virus gaat niet weg

hanswil

11-01-2009 22:06

Ik werk nu op mijn laptop de computer waar virus opstaat is erg traag.
Mbv usb stick een log file gemaakt.
Werk met windows xp en norman virusscanner.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:55:23, on 11-1-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Wanadoo - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Popsicle - {A67B8FE1-8E6D-44D6-8D74-9C28E7BFF35C} - C:\Documents and Settings\All Users\Documenten\Popsicle\ADVPro.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: (no name) - {f7d02938-bfb5-4f01-ab62-6e08e346f5e4} - C:\WINDOWS\system32\dajidomu.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Wanadoo - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”
O4 - HKLM\..\Run: C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe /S:T
O4 - HKLM\..\Run: “C:\Program Files\Windows Media Connect 2\WMCCFG.exe” /StartQuiet
O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\Run: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: C:\Documents and Settings\All Users\Application Data\iso loud test bolt\sign cdrom.exe
O4 - HKLM\..\Run: C:\Program Files\Thuishelp\Zesko\Thuishelp.exe
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: Rundll32.exe “C:\WINDOWS\system32\yorutawe.dll”,s
O4 - HKLM\..\Run: “C:\Program Files\Norman\Npm\Bin\ZLH.EXE” /LOAD /SPLASH
O4 - HKLM\..\Run: rundll32.exe “C:\WINDOWS\system32\ruhegozi.dll”,b
O4 - HKLM\..\Run: Rundll32.exe “c:\windows\system32\yejenujo.dll”,a
O4 - HKCU\..\Run: C:\WINDOWS\System32\CTFMON.EXE
O4 - HKCU\..\RunOnce: C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Netwerkservice’)
O4 - HKUS\S-1-5-20\..\Run: Rundll32.exe “C:\WINDOWS\system32\yorutawe.dll”,s (User ‘Netwerkservice’)
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: HP Clipboek - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Slim selecteren - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Hans\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.startpagina.nl/
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131620512647
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnfotokalender.nl/quickshop/calendar/ImageUploader4.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\nozuzito.dll c:\windows\system32\royotago.dll c:\windows\system32\vahuyayu.dll c:\windows\system32\yejenujo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yejenujo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yejenujo.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Nvcsched.exe
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Windows Communicator server (WinComServer) - Radek Tiny Software - C:\Program Files\Radek Tiny Software\Windows Communicator\CommunicatorServer.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
–
End of file - 11572 bytes
klaas

11-01-2009 22:27

Voer eerst ALLE stappen uit van het bovenste onderwerp en plaats dan even twee nieuwe logjes.
http://www.prikpagina.nl/read.php?f=123&i=186977&t=186977
hanswil

11-01-2009 22:34

Als ik windows update doe, dan maakt ik verbinding met de site en krijg een blanco scherm en eronder staat gereed.
Met norman heb ik een scan gemaakt en de virus (375) verwijdert maar heeft nog steeds niet geholpen.
Ik krijg al problemen om via startpagina naar dochters om antivirus discussie aan te klikkkn de site wordt niet getoond.
Vandaar dat ik via een laptop probeert.
hanswil

11-01-2009 22:39

Ik hen nu spydocter via laptop -usb stick - op de irus/schlechte computer gezet en is nu aan het cannen .
Moet ik dat ook zo doen met de andere progamma's?
Argus

11-01-2009 22:47

Ga naar start > uitvoeren en typ daar devmgmt.msc (en druk op OK)
Mocht dit niet werken, ga dan naar Configuratiescher > systeem > tabblad hardware, apparaatbheer.
Kies bovenin voor Beeld > verborgen apparaten weergeven.
Kijk nu bij Stuurprogramma's die niet Plug and Play-compatibel zijn.
Kijk of er iets tussen staat dat met tdss begint (deze geeft nu het probleem)
Zo ja, rechtsklikken op die tdss en kiezen voor Uitschakelen.
Geen andere dingen uitschakelen.
Download MBAM
Dubbelklik op mbam-setup.exe om het programma te installeren.
Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op “Voltooien”.
Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : “Snelle Scan”, daarna klik op Scan.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna “Bekijk Resultaten” om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
Dit programma mag je houden
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de “Logs” tab te klikken in MBAM.
Kopieer en plak de inhoud van het logje in je volgend antwoord,
Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
Daarna zal het vragen om de Computer opnieuw op te starten… dus sta toe dat MBAM de computer opnieuw opstart.
En een log van Hijack This
hanswil

