Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

trojan vundo probleem

None
8 antwoorden
  • hallo,
    ik heb sinds dit weekend problemen van een een trojan, symantec geeft een melding maar kan het probleem niet oplossen, ik heb ook al een vundo-fix geprobeerd maar zonder resultaat…

    hopelijk kunnen jullie mij helpen.


    Scan type: Auto-Protect Scan
    Event: Threat Found!
    Threat: Trojan.Vundo
    File: C:\WINDOWS\system32\ljjhhfg.dll
    Location: C:\WINDOWS\system32
    Computer: HENDRIK
    User: SYSTEM
    Action taken: Clean failed : Quarantine failed : Access denied
    Date found: maandag 5 november 2007 21:50:53

    logje:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:37:09, on 5/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [04ae2345] rundll32.exe "C:\WINDOWS\system32\kdiajpdp.dll",b
    O4 - HKCU\..\Run: [LDM] \Program\
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKLM\..\Policies\Explorer\Run: [kernel32.dll] C:\WINDOWS\system32\mssearchnet.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: SANTIS USB and PC Card Utility.lnk = C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\xrohjjom.exe
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O18 - Protocol: bw+0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O22 - SharedTaskScheduler: Windows Update - {C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F} - C:\WINDOWS\system32\ioctrl.dll (file missing)
    O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
  • Verwijder via start –> configuratiescherm –> software:
    [b:314616d6ce]Logitech Desktop Messenger[/b:314616d6ce]
    Omdat deze de Hik heeft gekregen.

    Download Combofix naar je [b:314616d6ce]bureaublad[/b:314616d6ce]

    Dubbelklik op [u:314616d6ce]combofix.exe[/u:314616d6ce]
    Kies voor "Continue" door [b:314616d6ce]1[/b:314616d6ce] te typen gevolgd door [b:314616d6ce]ENTER[/b:314616d6ce].
    Tijdens het runnen van de fix, [b:314616d6ce]NIET[/b:314616d6ce] in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log [b:314616d6ce]combofix.txt[/b:314616d6ce] openen. Bewaar dit logje.

    [i:314616d6ce]NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.[/i:314616d6ce]

    Plaats in je volgende antwoord het logje van combofix ([i:314616d6ce]combofix.txt[/i:314616d6ce]) tesamen met een vers Hijackthis log.

    Pim
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:34:02, on 6/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: {ea443c2e-c68d-36a8-b454-e6287fbd8282} - {2828dbf7-826e-454b-8a63-d86ce2c344ae} - C:\WINDOWS\system32
    jogrkde.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {995CC12B-C6F1-8AD0-7544-3533DC1AA562} - C:\DOCUME~1\ADMINI~1\APPLIC~1\GLUEDE~1\Plus Global.exe (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: SysApp - {F63F9C76-830D-13DC-8324-3F03201C9A6C} - C:\Program Files\Sys-App\ie-improver.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [04ae2345] rundll32.exe "C:\WINDOWS\system32\ulmvwgkg.dll",b
    O4 - HKCU\..\Run: [LDM] \Program\
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: SANTIS USB and PC Card Utility.lnk = C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\xrohjjom.exe
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O18 - Protocol: bw+0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: dgchykdu - dgchykdu.dll (file missing)
    O22 - SharedTaskScheduler: Windows Update - {C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F} - C:\WINDOWS\system32\ioctrl.dll (file missing)
    O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
    ——





    ComboFix 07-11-05.2 - Administrator 2007-11-06 10:07:10.1 - NTFSx86
    Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\N97GSVNR\iforex.com
    C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\N97GSVNR\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
    C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
    C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
    C:\Documents and Settings\Administrator\Bureaublad\Live Safety Center.lnk
    C:\Documents and Settings\Administrator\Bureaublad\Online Security Guide.lnk
    C:\Documents and Settings\Administrator\Favorieten\Online Security Guide.lnk
    C:\Documents and Settings\All Users\Menu Start\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Menu Start\Online Security Guide.lnk
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\~.exe
    C:\WINDOWS\system32\ajwckofu.dll
    C:\WINDOWS\system32\dgchykdu.dllbox
    C:\WINDOWS\system32\ewqlinmb.dll
    C:\WINDOWS\system32\f3PSSavr.scr
    C:\WINDOWS\system32\ljjhhfg.dll
    C:\WINDOWS\system32\psvut.bak1
    C:\WINDOWS\system32\psvut.bak2
    C:\WINDOWS\system32\psvut.ini
    C:\WINDOWS\system32\sysdl132.exe
    C:\WINDOWS\system32\tuvsp.dll
    C:\WINDOWS\system32\uqwyfreb.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    ——-\LEGACY_DOMAINSERVICE
    ——-\DomainService


    (((((((((((((((((((( Bestanden Gemaakt van 2007-10-06 to 2007-11-06 ))))))))))))))))))))))))))))))
    .

