Check Up

Status
Niet open voor verdere reacties.
Aflitto

Aflitto

de laatste tijd heb ik nogal wat last van vervelende pop-ups. Misschien vind ik hier de oplossing?

logje:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:04:05, on 25/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Telemeter 3.0\Telemeter3.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: {e827063e-3027-1d58-1fb4-cd32beb50d80} - {08d05beb-23dc-4bf1-85d1-7203e360728e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra 'Tools' menuitem: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{97CAE508-5D18-4806-A0BC-3531D94FF0B9}: NameServer = 85.255.112.125;85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{E24EAEB2-35DE-4491-B9D2-98B171C684A1}: NameServer = 85.255.112.125;85.255.112.5
O20 - AppInit_DLLs: gosezi.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdljv.exe

--
End of file - 6766 bytes
 
Download MBAM (Malwarebytes' Anti-Malware) via hier of hier.
  • Dubbelklik op mbam-setup.exe om het programma te installeren.
    • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
    • Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
    • Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
    • De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.
    • Kopieer en plak de inhoud van het logje in je volgend antwoord, samen met een nieuw HijackThis log.
    Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
    Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.
 
Malwarebytes' Anti-Malware 1.30
Database versie: 1430
Windows 6.0.6001 Service Pack 1

27/11/2008 18:41:38
mbam-log-2008-11-27 (18-41-38).txt

Scan type: Snelle Scan
Objecten gescand: 49501
Verstreken tijd: 3 minute(s), 1 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 1
Registersleutels geïnfecteerd: 6
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 9
Mappen geïnfecteerd: 1
Bestanden geïnfecteerd: 14

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot.

Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b1892f58-1116-4dec-92aa-577872ec3d3d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Tribute Service (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sexvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{97cae508-5d18-4806-a0bc-3531d94ff0b9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.125;85.255.112.5 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e24eaeb2-35de-4491-b9d2-98b171c684a1}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.125;85.255.112.5 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e24eaeb2-35de-4491-b9d2-98b171c684a1}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.125;85.255.112.5 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{97cae508-5d18-4806-a0bc-3531d94ff0b9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.125;85.255.112.5 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{e24eaeb2-35de-4491-b9d2-98b171c684a1}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.125;85.255.112.5 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{e24eaeb2-35de-4491-b9d2-98b171c684a1}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.125;85.255.112.5 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{97cae508-5d18-4806-a0bc-3531d94ff0b9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.125;85.255.112.5 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{e24eaeb2-35de-4491-b9d2-98b171c684a1}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.125;85.255.112.5 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{e24eaeb2-35de-4491-b9d2-98b171c684a1}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.125;85.255.112.5 -> Quarantined and deleted successfully.

Mappen geïnfecteerd:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:
C:\Users\Gebruiker\AppData\Local\Temp\TDSS4f5d.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Gebruiker\AppData\Local\Temp\TDSS7271.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Gebruiker\AppData\Local\Temp\TDSSd0f1.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\tdssinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Gebruiker\AppData\Local\Temp\TDSS48ab.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Gebruiker\AppData\Local\Temp\TDSS48bb.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Gebruiker\AppData\Local\Temp\TDSS4f4d.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Gebruiker\AppData\Local\Temp\TDSS7223.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Gebruiker\AppData\Local\Temp\TDSSd0e1.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Gebruiker\AppData\Local\Temp\sfsrv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:45:42, on 27/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Telemeter 3.0\Telemeter3.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: {e827063e-3027-1d58-1fb4-cd32beb50d80} - {08d05beb-23dc-4bf1-85d1-7203e360728e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra 'Tools' menuitem: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{E24EAEB2-35DE-4491-B9D2-98B171C684A1}: NameServer = 85.255.112.125;85.255.112.5
O20 - AppInit_DLLs: gosezi.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 6756 bytes
 
Hoi,

open HijackThis, klik op do a scan only en vink volgende regels aan:

O2 - BHO: {e827063e-3027-1d58-1fb4-cd32beb50d80} - {08d05beb-23dc-4bf1-85d1-7203e360728e} - (no file)
O9 - Extra button: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default...;EN-US;KBHOWTO (file missing)
O9 - Extra 'Tools' menuitem: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default...;EN-US;KBHOWTO (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E24EAEB2-35DE-4491-B9D2-98B171C684A1}: NameServer = 85.255.112.125;85.255.112.5
O20 - AppInit_DLLs: gosezi.dll

Sluit alle open vensters, behalve Hijackthis, en klik op Fix Checked. Sluit HijackThis.

Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

* Download Java Runtime Environment (JRE) 6u10.
  • Scroll omlaag naar : "Java Runtime Environment (JRE) 6u10".
  • Klik op de "Download" knop aan de rechterkant.
  • Vink aan: "Accept License Agreement".
  • De pagina zal herladen.
  • Klik op de link om Windows Offline Installation te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad.
  • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
  • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
  • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
  • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
  • Herhaal dit tot alle oudere versies verdwenen zijn.
  • Na het verwijderen van alle oudere versies, herstart je pc.
  • Dubbelklik vervolgens op jre-6u10-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Vervolgens,
herstart je je PC en post je een nieuw HijackThis logje ter controle. Laat me ook weten hoe alles werkt.
 
lijkt opnieuw wat vlotter te draaien, thx

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35:07, on 27/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Telemeter 3.0\Telemeter3.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\EXPLORER.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{97CAE508-5D18-4806-A0BC-3531D94FF0B9}: NameServer = 85.255.112.125;85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{E24EAEB2-35DE-4491-B9D2-98B171C684A1}: NameServer = 85.255.112.125;85.255.112.5
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 6335 bytes
 
Hoi,

open HijackThis, klik op do a scan only en vink volgende regels aan:

O17 - HKLM\System\CCS\Services\Tcpip\..\{97CAE508-5D18-4806-A0BC-3531D94FF0B9}: NameServer = 85.255.112.125;85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{E24EAEB2-35DE-4491-B9D2-98B171C684A1}: NameServer = 85.255.112.125;85.255.112.5

Sluit alle open vensters, behalve Hijackthis, en klik op Fix Checked. Sluit HijackThis.

Download Combofix naar je Bureaublad.
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!


  • Dubbelklik op Combofix.exe
    Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis log.
 
ComboFix 08-11-27.07 - Gebruiker 2008-11-28 17:49:57.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.31.1043.18.2363 [GMT 1:00]
Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe
* Resident AV is active

.
ADS - Windows: deleted 24 bytes in 1 streams.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\efOnprqr.ini
c:\windows\System32\kribkqbs.ini
c:\windows\system32\kribkqbs.ini2
c:\windows\System32\kribkqbs.tmp
c:\windows\system32\mswinup.exe
c:\windows\system32\omckaqea.ini
c:\windows\system32\winsvcup.exe
c:\windows\system32\winupsvc.exe
D:\resycled
d:\resycled\boot.com
K:\Autorun.inf
S:\Autorun.inf
S:\resycled
s:\resycled\boot.com
s:\resycled\boot.Vcom
X:\Autorun.inf
X:\resycled
x:\resycled\boot.com
Z:\Autorun.inf
Z:\resycled
z:\resycled\boot.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV


(((((((((((((((((((( Bestanden Gemaakt van 2008-10-28 to 2008-11-28 ))))))))))))))))))))))))))))))
.