11-01-2009 23:06

devmgmt.msc gedaan en het enige wat een geel vraagteken geeft is bij overige apparaten en daar staat PCI simple communication -controller
Argus

11-01-2009 23:18

Download BMAM naar je USB-stick en koïeer het naar je geïnfecteerde PC
klik daar niet op opslaan maar direct op uitvoeren
laat de gevonden item verwijderen
Combofix
Download Combofix naar je Bureaublad.
Dubbelklik Combofix.exe
Volg de instructies, accepteer de disclaimer door 1 (continue) te typen gevolgd door een ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dan zal je pc gaan “hangen”.
NB Indien tijdens tijdens het gebruik van Combofix een melding komt van je Antivirus- of een andere realtime scanner, schakel deze scanner dan uit en download Combofix opnieuw. Sommige scanners zien onderdelen die Combofix gebruikt als verdacht en kunnen deze blokkeren of verwijderen! Hierdoor kan combofix niet naar behoren functioneren.
hanswil

11-01-2009 23:32

eerst de log files Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:29:37, on 11-1-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Thuishelp\Zesko\Thuishelp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Norman\Npm\Bin\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Thuishelp\Zesko\Thuishelp_browser.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Radek Tiny Software\Windows Communicator\CommunicatorServer.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Norman\Npm\Bin\Nvcsched.exe
C:\Program Files\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Nvc\Bin\Nip.exe
C:\Program Files\Norman\Nvc\Bin\cclaw.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Wanadoo - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Wanadoo - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”
O4 - HKLM\..\Run: C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe /S:T
O4 - HKLM\..\Run: “C:\Program Files\Windows Media Connect 2\WMCCFG.exe” /StartQuiet
O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\Run: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: C:\Documents and Settings\All Users\Application Data\iso loud test bolt\sign cdrom.exe
O4 - HKLM\..\Run: C:\Program Files\Thuishelp\Zesko\Thuishelp.exe
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Norman\Npm\Bin\ZLH.EXE” /LOAD /SPLASH
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe /S:T
O4 - HKCU\..\Run: “C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe”
O4 - HKCU\..\Run: C:\DOCUME~1\Hans\APPLIC~1\REGSBA~1\EGGS WAIT.exe
O4 - HKCU\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: “C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe”
O4 - HKUS\S-1-5-19\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Lokale service’)
O4 - HKUS\S-1-5-19\..\Run: Rundll32.exe “C:\WINDOWS\system32\yorutawe.dll”,s (User ‘Lokale service’)
O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Netwerkservice’)
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: Communicator.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: HP Clipboek - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Slim selecteren - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Hans\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.startpagina.nl/
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131620512647
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnfotokalender.nl/quickshop/calendar/ImageUploader4.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\royotago.dll c:\windows\system32\vahuyayu.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Nvcsched.exe
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Windows Communicator server (WinComServer) - Radek Tiny Software - C:\Program Files\Radek Tiny Software\Windows Communicator\CommunicatorServer.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
–
End of file - 14492 bytes
Malwarebytes' Anti-Malware 1.32
Database versie: 1643
Windows 5.1.2600 Service Pack 3
11-1-2009 23:23:17
mbam-log-2009-01-11 (23-23-17).txt
Scan type: Snelle Scan
Objecten gescand: 63983
Verstreken tijd: 9 minute(s), 30 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 5
Registersleutels geïnfecteerd: 21
Registerwaarden geïnfecteerd: 7
Registerdata bestanden geïnfecteerd: 5
Mappen geïnfecteerd: 3
Bestanden geïnfecteerd: 15
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
C:\WINDOWS\system32\nozuzito.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ruhegozi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dajidomu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yorutawe.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\yejenujo.dll (Trojan.Vundo.H) -> Delete on reboot.
Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f7d02938-bfb5-4f01-ab62-6e08e346f5e4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f7d02938-bfb5-4f01-ab62-6e08e346f5e4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f7d02938-bfb5-4f01-ab62-6e08e346f5e4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\popsicle.comadvpro (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popsicle.comadvpro.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cd796033-04ae-4b69-8cb2-92bd6c2aaa27} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a67b8fe1-8e6d-44d6-8d74-9c28e7bff35c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{be2ce3a1-0e47-4f12-a243-8fccced94209} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{f7759abc-b7d8-437c-adc4-b35f2e1692cc} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a67b8fe1-8e6d-44d6-8d74-9c28e7bff35c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a67b8fe1-8e6d-44d6-8d74-9c28e7bff35c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\43732a0a (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dotizavize (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm40401996 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\nozuzito.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\nozuzito.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\nozuzito.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\yejenujo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\yejenujo.dll -> Delete on reboot.
Mappen geïnfecteerd:
C:\Program Files\Antivirus 2009 (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
Bestanden geïnfecteerd:
C:\WINDOWS\system32\ruhegozi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\izogehur.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\legadaza.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\azadagel.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yorutawe.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\yejenujo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dajidomu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nozuzito.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zumunope.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dadifulu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nidizube.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pajazeba.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2009\av2009.exe.tmp (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
hanswil