    2007-11-06 10:00 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-11-05 21:51 85,568 –a—— C:\WINDOWS\system32\ulmvwgkg.dll
    2007-11-05 21:48 83,008 –a—— C:\WINDOWS\system32
    jogrkde.dll
    2007-11-05 21:47 340,032 –a—— C:\WINDOWS\system32\urwqsjkb.dll
    2007-11-05 21:31 <DIR> d——– C:\Program Files\Trend Micro
    2007-11-05 19:37 <DIR> d——– C:\VundoFix Backups
    2007-11-04 21:50 78,912 –a—— C:\WINDOWS\system32\awnkhjtt.dll
    2007-11-04 21:47 86,080 –a—— C:\WINDOWS\system32\kdiajpdp.dll
    2007-11-01 22:49 <DIR> d——– C:\Program Files\T-Splines for Rhino
    2007-11-01 22:49 <DIR> d——– C:\Documents and Settings\All Users\Application Data\TSplines
    2007-11-01 21:35 <DIR> d——– C:\Program Files\Rhinoceros 4.0
    2007-11-01 21:35 <DIR> d——– C:\Documents and Settings\All Users\Application Data\McNeel
    2007-11-01 11:24 <DIR> d–h—– C:\Program Files\Sys-App
    2007-10-31 22:50 <DIR> d——– C:\Program Files\PCFriendly
    2007-10-31 22:50 298,496 –a—— C:\WINDOWS\uninst.exe
    2007-10-31 22:50 78,848 –a—— C:\WINDOWS\system32\INLOADER.DLL
    2007-10-27 11:16 <DIR> d——– C:\Documents and Settings\Administrator\Application Data\Joost
    2007-10-27 11:15 <DIR> d——– C:\Program Files\Joost
    2007-10-10 08:55 584,192 ——— C:\WINDOWS\system32\dllcache\rpcrt4.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-06 09:25 ——— d—–w C:\Program Files\Symantec AntiVirus
    2007-11-05 21:07 ——— d—–w C:\Program Files\Common Files\Real
    2007-11-02 20:32 ——— d—–w C:\Documents and Settings\Administrator\Application Data\Skype
    2007-10-31 11:29 ——— d—–w C:\Program Files\PartyGaming
    2007-10-31 11:26 ——— d—–w C:\Program Files\MSN Messenger
    2007-10-29 07:03 836 —-a-w C:\Documents and Settings\Administrator\Application Data\ViewerApp.dat
    2007-10-27 19:46 ——— d—–w C:\Documents and Settings\Administrator\Application Data\uTorrent
    2007-10-27 10:55 ——— d—–w C:\Program Files\Java
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2828dbf7-826e-454b-8a63-d86ce2c344ae}]
    2007-11-05 21:48 83008 –a—— C:\WINDOWS\system32
    jogrkde.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{995CC12B-C6F1-8AD0-7544-3533DC1AA562}]
    C:\DOCUME~1\ADMINI~1\APPLIC~1\GLUEDE~1\Plus Global.exe

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F63F9C76-830D-13DC-8324-3F03201C9A6C}]
    2007-11-01 11:24 95232 –a—— C:\Program Files\Sys-App\ie-improver.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2003-02-26 15:25]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-14 16:29]
    "PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-12 06:05]
    "srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 22:34]
    "Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 05:26]
    "QT4HPOT"="C:\Program Files\HPQ\One-Touch\OneTouch.EXE" [2003-01-30 23:53]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-03-14 13:56]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-03-14 13:56]
    "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 11:28]
    "CARPService"="carpserv.exe" [2003-05-21 14:35 C:\WINDOWS\system32\carpserv.exe]
    "EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 09:50]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-02 12:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-06-24 14:16]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-10 17:02]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-12-30 13:19]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
    "04ae2345"="C:\WINDOWS\system32\ulmvwgkg.dll" [2007-11-05 21:51]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LDM"="\Program\" []
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03]

