Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

HijackThis Log

None
7 antwoorden
  • Ik heb last van pop-ups tijdens het surfen, Zou iemand alsjeblieft naar mijn Logje willen kijken?

    Logfile of HijackThis v1.99.1
    Scan saved at 13:50:00, on 28-2-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\PROGRA~1\NETWOR~1\COMMON~1
    aPrdMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\TPHDEXLG.EXE
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\VMware\VMware Player\vmware-authd.exe
    C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    D:\Program Files\D-Tools\daemon.exe
    D:\My Documents\HijackThis\hijackthis\HijackThis.exe
    C:\WINDOWS\system32\HPZipm12.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: PCzapper Media Manager.lnk = C:\Program Files\PCzapper\MediaManager\pbMediaCenter.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\s060366\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.tue.nl
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151909746906
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151909978546
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = campus.tue.nl
    O17 - HKLM\Software\..\Telephony: DomainName = campus.tue.nl
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = campus.tue.nl
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
    O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
    O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
    O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
    O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

    Bij Voorbaat dank,

    Leroy
  • Download [b:45452b0c84]VundoFix.exe[/color:45452b0c84][/b:45452b0c84] naar je bureaublad.[list:45452b0c84][*:45452b0c84]Dubbelklik [b:45452b0c84]VundoFix.exe[/b:45452b0c84] om het te starten.
    [*:45452b0c84]Klik op de [b:45452b0c84]Scan for Vundo[/b:45452b0c84] knop.
    [*:45452b0c84]Eenmaal gedaan met scannen, klik op de [b:45452b0c84]Remove Vundo[/b:45452b0c84] knop.
    [*:45452b0c84]Je zal een melding krijgen of je de bestanden wilt laten verwijderen, klik [b:45452b0c84]YES[/b:45452b0c84]
    [*:45452b0c84]Nadat je Yes hebt geklikt, zullen de icoontjes op je Bureaublad verdwijnen tijdens het verwijderen van Vundo.
    [*:45452b0c84]Wanneer voltooid zal je de melding krijgen dat het je PC zal afsluiten, klik [b:45452b0c84]OK[/b:45452b0c84].
    [*:45452b0c84]Start je pc terug opnieuw op.
    [*:45452b0c84]Post de inhoud van [b:45452b0c84]C:\vundofix.txt[/b:45452b0c84] in je volgende post.
    [/list:u:45452b0c84]
    Opmerking: Het is mogelijk dat VundoFix een bestand vindt dat niet kan verwijderd worden.
    In dit geval zal VundoFix na het heropstarten van je pc nog eens opstarten. Dan moet je de instructies van hierboven nog eens uitvoeren vanaf: "Klik op [b:45452b0c84]Scan for Vundo[/b:45452b0c84]."

    Maak na het draaien van VundoFix ook een nieuw log met Hijackthis en post deze ook ;)
  • VundoFix:
    VundoFix V6.3.9

    Checking Java version…

    Scan started at 11:44:23 1-3-2007

    Listing files found while scanning….

    C:\WINDOWS\system32\atqwweqq.exe
    C:\WINDOWS\system32\bwjnhusd.dll
    C:\WINDOWS\system32\gsuhhmrl.dll
    C:\WINDOWS\system32\ilbehstx.exe
    C:\WINDOWS\system32\qrqss.bak1
    C:\WINDOWS\system32\qrqss.bak2
    C:\WINDOWS\system32\qrqss.ini
    C:\WINDOWS\system32\ssqrq.dll

    Beginning removal…

    Attempting to delete C:\WINDOWS\system32\atqwweqq.exe
    C:\WINDOWS\system32\atqwweqq.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bwjnhusd.dll
    C:\WINDOWS\system32\bwjnhusd.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gsuhhmrl.dll
    C:\WINDOWS\system32\gsuhhmrl.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ilbehstx.exe
    C:\WINDOWS\system32\ilbehstx.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qrqss.bak1
    C:\WINDOWS\system32\qrqss.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qrqss.bak2
    C:\WINDOWS\system32\qrqss.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qrqss.ini
    C:\WINDOWS\system32\qrqss.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ssqrq.dll
    C:\WINDOWS\system32\ssqrq.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    HijackThis:
    Logfile of HijackThis v1.99.1
    Scan saved at 12:34:06, on 1-3-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\TPHDEXLG.EXE
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\VMware\VMware Player\vmware-authd.exe
    C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\PCzapper\MediaManager\pbMediaCenter.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    D:\My Documents\HijackThis\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: PCzapper Media Manager.lnk = C:\Program Files\PCzapper\MediaManager\pbMediaCenter.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.tue.nl
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151909746906
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151909978546
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = campus.tue.nl
    O17 - HKLM\Software\..\Telephony: DomainName = campus.tue.nl
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = campus.tue.nl
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
    O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
    O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
    O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
    O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

    Groetjes Leroy
  • Ik denk dat er nog wat achtergebleven is :-?

    Download [b:cce71778f6]ComboScan[/b:cce71778f6][/color:cce71778f6] naar je [b:cce71778f6]Bureaublad[/b:cce71778f6] (by Deckard).[list:cce71778f6]
    [*:cce71778f6][b:cce71778f6]Sluit[/b:cce71778f6] alle toepassingen en vensters.
    [*:cce71778f6][b:cce71778f6]Dubbelklik[/b:cce71778f6] op [b:cce71778f6]Comboscan.exe[/b:cce71778f6] om het te activeren, en volg de aanwijzingen.
    [*:cce71778f6]Wanneer de scan volledig is, zal een tekstbestand - [b:cce71778f6]ComboScan.txt[/b:cce71778f6] - openen.
    [*:cce71778f6]Kopiëer [b:cce71778f6](Ctrl+A gevolgd door Ctrl+C)[/b:cce71778f6] en plak [b:cce71778f6](Ctrl+V)[/b:cce71778f6] de inhoud van [b:cce71778f6]ComboScan.txt[/b:cce71778f6] in je volgende antwoord.
    [/list:u:cce71778f6][b:cce71778f6]Opmerking:[/b:cce71778f6][/color:cce71778f6] Sommige firewalls [b:cce71778f6]kunnen[/b:cce71778f6] waarschuwen dat [b:cce71778f6]sigcheck.exe[/b:cce71778f6] probeert verbinding te maken met het internet
    - zorg dat [b:cce71778f6]sigcheck.exe[/b:cce71778f6] toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus Comboscan als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de Comboscan je Antivirus even uit te schakelen)
  • Voordat ik je antwoord las, heb ik nog een keer gescant met vundofix, dus zal logje hiervan ook ff laten zien:

    VundoFix V6.3.9

    Checking Java version…

    Scan started at 11:57:27 2-3-2007

    Listing files found while scanning….

    C:\WINDOWS\system32\gsuhhmrl.dll
    C:\WINDOWS\system32\knkhisod.exe
    C:\WINDOWS\system32\utstv.bak1
    C:\WINDOWS\system32\utstv.ini
    C:\WINDOWS\system32\vtstu.dll
    C:\WINDOWS\system32\wmxinvcm.dll

    Beginning removal…

    Attempting to delete C:\WINDOWS\system32\knkhisod.exe
    C:\WINDOWS\system32\knkhisod.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\utstv.bak1
    C:\WINDOWS\system32\utstv.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\utstv.ini
    C:\WINDOWS\system32\utstv.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtstu.dll
    C:\WINDOWS\system32\vtstu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wmxinvcm.dll
    C:\WINDOWS\system32\wmxinvcm.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    COMBOSCAN:
    ComboScan v20070226.18 run by s060366 on 2007-03-02 at 12:07:31
    Computer is in Normal Mode.
    ——————————————————————————–

    Successfully created restore point.
    Performed disk cleanup.


    – HijackThis (run as s060366.exe) ———————————————-

    Logfile of HijackThis v1.99.1
    Scan saved at 12:08:04, on 2-3-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\TPHDEXLG.EXE
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\VMware\VMware Player\vmware-authd.exe
    C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
    C:\Documents and Settings\s060366\Desktop\comboscan.exe
    C:\Program Files\Network Associates\VirusScan\MCUPDATE.EXE
    C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe
    D:\MYDOCU~1\HIJACK~1\HIJACK~1\s060366.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {52249FD1-48C7-4A22-A237-5911DA2194FD} - C:\WINDOWS\system32\vtstu.dll (file missing)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {7E192CC1-1A88-441B-860E-8B6B86BABF52} - C:\WINDOWS\system32\ssqrq.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\hgghgeb.dll
    O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\gsuhhmrl.dll (file missing)
    O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - C:\WINDOWS\inetloader.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: PCzapper Media Manager.lnk = C:\Program Files\PCzapper\MediaManager\pbMediaCenter.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.tue.nl
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151909746906
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151909978546
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = campus.tue.nl
    O17 - HKLM\Software\..\Telephony: DomainName = campus.tue.nl
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = campus.tue.nl
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
    O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
    O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
    O20 - Winlogon Notify: hgghgeb - C:\WINDOWS\SYSTEM32\hgghgeb.dll
    O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32
    otifyf2.dll
    O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
    O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe


    – HijackThis Fixed Entries (D:\MYDOCU~1\HIJACK~1\HIJACK~1\backups\) ————

    backup-20070228-135149-702 O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\s060366\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

    – File Associations ————————————————————

    .bat - batfile - "%1" %*
    .chm - chm.file - "C:\WINDOWS\hh.exe" %1
    .cmd - cmdfile - "%1" %*
    .com - comfile - "%1" %*
    .exe - exefile - "%1" %*
    .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
    .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
    .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
    .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
    .lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
    .pif - piffile - "%1" %*
    .reg - regfile - regedit.exe "%1"
    .scr - scrfile - "%1" /S
    .txt - WinEdt.txt - "C:\Program Files\WinEdt\WinEdt.exe" "%1"[/color:ff47f343c2]
    .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


    – Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ———————-

    3R ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - C:\WINDOWS\system32\drivers\ADIHdAud.sys
    3R AEAudioService (AEAudio Service) - C:\WINDOWS\system32\drivers\aeaudio.sys
    2R AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.10.0) - C:\WINDOWS\system32\drivers\AegisP.sys
    3R AR5211 (Dual-band Wi-Fi Wireless Mini PCI Adapter) - C:\WINDOWS\system32\drivers\ar5211.sys
    3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys
    2R atksgt - C:\WINDOWS\system32\drivers\atksgt.sys
    3R atmeltpm - C:\WINDOWS\system32\drivers\atmeltpm.sys
    3S BthEnum (Bluetooth Request Block Driver) - C:\WINDOWS\system32\drivers\BthEnum.sys
    3S BthPan (Bluetooth Device (Personal Area Network)) - C:\WINDOWS\system32\drivers\bthpan.sys
    3S BTHPORT (Bluetooth Port Driver) - C:\WINDOWS\system32\drivers\bthport.sys
    3S BTHUSB (Bluetooth Radio USB Driver) - C:\WINDOWS\system32\drivers\BTHUSB.SYS
    3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\CCDECODE.sys
    3S CVirtA (Cisco Systems VPN Adapter) - C:\WINDOWS\system32\drivers\CVirtA.sys
    0R d347bus - C:\WINDOWS\system32\drivers\d347bus.sys
    0R d347prt - C:\WINDOWS\system32\drivers\d347prt.sys
    2R DLABOIOM - C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    1R DLACDBHM - C:\WINDOWS\system32\drivers\DLACDBHM.SYS
    2R DLADResN - C:\WINDOWS\system32\DLA\DLADResN.SYS
    2R DLAIFS_M - C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    2R DLAOPIOM - C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    2R DLAPoolM - C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    1R DLARTL_N - C:\WINDOWS\system32\drivers\DLARTL_N.SYS
    2R DLAUDFAM - C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    2R DLAUDF_M - C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    0R DRVMCDB - C:\WINDOWS\system32\drivers\DRVMCDB.SYS
    2R DRVNDDM - C:\WINDOWS\system32\drivers\DRVNDDM.SYS
    3R e1express (Intel(R) PRO/1000 PCI Express Network Connection Driver) - C:\WINDOWS\system32\drivers\e1e5132.sys
    2R hcmon (VMware hcmon) - C:\WINDOWS\system32\drivers\hcmon.sys
    3R HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys
    3R HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
    3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\system32\drivers\HPZid412.sys
    3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\system32\drivers\HPZipr12.sys
    3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\system32\drivers\HPZius12.sys
    3R HSF_DPV - C:\WINDOWS\system32\drivers\hsx_dpv.sys
    3R HSXHWAZL - C:\WINDOWS\system32\drivers\hsxhwazl.sys
    0R iaStor (Intel AHCI Controller) - C:\WINDOWS\system32\drivers\iaStor.sys
    3R IBMPMDRV - C:\WINDOWS\system32\drivers\ibmpmdrv.sys
    1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
    2R irda (IrDA Protocol) - C:\WINDOWS\system32\drivers\irda.sys
    1S kbdhid (Keyboard HID Driver) - C:\WINDOWS\system32\drivers\kbdhid.sys
    2R lirsgt - C:\WINDOWS\system32\drivers\lirsgt.sys
    3S Lvckap (Logitech Kernel Audio Processing Filter Driver) - C:\WINDOWS\system32\drivers\Lvckap.sys
    3S lvmvdrv (Logitech Machine Vision Engine Loader) - C:\WINDOWS\system32\drivers\LVMVdrv.sys
    3R LVPrcMon (Logitech LVPrcMon Driver) - C:\WINDOWS\system32\drivers\LVPrcMon.sys
    3S LVUSBSta (Logitech USB Monitor Filter) - C:\WINDOWS\system32\drivers\LVUSBSta.sys
    2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys
    3R mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
    3S MSIRCOMM (Microsoft IR Communications Driver) - C:\WINDOWS\system32\drivers\MSIRCOMM.sys
    3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\MSTEE.sys
    3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\NABTSFEC.sys
    3R NaiAvFilter1 - C:\WINDOWS\system32\drivers
    aiavf5x.sys
    1R NaiAvTdi1 - C:\WINDOWS\system32\drivers\mvstdi5x.sys
    3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\NdisIP.sys
    3S nm (Network Monitor Driver) - C:\WINDOWS\system32\drivers
    mnt.sys
    3S NSCIRDA (NSC Infrared Device Driver) - C:\WINDOWS\system32\drivers
    scirda.sys
    3R pcouffin (Low level access layer for CD devices) - C:\WINDOWS\system32\drivers\Pcouffin.sys
    3S pepifilter (Volume Adapter) - C:\WINDOWS\system32\drivers\lv302af.sys
    3S PID_08A0 (QuickCam IM(PID_08A0)) - C:\WINDOWS\system32\drivers\LV302AV.SYS
    1R PQNTDrv - C:\WINDOWS\system32\drivers\PQNTDRV.sys
    0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
    3R Rasirda (WAN Miniport (IrDA)) - C:\WINDOWS\system32\drivers\rasirda.sys
    3S RFCOMM (Bluetooth Device (RFCOMM Protocol TDI)) - C:\WINDOWS\system32\drivers\rfcomm.sys
    0R sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - C:\WINDOWS\system32\drivers\sfdrv01.sys
    0R sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - C:\WINDOWS\system32\drivers\sfhlp02.sys
    0R sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - C:\WINDOWS\system32\drivers\sfsync02.sys
    0R sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - C:\WINDOWS\system32\drivers\sfvfs02.sys
    1R ShockMgr - C:\WINDOWS\system32\drivers\ShockMgr.sys
    0R Shockprf - C:\WINDOWS\system32\drivers\shockprf.sys
    3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\SLIP.sys
    1R Smapint - C:\WINDOWS\system32\drivers\SMAPINT.SYS
    3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\StreamIP.sys
    3R SynTP (Synaptics TouchPad Driver) - C:\WINDOWS\system32\drivers\SynTP.sys
    1R TDSMAPI - C:\WINDOWS\system32\drivers\TDSMAPI.SYS
    1R TPHKDRV - C:\WINDOWS\system32\drivers\TPHKDRV.sys
    1R TPPWRIF - C:\WINDOWS\system32\drivers\TPPWRIF.SYS
    1R TSMAPIP - C:\WINDOWS\system32\drivers\TSMAPIP.SYS
    3S usbaudio (USB Audio Driver (WDM)) - C:\WINDOWS\system32\drivers\USBAUDIO.sys
    3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
    3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
    3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
    3S usbstor (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys
    3R VMnetAdapter (VMware Virtual Ethernet Adapter Driver) - C:\WINDOWS\system32\drivers\vmnetadapter.sys
    2R VMnetBridge (VMware Bridge Protocol) - C:\WINDOWS\system32\drivers\vmnetbridge.sys
    2R VMnetuserif (VMware Network Application Interface) - C:\WINDOWS\system32\drivers\vmnetuserif.sys
    2R vmx86 (VMware vmx86) - C:\WINDOWS\system32\drivers\vmx86.sys
    2R vstor2 (Vstor2 Virtual Storage Driver) - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys
    3R winachsf - C:\WINDOWS\system32\drivers\hsx_cnxt.sys
    3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\WSTCODEC.SYS
    3R EntDrv51 - C:\WINDOWS\system32\drivers\EntDrv51.sys


    – Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ———————

    3S ACS (ACU Configuration Service) - C:\WINDOWS\system32\acs.exe
    3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    2R Ati HotKey Poller - C:\WINDOWS\system32\Ati2evxx.exe
    2R BthServ (Bluetooth Support Service) - C:\WINDOWS\system32\svchost.exe -k bthsvcs
    3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    3S gusvc (Google Updater Service) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
    2R IBMPMSVC (ThinkPad PM Service) - C:\WINDOWS\system32\ibmpmsvc.exe
    3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
    2R Irmon (Infrared Monitor) - C:\WINDOWS\system32\svchost.exe -k netsvcs
    2R LVPrcSrv (Logitech Process Monitor) - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    2R McAfeeFramework (McAfee Framework Service) - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart
    2R McShield (Network Associates McShield) - "C:\Program Files\Network Associates\VirusScan\Mcshield.exe"
    2R McTaskManager (Network Associates Task Manager) - "C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"
    3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
    2S Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe
    2R TPHDEXLGSVC (ThinkPad HDD APS Logging Service) - System32\TPHDEXLG.EXE
    2R TpKmpSVC (IBM KCU Service) - C:\WINDOWS\system32\TpKmpSVC.exe
    2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
    2R VMAuthdService (VMware Authorization Service) - C:\Program Files\VMware\VMware Player\vmware-authd.exe
    2R VMnetDHCP (VMware DHCP Service) - C:\WINDOWS\system32\vmnetdhcp.exe
    2R vmount2 (VMware Virtual Mount Manager Extended) - "C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe"
    2R VMware NAT Service - C:\WINDOWS\system32\vmnat.exe
    3S WMConnectCDS (Windows Media Connect Service) - C:\Program Files\Windows Media Connect 2\wmccds.exe


    – Scheduled Tasks ————————————————————–

    2007-02-25 17:34:00 284 –a—— C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>