11-01-2009 23:42

ik moet een bootdisk van windows installeren omdat deze ontbrak volgens combifix.
klok instelling wordt verandert en norman melde een virus dus norman heb ik uitgezet.
hanswil

11-01-2009 23:56

log wordt voorbereid door combi fix.
ComboFix 09-01-10.03 - Hans 2009-01-11 23:40:59.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.767.350
Gestart vanuit: c:\documents and settings\Hans\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
* Resident AV is active
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Hans\Favorieten\Videos.url
c:\documents and settings\Hans\Menu Start\Programma's\PlayMP3z
c:\documents and settings\Hans\Menu Start\Programma's\PlayMP3z\Run PlayMP3z.lnk
c:\documents and settings\Hans\Menu Start\Programma's\Videos.url
c:\windows\IE4 Error Log.txt
c:\windows\system32\afoyewuf.ini
c:\windows\system32\aginusin.ini
c:\windows\system32\ahewugid.ini
c:\windows\system32\ahutakaw.ini
c:\windows\system32\alamohus.ini
c:\windows\system32\apeyilim.ini
c:\windows\system32\ataforey.ini
c:\windows\system32\AutoRun.inf
c:\windows\system32\awoweyeb.ini
c:\windows\system32\azevozab.ini
c:\windows\system32\ebegawuw.ini
c:\windows\system32\efubuhet.ini
c:\windows\system32\ehadipiw.ini
c:\windows\system32\ejekafay.ini
c:\windows\system32\ejudeyul.ini
c:\windows\system32\elagahos.ini
c:\windows\system32\elovareh.ini
c:\windows\system32\eradukuk.ini
c:\windows\system32\erenoral.ini
c:\windows\system32\erumubak.ini
c:\windows\system32\esiwutuz.ini
c:\windows\system32\esogugej.ini
c:\windows\system32\esolipep.ini
c:\windows\system32\eyineriy.ini
c:\windows\system32\ezusohay.ini
c:\windows\system32\ibasemiw.ini
c:\windows\system32\ibitidaj.ini
c:\windows\system32\idedilek.ini
c:\windows\system32\igibotit.ini
c:\windows\system32\ihaluvap.ini
c:\windows\system32\ihofifet.ini
c:\windows\system32\ijazihos.ini
c:\windows\system32\ikoziluh.ini
c:\windows\system32\iluwakaz.ini
c:\windows\system32\iremogaz.ini
c:\windows\system32\isabegif.ini
c:\windows\system32\msexcl35.dll
c:\windows\system32\msltus35.dll
c:\windows\system32\mspdox35.dll
c:\windows\system32\msrdo20.dll
c:\windows\system32\mstext35.dll
c:\windows\system32\msxbse35.dll
c:\windows\system32\obatuvup.ini
c:\windows\system32\odakamag.ini
c:\windows\system32\ofasayiy.ini
c:\windows\system32\ofavijij.ini
c:\windows\system32\ofetudaf.ini
c:\windows\system32\ofisuloh.ini
c:\windows\system32\ohizihug.ini
c:\windows\system32\okoseziy.ini
c:\windows\system32\okotomad.ini
c:\windows\system32\okudigam.ini
c:\windows\system32\olenemuk.ini
c:\windows\system32\olizezim.ini
c:\windows\system32\osakohiv.ini
c:\windows\system32\osamonon.ini
c:\windows\system32\otahogek.ini
c:\windows\system32\ovozofek.ini
c:\windows\system32\owaligis.ini
c:\windows\system32\owiyajug.ini
c:\windows\system32\oyopesof.ini
c:\windows\system32\rdocurs.dll
c:\windows\system32\saheloju.dll
c:\windows\system32\sirenacm(2).dll
c:\windows\system32\ubomulum.ini
c:\windows\system32\udidefal.ini
c:\windows\system32\ufigejuf.ini
c:\windows\system32\uterivat.ini
c:\windows\system32\uvelazub.ini
c:\windows\system32\uvikutas.ini
c:\windows\system32\uyudebaf.ini
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-12-11 to 2009-01-11 ))))))))))))))))))))))))))))))
.
2009-01-11 23:12 . 2009-01-11 23:12 d——– c:\documents and settings\Hans\Application Data\Malwarebytes
2009-01-11 23:11 . 2009-01-11 23:11 d——– c:\program files\Malwarebytes' Anti-Malware
