Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

internetsnelheid naar nul!

None
12 antwoorden
  • Ik heb de laatste tijd last van een irritant en vreemd verschijnsel.
    Soms onder het downloaden van het net, klapt de snelheid ineens naar nul. Hierna kan ik niks meer downloaden en op IE krijg ik geen site meer te pakken . Niks kan worden gevonden. Op mozilla idem. Het rare is, dat de ADSL-verbinding goed is. We hebben een 2e pc via een LAN-verbinding aan de mijne hangen, en deze heeft er dan geen last van, gewoon surfen, msn-en, geen probleem. Alleen bij de mijne werkt dan het hele internet niet meer en restarten helpt ook niet. Een image van C terugzetten met norton ghost 9.0 wel. Dan draait alles weer normaal.
    Alles draait op XP pro SP1 met symantec antivirus corp.10.0, sygate firewall, spywareblaster en regelmatig scan ik de boel met ad-aware SE professional, AVG anti-spyware 7.5 en superantispyware.
    Wie weet wat dit euvel kan zijn?? Ik kan de boel wel repareren met een image, maar dit wordt wel erg hinderlijk, want het gebeurt bijna wekelijks.Graag hulp, want ik heb het nu al 2 dagen achtereen en ik word er helemaal gek van!

    Hieronder het hijack this-logfile:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:38:45, on 7-10-2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7.exe
    C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\DAP\DAP.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Editor plugin - {66CEAA7E-6FBD-4e0f-BDD2-190D5A354C99} - micropr.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtim e.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
    O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FBABE7BD-D178-4534-882C-DC515C68C2F9}: NameServer = 195.121.1.34 195.121.1.66
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Indexing-service CiSvcsdCoreService (CiSvcsdCoreService) - Unknown owner - C:\WINDOWS\System32\rt27.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: lxcf_device - - C:\WINDOWS\System32\lxcfcoms.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  • Download Combofix naar je [b:6b3da4e85c]bureaublad[/b:6b3da4e85c]

    Dubbelklik op [u:6b3da4e85c]combofix.exe[/u:6b3da4e85c]
    Kies voor "Continue" door [b:6b3da4e85c]1[/b:6b3da4e85c] te typen gevolgd door [b:6b3da4e85c]ENTER[/b:6b3da4e85c].
    Tijdens het runnen van de fix, [b:6b3da4e85c]NIET[/b:6b3da4e85c] in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log [b:6b3da4e85c]combofix.txt[/b:6b3da4e85c] openen. Bewaar dit logje.

    [i:6b3da4e85c]NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.[/i:6b3da4e85c]

    Plaats in je volgende antwoord het logje van combofix ([i:6b3da4e85c]combofix.txt[/i:6b3da4e85c]) tesamen met een vers Hijackthis log.
  • Nou, daar gaat ie dan! Eerst de logfile van combofix:

    ComboFix 07-10-09.3 - rob 2007-10-09 10:27:46.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.1.1252.1.1043.18.1591 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\rob\Bureaublad\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\drivers\services.exe

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-09-09 to 2007-10-09 ))))))))))))))))))))))))))))))
    .

