Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Trojan Vundo mllji en urqqnmm ??

None
38 antwoorden
  • Wie kan mj helpen? Ik heb elders al gelezen welke programma's ik moet gebruiken en zal zsm de log-files posten…

    vr gr Linda
  • ComboFix 08-01-06.5 - vandertol 2008-01-06 19:20:32.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.502 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\vandertol\Local Settings\Temporary Internet Files\Content.IE5\OP460F9H\ComboFix[1].exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\ijllm.ini
    C:\WINDOWS\system32\ijllm.ini2
    C:\WINDOWS\system32\mllji.dll
    C:\WINDOWS\system32\urqqnmm.dll

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))
    .

    2008-01-06 19:30 . 2008-01-06 19:30 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-06 18:55 . 2008-01-06 19:28 <DIR> d——– C:\Program Files\Spyware Doctor
    2008-01-06 18:55 . 2008-01-06 18:55 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\PC Tools
    2008-01-06 18:45 . 2008-01-06 18:46 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\PrevxCSI
    2008-01-05 19:22 . 2008-01-05 19:22 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\ESET
    2008-01-05 19:21 . 2008-01-05 19:21 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ESET

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-06 18:35 ——— d—–w C:\Documents and Settings\vandertol\Application Data\Skype
    2008-01-06 18:34 ——— d—–w C:\Program Files\SPAMfighter
    2008-01-06 17:57 74,240 —-a-w C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-01-06 17:57 56,832 —-a-w C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-01-06 17:38 ——— d—–w C:\Program Files\QuickTime
    2008-01-06 17:38 ——— d—–w C:\Program Files\PowerISO
    2008-01-06 17:37 ——— d—–w C:\Program Files\MSN Messenger
    2008-01-06 17:37 ——— d—–w C:\Program Files\Microsoft ActiveSync
    2008-01-06 17:32 ——— d—–w C:\Program Files\Windows Live Safety Center
    2008-01-06 17:03 ——— d—–w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-01-06 15:43 ——— d—–w C:\Program Files\Hitman Pro
    2008-01-06 15:42 ——— d—–w C:\Program Files\Webroot
    2008-01-06 15:42 ——— d—–w C:\Documents and Settings\vandertol\Application Data\Lavasoft
    2008-01-06 15:42 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-06 11:02 221,184 —-a-w C:\WINDOWS\system32\LVCOMSX .EXE
    2008-01-05 18:16 ——— d—–w C:\Documents and Settings\vandertol\Application Data\uTorrent
    2007-12-22 09:39 ——— d—–w C:\Program Files\LimeWire
    2007-12-21 07:21 33,800 —-a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
    2007-12-21 07:20 30,216 —-a-w C:\WINDOWS\system32\drivers\easdrv.sys
    2007-12-21 07:19 39,944 —-a-w C:\WINDOWS\system32\drivers\eamon.sys
    2007-12-03 18:04 ——— d—–w C:\Documents and Settings\All Users\Application Data\Avg7
    2007-11-27 21:19 ——— d—–w C:\Program Files\Windows Media Connect 2
    2007-11-16 16:19 ——— d—–w C:\Documents and Settings\All Users\Application Data\Prevx
    2007-11-16 15:13 7,219 —-a-w C:\WINDOWS\system32\drivers\services.xml
    2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-31 09:41 127,034 ——r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-22 09:29 81,920 ——r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
    2007-06-27 18:01 502,412 —-a-w C:\Program Files\QuickPar-0.9.1.0-NLD.exe
    2007-04-10 07:09 1,228 —-a-w C:\Documents and Settings\vandertol\Application Data\wklnhst.dat
    2006-04-05 10:50 10,468,661 —-a-w C:\Program Files
    dntnlst.exe
    2005-12-29 19:35 303,123 —-a-w C:\Program Files\NOD32.FiX.v2.1.exe
    2007-03-21 12:59 0 –sha-w C:\WINDOWS\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-06 18:39 147456]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
    "H/PC Connection Agent"="C:\PROGRA~1\MICROS~1\wcescomm .exe" [2008-01-06 18:39 1211176]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-06 18:39 68856]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-06 18:39 5674352]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2008-01-06 18:39 196608]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-01-06 18:39 22880040]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 20:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2005-11-11 22:47 1519616 C:\WINDOWS\system32
    wiz.exe]
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 20:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-10-14 18:51 14864384 C:\WINDOWS\RTHDCPL.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-01-06 18:38 98304]
    "PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2008-01-06 18:38 1]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-06 18:38 1]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-06 18:38 1]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2008-01-06 18:38 1]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-01-06 18:38 1]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-06 18:38 1]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-06 18:38 1]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2008-01-06 18:38 1]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2008-01-06 18:39 1]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2008-01-06 18:39 1]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-06 18:39 1]
    "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-01-06 18:39 1]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24 1065800]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-15 19:29:40]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-31 10:41:25]
    Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]