2009-01-11 23:11 . 2009-01-11 23:11 d——– c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-11 23:11 . 2009-01-04 18:38 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-11 23:11 . 2009-01-04 18:38 15,504 –a—— c:\windows\system32\drivers\mbam.sys
2009-01-11 22:10 . 2009-01-11 22:10 d——– c:\documents and settings\All Users\Application Data\TEMP
2009-01-11 22:10 . 2008-08-25 12:36 81,288 –a—— c:\windows\system32\drivers\iksyssec.sys
2009-01-11 22:10 . 2008-08-25 12:36 66,952 –a—— c:\windows\system32\drivers\iksysflt.sys
2009-01-11 22:10 . 2008-08-25 12:36 40,840 –a—— c:\windows\system32\drivers\ikfilesec.sys
2009-01-11 22:10 . 2008-06-02 16:19 29,576 –a—— c:\windows\system32\drivers\kcom.sys
2009-01-11 22:09 . 2009-01-11 22:09 d——– c:\documents and settings\Administrator\Application Data\PC Tools
2009-01-10 23:01 . 2009-01-10 23:01 d——– c:\documents and settings\LocalService\Application Data\Wanadoo
2009-01-10 22:57 . 2009-01-10 22:57 d——– c:\documents and settings\LocalService\Application Data\HPAppData
2009-01-10 22:54 . 2009-01-10 22:54 d–hs—- c:\documents and settings\LocalService\UserData
2009-01-10 22:13 . 2009-01-10 22:12 410,984 –a—— c:\windows\system32\deploytk.dll
2009-01-10 22:01 . 2009-01-10 22:01 d——– c:\documents and settings\NetworkService\Menu Start
2009-01-10 21:55 . 2008-05-16 11:28 212,024 –a—— c:\windows\system32\nscrnsav.scr
2009-01-10 21:44 . 2009-01-10 21:44 d——– c:\program files\Norman
2009-01-10 21:44 . 2008-09-02 12:48 19,512 –a—— c:\windows\system32\drivers\nvcw32mf.sys
2009-01-02 10:15 . 2009-01-02 10:15 d——– c:\program files\REGSBAITWARN
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 22:56 ——— d—–w c:\documents and settings\Hans\Application Data\Jasc
2008-12-08 22:04 ——— d—–w c:\documents and settings\Hans\Application Data\Motive
2008-12-08 22:01 ——— d—–w c:\program files\Common Files\Motive
2008-12-08 22:01 ——— d—–w c:\documents and settings\All Users\Application Data\Motive
2008-12-08 22:00 ——— d—–w c:\program files\Thuishelp
2008-11-30 12:14 ——— d—–w c:\program files\NickOnline
2008-10-29 22:04 72,496 —-a-w c:\documents and settings\Hans\Application Data\mdbu.bin
2008-10-24 11:21 455,296 ——w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-17 01:03 3,593,216 —-a-w c:\windows\system32\dllcache\mshtml.dll
2008-10-16 13:14 70,656 ——w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:13 202,776 —-a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 —-a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 —-a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 —-a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 —-a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 —-a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 —-a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 —-a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ——w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 —-a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 —-a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 —-a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 —-a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 —-a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 —-a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 —-a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 —-a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 —-a-w c:\windows\system32\muweb.dll
2008-10-15 17:37 337,408 ——w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ——w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 —-a-w c:\windows\system32\dllcache\ieakui.dll