    2007-10-09 10:27 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-10-07 17:38 <DIR> d——– C:\Program Files\Trend Micro
    2007-09-26 16:59 <DIR> d——– C:\Program Files\PC DUAL SHOCK
    2007-09-26 16:59 335,872 –a—— C:\WINDOWS\Property.exe
    2007-09-26 16:59 291,840 –a—— C:\WINDOWS\FCVAP64.dll
    2007-09-26 16:59 155,712 –a—— C:\WINDOWS\GetWinVer.exe
    2007-09-26 16:59 145,408 –a—— C:\WINDOWS\setreg.exe
    2007-09-26 16:59 86,016 –a—— C:\WINDOWS\EZFRD64.dll
    2007-09-12 23:08 <DIR> d——– C:\Documents and Settings\rob\Application Data\dvdcss
    2007-09-09 19:23 30,720 –a—— C:\WINDOWS\EWhiteu12.dat
    2007-09-09 19:23 30,720 –a—— C:\WINDOWS\EDarku12.dat
    2007-09-09 19:23 6 –a—— C:\WINDOWS\EExpou.dat
    2007-09-09 19:23 4 –a—— C:\WINDOWS\AErroru3.dat
    2007-09-09 19:23 3 –a—— C:\WINDOWS\EOffsetu.dat
    2007-09-09 19:23 3 –a—— C:\WINDOWS\EGain6.dat
    2007-09-09 15:37 <DIR> d——– C:\Program Files\SUPERAntiSpyware
    2007-09-09 15:37 <DIR> d——– C:\Documents and Settings\rob\Application Data\SUPERAntiSpyware.com
    2007-09-09 15:37 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-09 08:17 ——— d—–w C:\Documents and Settings\rob\Application Data\MailWasherPro
    2007-10-09 08:16 ——— d—–w C:\Program Files\Symantec AntiVirus
    2007-10-08 16:48 ——— d—–w C:\Program Files\DOSBox-0.70
    2007-10-07 15:51 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-07 15:35 ——— d—–w C:\Program Files\SpywareBlaster
    2007-09-26 21:05 ——— d—–w C:\Program Files\RegClean
    2007-09-26 19:19 ——— d—–w C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-09-26 14:59 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-09-25 18:06 ——— d—–w C:\Program Files\Lx_cats
    2007-09-09 13:37 ——— d—–w C:\Program Files\Common Files\Wise Installation Wizard
    2007-09-08 14:46 ——— d—–w C:\Program Files\IrfanView
    2007-09-08 13:25 ——— d—–w C:\Program Files\Free CD-DA Extractor 4.8
    2007-08-29 16:15 ——— d—–w C:\Documents and Settings\rob\Application Data\Lavasoft
    2007-08-29 16:14 ——— d—–w C:\Program Files\Lavasoft
    2007-08-20 19:56 ——— d—–w C:\Program Files\DAP
    2007-08-20 15:30 ——— d—–w C:\Documents and Settings\All Users\Application Data\PC Tools
    2007-08-20 15:15 ——— d—–w C:\Documents and Settings\rob\Application Data\PC Tools
    2007-08-04 00:59 47,580 —-a-w C:\WINDOWS\system32\rt27.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 C:\WINDOWS\system32\HdAShCut.exe]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 10:00]
    "SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 11:02]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 09:21]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 19:27]
    "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-04-26 02:37]
    "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 20:40]
    "@"="" []
    "LXCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 19:47]
    "AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe" [2006-10-23 21:28]
    "AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe" [2006-10-30 16:07]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 21:05]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "RegisterDropHandler"=C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoUserNameInStartMenu"=01000000

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
    backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ScanPanel.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ScanPanel.lnk
    backup=C:\WINDOWS\pss\ScanPanel.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^rob^Menu Start^Programma's^Opstarten^Microsoft Office Snelzoeken.lnk]
    path=C:\Documents and Settings\rob\Menu Start\Programma's\Opstarten\Microsoft Office Snelzoeken.lnk
    backup=C:\WINDOWS\pss\Microsoft Office Snelzoeken.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^rob^Menu Start^Programma's^Opstarten^Office Opstarten.lnk]
    path=C:\Documents and Settings\rob\Menu Start\Programma's\Opstarten\Office Opstarten.lnk
    backup=C:\WINDOWS\pss\Office Opstarten.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^rob^Menu Start^Programma's^Opstarten^reminder-ScanSoft Product Registration.lnk]
    path=C:\Documents and Settings\rob\Menu Start\Programma's\Opstarten\reminder-ScanSoft Product Registration.lnk
    backup=C:\WINDOWS\pss\reminder-ScanSoft Product Registration.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
    C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
    "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
    "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    C:\WINDOWS\System32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]
    C:\Program Files\GameFace Messenger\GameFace.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
    C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\System32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
    C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
    wiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
    C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
    "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
    "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    R0 PQV2i;PQV2i;C:\WINDOWS\System32\drivers\PQV2i.sys
    R1 PQIMount;PQIMount;C:\WINDOWS\System32\drivers\PQIMount.sys
    R2 SampleScanner;USB-Flachbettscanner;C:\WINDOWS\System32\DRIVERS\ArtecGT.sys
    R3 AEAudioService;AEAudio Service;C:\WINDOWS\System32\drivers\AEAudio.sys
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\System32\DRIVERS\atl01_xp.sys
    S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\System32\drivers\asusgsb32.sys
    S2 CiSvcsdCoreService;Indexing-service CiSvcsdCoreService;C:\WINDOWS\System32\rt27.exe srv
    S3 kbeepm;kbeepm;\??\C:\DOCUME~1\rob\LOCALS~1\Temp\kbeepm.sys
    S3 Video3D;ASUS Video3D Service;C:\WINDOWS\System32\Drivers\Video3D32.sys

    *Newly Created Service* - CATCHME
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-09 10:28:31
    Windows 5.1.2600 Service Pack 1 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    LXCFCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-10-09 10:28:45
    C:\ComboFix-quarantined-files.txt … 2007-10-09 10:28
    .
    — E O F —