    R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u:0d99f2b083]0[/u:0d99f2b083]00.fcl [2006-11-02 16:51]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 15:29]
    S2 System Session Manager Subsystem;MS Session Manager Subsystem;c:\windows\system32\drivers\etc\smss.exe []
    S2 Windows Services Control;Windows Services Control;c:\windows\system32\drivers\services.exe []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
    \Shell\AutoRun\command - Z:\Info.exe folder.htt 480 480

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-01-06 15:00:23 C:\WINDOWS\Tasks\HPpromotions psc 2350 series.job"
    - C:\Program Files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe
    "2007-10-13 01:30:02 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.ex
    - C:\Program Files\RegistrySmar
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-06 19:29:34
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-01-06 19:38:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-06 18:38:23
    .
    2007-12-12 08:33:44 — E O F —




    en hier de hijack.log
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:46:27, on 6-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MICROS~1\wcescomm .exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\MICROS~1\rapimgr.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.martkplaats.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~1\wcescomm .exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: Download with &FileFactory Turbo - C:\Program Files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com
    esource/download/scanner/wlscbase4009.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: MS Session Manager Subsystem (System Session Manager Subsystem) - Unknown owner - c:\windows\system32\drivers\etc\smss.exe (file missing)
    O23 - Service: Windows Services Control - Unknown owner - c:\windows\system32\drivers\services.exe (file missing)


    End of file - 9992 bytes


    gr Linda




  • 1. Ga naar start –> uitvoeren en typ daar:
    [b:a70e8a8c4f]sc delete System Session Manager Subsystem[/b:a70e8a8c4f]
    Bevestig met Ok.

    Herhaal dit voor:
    [b:a70e8a8c4f]sc delete Windows Services Control[/b:a70e8a8c4f]

    2. Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan, indien aanwezig:
    [b:a70e8a8c4f]
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O23 - Service: Windows Services Control - Unknown owner - c:\windows\system32\drivers\services.exe (file missing)
    [/b:a70e8a8c4f]
    Sluit nu alle openstaande vensters, behalve Hijackthis en klik op 'fix checked'.

    Herstart je PC en plaats een Hijackthis logfile ter controle.
    Hoe is het met je problemen?

    Pim :)
  • Sorry nog steeds hetzelfde..ik zie veel window-tjes verschijnen en weer verdwijnen. Dan blijft er één staan met de naam LVComSX.exe

    Het log file heb ik niet??

    gr Linda
  • Maak een nieuw Combofix logje en een nieuw Hijackthis log en post deze :)
  • Ik heb inmiddels gelezen dat LVComSX.exe bij de webcam hoort en dit handmatig verwijderd. Deze zie ik nu ook niet meer,
    Wel een aantal andere (programma's) bij het opstarten, echter deze gaan weer weg.

    Hier volg de log van ComboFix:
    ComboFix 08-01-04.1 - vandertol 2008-01-06 23:03:13.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.439 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\vandertol\Local Settings\Temporary Internet Files\Content.IE5\VNXNNT0V\ComboFix[1].exe
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))
    .