2006-04-26 08:03 28,400 —-a-w c:\documents and settings\Hans\Application Data\GDIPFONTCACHEV1.DAT
2008-09-05 20:07 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008090520080906\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
“{EEE6C35D-6118-11DC-9C72-001320C79847}”= “c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll”
2008-07-06 12:44 1164600 –a—— c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
“{EEE6C35B-6118-11DC-9C72-001320C79847}”= “c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll”
“{EEE6C35B-6118-11DC-9C72-001320C79847}”= “c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll”
“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe”
“mnu”=“c:\program files\Wanadoo\NL\Mnu\igomnu.exe”
“HyvesKwekker”=“c:\program files\Hyves Kwekker\HyvesDesktop_2.exe”
“Grim Ping”=“c:\docume~1\Hans\APPLIC~1\REGSBA~1\EGGS WAIT.exe”
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe”
“AdobeUpdater”=“c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe”
“NVIEW”=“nview.dll”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“Adobe Photo Downloader”=“c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”
“NeroCheck”=“c:\windows\system32\NeroCheck.exe”
“mnu”=“c:\program files\Wanadoo\NL\Mnu\igomnu.exe”
“Windows Media Connect 2”=“c:\program files\Windows Media Connect 2\WMCCFG.exe”
“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe”
“QuickTime Task”=“c:\program files\QuickTime\qttask.exe”
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe”
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe”
“SweetIM”=“c:\program files\SweetIM\Messenger\SweetIM.exe”
“test bolt cake bind”=“c:\documents and settings\All Users\Application Data\iso loud test bolt\sign cdrom.exe”
“Zesko_McciTrayApp”=“c:\program files\Thuishelp\Zesko\Thuishelp.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
“Norman ZANDA”=“c:\program files\Norman\Npm\Bin\ZLH.EXE”
“BluetoothAuthenticationAgent”=“bthprops.cpl”
“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE”
c:\documents and settings\Hans\Menu Start\Programma's\Opstarten\
Communicator.lnk - c:\documents and settings\Hans\Application Data\Microsoft\Installer\{3BCC1F2F-5957-44E7-8B0C-9A9DB1DD4DFA}\New_Shortcut_S1522.exe
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE
“aux”= ctwdm32.dll
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup
–a—— 2003-10-31 19:42 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe
–a—— 2004-08-04 20:36 1691648 c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
–a—— 2003-07-28 15:19 323584 c:\windows\system32\nwiz.exe
“UpdatesDisableNotify”=dword:00000001
“DisableMonitoring”=dword:00000001
“DisableMonitoring”=dword:00000001
“DisableMonitoring”=dword:00000001
“DisableMonitoring”=dword:00000001
“%windir%\\system32\\sessmgr.exe”=
“c:\\Program Files\\Messenger\\MSMSGS.EXE”=
“c:\\HCNSUPPORT\\MiniRemoteControl\\DWRCS.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Program Files\\iTunes\\iTunes.exe”=
“c:\\Program Files\\Radek Tiny Software\\Windows Communicator\\Communicator.exe”=
“c:\\Program Files\\Skype\\Phone\\Skype.exe”=
“c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe”=
“c:\\Program Files\\LimeWire\\LimeWire.exe”=
“c:\\Program Files\\MSN Messenger\\msnmsgr.exe”=
“c:\\Program Files\\MSN Messenger\\livecall.exe”=
“c:\\WINDOWS\\System32\\SPOOLSV.EXE”=
“c:\\Program Files\\Windows Media Player\\WMPNSCFG.EXE”=
R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\Nsesvc.exe
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys
R3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\nvc\bin\Nvcoas.exe
