss27162730;sss27162730;c:\windows\System32\svchost.exe /k netsvcs [13/09/2004 14:52 14336]

S2 sss27164948;sss27164948;c:\windows\System32\svchost.exe /k netsvcs [13/09/2004 14:52 14336]

S2 sss2716529;sss2716529;c:\windows\System32\svchost.exe /k netsvcs [13/09/2004 14:52 14336]

S2 sss27171215;sss27171215;c:\windows\System32\svchost.exe /k netsvcs [13/09/2004 14:52 14336]

S2 sss2717361;sss2717361;c:\windows\System32\svchost.exe /k netsvcs [13/09/2004 14:52 14336]

S2 sss2718056;sss2718056;c:\windows\System32\svchost.exe /k netsvcs [13/09/2004 14:52 14336]

S2 sss27181930;sss27181930;c:\windows\System32\svchost.exe /k netsvcs [13/09/2004 14:52 14336]

S2 sss27184111;sss27184111;c:\windows\System32\svchost.exe /k netsvcs [13/09/2004 14:52 14336]

S2 sss27192636;sss27192636;c:\windows\System32\svchost.exe /k netsvcs [13/09/2004 14:52 14336]

S2 sss2719341;sss2719341;c:\windows\System32\svchost.exe /k netsvcs [13/09/2004 14:52 14336]

S2 sss27194759;sss27194759;c:\windows\System32\svchost.exe /k netsvcs [13/09/2004 14:52 14336]

S2 sss27201129;sss27201129;c:\windows\System32\svchost.exe /k netsvcs [13/09/2004 14:52 14336]

S2 sss27205537;sss27205537;c:\windows\System32\svchost.exe /k netsvcs [13/09/2004 14:52 14336]

S2 sss2721165;sss2721165;c:\windows\System32\svchost.exe /k netsvcs [13/09/2004 14:52 14336]

S2 WinHe93;Windows93;c:\windows\system32\WinH932.exe [3/03/2011 8:52 50379590]

S2 WinHe94;Windows94;c:\windows\system32\WinH94.exe [6/03/2011 7:50 50379392]

S3 DialComService;DIAL Communication Service;c:\program files\DIAL GmbH\DIAL Communication Framework\DialComService.exe [13/02/2011 22:56 1623552]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [23/02/2011 2:00 1405384]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [23/02/2011 2:00 15232]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [27/04/2010 10:30 88544]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [27/04/2010 10:30 84264]

S3 OKI OPHG DCS Loader;OKI OPHG DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHGLDCS.EXE [11/08/2009 12:04 24576]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/05/2009 10:11 348752]

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - mfeavfk01

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

sss27154330

sss2716529

sss27162730

sss27164948

sss27171215

sss2717361

sss2718056

sss27181930

sss27184111

sss2719341

sss27192636

sss27194759

sss27201129

sss27205537

sss2721165

.

Inhoud van de 'Gedeelde Taken' map

.

2011-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 21:08]

.

2011-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 21:08]

.

2011-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3006110548-1972450442-2407938559-1006Core.job

- c:\documents and settings\Hans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-15 05:20]

.

2011-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3006110548-1972450442-2407938559-1006UA.job

- c:\documents and settings\Hans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-15 05:20]

.

2011-03-04 c:\windows\Tasks\Synology Data Replicator 3-HD-LDVASTEPC-Hans.job

- c:\program files\Synology Data Replicator 3\Backup.exe [2010-09-15 16:52]

.

2011-03-06 c:\windows\Tasks\User_Feed_Synchronization-{55447840-E1D8-447E-80D2-9E097A554BCC}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

DPF: {E7E87499-8B30-46DF-BD3C-23F3DD48A5A6} - hxxp://www.cafca.be/private/catalog/CafcaDataLink.CAB

.

.

------- Bestandsassociaties -------

.

.scr=AutoCADScriptFile

.

- - - - ORPHANS VERWIJDERD - - - -

.