    2008-01-06 20:26 . 2008-01-06 20:27 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\AVG7
    2008-01-06 20:25 . 2008-01-06 20:25 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-01-06 20:25 . 2008-01-06 20:25 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-06 19:52 . 2008-01-06 19:52 <DIR> d——– C:\VundoFix Backups
    2008-01-06 19:30 . 2008-01-06 22:50 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-06 19:17 . 2000-08-31 08:00 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2008-01-06 18:55 . 2008-01-06 19:38 <DIR> d——– C:\Program Files\Spyware Doctor
    2008-01-06 18:55 . 2008-01-06 18:55 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\PC Tools
    2008-01-06 18:55 . 2008-01-06 18:57 74,240 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-01-06 18:55 . 2008-01-06 18:57 56,832 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-01-06 18:55 . 2007-10-18 00:14 41,288 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-01-06 18:55 . 2007-10-18 00:16 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2008-01-06 18:45 . 2008-01-06 18:46 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\PrevxCSI
    2008-01-06 18:38 . 2008-01-06 18:38 1 –a—— C:\WINDOWS\system32\PSDrvCheck.exe
    2008-01-06 12:02 . 2008-01-06 12:02 221,184 –a—— C:\WINDOWS\system32\LVCOMSX .EXE
    2008-01-06 10:42 . 2008-01-06 12:06 1 –a—— C:\WINDOWS\system32\mllji.exe
    2008-01-05 19:22 . 2008-01-05 19:22 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\ESET
    2008-01-05 19:21 . 2008-01-05 19:21 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ESET
    2007-12-07 16:23 . 2007-12-07 16:23 <DIR> d–h—– C:\WINDOWS\PIF

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-06 22:06 ——— d—–w C:\Documents and Settings\vandertol\Application Data\Skype
    2008-01-06 21:51 ——— d—–w C:\Program Files\SPAMfighter
    2008-01-06 19:27 ——— d—–w C:\Documents and Settings\All Users\Application Data\Avg7
    2008-01-06 17:38 ——— d—–w C:\Program Files\QuickTime
    2008-01-06 17:38 ——— d—–w C:\Program Files\PowerISO
    2008-01-06 17:37 ——— d—–w C:\Program Files\MSN Messenger
    2008-01-06 17:37 ——— d—–w C:\Program Files\Microsoft ActiveSync
    2008-01-06 17:32 ——— d—–w C:\Program Files\Windows Live Safety Center
    2008-01-06 17:03 ——— d—–w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-01-06 15:43 ——— d—–w C:\Program Files\Hitman Pro
    2008-01-06 15:42 ——— d—–w C:\Program Files\Webroot
    2008-01-06 15:42 ——— d—–w C:\Documents and Settings\vandertol\Application Data\Lavasoft
    2008-01-06 15:42 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-05 18:16 ——— d—–w C:\Documents and Settings\vandertol\Application Data\uTorrent
    2007-12-22 09:39 ——— d—–w C:\Program Files\LimeWire
    2007-11-27 21:19 ——— d—–w C:\Program Files\Windows Media Connect 2
    2007-11-16 16:19 ——— d—–w C:\Documents and Settings\All Users\Application Data\Prevx
    2007-11-16 15:13 7,219 —-a-w C:\WINDOWS\system32\drivers\services.xml
    2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-31 09:41 127,034 ——r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-22 09:29 81,920 ——r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
    2007-06-27 18:01 502,412 —-a-w C:\Program Files\QuickPar-0.9.1.0-NLD.exe
    2007-04-10 07:09 1,228 —-a-w C:\Documents and Settings\vandertol\Application Data\wklnhst.dat
    2006-04-05 10:50 10,468,661 —-a-w C:\Program Files
    dntnlst.exe
    2005-12-29 19:35 303,123 —-a-w C:\Program Files\NOD32.FiX.v2.1.exe
    2007-03-21 12:59 0 –sha-w C:\WINDOWS\SMINST\HPCD.sys
    .
    [code:1:fcc77de0af]<pre>
    —-a-w 39,792 2008-01-06 11:02:58 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
    —-a-w 155,648 2008-01-06 11:02:54 C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
    —-a-w 147,456 2008-01-06 11:03:16 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
    —-a-w 69,216 2008-01-06 11:02:50 C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
    —-a-w 54,832 2008-01-06 11:02:52 C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
    —-a-w 68,856 2008-01-06 11:03:20 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    —-a-w 596,760 2008-01-06 11:03:14 C:\Program Files\Hitman Pro\xphelper .exe
    —-a-w 49,152 2008-01-06 11:02:56 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
    —-a-w 132,496 2008-01-06 11:02:47 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    —-a-w 217,088 2008-01-06 11:03:12 C:\Program Files\Logitech\Video\LogiTray .exe
    —-a-w 196,608 2008-01-06 11:03:23 C:\Program Files\Logitech\Video\ManifestEngine .exe
    —-a-w 1,211,176 2008-01-06 17:39:04 C:\Program Files\Microsoft ActiveSync\wcescomm .exe
    —-a-w 5,674,352 2008-01-06 11:03:27 C:\Program Files\MSN Messenger\MsnMsgr .Exe
    —-a-w 200,704 2008-01-06 11:02:48 C:\Program Files\PowerISO\PWRISOVM .EXE
    —-a-w 98,304 2008-01-06 17:38:53 C:\Program Files\QuickTime\qttask .exe
    —-a-w 22,880,040 2008-01-06 11:03:47 C:\Program Files\Skype\Phone\Skype .exe
    —-a-w 308,880 2008-01-06 11:03:13 C:\Program Files\SPAMfighter\SFAgent .exe
    —-a-w 221,184 2008-01-06 11:02:59 C:\WINDOWS\system32\LVCOMSX .EXE
    </pre>[/code:1:fcc77de0af]