    En nu de verse log van hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:30:42, on 9-10-2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
    O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FBABE7BD-D178-4534-882C-DC515C68C2F9}: NameServer = 195.121.1.34 195.121.1.66
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Indexing-service CiSvcsdCoreService (CiSvcsdCoreService) - Unknown owner - C:\WINDOWS\System32\rt27.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: lxcf_device - - C:\WINDOWS\System32\lxcfcoms.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


    End of file - 6546 bytes


  • http://www.nationaalcomputerforum.nl/showthread.php?t=31913 :roll:

    Omdat dat topic ten einde loopt zal ik hier wel een fix voor je schrijven, geef daar even aan dat je hier verder geholpen wordt geholpen.

    1. Ga naar start –> uitvoeren
    un en typ daar het volgende:
    [b:08b01b9f6e]
    sc delete CiSvcsdCoreService
    [/b:08b01b9f6e]

    Druk vervolgens op Ok. Er springt heel even een dos scherm op, dit is normaal.

    2. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:08b01b9f6e]
    File::
    C:\WINDOWS\Property.exe
    C:\WINDOWS\FCVAP64.dll
    C:\WINDOWS\GetWinVer.exe
    C:\WINDOWS\setreg.exe
    C:\WINDOWS\system32\rt27.exe
    [/b:08b01b9f6e]

    Sla dit op op je Bureaublad als [b:08b01b9f6e]CFScript.txt[/b:08b01b9f6e]

    Sleep [b:08b01b9f6e]CFScript.txt[/b:08b01b9f6e] in [b:08b01b9f6e]ComboFix.exe[/b:08b01b9f6e] zoals getoond in onderstaand voorbeeld :
    [img:08b01b9f6e]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:08b01b9f6e]

    Dit zal [b:08b01b9f6e]ComboFix[/b:08b01b9f6e] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

    Pim
  • Nou, Pim. Alles tot de letter uitgevoerd en dit is het resultaat.
    Eerst combofix:

    ComboFix 07-10-09.3 - rob 2007-10-09 12:06:39.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.1.1252.1.1043.18.1592 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\rob\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\rob\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt

    FILE::
    C:\WINDOWS\FCVAP64.dll
    C:\WINDOWS\GetWinVer.exe
    C:\WINDOWS\Property.exe
    C:\WINDOWS\setreg.exe
    C:\WINDOWS\system32\rt27.exe
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\FCVAP64.dll
    C:\WINDOWS\GetWinVer.exe
    C:\WINDOWS\Property.exe
    C:\WINDOWS\setreg.exe
    C:\WINDOWS\system32\rt27.exe

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-09-09 to 2007-10-09 ))))))))))))))))))))))))))))))
    .

    2007-10-09 10:27 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-10-07 17:38 <DIR> d——– C:\Program Files\Trend Micro
    2007-09-26 16:59 <DIR> d——– C:\Program Files\PC DUAL SHOCK
    2007-09-26 16:59 86,016 –a—— C:\WINDOWS\EZFRD64.dll
    2007-09-12 23:08 <DIR> d——– C:\Documents and Settings\rob\Application Data\dvdcss
    2007-09-09 19:23 30,720 –a—— C:\WINDOWS\EWhiteu12.dat
    2007-09-09 19:23 30,720 –a—— C:\WINDOWS\EDarku12.dat
    2007-09-09 19:23 6 –a—— C:\WINDOWS\EExpou.dat
    2007-09-09 19:23 4 –a—— C:\WINDOWS\AErroru3.dat
    2007-09-09 19:23 3 –a—— C:\WINDOWS\EOffsetu.dat
    2007-09-09 19:23 3 –a—— C:\WINDOWS\EGain6.dat
    2007-09-09 15:37 <DIR> d——– C:\Program Files\SUPERAntiSpyware
    2007-09-09 15:37 <DIR> d——– C:\Documents and Settings\rob\Application Data\SUPERAntiSpyware.com
    2007-09-09 15:37 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-09 10:07 ——— d—–w C:\Program Files\Symantec AntiVirus
    2007-10-09 09:16 ——— d—–w C:\Documents and Settings\rob\Application Data\MailWasherPro
    2007-10-08 16:48 ——— d—–w C:\Program Files\DOSBox-0.70
    2007-10-07 15:51 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-07 15:35 ——— d—–w C:\Program Files\SpywareBlaster
    2007-09-26 21:05 ——— d—–w C:\Program Files\RegClean
    2007-09-26 19:19 ——— d—–w C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-09-26 14:59 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-09-25 18:06 ——— d—–w C:\Program Files\Lx_cats
    2007-09-09 13:37 ——— d—–w C:\Program Files\Common Files\Wise Installation Wizard
    2007-09-08 14:46 ——— d—–w C:\Program Files\IrfanView
    2007-09-08 13:25 ——— d—–w C:\Program Files\Free CD-DA Extractor 4.8
    2007-08-29 16:15 ——— d—–w C:\Documents and Settings\rob\Application Data\Lavasoft
    2007-08-29 16:14 ——— d—–w C:\Program Files\Lavasoft
    2007-08-20 19:56 ——— d—–w C:\Program Files\DAP
    2007-08-20 15:30 ——— d—–w C:\Documents and Settings\All Users\Application Data\PC Tools
    2007-08-20 15:15 ——— d—–w C:\Documents and Settings\rob\Application Data\PC Tools
    .