    C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\
    palmOne Registration.lnk - C:\Program Files\palmOne\register.exe [2005-02-11 12:44:58]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-03-12 20:15:35]
    AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2004-02-24 22:35:22]
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2005-09-10 14:42:15]
    HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 13:16:08]
    hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-06 00:37:10]
    hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-02-09 12:13:39]
    Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-05-02 18:00:41]
    Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-05-02 18:00:29]
    SANTIS USB and PC Card Utility.lnk - C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe [2003-04-02 21:05:28]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}"= C:\WINDOWS\system32\ioctrl.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\dgchykdu]
    dgchykdu.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\tuvsp.dll

    R3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\aliirda.sys
    R3 ATMEL WinXP PCMCIAFVNETR (2ARC)(R);ATMEL WinXP PCMCIAFVNETR (2ARC)(R) Service for SANTIS WLAN PC Card;C:\WINDOWS\system32\DRIVERS\fvnetr51.sys
    R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\system32\drivers\caliaud.sys
    R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys
    R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.SYS
    R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS
    S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
    S3 ATMEL FVNETusbASKEY (AR)(R);ATMEL FVNETusbASKEY (AR)(R) Service for SANTIS WLAN USB Adapter;C:\WINDOWS\system32\DRIVERS\vnetusbk.sys
    S3 C-Dilla;C-Dilla;\??\C:\WINDOWS\System32\drivers\CDANT.SYS
    S3 CE3;Xircom Ethernet-adapter 10/100-service;C:\WINDOWS\system32\DRIVERS\ce3n5.sys
    S3 musbehco;musbehco;\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\musbehco.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-11-06 09:00:01 C:\WINDOWS\Tasks\AC3F179091848A7C.job"
    - c:\docume~1\admini~1\applic~1\extrai~1\Thatchinfork.exe
    "2004-04-24 09:43:07 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1067808112.job"
    - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
    "2007-11-06 06:43:20 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-06 10:29:17
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????????h????????? ??3B?????????????T?B? ??????

    scannen van verborgen bestanden …

    **************************************************************************
    .
    Voltooingstijd: 2007-11-06 10:32:53 - machine was rebooted
    .
    — E O F —




  • Start Hijackthis, kies voor 'do a system scan only' en vink onderstaande regels aan:
    [b:f885a23fa9]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    O2 - BHO: {ea443c2e-c68d-36a8-b454-e6287fbd8282} - {2828dbf7-826e-454b-8a63-d86ce2c344ae} - C:\WINDOWS\system32
    jogrkde.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {995CC12B-C6F1-8AD0-7544-3533DC1AA562} - C:\DOCUME~1\ADMINI~1\APPLIC~1\GLUEDE~1\Plus Global.exe (file missing)
    O4 - HKLM\..\Run: [04ae2345] rundll32.exe "C:\WINDOWS\system32\ulmvwgkg.dll",b
    O4 - HKCU\..\Run: [LDM] \Program\
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\xrohjjom.exe
    O20 - Winlogon Notify: dgchykdu - dgchykdu.dll (file missing)
    [/b:f885a23fa9]

    Sluit alle openstaande vensters, behalve Hijackthis en klik op Fix checked.

    Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:f885a23fa9]
    File::
    C:\WINDOWS\system32\ulmvwgkg.dll
    C:\WINDOWS\system32
    jogrkde.dll
    C:\WINDOWS\system32\urwqsjkb.dll
    C:\WINDOWS\system32\awnkhjtt.dll
    C:\WINDOWS\system32\kdiajpdp.dll
    C:\WINDOWS\Tasks\AC3F179091848A7C.job

    Folder::
    C:\VundoFix Backups
    C:\Program Files\PartyGaming\PartyPoker
    C:\Program Files\Sys-App

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2828dbf7-826e-454b-8a63-d86ce2c344ae}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{995CC12B-C6F1-8AD0-7544-3533DC1AA562}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F63F9C76-830D-13DC-8324-3F03201C9A6C}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\dgchykdu]
    [/b:f885a23fa9]

    Sla dit op op je Bureaublad als [b:f885a23fa9]CFScript.txt[/b:f885a23fa9]

    Sleep [b:f885a23fa9]CFScript.txt[/b:f885a23fa9] in [b:f885a23fa9]ComboFix.exe[/b:f885a23fa9] zoals getoond in onderstaand voorbeeld :
    [img:f885a23fa9]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:f885a23fa9]

    Dit zal [b:f885a23fa9]ComboFix[/b:f885a23fa9] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

    Pim :)


  • hey, ik heb gelijk de indruk dat het al allemaal veel beter werkt alvast bedankt!