    ((((((((((((((((((((((((((((( snapshot@2008-01-06_19.37.41.12 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-06 19:25:47 821,856 —-a-w C:\WINDOWS\system32\drivers\avg7core.sys
    + 2008-01-06 19:25:50 4,224 —-a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
    + 2008-01-06 19:25:51 27,776 —-a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
    + 2008-01-06 19:25:53 10,760 —-a-w C:\WINDOWS\system32\drivers\avgclean.sys
    + 2008-01-06 19:25:53 26,952 —-a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
    - 2008-01-06 17:57:00 63,324 —-a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-01-06 21:54:35 63,324 —-a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-01-06 17:57:00 82,426 —-a-w C:\WINDOWS\system32\perfc013.dat
    + 2008-01-06 21:54:35 82,426 —-a-w C:\WINDOWS\system32\perfc013.dat
    - 2008-01-06 17:57:00 404,104 —-a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-01-06 21:54:35 404,104 —-a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-01-06 17:57:00 468,882 —-a-w C:\WINDOWS\system32\perfh013.dat
    + 2008-01-06 21:54:35 468,882 —-a-w C:\WINDOWS\system32\perfh013.dat
    .
    – Snapshot reset to current date –
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-06 18:39 147456]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
    "H/PC Connection Agent"="C:\PROGRA~1\MICROS~1\wcescomm .exe" [2008-01-06 18:39 1211176]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-06 18:39 68856]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-06 18:39 5674352]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2008-01-06 18:39 196608]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-01-06 18:39 22880040]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 20:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2005-11-11 22:47 1519616 C:\WINDOWS\system32
    wiz.exe]
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 20:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-10-14 18:51 14864384 C:\WINDOWS\RTHDCPL.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-01-06 18:38 98304]
    "PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2008-01-06 18:38 1]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-06 18:38 1]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-06 18:38 1]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2008-01-06 18:38 1]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-01-06 18:38 1]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-06 18:38 1]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-06 18:38 1]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [ ]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2008-01-06 18:39 1]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2008-01-06 18:39 1]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-06 18:39 1]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24 1065800]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-06 20:25 579072]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-06 20:25 219136]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-15 19:29:40]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-31 10:41:25]
    Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u:fcc77de0af]0[/u:fcc77de0af]00.fcl [2006-11-02 16:51]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 15:29]
    S2 System Session Manager Subsystem;MS Session Manager Subsystem;c:\windows\system32\drivers\etc\smss.exe []
    S4 Windows Services Control;Windows Services Control;c:\windows\system32\drivers\services.exe []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
    \Shell\AutoRun\command - Z:\Info.exe folder.htt 480 480

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-01-06 19:00:00 C:\WINDOWS\Tasks\HPpromotions psc 2350 series.job"
    - C:\Program Files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe
    "2007-10-13 01:30:02 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.ex
    - C:\Program Files\RegistrySmar
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-06 23:06:07
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwClose

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-01-06 23:07:06
    ComboFix-quarantined-files.txt 2008-01-06 22:07:01
    ComboFix2.txt 2008-01-06 18:38:30
    .
    2007-12-12 08:33:44 — E O F —



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:58:31, on 6-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\QuickTime\qttask .exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\PROGRA~1\MICROS~1\wcescomm .exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\PROGRA~1\MICROS~1\rapimgr.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.martkplaats.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~1\wcescomm .exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: Download with &FileFactory Turbo - C:\Program Files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com
    esource/download/scanner/wlscbase4009.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: MS Session Manager Subsystem (System Session Manager Subsystem) - Unknown owner - c:\windows\system32\drivers\etc\smss.exe (file missing)


    End of file - 9976 bytes

    Met vr gr Linda




  • Hallo,

    Heb inmiddels hitman pro gedraaid en een registry cleaner. Daar kwam niet veel uit. Bij het opstarten zie ik nog steeds een aantal zwarte vensters verschijnen. Deze verdwijnen ook weer…verder is alles ok?
    Wat kan ik nu nog doen???