2008-11-27 19:47 . 2008-11-27 19:47 410,976 --a------ c:\windows\System32\deploytk.dll
2008-11-27 18:34 . 2008-11-27 18:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-27 18:34 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-27 18:34 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-25 21:38 . 2008-11-25 21:38 <DIR> d-------- c:\program files\Setup Files
2008-11-25 21:18 . 2008-11-25 21:18 <DIR> d-------- c:\program files\MSI
2008-11-25 21:18 . 1998-10-02 19:00 327,168 --a------ c:\windows\IsUninst.exe
2008-11-24 18:26 . 2008-11-24 19:29 <DIR> d-------- c:\program files\Telemeter 3.0
2008-11-08 13:00 . 2008-11-08 13:00 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 19:32 --------- d-----w c:\users\Gebruiker\AppData\Roaming\uTorrent
2008-11-27 18:47 --------- d-----w c:\program files\Java
2008-11-27 18:26 --------- d-----w c:\users\Gebruiker\AppData\Roaming\LimeWire
2008-11-16 13:24 204,052,699 ----a-w c:\windows\DUMP49e9.tmp
2008-10-27 18:04 29,192 ----a-w c:\windows\system32\drivers\ndisprot.sys
2008-10-26 16:11 --------- d-----w c:\users\Gebruiker\AppData\Roaming\SoundSpectrum
2008-10-26 16:10 --------- d-----w c:\program files\Winamp
2008-10-26 16:10 --------- d-----w c:\program files\SoundSpectrum
2008-10-26 13:01 --------- d-----w c:\program files\Divfix
2008-10-16 16:35 --------- d-----w c:\program files\Chameleon Clock
2008-10-11 12:12 --------- d-----w c:\users\Gebruiker\AppData\Roaming\Winamp
2008-10-09 18:28 --------- d-----w c:\users\Gebruiker\AppData\Roaming\Canon
2008-09-15 18:27 118,845 ----a-w c:\windows\System32\Flurry_2_by_Neo2007.scr
2008-09-14 14:30 505,128 ----a-w c:\windows\System32\msvcp71.dll
2008-09-14 14:30 353,576 ----a-w c:\windows\System32\msvcr71.dll
2008-09-14 14:30 29,480 ----a-w c:\windows\System32\msxml3a.dll
2008-09-12 17:18 103,552 ------w c:\windows\System32\mqwmfukb.dll
2008-09-12 17:05 11,272,792 ----a-w c:\program files\launch.exe
2008-03-12 14:19 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-11 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-11 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-11 81920]
"razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-10-08 155648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"Telemeter 3.0"="c:\program files\Telemeter 3.0\telemeter3.exe" [2007-04-15 1441792]
"LiveMonitor"="c:\program files\MSI\Live Update 3\LMonitor.exe" [2008-04-30 498176]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-27 136600]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-26 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-08-25 15:05 4608 c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-09-07 12:33 2173888 c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
--a------ 2008-03-21 09:21 91432 c:\program files\CyberLink\Shared Files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-08-03 11:51 202024 c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-05-26 11:45 257088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-08-08 08:25 1828136 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-10-11 11:45 75304 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
--------- 2007-12-14 10:36 50472 c:\program files\CyberLink\PowerDVD8\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-07 01:05 200704 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 08:41 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
--------- 2008-03-20 19:23 83240 c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 10:43 2097488 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-09-28 12:16 185896 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-03-27 07:35 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
--a------ 2007-05-31 09:21 648072 c:\windows\WindowsMobile\wmdc.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{42FED9B3-627B-481E-BD9C-8387A85B77C8}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AA61B221-7E02-4998-AF85-9C305689A924}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2104EFAA-3203-4AB6-BE03-1FACDED5672C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5B8EEF07-CB78-4664-B86C-A2429C7E72A9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D98E1CCB-BC31-4E93-B3ED-3737F895DCB8}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{5E4823A1-A303-46A8-8716-1458808A210E}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{8DCA1B8C-1E33-4FCC-B3E9-1DCA31A633CF}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{E086B2F8-829A-4ABD-B81A-711AD9EFCB90}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{168A9360-A561-48AA-B384-9AD52BA411B4}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{7F09DE9E-7500-46D2-835B-CE11A1BF3FBC}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{FE281CBC-D0E3-4EE3-88C5-DA4F322B0294}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{D985036D-C3E0-4B98-B03A-52A50B513853}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{EAF839D0-6F10-4179-A404-431C9E35351F}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes
"UDP Query User{859A7DD3-437D-44CA-A614-56BA2167C302}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes
"{95A62192-74BE-4671-8054-E227EF4F3CCF}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{CE6205D4-40E6-4A0A-B95D-E6EF03E6DC40}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{59B848A9-09DE-4D9F-88F8-56941A1C3FEB}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{692910C9-B7D4-473D-9D1F-7534ED6E3C41}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E2D4F82F-E2B8-49B4-898D-2A4A8ABF5FF7}"= c:\program files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 16:24:04 41456]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-01 810320]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe /s c:\windows\nod32fixtemdono.reg [2006-11-02 9216]
S3 IAMT03;Stuurprogramma voor Intel(R) Active Management Technology - KCS;c:\windows\system32\drivers\iamt03.sys [2008-03-16 40848]
S3 IAMTV;Stuurprogramma voor Intel(R) Active Management Technology - KCS;c:\windows\system32\drivers\iamtv.sys [2008-03-16 38288]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-10-27 29192]
S4 ahcix86s;ahcix86s;c:\windows\system32\drivers\ahcix86s.sys [2008-03-16 118784]
S4 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.sys [2008-03-16 93056]
S4 hcw99rc;Hauppauge Nova-DT IR Driver;c:\windows\system32\drivers\hcw99rc.sys [2008-03-16 10368]
S4 IAMTXP;Stuurprogramma voor Intel(R) Active Management Technology - KCS;c:\windows\system32\drivers\iamtxp.sys [2008-03-16 47496]
S4 ioatdma;Intel(R) QuickData Technology Device;c:\windows\system32\drivers\ioatdma.sys [2008-03-16 36744]
S4 iSSetup;Intel(R) PRO/1000 iSCSI Setup Driver;c:\windows\system32\drivers\issetup.sys [2008-03-16 75672]
S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2008-03-16 104320]
S4 m5288;m5288;c:\windows\system32\drivers\m5288.sys [2008-03-16 211072]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2008-03-16 52480]
S4 MODRC;WinFast TV Dongle With Infrared Receiver;c:\windows\system32\drivers\modrc.sys [2008-03-16 13056]
S4 NBv834x;Killer NIC Gaming Adapter Service;c:\windows\system32\drivers\nbv834x.sys [2008-03-16 104480]
S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2008-03-16 131616]
S4 rr172x;rr172x;c:\windows\system32\drivers\rr172x.sys [2008-03-16 90400]
S4 rr2522;rr2522;c:\windows\system32\drivers\rr2522.sys [2008-03-16 112160]
S4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\si3112r.sys [2008-03-16 110128]
S4 SI3114;SiI-3114 SATALink Controller;c:\windows\system32\drivers\si3114.sys [2008-03-16 68912]
S4 SI3124;SiI-3124 SATALink Controller;c:\windows\system32\drivers\si3124.sys [2008-03-16 76208]
S4 Si3124r5;SiI-3124 SoftRaid 5 Controller;c:\windows\system32\drivers\si3124r5.sys [2008-03-16 207152]
S4 Si3132r5;SiI-3132 SoftRaid 5 Controller;c:\windows\system32\drivers\si3132r5.sys [2008-03-16 215856]
S4 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\si3531.sys [2008-03-16 210736]
S4 ViBus;ViBus;c:\windows\system32\drivers\vibus.sys [2008-03-16 16896]
S4 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\viprt.sys [2008-03-16 52736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\S]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL s:\resycled\boot.com s:
\shell\Open\command - s:\resycled\boot.com s:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e4ac8c5-46dc-11dd-b23f-0019dbcd3b05}]
\shell\AutoRun\command - N:\Setupx.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3303159-487a-11dd-90e4-0019dbcd3b05}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL s:\resycled\boot.com s:
\shell\Open\command - s:\resycled\boot.com s:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f70223e0-75f6-11dd-812e-0019dbcd3b05}]
\shell\AutoRun\command - L:\SETUP.EXE
\shell\configure\command - L:\SETUP.EXE
\shell\install\command - L:\SETUP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
- - - - ORPHANS VERWIJDERD - - - -