    – Files created between 2007-02-02 and 2007-03-02 ——————————

    2007-03-01 14:58:30 1047821 –a—— C:\Patch.exe
    2007-03-01 11:44:23 0 d——– C:\VundoFix Backups<VUNDOF~1>
    2007-02-28 10:25:29 24576 –a—— C:\WINDOWS\system32\TTIC32.dll
    2007-02-28 10:25:29 24576 –a—— C:\WINDOWS\system32\TTI32.dll
    2007-02-28 10:25:29 32768 –a—— C:\WINDOWS\system32\STRING32.dll
    2007-02-28 10:25:29 430080 –a—— C:\WINDOWS\system32\MXRestore.exe<MXREST~1.EXE>
    2007-02-28 10:25:29 49152 –a—— C:\WINDOWS\system32\mgxasio2.dll
    2007-02-28 10:25:29 57344 –a—— C:\WINDOWS\system32\DLLTPO32.dll
    2007-02-28 10:25:29 188416 –a—— C:\WINDOWS\system32\DLLRES32.dll
    2007-02-28 10:25:29 40960 –a—— C:\WINDOWS\system32\DLLRD32.dll
    2007-02-28 10:25:29 65536 –a—— C:\WINDOWS\system32\DLLPTL32.dll
    2007-02-28 10:25:29 53248 –a—— C:\WINDOWS\system32\DLLPRJ32.dll
    2007-02-28 10:25:29 49152 –a—— C:\WINDOWS\system32\DLLPRF32.dll
    2007-02-28 10:25:29 36864 –a—— C:\WINDOWS\system32\DLLPNT32.dll
    2007-02-28 10:25:29 32768 –a—— C:\WINDOWS\system32\DLLMSC32.dll
    2007-02-28 10:25:29 24576 –a—— C:\WINDOWS\system32\DLLIX.dll
    2007-02-28 10:25:29 32768 –a—— C:\WINDOWS\system32\DLLISO32.dll
    2007-02-28 10:25:29 49152 –a—— C:\WINDOWS\system32\DLLIO32.dll
    2007-02-28 10:25:29 45056 –a—— C:\WINDOWS\system32\DLLIMG32.dll
    2007-02-28 10:25:29 151552 –a—— C:\WINDOWS\system32\DLLDRV32.dll
    2007-02-28 10:25:28 32768 –a—— C:\WINDOWS\system32\DLLDIR32.dll
    2007-02-28 10:25:28 163840 –a—— C:\WINDOWS\system32\DLLDEV32.dll
    2007-02-28 10:25:28 94208 –a—— C:\WINDOWS\system32\DLLCPY32.dll
    2007-02-28 10:25:28 61440 –a—— C:\WINDOWS\system32\DLLCDF32.dll
    2007-02-28 10:25:28 114688 –a—— C:\WINDOWS\system32\DLLCDA32.dll
    2007-02-28 10:25:28 462848 –a—— C:\WINDOWS\system32\DLLAV32.dll
    2007-02-28 10:25:27 0 d——– C:\Program Files\Common Files\MAGIX Shared<MAGIXS~1>
    2007-02-28 10:20:44 0 d——– C:\MAGIX
    2007-02-28 10:20:43 1089536 –a—— C:\WINDOWS\system32\ROBOEX32.DLL
    2007-02-28 10:20:43 85504 –a—— C:\WINDOWS\system32\HtmlWH.dll
    2007-02-28 10:19:59 643072 –a—— C:\WINDOWS\system32\mgxoschk.dll
    2007-02-28 10:19:59 0 d——– C:\WINDOWS\system32\MAGIX
    2007-02-28 08:16:52 0 d——– C:\Program Files\VSAdd-in
    2007-02-28 08:15:57 212480 –a—— C:\WINDOWS\system32\PCDLIB32.DLL
    2007-02-28 08:15:57 41472 –a—— C:\WINDOWS\system32\lttwn12n.dll
    2007-02-28 08:15:57 406016 –a—— C:\WINDOWS\system32\ltkrn12n.dll
    2007-02-28 08:15:57 166400 –a—— C:\WINDOWS\system32\ltimg12n.dll
    2007-02-28 08:15:57 146944 –a—— C:\WINDOWS\system32\ltfil12n.DLL
    2007-02-28 08:15:57 227840 –a—— C:\WINDOWS\system32\ltefx12n.dll
    2007-02-28 08:15:57 313344 –a—— C:\WINDOWS\system32\ltdlg12n.dll
    2007-02-28 08:15:57 278528 –a—— C:\WINDOWS\system32\LTDIS12n.dll
    2007-02-28 08:15:57 753152 –a—— C:\WINDOWS\system32\ltann12n.dll
    2007-02-28 08:15:57 1496064 –a—— C:\WINDOWS\system32\cc3250mt.dll
    2007-02-28 08:15:57 22016 –a—— C:\WINDOWS\system32\borlndmm.dll
    2007-02-28 08:15:56 32768 –a—— C:\WINDOWS\system32\lfxwd12n.dll
    2007-02-28 08:15:56 62976 –a—— C:\WINDOWS\system32\lfXpm12n.dll
    2007-02-28 08:15:56 45568 –a—— C:\WINDOWS\system32\lfXbm12n.dll
    2007-02-28 08:15:56 27648 –a—— C:\WINDOWS\system32\lfwpg12n.dll
    2007-02-28 08:15:56 59392 –a—— C:\WINDOWS\system32\Lfwmf12n.dll
    2007-02-28 08:15:56 27136 –a—— C:\WINDOWS\system32\lfwfx12n.dll
    2007-02-28 08:15:56 190464 –a—— C:\WINDOWS\system32\lftif12n.dll
    2007-02-28 08:15:56 27648 –a—— C:\WINDOWS\system32\lftga12n.dll
    2007-02-28 08:15:56 26112 –a—— C:\WINDOWS\system32\lfras12n.dll
    2007-02-28 08:15:56 56320 –a—— C:\WINDOWS\system32\lfpsd12n.dll
    2007-02-28 08:15:56 48640 –a—— C:\WINDOWS\system32\LFPNM12n.dll
    2007-02-28 08:15:56 164352 –a—— C:\WINDOWS\system32\Lfpng12n.dll
    2007-02-28 08:15:56 79360 –a—— C:\WINDOWS\system32\Lfplt12n.dll
    2007-02-28 08:15:56 168960 –a—— C:\WINDOWS\system32\lfpdf12n.dll
    2007-02-28 08:15:56 33280 –a—— C:\WINDOWS\system32\lfpcx12n.dll