    Gr Linda
  • Voor de volledigheeid na alle scans hier nogmaal de logs van Combofix he hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:34:07, on 7-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\RFA\rfagent.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MICROS~1\wcescomm .exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\MICROS~1\rapimgr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.martkplaats.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~1\wcescomm .exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: Download with &FileFactory Turbo - C:\Program Files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com
    esource/download/scanner/wlscbase4009.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe


    End of file - 9721 bytes



    ComboFix:

    ComboFix 08-01-04.1 - vandertol 2008-01-07 11:29:43.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.519 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\vandertol\Bureaublad\ComboFix.exe
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))
    .

    2008-01-07 11:16 . 2008-01-07 11:16 <DIR> d——– C:\WINDOWS\LastGood
    2008-01-07 10:43 . 2008-01-07 10:55 <DIR> d——– C:\Program Files\RFA
    2008-01-07 10:43 . 2008-01-07 11:01 <DIR> d——– C:\Documents and Settings\All Users\Application Data\RFA_Backups
    2008-01-07 07:53 . 2008-01-07 07:53 <DIR> d——– C:\Program Files\Lavasoft
    2008-01-07 07:37 . 2008-01-07 10:54 <DIR> dr-h—– C:\Documents and Settings\vandertol\Onlangs geopend
    2008-01-06 20:26 . 2008-01-07 08:00 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\AVG7
    2008-01-06 20:25 . 2008-01-06 20:25 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-01-06 20:25 . 2008-01-06 20:25 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-06 19:52 . 2008-01-06 19:52 <DIR> d——– C:\VundoFix Backups
    2008-01-06 19:30 . 2008-01-07 10:26 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-06 19:17 . 2000-08-31 08:00 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2008-01-06 18:55 . 2008-01-07 10:26 <DIR> d——– C:\Program Files\Spyware Doctor
    2008-01-06 18:55 . 2008-01-06 18:55 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\PC Tools
    2008-01-06 18:55 . 2008-01-06 18:57 74,240 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-01-06 18:55 . 2008-01-06 18:57 56,832 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-01-06 18:55 . 2007-10-18 00:14 41,288 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-01-06 18:55 . 2007-10-18 00:16 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2008-01-06 18:45 . 2008-01-06 18:46 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\PrevxCSI
    2008-01-06 18:38 . 2008-01-06 18:38 1 –a—— C:\WINDOWS\system32\PSDrvCheck.exe
    2008-01-06 12:02 . 2008-01-06 12:02 221,184 –a—— C:\WINDOWS\system32\LVCOMSX .EXE
    2008-01-06 10:42 . 2008-01-06 12:06 1 –a—— C:\WINDOWS\system32\mllji.exe
    2008-01-05 19:22 . 2008-01-05 19:22 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\ESET
    2008-01-05 19:21 . 2008-01-05 19:21 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ESET
    2007-12-07 16:23 . 2007-12-07 16:23 <DIR> d–h—– C:\WINDOWS\PIF