    ComboFix 07-11-05.2 - Administrator 2007-11-06 13:10:03.2 - NTFSx86
    Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Administrator\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt

    FILE::
    C:\WINDOWS\system32\awnkhjtt.dll
    C:\WINDOWS\system32\kdiajpdp.dll
    C:\WINDOWS\system32
    jogrkde.dll
    C:\WINDOWS\system32\ulmvwgkg.dll
    C:\WINDOWS\system32\urwqsjkb.dll
    C:\WINDOWS\Tasks\AC3F179091848A7C.job
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\PartyGaming\PartyPoker
    C:\Program Files\PartyGaming\PartyPoker\Images\system_but_bingo.jpg
    C:\Program Files\PartyGaming\PartyPoker\Images\system_but_gammon.jpg
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\10437.atc
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\10749.atc
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\10751.atc
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\10753.atc
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\12741.atc
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\12743.atc
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\12815.atc
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\12821.atc
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\2.html
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\4.html
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\46346.atc
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\46374.atc
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\46390.atc
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\48248.atc
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\48252.atc
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\48260.atc
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\48262.atc
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\48298.atc
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\48340.atc
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\48364.atc
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\48368.atc
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\48372.atc
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\48478.atc
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\48484.atc
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\48514.atc
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\6331.html
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\6333.html
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\8321.atc
    C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\8325.atc
    C:\Program Files\PartyGaming\PartyPoker\Notes.txt
    C:\Program Files\PartyGaming\PartyPoker\PokerTrainer.exe
    C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_alerie.omf
    C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_amela.omf
    C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_aomi.omf
    C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_arion.omf
    C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_aron.omf
    C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_arren.omf
    C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_ason.omf
    C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_elley.omf
    C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_enny.omf
    C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_hawn.omf
    C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_hristine.omf
    C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_ill.omf
    C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_im.omf
    C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_nthony.omf
    C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_olleen.omf
    C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_ord.omf
    C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_raham.omf
    C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_ryce.omf
    C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_uane.omf
    C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_urt.omf
    C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\hendrik_1985.omf
    C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe
    C:\Program Files\PartyGaming\PartyPoker\usertab.txt
    C:\Program Files\Sys-App
    C:\Program Files\Sys-App\bho.dat
    C:\Program Files\Sys-App\er.dat
    C:\Program Files\Sys-App\ie-improver.dll
    C:\Program Files\Sys-App\uninstall.exe
    C:\VundoFix Backups
    C:\WINDOWS\system32\awnkhjtt.dll
    C:\WINDOWS\system32\kdiajpdp.dll
    C:\WINDOWS\system32
    jogrkde.dll
    C:\WINDOWS\system32\ulmvwgkg.dll
    C:\WINDOWS\Tasks\AC3F179091848A7C.job

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-10-06 to 2007-11-06 ))))))))))))))))))))))))))))))
    .