    ((((((((((((((((((((((((((((( snapshot@2007-10-09_10.28.32,46 )))))))))))))))))))))))))))))))))))))))))
    .
    —-a-w 16,384 2007-10-09 09:59:04 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    —-a-w 32,768 2007-10-09 09:59:04 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    —-a-w 81,920 2007-10-09 09:59:04 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .
    —-a-w 16,384 2007-10-09 08:16:26 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    —-a-w 32,768 2007-10-09 08:16:26 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    —-a-w 81,920 2007-10-09 08:16:26 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "@"="" []
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 C:\WINDOWS\system32\HdAShCut.exe]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 10:00]
    "SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 11:02]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 09:21]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 19:27]
    "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-04-26 02:37]
    "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 20:40]
    "LXCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 19:47]
    "AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe" [2006-10-23 21:28]
    "AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe" [2006-10-30 16:07]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 21:05]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "RegisterDropHandler"=C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "<NO NAME>"=

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoUserNameInStartMenu"=01000000

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
    backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ScanPanel.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ScanPanel.lnk
    backup=C:\WINDOWS\pss\ScanPanel.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^rob^Menu Start^Programma's^Opstarten^Microsoft Office Snelzoeken.lnk]
    path=C:\Documents and Settings\rob\Menu Start\Programma's\Opstarten\Microsoft Office Snelzoeken.lnk
    backup=C:\WINDOWS\pss\Microsoft Office Snelzoeken.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^rob^Menu Start^Programma's^Opstarten^Office Opstarten.lnk]
    path=C:\Documents and Settings\rob\Menu Start\Programma's\Opstarten\Office Opstarten.lnk
    backup=C:\WINDOWS\pss\Office Opstarten.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^rob^Menu Start^Programma's^Opstarten^reminder-ScanSoft Product Registration.lnk]
    path=C:\Documents and Settings\rob\Menu Start\Programma's\Opstarten\reminder-ScanSoft Product Registration.lnk
    backup=C:\WINDOWS\pss\reminder-ScanSoft Product Registration.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
    C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
    "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
    "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    C:\WINDOWS\System32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]
    C:\Program Files\GameFace Messenger\GameFace.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
    C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\System32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
    C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
    wiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
    C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
    "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
    "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    R0 PQV2i;PQV2i;C:\WINDOWS\System32\drivers\PQV2i.sys
    R1 PQIMount;PQIMount;C:\WINDOWS\System32\drivers\PQIMount.sys
    R2 SampleScanner;USB-Flachbettscanner;C:\WINDOWS\System32\DRIVERS\ArtecGT.sys
    R3 AEAudioService;AEAudio Service;C:\WINDOWS\System32\drivers\AEAudio.sys
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\System32\DRIVERS\atl01_xp.sys
    S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\System32\drivers\asusgsb32.sys
    S3 kbeepm;kbeepm;\??\C:\DOCUME~1\rob\LOCALS~1\Temp\kbeepm.sys
    S3 Video3D;ASUS Video3D Service;C:\WINDOWS\System32\Drivers\Video3D32.sys

    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-09 12:09:02
    Windows 5.1.2600 Service Pack 1 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-10-09 12:09:37 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-10-09 12:09
    C:\ComboFix2.txt … 2007-10-09 10:28
    .
    — E O F —
    En nu de verse hijack this:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:12:10, on 9-10-2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
    O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FBABE7BD-D178-4534-882C-DC515C68C2F9}: NameServer = 195.121.1.34 195.121.1.66
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: lxcf_device - - C:\WINDOWS\System32\lxcfcoms.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


    End of file - 6449 bytes

    Vraag me trouwens wel af, waarom svchost.exe in hijack this driemaal voorkomt.