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-07 10:31 ——— d—–w C:\Documents and Settings\vandertol\Application Data\Skype
    2008-01-07 10:14 ——— d—–w C:\Program Files\SPAMfighter
    2008-01-07 10:10 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-07 09:26 ——— d—–w C:\Program Files\Hitman Pro
    2008-01-07 06:55 ——— d—–w C:\Documents and Settings\vandertol\Application Data\Lavasoft
    2008-01-06 19:27 ——— d—–w C:\Documents and Settings\All Users\Application Data\Avg7
    2008-01-06 17:38 ——— d—–w C:\Program Files\QuickTime
    2008-01-06 17:38 ——— d—–w C:\Program Files\PowerISO
    2008-01-06 17:37 ——— d—–w C:\Program Files\MSN Messenger
    2008-01-06 17:37 ——— d—–w C:\Program Files\Microsoft ActiveSync
    2008-01-06 17:32 ——— d—–w C:\Program Files\Windows Live Safety Center
    2008-01-06 17:03 ——— d—–w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-01-06 15:42 ——— d—–w C:\Program Files\Webroot
    2008-01-05 18:16 ——— d—–w C:\Documents and Settings\vandertol\Application Data\uTorrent
    2007-12-22 09:39 ——— d—–w C:\Program Files\LimeWire
    2007-11-27 21:19 ——— d—–w C:\Program Files\Windows Media Connect 2
    2007-11-16 16:19 ——— d—–w C:\Documents and Settings\All Users\Application Data\Prevx
    2007-11-16 15:13 7,219 —-a-w C:\WINDOWS\system32\drivers\services.xml
    2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-31 09:41 127,034 ——r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-22 09:29 81,920 ——r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
    2007-06-27 18:01 502,412 —-a-w C:\Program Files\QuickPar-0.9.1.0-NLD.exe
    2007-04-10 07:09 1,228 —-a-w C:\Documents and Settings\vandertol\Application Data\wklnhst.dat
    2006-04-05 10:50 10,468,661 —-a-w C:\Program Files
    dntnlst.exe
    2005-12-29 19:35 303,123 —-a-w C:\Program Files\NOD32.FiX.v2.1.exe
    2007-03-21 12:59 0 –sha-w C:\WINDOWS\SMINST\HPCD.sys
    .
    [code:1:1ca2c7e6f7]<pre>
    —-a-w 39,792 2008-01-06 11:02:58 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
    —-a-w 155,648 2008-01-06 11:02:54 C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
    —-a-w 147,456 2008-01-06 11:03:16 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
    —-a-w 69,216 2008-01-06 11:02:50 C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
    —-a-w 54,832 2008-01-06 11:02:52 C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
    —-a-w 68,856 2008-01-06 11:03:20 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    —-a-w 596,760 2008-01-06 11:03:14 C:\Program Files\Hitman Pro\xphelper .exe
    —-a-w 49,152 2008-01-06 11:02:56 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
    —-a-w 132,496 2008-01-06 11:02:47 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    —-a-w 217,088 2008-01-06 11:03:12 C:\Program Files\Logitech\Video\LogiTray .exe
    —-a-w 196,608 2008-01-06 11:03:23 C:\Program Files\Logitech\Video\ManifestEngine .exe
    —-a-w 1,211,176 2008-01-06 17:39:04 C:\Program Files\Microsoft ActiveSync\wcescomm .exe
    —-a-w 5,674,352 2008-01-06 11:03:27 C:\Program Files\MSN Messenger\MsnMsgr .Exe
    —-a-w 200,704 2008-01-06 11:02:48 C:\Program Files\PowerISO\PWRISOVM .EXE
    —-a-w 98,304 2008-01-06 17:38:53 C:\Program Files\QuickTime\qttask .exe
    —-a-w 22,880,040 2008-01-06 11:03:47 C:\Program Files\Skype\Phone\Skype .exe
    —-a-w 308,880 2008-01-06 11:03:13 C:\Program Files\SPAMfighter\SFAgent .exe
    —-a-w 221,184 2008-01-06 11:02:59 C:\WINDOWS\system32\LVCOMSX .EXE
    </pre>[/code:1:1ca2c7e6f7]


    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-06 18:39 147456]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
    "H/PC Connection Agent"="C:\PROGRA~1\MICROS~1\wcescomm .exe" [2008-01-06 18:39 1211176]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-06 18:39 68856]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-06 18:39 5674352]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2008-01-06 18:39 196608]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-01-06 18:39 22880040]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 20:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2005-11-11 22:47 1519616 C:\WINDOWS\system32
    wiz.exe]
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 20:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-10-14 18:51 14864384 C:\WINDOWS\RTHDCPL.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-01-06 18:38 98304]
    "PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2008-01-06 18:38 1]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-06 18:38 1]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-06 18:38 1]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2008-01-06 18:38 1]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-01-06 18:38 1]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-06 18:38 1]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-06 18:38 1]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2008-01-06 18:39 1]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2008-01-06 18:39 1]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29 308880]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-06 20:25 579072]
    "rfagent"="C:\Program Files\RFA\rfagent.exe" [2007-11-23 19:16 916800]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-06 20:25 219136]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-15 19:29:40]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-31 10:41:25]
    Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u:1ca2c7e6f7]0[/u:1ca2c7e6f7]00.fcl [2006-11-02 16:51]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 15:29]
    S2 System Session Manager Subsystem;MS Session Manager Subsystem;C:\WINDOWS\system32\smss.exe [2004-08-04 20:00]
    S4 Windows Services Control;Windows Services Control;C:\WINDOWS\system32\services.exe [2004-08-04 20:00]