    2007-02-28 08:15:56 71680 –a—— C:\WINDOWS\system32\Lfpct12n.dll
    2007-02-28 08:15:56 26112 –a—— C:\WINDOWS\system32\lfpcd12n.dll
    2007-02-28 08:15:56 26112 –a—— C:\WINDOWS\system32\lfmsp12n.dll
    2007-02-28 08:15:56 26112 –a—— C:\WINDOWS\system32\lfmac12n.dll
    2007-02-28 08:15:56 32256 –a—— C:\WINDOWS\system32\lflmb12n.dll
    2007-02-28 08:15:56 35840 –a—— C:\WINDOWS\system32\lflma12n.dll
    2007-02-28 08:15:56 118784 –a—— C:\WINDOWS\system32\lfkodak.dll
    2007-02-28 08:15:56 109568 –a—— C:\WINDOWS\system32\lfjbg12n.dll
    2007-02-28 08:15:56 26112 –a—— C:\WINDOWS\system32\lfitg12n.dll
    2007-02-28 08:15:56 27648 –a—— C:\WINDOWS\system32\lfimg12n.dll
    2007-02-28 08:15:56 33792 –a—— C:\WINDOWS\system32\lfiff12n.dll
    2007-02-28 08:15:56 61440 –a—— C:\WINDOWS\system32\lfica12n.dll
    2007-02-28 08:15:56 43008 –a—— C:\WINDOWS\system32\lfgif12n.dll
    2007-02-28 08:15:56 338944 –a—— C:\WINDOWS\system32\lffpx7.dll
    2007-02-28 08:15:56 100352 –a—— C:\WINDOWS\system32\lffpx12n.dll
    2007-02-28 08:15:56 46080 –a—— C:\WINDOWS\system32\lfflc12n.dll
    2007-02-28 08:15:56 78336 –a—— C:\WINDOWS\system32\lffax12n.dll
    2007-02-28 08:15:56 57344 –a—— C:\WINDOWS\system32\lfeps12n.dll
    2007-02-28 08:15:56 132608 –a—— C:\WINDOWS\system32\Lfdxf12n.dll
    2007-02-28 08:15:56 86016 –a—— C:\WINDOWS\system32\lfdwg12N.dll
    2007-02-28 08:15:56 65536 –a—— C:\WINDOWS\system32\Lfdrw12n.dll
    2007-02-28 08:15:56 67072 –a—— C:\WINDOWS\system32\Lfdgn12n.dll
    2007-02-28 08:15:56 27648 –a—— C:\WINDOWS\system32\lfCUT12n.dll
    2007-02-28 08:15:55 313856 –a—— C:\WINDOWS\system32\LFCMP12n.DLL
    2007-02-28 08:15:55 28160 –a—— C:\WINDOWS\system32\lfclp12n.dll
    2007-02-28 08:15:55 66048 –a—— C:\WINDOWS\system32\Lfcgm12n.dll
    2007-02-28 08:15:55 35840 –a—— C:\WINDOWS\system32\lfcal12n.dll
    2007-02-28 08:15:55 37376 –a—— C:\WINDOWS\system32\lfbmp12n.dll
    2007-02-28 08:15:55 25600 –a—— C:\WINDOWS\system32\lfavi12n.dll
    2007-02-28 08:15:55 32256 –a—— C:\WINDOWS\system32\lfani12n.dll
    2007-02-28 08:15:51 630784 –a—— C:\WINDOWS\system32\DXErr9ab.dll
    2007-02-28 08:15:51 1540096 –a—— C:\WINDOWS\system32\D3DX9ab.dll
    2007-02-28 08:15:50 0 d——– C:\Program Files\PCzapper
    2007-02-28 08:11:17 26637 —hs—- C:\WINDOWS\system32\hgghgeb.dll
    2007-02-27 12:43:24 0 d——– C:\Program Files\SequoiaView<SEQUOI~1>
    2007-02-26 12:47:13 0 d——– C:\Documents and Settings\s060366\Application Data\Opera
    2007-02-26 12:47:02 0 d——– C:\Program Files\Opera
    2007-02-21 10:26:10 0 d——– C:\Program Files\BitComet
    2007-02-18 12:03:05 47360 –a—— C:\WINDOWS\system32\drivers\Pcouffin.sys
    2007-02-15 16:38:49 0 d——– C:\Program Files\Common Files\Java
    2007-02-15 13:32:07 0 d——– C:\Documents and Settings\All Users\Application Data\SecTaskMan<SECTAS~1>
    2007-02-15 13:10:25 16896 –a—— C:\WINDOWS\inetloader.dll<INETLO~1.DLL>
    2007-02-14 16:32:43 47360 –a—— C:\Documents and Settings\s060366\Application Data\pcouffin.sys
    2007-02-14 16:32:43 87608 –a—— C:\Documents and Settings\s060366\Application Data\ezpinst.exe
    2007-02-14 16:32:42 0 d——– C:\Documents and Settings\s060366\Application Data\Vso
    2007-02-14 16:32:37 0 d——– C:\Program Files\vso
    2007-02-14 16:21:17 0 d——– C:\Documents and Settings\s060366\Application Data\Notepad++<NOTEPA~1>
    2007-02-14 16:21:15 0 d——– C:\Program Files\Notepad++<NOTEPA~1>
    2007-02-13 08:54:27 0 d——– C:\Program Files\Practicum Processor Software V1.1<PRACTI~1.1>
    2007-02-11 11:23:00 22016 –a—— C:\WINDOWS\system32\drivers\MSIRCOMM.sys
    2007-02-07 09:28:16 0 d——– C:\Downloads<DOWNLO~1>
    2007-02-06 10:54:26 0 d——– C:\Documents and Settings\s060366\Application Data\GlarySoft<GLARYS~1>
    2007-02-06 10:52:21 0 d——– C:\Program Files\Registry Repair<REGIST~1>
    2007-02-06 10:16:36 47854 –a—— C:\WINDOWS\system32\drivers\FDCDNT.SYS
    2007-02-06 10:16:36 0 d–h—– C:\WINDOWS\ffpext
    2007-02-05 08:29:36 0 d——– C:\quarantine<QUARAN~1>