    Groeten, Rob.


  • [quote:233594ce90]
    Vraag me trouwens wel af, waarom svchost.exe in hijack this driemaal voorkomt.
    [/quote:233594ce90]

    Dit is normaal, lees dit eens door:
    http://www.helpmij.nl/forum/archive/index.php/t-248155.html

    Ik zie trouwens wel dat ik nog één bestandje vergeten ben met me domme kop :oops:
    Verwijder de CFscript dat nu op je bureaublad staat!

    Download ATF Cleaner ( van Atribune)

    Dubbelklik op [b:233594ce90]ATF cleaner[/b:233594ce90] om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij Select All. Haal het vinkje weg bij Prefetch.
    Klik op de knop Empty Selected.

    Gebruik je ook [b:233594ce90]Firefox[/b:233594ce90] als browser:

    Klik op tabblad "Firefox", plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit verwijdert het vinkje bij "Firefox saved passwords";)
    Klik op de knop Empty Selected.

    Gebruik je ook [b:233594ce90]Opera[/b:233594ce90] als browser:

    Klik op tabblad "Opera", plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop Empty Selected.

    Ga naar het tabblad "Main" en klik op de knop [b:233594ce90]Exit[/b:233594ce90] om het programma af te sluiten.


    Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:233594ce90]
    C:\WINDOWS\EZFRD64.dll
    [/b:233594ce90]

    Sla dit op op je Bureaublad als [b:233594ce90]CFScript.txt[/b:233594ce90]

    Sleep [b:233594ce90]CFScript.txt[/b:233594ce90] in [b:233594ce90]ComboFix.exe[/b:233594ce90] zoals getoond in onderstaand voorbeeld :
    [img:233594ce90]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:233594ce90]

    Dit zal [b:233594ce90]ComboFix[/b:233594ce90] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

    Pim
  • Nou, Pim, dev olgende stap.

    ComboFix 07-10-09.3 - rob 2007-10-09 12:57:20.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.1.1252.1.1043.18.1565 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\rob\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\rob\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-09-09 to 2007-10-09 ))))))))))))))))))))))))))))))
    .

    2007-10-09 10:27 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-10-07 17:38 <DIR> d——– C:\Program Files\Trend Micro
    2007-09-26 16:59 <DIR> d——– C:\Program Files\PC DUAL SHOCK
    2007-09-26 16:59 86,016 –a—— C:\WINDOWS\EZFRD64.dll
    2007-09-12 23:08 <DIR> d——– C:\Documents and Settings\rob\Application Data\dvdcss
    2007-09-09 19:23 30,720 –a—— C:\WINDOWS\EWhiteu12.dat
    2007-09-09 19:23 30,720 –a—— C:\WINDOWS\EDarku12.dat
    2007-09-09 19:23 6 –a—— C:\WINDOWS\EExpou.dat
    2007-09-09 19:23 4 –a—— C:\WINDOWS\AErroru3.dat
    2007-09-09 19:23 3 –a—— C:\WINDOWS\EOffsetu.dat
    2007-09-09 19:23 3 –a—— C:\WINDOWS\EGain6.dat
    2007-09-09 15:37 <DIR> d——– C:\Program Files\SUPERAntiSpyware
    2007-09-09 15:37 <DIR> d——– C:\Documents and Settings\rob\Application Data\SUPERAntiSpyware.com
    2007-09-09 15:37 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-09 10:43 ——— d—–w C:\Program Files\DOSBox-0.70
    2007-10-09 10:09 ——— d—–w C:\Program Files\Symantec AntiVirus
    2007-10-09 09:16 ——— d—–w C:\Documents and Settings\rob\Application Data\MailWasherPro
    2007-10-07 15:51 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-07 15:35 ——— d—–w C:\Program Files\SpywareBlaster
    2007-09-26 21:05 ——— d—–w C:\Program Files\RegClean
    2007-09-26 19:19 ——— d—–w C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-09-26 14:59 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-09-25 18:06 ——— d—–w C:\Program Files\Lx_cats
    2007-09-09 13:37 ——— d—–w C:\Program Files\Common Files\Wise Installation Wizard
    2007-09-08 14:46 ——— d—–w C:\Program Files\IrfanView
    2007-09-08 13:25 ——— d—–w C:\Program Files\Free CD-DA Extractor 4.8
    2007-08-29 16:15 ——— d—–w C:\Documents and Settings\rob\Application Data\Lavasoft
    2007-08-29 16:14 ——— d—–w C:\Program Files\Lavasoft
    2007-08-20 19:56 ——— d—–w C:\Program Files\DAP
    2007-08-20 15:30 ——— d—–w C:\Documents and Settings\All Users\Application Data\PC Tools
    2007-08-20 15:15 ——— d—–w C:\Documents and Settings\rob\Application Data\PC Tools
    .