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-01-07 07:00:01 C:\WINDOWS\Tasks\HPpromotions psc 2350 series.job"
    - C:\Program Files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe
    "2007-10-13 01:30:02 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.ex
    - C:\Program Files\RegistrySmar
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-07 11:31:53
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-01-07 11:32:23
    ComboFix-quarantined-files.txt 2008-01-07 10:32:21
    ComboFix2.txt 2008-01-06 22:07:07
    ComboFix3.txt 2008-01-06 18:38:30
    .
    2008-01-07 10:20:24 — E O F —


    Ik hoop dat u hiermee iets kan en alvast heel erg bedankt!!
    gr Linda




  • Opgelet! Je hebt Combofix gestart vanuit het download venster van je internet browser!
    Download Combofix [b:df05a95d09]opnieuw[/b:df05a95d09] naar je [b:df05a95d09]Bureaublad[/b:df05a95d09]!!

    1. Open een kladblokbestand.
    Kopieer het ondestaande vetgedrukte, en plak dit in het kladblokbestand.
    Sla het kladblokbestand op als CFScript.txt
    [b:df05a95d09]
    File::
    C:\WINDOWS\system32\mllji.exe

    Folder::
    C:\VundoFix Backups

    Driver::
    "MS Session Manager Subsystem"
    "Windows Services Control"
    [/b:df05a95d09]
    Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe
    [img:df05a95d09]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:df05a95d09]
    ComboFix zal opnieuw starten.
    Start opnieuw op als daarom gevraagd wordt.

    2. Download RenV.exe naar je Bureaublad.

    Open Kladblok, kopiëer en plak het volgende (ENKEL de INHOUD van het code-venster) in een leeg venster:
    [code:1:df05a95d09]
    —-a-w 39,792 2008-01-06 11:02:58 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
    —-a-w 155,648 2008-01-06 11:02:54 C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
    —-a-w 147,456 2008-01-06 11:03:16 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
    —-a-w 69,216 2008-01-06 11:02:50 C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
    —-a-w 54,832 2008-01-06 11:02:52 C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
    —-a-w 68,856 2008-01-06 11:03:20 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    —-a-w 596,760 2008-01-06 11:03:14 C:\Program Files\Hitman Pro\xphelper .exe
    —-a-w 49,152 2008-01-06 11:02:56 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
    —-a-w 132,496 2008-01-06 11:02:47 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    —-a-w 217,088 2008-01-06 11:03:12 C:\Program Files\Logitech\Video\LogiTray .exe
    —-a-w 196,608 2008-01-06 11:03:23 C:\Program Files\Logitech\Video\ManifestEngine .exe
    —-a-w 1,211,176 2008-01-06 17:39:04 C:\Program Files\Microsoft ActiveSync\wcescomm .exe
    —-a-w 5,674,352 2008-01-06 11:03:27 C:\Program Files\MSN Messenger\MsnMsgr .Exe
    —-a-w 200,704 2008-01-06 11:02:48 C:\Program Files\PowerISO\PWRISOVM .EXE
    —-a-w 98,304 2008-01-06 17:38:53 C:\Program Files\QuickTime\qttask .exe
    —-a-w 22,880,040 2008-01-06 11:03:47 C:\Program Files\Skype\Phone\Skype .exe
    —-a-w 308,880 2008-01-06 11:03:13 C:\Program Files\SPAMfighter\SFAgent .exe
    —-a-w 221,184 2008-01-06 11:02:59 C:\WINDOWS\system32\LVCOMSX .EXE
    [/code:1:df05a95d09]

    Sla dit op op je Bureaublad als [b:df05a95d09]Log.txt[/b:df05a95d09]

    Sleep [b:df05a95d09]Log.txt[/b:df05a95d09] in [b:df05a95d09]RenV.exe[/b:df05a95d09] zoals getoond in onderstaand voorbeeld :
    [img:df05a95d09]http://img.photobucket.com/albums/v666/sUBs/RenV.gif[/img:df05a95d09]

    3. Ga naar [b:df05a95d09] en klik onderaan op [b:df05a95d09]Accept[/b:df05a95d09].
    Deze scanner werkt uitsluitend met
  • Ok hier komt eerst de log-file van ComboFix:

    ComboFix 08-01-04.1 - vandertol 2008-01-07 16:03:21.5 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.373 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\vandertol\Bureaublad\ComboFix.exe
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))
    .