    – Find3M Report —————————————————————-

    2007-03-01 13:51:49 0 d——– C:\Documents and Settings\s060366\Application Data\WinEdt
    2007-03-01 11:38:36 0 d——– C:\Program Files\Winamp
    2007-02-28 22:38:22 12 –a—— C:\WINDOWS\bthservsdp.dat<BTHSER~1.DAT>
    2007-02-28 14:03:27 0 d——– C:\Program Files\PCSX2 0.9 R3<PCSX20~1.9R3>
    2007-02-28 14:03:27 0 d——– C:\Program Files\Mozilla Firefox<MOZILL~1>
    2007-02-28 14:03:26 0 d——– C:\Documents and Settings\s060366\Application Data\CoreFTP
    2007-02-28 10:39:45 0 d——– C:\Program Files\Common Files\Autodesk Shared<AUTODE~1>
    2007-02-15 16:38:49 0 d——– C:\Program Files\Java
    2007-02-15 16:29:11 0 d——– C:\Program Files\Logitech
    2007-02-14 16:40:24 33 –a—— C:\Documents and Settings\s060366\Application Data\pcouffin.log
    2007-02-14 16:40:23 1144 –a—— C:\Documents and Settings\s060366\Application Data\pcouffin.inf
    2007-02-14 16:40:23 1074 –a—— C:\Documents and Settings\s060366\Application Data\pcouffin.cat
    2007-02-12 13:08:19 0 d–h—– C:\Program Files\InstallShield Installation Information<INSTAL~1>
    2007-02-06 21:02:01 0 d——– C:\Program Files\EA SPORTS<EASPOR~1>
    2007-02-06 10:57:40 0 d——– C:\Program Files\IDaSS
    2007-02-06 10:57:39 0 d——– C:\Program Files\Darts Score<DARTSS~1>
    2007-02-01 17:34:05 0 d——– C:\Program Files\LB Planning Assistent<LBPLAN~1>
    2007-01-29 09:58:06 60416 —–n— C:\WINDOWS\system32\tzchange.exe
    2007-01-28 12:30:44 0 d——– C:\Program Files\Activision<ACTIVI~1>
    2007-01-26 10:00:24 0 d——– C:\Program Files\Ubisoft
    2007-01-26 09:56:39 0 d——– C:\Program Files\Google
    2007-01-25 23:22:30 0 d——– C:\Program Files\Pcsx2
    2007-01-16 13:40:06 0 d——– C:\Program Files\plugins
    2007-01-16 13:40:06 0 d——– C:\Documents and Settings\s060366\Application Data\Macromedia<MACROM~1>
    2007-01-15 13:23:23 0 d——– C:\Program Files\Tracker Software<TRACKE~1>
    2007-01-14 20:56:05 8192 –a—— C:\WINDOWS\d3dx.dat
    2007-01-14 20:48:11 0 d——– C:\Program Files\illusion
    2007-01-14 17:34:57 0 d——– C:\Program Files\Apple Software Update<APPLES~1>
    2007-01-12 09:27:42 232960 –a—— C:\WINDOWS\system32\webcheck.dll
    2007-01-12 09:27:42 51712 —–n— C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
    2007-01-12 09:27:42 458752 –a—— C:\WINDOWS\system32\msfeeds.dll
    2007-01-12 09:27:42 6054400 –a—— C:\WINDOWS\system32\ieframe.dll
    2007-01-09 10:02:00 0 d——– C:\Program Files\ConTEXT
    2007-01-08 19:04:54 105984 –a—— C:\WINDOWS\system32\url.dll
    2007-01-08 19:04:08 102400 –a—— C:\WINDOWS\system32\occache.dll
    2007-01-08 19:02:04 266752 –a—— C:\WINDOWS\system32\iertutil.dll
    2007-01-08 19:02:04 44544 –a—— C:\WINDOWS\system32\iernonce.dll
    2007-01-08 19:02:02 384000 –a—— C:\WINDOWS\system32\iedkcs32.dll
    2007-01-08 19:02:02 383488 –a—— C:\WINDOWS\system32\ieapfltr.dll
    2007-01-08 19:02:02 161792 –a—— C:\WINDOWS\system32\ieakui.dll
    2007-01-08 19:02:02 230400 –a—— C:\WINDOWS\system32\ieaksie.dll
    2007-01-08 19:02:02 153088 –a—— C:\WINDOWS\system32\ieakeng.dll
    2007-01-08 19:01:14 17408 –a—— C:\WINDOWS\system32\corpol.dll
    2007-01-08 19:00:48 124928 –a—— C:\WINDOWS\system32\advpack.dll
    2007-01-08 18:08:14 56832 –a—— C:\WINDOWS\system32\ie4uinit.exe
    2007-01-08 18:08:10 13824 –a—— C:\WINDOWS\system32\ieudinit.exe
    2007-01-07 17:16:51 0 d——– C:\Documents and Settings\s060366\Application Data\Real
    2007-01-03 10:51:24 0 d——– C:\Documents and Settings\s060366\Application Data\Media Player Classic<MEDIAP~1>
    2006-12-27 16:49:55 128189 –a—— C:\WINDOWS\HPHins12.dat
    2006-12-26 15:43:32 960 –a—— C:\Program Files\updates.xml
    2006-12-26 15:43:32 57 –a—— C:\Program Files\active-update.xml<ACTIVE~1.XML>
    2006-12-26 15:43:28 6768 –a—— C:\Program Files\xpistub.dll
    2006-12-26 15:43:28 63606 –a—— C:\Program Files\xpicleanup.exe<XPICLE~1.EXE>
    2006-12-26 15:43:28 400496 –a—— C:\Program Files\xpcom_core.dll<XPCOM_~2.DLL>
    2006-12-26 15:43:28 7786 –a—— C:\Program Files\xpcom.dll
    2006-12-26 15:43:27 68213 –a—— C:\Program Files\xpcom_compat.dll<XPCOM_~1.DLL>
    2006-12-26 15:43:27 123524 –a—— C:\Program Files\updater.exe
    2006-12-26 15:43:26 7841390 –a—— C:\Program Files\thunderbird.exe<THUNDE~1.EXE>
    2006-12-26 15:43:25 110694 –a—— C:\Program Files\ssl3.dll
    2006-12-26 15:43:25 364654 –a—— C:\Program Files\softokn3.dll
    2006-12-26 15:43:24 106602 –a—— C:\Program Files\smime3.dll
    2006-12-26 15:43:24 24686 –a—— C:\Program Files\plds4.dll
    2006-12-26 15:43:24 28787 –a—— C:\Program Files\plc4.dll
    2006-12-26 15:43:24 237677 –a—— C:\Program Files
    ssckbi.dll
    2006-12-26 15:43:24 364646 –a—— C:\Program Files
    ss3.dll
    2006-12-26 15:43:24 155758 –a—— C:\Program Files
    spr4.dll
    2006-12-26 15:43:24 24720 –a—— C:\Program Files
    sldappr32v50.dll<NSLDAP~2.DLL>
    2006-12-26 15:43:24 139404 –a—— C:\Program Files
    sldap32v50.dll<NSLDAP~1.DLL>
    2006-12-26 15:43:24 6265 –a—— C:\Program Files\mozMapi32.dll<MOZMAP~1.DLL>
    2006-12-26 15:43:24 18048 –a—— C:\Program Files\MapiProxy.dll<MAPIPR~1.DLL>
    2006-12-26 15:43:24 420967 –a—— C:\Program Files\js3250.dll
    2006-12-26 15:43:20 8322 –a—— C:\Program Files\AccessibleMarshal.dll<ACCESS~1.DLL>
    2006-12-19 22:52:18 134656 –a—— C:\WINDOWS\system32\shsvcs.dll
    2006-12-19 19:16:47 333824 –a—— C:\WINDOWS\system32\wiaservc.dll
    2006-12-11 00:12:26 5120 –a—— C:\WINDOWS\system32\ff_vfw.dll
    2006-12-07 06:29:34 2374472 –a—— C:\WINDOWS\system32\wmvcore.dll
    2006-12-06 10:36:48 1834 –a—— C:\Documents and Settings\s060366\Application Data\SAS7_000.DAT


    – Registry Dump —————————————————————-


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "pdfSaver3"="\"C:\\Program Files\\Tracker Software\\PDF-XChange 3\\pdfSaver\\pdfSaver3.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
    "LogitechVideo[inspector]"="C:\\Program Files\\Logitech\\Video\\InstallHelper.exe /inspect"
    "ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
    "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
    "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "LogitechCameraAssistant"="C:\\Program Files\\Logitech\\Video\\CameraAssistant.exe"
    "LogitechCameraService(E)"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation"
    "MMReminderService"="C:\\Program Files\\Mindjet\\MindManager 6\\MMReminderService.exe"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{C47A9554-195A-4769-9B13-04F15B450A39}"=""