    ((((((((((((((((((((((((((((( snapshot@2007-10-09_10.28.32,46 )))))))))))))))))))))))))))))))))))))))))
    .
    —-a-w 16,384 2007-10-09 10:08:44 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    —-a-w 32,768 2007-10-09 10:08:44 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    —-a-w 32,768 2007-10-09 10:08:44 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .
    —-a-w 16,384 2007-10-09 08:16:26 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    —-a-w 32,768 2007-10-09 08:16:26 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    —-a-w 81,920 2007-10-09 08:16:26 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 C:\WINDOWS\system32\HdAShCut.exe]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 10:00]
    "SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 11:02]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 09:21]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 19:27]
    "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-04-26 02:37]
    "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 20:40]
    "LXCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 19:47]
    "AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe" [2006-10-23 21:28]
    "AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe" [2006-10-30 16:07]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 21:05]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "RegisterDropHandler"=C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoUserNameInStartMenu"=01000000

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
    backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ScanPanel.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ScanPanel.lnk
    backup=C:\WINDOWS\pss\ScanPanel.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^rob^Menu Start^Programma's^Opstarten^Microsoft Office Snelzoeken.lnk]
    path=C:\Documents and Settings\rob\Menu Start\Programma's\Opstarten\Microsoft Office Snelzoeken.lnk
    backup=C:\WINDOWS\pss\Microsoft Office Snelzoeken.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^rob^Menu Start^Programma's^Opstarten^Office Opstarten.lnk]
    path=C:\Documents and Settings\rob\Menu Start\Programma's\Opstarten\Office Opstarten.lnk
    backup=C:\WINDOWS\pss\Office Opstarten.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^rob^Menu Start^Programma's^Opstarten^reminder-ScanSoft Product Registration.lnk]
    path=C:\Documents and Settings\rob\Menu Start\Programma's\Opstarten\reminder-ScanSoft Product Registration.lnk
    backup=C:\WINDOWS\pss\reminder-ScanSoft Product Registration.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
    C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
    "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
    "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    C:\WINDOWS\System32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]
    C:\Program Files\GameFace Messenger\GameFace.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
    C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\System32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
    C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
    wiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
    C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
    "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
    "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    R0 PQV2i;PQV2i;C:\WINDOWS\System32\drivers\PQV2i.sys
    R1 PQIMount;PQIMount;C:\WINDOWS\System32\drivers\PQIMount.sys
    R2 SampleScanner;USB-Flachbettscanner;C:\WINDOWS\System32\DRIVERS\ArtecGT.sys
    R3 AEAudioService;AEAudio Service;C:\WINDOWS\System32\drivers\AEAudio.sys
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\System32\DRIVERS\atl01_xp.sys
    S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\System32\drivers\asusgsb32.sys
    S3 kbeepm;kbeepm;\??\C:\DOCUME~1\rob\LOCALS~1\Temp\kbeepm.sys
    S3 Video3D;ASUS Video3D Service;C:\WINDOWS\System32\Drivers\Video3D32.sys

    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-09 12:57:58
    Windows 5.1.2600 Service Pack 1 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-10-09 12:58:15
    C:\ComboFix-quarantined-files.txt … 2007-10-09 12:58
    C:\ComboFix2.txt … 2007-10-09 12:09
    C:\ComboFix3.txt … 2007-10-09 10:28
    .
    — E O F —


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:58:28, on 9-10-2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe
    O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FBABE7BD-D178-4534-882C-DC515C68C2F9}: NameServer = 195.121.1.34 195.121.1.66
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: lxcf_device - - C:\WINDOWS\System32\lxcfcoms.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


    End of file - 6393 bytes

    Ben benieuwd wat dit oplevert.
    Groeten, Rob.


  • Ik zit te slapen hier :oops:

    Best dat je onderstaande instructies even uitprint of opslaat, je moet namelijk in veilige
    modus gaan werken en daar kan je deze webpagina niet terugvinden omdat je geen internet hebt.

    Herstart je computer in veilige modus:
    http://www.hijackthis.nl/veiligemodus.html

    Zorg ervoor dat alle verborgen bestanden en mappen weergegeven worden.