R3 NVCScheduler;Norman Virus Control Scheduler;c:\program files\Norman\Npm\Bin\nvcsched.exe
R4 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\Ndiskio.sys
R4 NVOY;Norman's Very Own supplY of resources;c:\program files\Norman\Npm\Bin\nvoy.exe
R4 WinComServer;Windows Communicator server;c:\program files\Radek Tiny Software\Windows Communicator\CommunicatorServer.exe
S3 epstw2k;SCM-SCSI stuurprogramma voor parallele poort;c:\windows\system32\drivers\epstw2k.sys
S3 phil2vid;Philips USB VGA-camera;c:\windows\system32\drivers\philcam2.sys
S3 scsiscan;Stuurprogramma voor SCSI-scanner;c:\windows\system32\drivers\scsiscan.sys
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe
— Other Services/Drivers In Memory —
*Deregistered* - mchInjDrv
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de ‘Gedeelde Taken’ map
2009-01-11 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE
2009-01-09 c:\windows\Tasks\Norton Security Scan for Hans.job
- c:\program files\Norton Security Scan\Nss.exe
2009-01-11 c:\windows\Tasks\ABF43AB5918BB019.job
- c:\docume~1\hans\applic~1\regsba~1\Objdent32.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.startpagina.nl/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://home.sweetim.com
uSearchURL,(Default) = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Hans\Menu Start\Programma's\IMVU\Run IMVU.lnk
Trusted Zone: thuishelp.ziggo.nl
c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\IPSUploader4.ocx
O16 -: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4}
hxxp://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
c:\windows\Downloaded Program Files\IPSUploader4.inf
c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\CONFLICT.1\IPSUploader4.ocx
O16 -: {CAC677B6-4963-4305-9066-0BD135CD9233}
hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
c:\windows\Downloaded Program Files\CONFLICT.1\IPSUploader4.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 23:48:06
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
——————— LOCKED REGISTRY KEYS ———————
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > ‘winlogon.exe’(632)
c:\windows\system32\WRLogonNTF.dll
.
———————— Andere Aktieve Processen ————————
.
c:\program files\NORMAN\NPM\BIN\ELOGSVC.EXE
c:\program files\NORMAN\NPM\BIN\ZANDA.EXE
c:\program files\WIDCOMM\BLUETOOTH SOFTWARE\BIN\BTWDINS.EXE
c:\windows\SYSTEM32\RUNDLL32.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\program files\COMMON FILES\MOTIVE\MCCICMSERVICE.EXE
c:\program files\INTERNET EXPLORER\IEXPLORE.EXE
c:\windows\SYSTEM32\RUNDLL32.EXE
c:\program files\INTERNET EXPLORER\IEXPLORE.EXE
c:\program files\THUISHELP\ZESKO\THUISHELP_BROWSER.EXE
c:\program files\ESET\NOD32KRN.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\SYSTEM32\DEVLDR32.EXE
c:\windows\SYSTEM32\MSPMSPSV.EXE
c:\program files\WINDOWS MEDIA PLAYER\WMPNETWK.EXE
c:\program files\CANON\CAL\CALMAIN.EXE
c:\program files\NORMAN\NPM\BIN\NJEEVES.EXE
c:\program files\IPOD\BIN\IPODSERVICE.EXE
c:\program files\Norman\Nvc\Bin\Nip.exe
c:\program files\Norman\Nvc\Bin\cclaw.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Voltooingstijd: 2009-01-11 23:54:22 - machine werd herstart
ComboFix-quarantined-files.txt 2009-01-11 22:54:14
Pre-Run: 3.149.168.640 bytes beschikbaar
Post-Run: 3,216,310,272 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Home Edition” /fastdetect /NoExecute=OptIn
340 — E O F — 2008-11-12 20:04:14

virus gaat niet weg

hanswil

klaas

hanswil

hanswil

Argus

hanswil

Argus

hanswil

hanswil

hanswil