    2007-11-06 10:00 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-11-05 21:31 <DIR> d——– C:\Program Files\Trend Micro
    2007-11-01 22:49 <DIR> d——– C:\Program Files\T-Splines for Rhino
    2007-11-01 22:49 <DIR> d——– C:\Documents and Settings\All Users\Application Data\TSplines
    2007-11-01 21:35 <DIR> d——– C:\Program Files\Rhinoceros 4.0
    2007-11-01 21:35 <DIR> d——– C:\Documents and Settings\All Users\Application Data\McNeel
    2007-10-31 22:50 <DIR> d——– C:\Program Files\PCFriendly
    2007-10-31 22:50 298,496 –a—— C:\WINDOWS\uninst.exe
    2007-10-31 22:50 78,848 –a—— C:\WINDOWS\system32\INLOADER.DLL
    2007-10-27 11:16 <DIR> d——– C:\Documents and Settings\Administrator\Application Data\Joost
    2007-10-27 11:15 <DIR> d——– C:\Program Files\Joost
    2007-10-10 08:55 584,192 ——— C:\WINDOWS\system32\dllcache\rpcrt4.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-06 12:14 ——— d—–w C:\Program Files\Symantec AntiVirus
    2007-11-06 12:13 ——— d—–w C:\Program Files\PartyGaming
    2007-11-05 21:07 ——— d—–w C:\Program Files\Common Files\Real
    2007-11-02 20:32 ——— d—–w C:\Documents and Settings\Administrator\Application Data\Skype
    2007-10-31 11:26 ——— d—–w C:\Program Files\MSN Messenger
    2007-10-29 07:03 836 —-a-w C:\Documents and Settings\Administrator\Application Data\ViewerApp.dat
    2007-10-27 19:46 ——— d—–w C:\Documents and Settings\Administrator\Application Data\uTorrent
    2007-10-27 10:55 ——— d—–w C:\Program Files\Java
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2003-02-26 15:25]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-14 16:29]
    "PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-12 06:05]
    "srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 22:34]
    "Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 05:26]
    "QT4HPOT"="C:\Program Files\HPQ\One-Touch\OneTouch.EXE" [2003-01-30 23:53]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-03-14 13:56]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-03-14 13:56]
    "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 11:28]
    "CARPService"="carpserv.exe" [2003-05-21 14:35 C:\WINDOWS\system32\carpserv.exe]
    "EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 09:50]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-02 12:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-06-24 14:16]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-10 17:02]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-12-30 13:19]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03]
    "LDM"="\Program\" []

    C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\
    palmOne Registration.lnk - C:\Program Files\palmOne\register.exe [2005-02-11 12:44:58]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-03-12 20:15:35]
    AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2004-02-24 22:35:22]
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2005-09-10 14:42:15]
    HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 13:16:08]
    hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-06 00:37:10]
    hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-02-09 12:13:39]
    Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-05-02 18:00:41]
    Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-05-02 18:00:29]
    SANTIS USB and PC Card Utility.lnk - C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe [2003-04-02 21:05:28]


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    .
    Inhoud van de 'Gedeelde Taken' map
    "2004-04-24 09:43:07 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1067808112.job"
    - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
    "2007-11-06 10:43:32 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-06 13:17:38
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????????h????????? ??3B?????????????T?B? ??????

    scannen van verborgen bestanden …

    **************************************************************************
    .
    Voltooingstijd: 2007-11-06 13:21:25 - machine was rebooted
    C:\ComboFix2.txt … 2007-11-06 10:32
    .
    — E O F —
    ————-




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:52:50, on 6/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] \Program\
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: SANTIS USB and PC Card Utility.lnk = C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O18 - Protocol: bw+0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg


  • Onderstaande regel mag je fixen met Hijackthis:
    [b:8686b307c9]
    O4 - HKCU\..\Run: [LDM] \Program\
    [/b:8686b307c9]

    Download ATF Cleaner ( van Atribune)

    Dubbelklik op [b:8686b307c9]ATF cleaner[/b:8686b307c9] om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij Select All. Haal het vinkje weg bij Prefetch.
    Klik op de knop Empty Selected.

    Gebruik je ook [b:8686b307c9]Firefox[/b:8686b307c9] als browser:

    Klik op tabblad "Firefox", plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit verwijdert het vinkje bij "Firefox saved passwords";)
    Klik op de knop Empty Selected.

    Gebruik je ook [b:8686b307c9]Opera[/b:8686b307c9] als browser:

    Klik op tabblad "Opera", plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop Empty Selected.

    Ga naar het tabblad "Main" en klik op de knop [b:8686b307c9]Exit[/b:8686b307c9] om het programma af te sluiten.

    Hoe is het met je problemen?

    Pim
  • ja het virus geeft geen problemen meer op mijn pc en dalles draait weer zoals het zou moeten. (geen foutmeldingen, geen pop-ups)
    hartelijk bedankt!
  • Graag gedaan! :)

    Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
    Kijk hier hoe je je systeemherstel moet uitschakelen.
    Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

    Lees om herhaling te voorkomen deze beveiligingstips nog eens door:
    http://www.jawwi.nl/nederlands/tips/beveiligen/beveiligen.html

    Pim

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.