MSConfigStartUp-fcf6ec51 - c:\windows\system32\sbqkbirk.dll
MSConfigStartUp-FF5 - c:\windows\temp\FF5.tmp
MSConfigStartUp-HomeAlarm - c:\program files\Chameleon Clock\ChamClock.exe


.
------- Bijkomende Scan -------
.
FireFox -: Profile - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\2ss5fng9.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.be/ig?hl=nl&source=iglk
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npitunes.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 17:54:07
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(3640)
c:\program files\RocketDock\RocketDock.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Razer\Copperhead\razerofa.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\WUDFHost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Voltooingstijd: 2008-11-28 17:57:02 - machine werd herstart
ComboFix-quarantined-files.txt 2008-11-28 16:56:44

Pre-Run: 28.325.285.888 bytes beschikbaar
Post-Run: 28,319,133,696 bytes beschikbaar

254 --- E O F --- 2008-08-27 14:22:15





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:00:04, on 28/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Telemeter 3.0\Telemeter3.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 5153 bytes
 
Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klik op OK of toets Enter.

Uninstall_combofix.JPG


Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.
 
Bij het uitvoeren krijg ik steeds de melding:

"Kan bestand Combofix niet vinden. Controleer of U de naam juist hebt ingevoerd en probeer daarna opnieuw."

De exe file staat nog steeds op bureaublad en heb voor de rest nog niets zelfstandig verwijderd.
 
Status
Niet open voor verdere reacties.
Terug
Bovenaan Onderaan