SafeBoot-WudfPf

SafeBoot-WudfRd

AddRemove-McAfee Uninstall Utility - c:\progra~1\McAfee.com\Shared\mcappins.exe

AddRemove-Nokia Multimedia Factory{4CFB3821-1582-4F3B-BF8D-30986923B36B} - c:\documents and settings\All Users\Application Data\Installations\{4CFB3821-1582-4f3b-BF8D-30986923B36B}\Nokia_Multimedia_Factory_2_0.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-03-06 08:15

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

"ImagePath"="c:\windows\System32\svchost.exe /k netsvcs"

"ServiceDll"="c:\windows\Temp\27154330.tmp"

"ImagePath"="c:\windows\System32\svchost.exe /k netsvcs"

"ServiceDll"="c:\windows\Temp\27162730.tmp"

"ImagePath"="c:\windows\System32\svchost.exe /k netsvcs"

"ServiceDll"="c:\windows\Temp\27164948.tmp"

"ImagePath"="c:\windows\System32\svchost.exe /k netsvcs"

"ServiceDll"="c:\windows\Temp\2716529.tmp"

"ImagePath"="c:\windows\System32\svchost.exe /k netsvcs"

"ServiceDll"="c:\windows\Temp\27171215.tmp"

"ImagePath"="c:\windows\System32\svchost.exe /k netsvcs"

"ServiceDll"="c:\windows\Temp\2717361.tmp"

"ImagePath"="c:\windows\System32\svchost.exe /k netsvcs"

"ServiceDll"="c:\windows\Temp\2718056.tmp"

"ImagePath"="c:\windows\System32\svchost.exe /k netsvcs"

"ServiceDll"="c:\windows\Temp\27181930.tmp"

"ImagePath"="c:\windows\System32\svchost.exe /k netsvcs"

"ServiceDll"="c:\windows\Temp\27184111.tmp"

"ImagePath"="c:\windows\System32\svchost.exe /k netsvcs"

"ServiceDll"="c:\windows\Temp\27192636.tmp"

"ImagePath"="c:\windows\System32\svchost.exe /k netsvcs"

"ServiceDll"="c:\windows\Temp\2719341.tmp"

"ImagePath"="c:\windows\System32\svchost.exe /k netsvcs"

"ServiceDll"="c:\windows\Temp\27194759.tmp"

"ImagePath"="c:\windows\System32\svchost.exe /k netsvcs"

"ServiceDll"="c:\windows\Temp\27201129.tmp"

"ImagePath"="c:\windows\System32\svchost.exe /k netsvcs"

"ServiceDll"="c:\windows\Temp\27205537.tmp"

"ImagePath"="c:\windows\System32\svchost.exe /k netsvcs"

"ServiceDll"="c:\windows\Temp\2721165.tmp"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(1260)

c:\windows\system32\LMIinit.dll

.

- - - - - - - > 'explorer.exe'(5808)

c:\program files\McAfee\SiteAdvisor\saHook.dll

c:\program files\UltraMon\RTSUltraMonHook.dll

c:\program files\DisplayFusion\Hooks\DisplayFusionHookx86_C7B767C8-6E44-4452-8B3F-3C51867573DA.dll

c:\windows\system32\webcheck.dll

c:\program files\UltraMon\Resources\en\RTSUltraMonHookRes.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\LMIRfsClientNP.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\System32\SCardSvr.exe

c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\LogMeIn\x86\RaMaint.exe

c:\program files\LogMeIn\x86\LogMeIn.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Internet Explorer\iexplore.exe

c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

c:\program files\Internet Explorer\iexplore.exe

c:\progra~1\MI6841~1\MSSQL\binn\sqlservr.exe

c:\program files\Internet Explorer\iexplore.exe

c:\windows\system32\nvsvc32.exe

c:\progra~1\MI6841~1\MSSQL\binn\sqlagent.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

c:\windows\stsystra.exe

c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\program files\HP\Digital Imaging\bin\hpqimzone.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe

c:\program files\Common Files\Nokia\NoA\nokiaaserver.exe

c:\program files\UltraMon\UltraMonTaskbar.exe

.

**************************************************************************

.

Voltooingstijd: 2011-03-06 08:21:44 - machine werd herstart

ComboFix-quarantined-files.txt 2011-03-06 07:21

.

Pre-Run: 113.402.707.968 bytes beschikbaar

Post-Run: 113.563.480.064 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

.

- - End Of File - - 11D6116DEE3ED5FE8F55305C5007A970

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\admier.exe

c:\windows\scrker.exe

c:\windows\scrwer.exe

c:\windows\system32\WinH932.exe

c:\program files\Internet Explorer\12nnw.exe

c:\program files\Internet Explorer\Anti95.exe

c:\program files\Internet Explorer\Anti94.exe

c:\windows\system32\Lonely.sys

c:\program files\Internet Explorer\lqbcvm.exe

c:\windows\system32\212fox.exe

c:\program files\Internet Explorer\Anti93.exe

Driver::

121221ox

sss27154330

sss27162730

sss27164948

sss2716529

sss2716529

sss27171215

sss2717361

sss2718056

sss27181930

sss27184111

sss27192636

sss2719341

sss27194759

sss27194759

sss27201129

sss27205537

sss2721165

WinHe93

WinHe94

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.