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "disablecad"=dword:00000000

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\hgghgeb
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\tpfnf2
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\tphotkey

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    bthsvcs REG_MULTI_SZ BthServ\0\0


    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5888cca-61ba-11db-b303-005056c00008}]
    Shell\AutoRun\command G:\Autorun.exe
    *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ENTDRV51


    – End of ComboScan: finished at 2007-03-02 at 12:08:58 ————————-
  • [b:d9b975efb0]Download[/b:d9b975efb0] [b:d9b975efb0]The Avenger[/color:d9b975efb0][/b:d9b975efb0] naar je [b:d9b975efb0]Bureaublad[/b:d9b975efb0].[list:d9b975efb0]
    [*:d9b975efb0]Klik op Avenger.zip om het uit te pakken naar je bureaublad
    [/list:u:d9b975efb0][b:d9b975efb0]Start The Avenger [/b:d9b975efb0] door op het icoontje met het zwaard te dubbelklikken.[list:d9b975efb0]
    [*:d9b975efb0] Onder "[b:d9b975efb0]Script file to execute[/b:d9b975efb0]" kies "[b:d9b975efb0]Input Script Manually[/b:d9b975efb0]".
    [*:d9b975efb0]Klik op het [b:d9b975efb0]vergrootglas icoontje[/b:d9b975efb0]; een nieuw venster zal openen met de naam "[b:d9b975efb0]View/edit script[/b:d9b975efb0]"
    [*:d9b975efb0] Kopieer en plak het volgende blauw vetgedrukte erin:
    [b:d9b975efb0]

    Files to delete:
    C:\WINDOWS\system32\hgghgeb.dll
    C:\WINDOWS\inetloader.dll

    Folders to delete:
    C:\Documents and Settings\All Users\Application Data\SecTaskMan
    C:\Program Files\VSAdd-in

    Registry keys to delete:
    HKLM\software\microsoft\windows nt\currentversion\winlogon
    otify\hgghgeb

    [/b:d9b975efb0][/color:d9b975efb0]
    [*:d9b975efb0] Klik [b:d9b975efb0]Done[/b:d9b975efb0]
    [*:d9b975efb0] Daarna klik op het [b:d9b975efb0]Groen verkeerslicht[/color:d9b975efb0][/b:d9b975efb0] om het script uit te voeren
    [*:d9b975efb0] Antwoord "[b:d9b975efb0]Yes/Ja[/b:d9b975efb0]" wanneer daarnaar gevraagd wordt.
    [/list:u:d9b975efb0][b:d9b975efb0]The Avenger zal daarna het volgende doen[/b:d9b975efb0]:[list:d9b975efb0]
    [*:d9b975efb0] [b:d9b975efb0][u:d9b975efb0]Uw computer herstarten[/u:d9b975efb0][/b:d9b975efb0].
    [*:d9b975efb0] Na herstart, zal het vlug een zwart [b:d9b975efb0]command window[/b:d9b975efb0] openen. Dit is normaal.
    [*:d9b975efb0] Na herstart, zal het een [b:d9b975efb0][u:d9b975efb0]log maken[/u:d9b975efb0][/b:d9b975efb0] die zal openen met de resultaten van The Avenger. Dit log zal te vinden zijn op [b:d9b975efb0]C:\avenger.txt[/b:d9b975efb0]
    [*:d9b975efb0] The Avenger maakt ook [b:d9b975efb0][u:d9b975efb0]backups[/u:d9b975efb0][/b:d9b975efb0] aan met alle bestanden, etc., die eerder werden verwijderd door The Avenger, deze backups bevinden zich op volgende plaats: [b:d9b975efb0]C:\avenger\backup.zip[/b:d9b975efb0].
    [/list:u:d9b975efb0][b:d9b975efb0]Kopieer en plak[/b:d9b975efb0] de inhoud van [b:d9b975efb0]avenger.txt[/b:d9b975efb0] in je volgende bericht en post ook een nieuw logje van HijackThis.

    Groeten smeenk ;)
  • Hier is het logje van the avenger:

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\bi^ksary

    *******************

    Script file located at: \??\C:\Program Files\tlqbaoet.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File C:\WINDOWS\system32\hgghgeb.dll deleted successfully.


    File C:\WINDOWS\inetloader.dll not found!
    Deletion of file C:\WINDOWS\inetloader.dll failed!

    Could not process line:
    C:\WINDOWS\inetloader.dll
    Status: 0xc0000034

    Folder C:\Documents and Settings\All Users\Application Data\SecTaskMan deleted successfully.
    Folder C:\Program Files\VSAdd-in deleted successfully.
    Registry key HKLM\software\microsoft\windows nt\currentversion\winlogon
    otify\hgghgeb deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.

    Ik heb Spybot Search & Destroy ook nog een keer laten scannen, die heeft volgens mij Inetloader al verwijderd. Ik heb nog wel last van pop-ups, dus denk niet dat alles weg is. Hier komt HijackThis logje:

    Logfile of HijackThis v1.99.1
    Scan saved at 15:49:48, on 3-3-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\TPHDEXLG.EXE
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\VMware\VMware Player\vmware-authd.exe
    C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\PCzapper\MediaManager\pbMediaCenter.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\My Documents\HijackThis\hijackthis\HijackThis.exe
    C:\Program Files\Network Associates\VirusScan\MCUPDATE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: PCzapper Media Manager.lnk = C:\Program Files\PCzapper\MediaManager\pbMediaCenter.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.tue.nl
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151909746906
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151909978546
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = campus.tue.nl
    O17 - HKLM\Software\..\Telephony: DomainName = campus.tue.nl
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = campus.tue.nl
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
    O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
    O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
    O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
    O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.