    Zet in configuratiescherm-mapoptie's eerst een vinkje bij verborgen bestanden en mappen weergeven
    en haal het vinkje weg bij extensie's voor bekende bestandstypen verbergen en bij beschermde besturingsbestanden verbergen ( aanbevolen), klik op toepassen en OK


    Leeg je Temp-mappen (Let op : de mappen leegmaken, niet verwijderen !!):

    C:\Windows\[b:76fe74954d]Temp[/b:76fe74954d]
    C:\Documents and Settings\<profielnaam>\Local Settings\[b:76fe74954d]Temp[/b:76fe74954d]
    C:\Documents and Settings\<profielnaam>\Local Settings\[b:76fe74954d]Temporary Internet Files[/b:76fe74954d]
    C:\Documents and Settings\<profielnaam>\Local Settings\Temporary Internet Files\[b:76fe74954d]content.ie5[/b:76fe74954d]
    Als de laatste map niet wordt weergegeven, ga dan naar de map Temporary Internet Files en type er \content.ie5 achter in de adresbalk en klik enter.

    Verwijder onderstaand bestand:
    C:\WINDOWS\[b:76fe74954d]EZFRD64.dll [/b:76fe74954d]

    Maak je prullenbak leeg.

    Herstart je computer in normale modus en maak een nieuw combofix logje.
    Hoe is het inmiddels met je problemen?

    Pim
  • Nou, Pim, dit is de laatste stand.
    Alles in safe mode uitgevoerd en dit is het logje.

    ComboFix 07-10-09.3 - rob 2007-10-09 15:45:37.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.1.1252.1.1043.18.1533 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\rob\Bureaublad\ComboFix.exe
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-09-09 to 2007-10-09 ))))))))))))))))))))))))))))))
    .

    2007-10-09 10:27 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-10-07 17:38 <DIR> d——– C:\Program Files\Trend Micro
    2007-09-26 16:59 <DIR> d——– C:\Program Files\PC DUAL SHOCK
    2007-09-12 23:08 <DIR> d——– C:\Documents and Settings\rob\Application Data\dvdcss
    2007-09-09 19:23 30,720 –a—— C:\WINDOWS\EWhiteu12.dat
    2007-09-09 19:23 30,720 –a—— C:\WINDOWS\EDarku12.dat
    2007-09-09 19:23 6 –a—— C:\WINDOWS\EExpou.dat
    2007-09-09 19:23 4 –a—— C:\WINDOWS\AErroru3.dat
    2007-09-09 19:23 3 –a—— C:\WINDOWS\EOffsetu.dat
    2007-09-09 19:23 3 –a—— C:\WINDOWS\EGain6.dat
    2007-09-09 15:37 <DIR> d——– C:\Program Files\SUPERAntiSpyware
    2007-09-09 15:37 <DIR> d——– C:\Documents and Settings\rob\Application Data\SUPERAntiSpyware.com
    2007-09-09 15:37 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-09 13:44 ——— d—–w C:\Program Files\Symantec AntiVirus
    2007-10-09 13:34 ——— d—–w C:\Program Files\Lx_cats
    2007-10-09 10:43 ——— d—–w C:\Program Files\DOSBox-0.70
    2007-10-09 09:16 ——— d—–w C:\Documents and Settings\rob\Application Data\MailWasherPro
    2007-10-07 15:51 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-07 15:35 ——— d—–w C:\Program Files\SpywareBlaster
    2007-09-26 21:05 ——— d—–w C:\Program Files\RegClean
    2007-09-26 19:19 ——— d—–w C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-09-26 14:59 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-09-09 13:37 ——— d—–w C:\Program Files\Common Files\Wise Installation Wizard
    2007-09-08 14:46 ——— d—–w C:\Program Files\IrfanView
    2007-09-08 13:25 ——— d—–w C:\Program Files\Free CD-DA Extractor 4.8
    2007-08-29 16:15 ——— d—–w C:\Documents and Settings\rob\Application Data\Lavasoft
    2007-08-29 16:14 ——— d—–w C:\Program Files\Lavasoft
    2007-08-20 19:56 ——— d—–w C:\Program Files\DAP
    2007-08-20 15:30 ——— d—–w C:\Documents and Settings\All Users\Application Data\PC Tools
    2007-08-20 15:15 ——— d—–w C:\Documents and Settings\rob\Application Data\PC Tools
    .

    ((((((((((((((((((((((((((((( snapshot@2007-10-09_10.28.32,46 )))))))))))))))))))))))))))))))))))))))))
    .
    —-a-w 16,384 2007-10-09 13:44:16 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    —-a-w 32,768 2007-10-09 13:44:16 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    —-a-w 32,768 2007-10-09 13:44:16 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .
    —-a-w 16,384 2007-10-09 08:16:26 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    —-a-w 32,768 2007-10-09 08:16:26 C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    —-a-w 81,920 2007-10-09 08:16:26 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 C:\WINDOWS\system32\HdAShCut.exe]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 10:00]
    "SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 11:02]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 09:21]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 19:27]
    "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-04-26 02:37]
    "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 20:40]
    "LXCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 19:47]
    "AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.12\aaCenter.exe" [2006-10-23 21:28]
    "AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.12\AsRunHelp.exe" [2006-10-30 16:07]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 21:05]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "RegisterDropHandler"=C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoUserNameInStartMenu"=01000000

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
    backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ScanPanel.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ScanPanel.lnk
    backup=C:\WINDOWS\pss\ScanPanel.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^rob^Menu Start^Programma's^Opstarten^Microsoft Office Snelzoeken.lnk]
    path=C:\Documents and Settings\rob\Menu Start\Programma's\Opstarten\Microsoft Office Snelzoeken.lnk
    backup=C:\WINDOWS\pss\Microsoft Office Snelzoeken.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^rob^Menu Start^Programma's^Opstarten^Office Opstarten.lnk]
    path=C:\Documents and Settings\rob\Menu Start\Programma's\Opstarten\Office Opstarten.lnk
    backup=C:\WINDOWS\pss\Office Opstarten.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^rob^Menu Start^Programma's^Opstarten^reminder-ScanSoft Product Registration.lnk]
    path=C:\Documents and Settings\rob\Menu Start\Programma's\Opstarten\reminder-ScanSoft Product Registration.lnk
    backup=C:\WINDOWS\pss\reminder-ScanSoft Product Registration.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
    C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
    "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
    "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    C:\WINDOWS\System32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]
    C:\Program Files\GameFace Messenger\GameFace.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
    C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\System32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
    C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
    wiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
    C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
    "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
    "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    R0 PQV2i;PQV2i;C:\WINDOWS\System32\drivers\PQV2i.sys
    R1 PQIMount;PQIMount;C:\WINDOWS\System32\drivers\PQIMount.sys
    R2 SampleScanner;USB-Flachbettscanner;C:\WINDOWS\System32\DRIVERS\ArtecGT.sys
    R3 AEAudioService;AEAudio Service;C:\WINDOWS\System32\drivers\AEAudio.sys
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\System32\DRIVERS\atl01_xp.sys
    S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\System32\drivers\asusgsb32.sys
    S3 kbeepm;kbeepm;\??\C:\DOCUME~1\rob\LOCALS~1\Temp\kbeepm.sys
    S3 Video3D;ASUS Video3D Service;C:\WINDOWS\System32\Drivers\Video3D32.sys

    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-09 15:46:17
    Windows 5.1.2600 Service Pack 1 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-10-09 15:46:33
    C:\ComboFix-quarantined-files.txt … 2007-10-09 15:46
    C:\ComboFix2.txt … 2007-10-09 12:58
    C:\ComboFix3.txt … 2007-10-09 12:09
    .
    — E O F —


    Geen problemen meer gehad, maar dat moet je toch over een langere tijd bekijken, maar tot zover geen trammelant.

    Als alles klaar is, maak ik ook gelijk weer even een image aan in ghost.

    Groeten, Rob.

  • Dat ziet er weer goed uit! 8)

    Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
    Kijk hier hoe je je systeemherstel moet uitschakelen.
    Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

    Lees om herhaling te voorkomen deze beveiligingstips nog eens door:
    http://www.jawwi.nl/nederlands/tips/beveiligen/beveiligen.html

    Pim
  • Systeemherstel blijft bij mij uitgeschakeld, daar ik Norton Ghost gebruik.
    Ik heb nu een image van de huidige situatie van C:\ opgeslagen op een backup-partitie en als er wat fout is, zet ik die binnen 5 minuten terug en draait alles weer als op het momeny dat ik de image maakte.
    Verbaast me trouwens, ik heb symantec antivirus 10.0, sygate firewall, spywareblaster, ad aware SE professional, AVG antispyware en superantispyware en regelmatig update en scan ik de boel en toch overkomt je deze ellende nog.
    Maar vorlopig gaan we weer als een trein.
    Pim, ontzettend bedankt voor het diepgaand uitmesten van mijn PC.

    Rob.
  • Graag gedaan Rob,

    Zo zie je maar weer dat je niet voorzichtig genoeg kan zijn!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.