    2008-01-07 13:50 . 2008-01-07 13:50 <DIR> d——– C:\WINDOWS\system32\Kaspersky Lab
    2008-01-07 13:50 . 2008-01-07 13:50 <DIR> d——– C:\WINDOWS\LastGood
    2008-01-07 13:50 . 2008-01-07 13:50 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-01-07 10:43 . 2008-01-07 10:55 <DIR> d——– C:\Program Files\RFA
    2008-01-07 10:43 . 2008-01-07 11:01 <DIR> d——– C:\Documents and Settings\All Users\Application Data\RFA_Backups
    2008-01-07 07:53 . 2008-01-07 07:53 <DIR> d——– C:\Program Files\Lavasoft
    2008-01-07 07:37 . 2008-01-07 15:56 <DIR> dr-h—– C:\Documents and Settings\vandertol\Onlangs geopend
    2008-01-06 20:26 . 2008-01-07 08:00 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\AVG7
    2008-01-06 20:25 . 2008-01-06 20:25 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-01-06 20:25 . 2008-01-06 20:25 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-06 19:30 . 2008-01-07 10:26 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-06 19:17 . 2000-08-31 08:00 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2008-01-06 18:55 . 2008-01-07 10:26 <DIR> d——– C:\Program Files\Spyware Doctor
    2008-01-06 18:55 . 2008-01-06 18:55 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\PC Tools
    2008-01-06 18:55 . 2008-01-06 18:57 74,240 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-01-06 18:55 . 2008-01-06 18:57 56,832 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-01-06 18:55 . 2007-10-18 00:14 41,288 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-01-06 18:55 . 2007-10-18 00:16 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2008-01-06 18:45 . 2008-01-06 18:46 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\PrevxCSI
    2008-01-06 18:38 . 2008-01-06 18:38 1 –a—— C:\WINDOWS\system32\PSDrvCheck.exe
    2008-01-06 12:02 . 2008-01-06 12:02 221,184 –a—— C:\WINDOWS\system32\LVCOMSX .EXE
    2008-01-05 19:22 . 2008-01-05 19:22 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\ESET
    2008-01-05 19:21 . 2008-01-05 19:21 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ESET
    2007-12-07 16:23 . 2007-12-07 16:23 <DIR> d–h—– C:\WINDOWS\PIF

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-07 14:54 ——— d—–w C:\Documents and Settings\vandertol\Application Data\Skype
    2008-01-07 12:40 ——— d—–w C:\Program Files\SPAMfighter
    2008-01-07 10:10 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-07 09:26 ——— d—–w C:\Program Files\Hitman Pro
    2008-01-07 06:55 ——— d—–w C:\Documents and Settings\vandertol\Application Data\Lavasoft
    2008-01-06 19:27 ——— d—–w C:\Documents and Settings\All Users\Application Data\Avg7
    2008-01-06 17:38 ——— d—–w C:\Program Files\QuickTime
    2008-01-06 17:38 ——— d—–w C:\Program Files\PowerISO
    2008-01-06 17:37 ——— d—–w C:\Program Files\MSN Messenger
    2008-01-06 17:37 ——— d—–w C:\Program Files\Microsoft ActiveSync
    2008-01-06 17:32 ——— d—–w C:\Program Files\Windows Live Safety Center
    2008-01-06 17:03 ——— d—–w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-01-06 15:42 ——— d—–w C:\Program Files\Webroot
    2008-01-05 18:16 ——— d—–w C:\Documents and Settings\vandertol\Application Data\uTorrent
    2007-12-22 09:39 ——— d—–w C:\Program Files\LimeWire
    2007-11-27 21:19 ——— d—–w C:\Program Files\Windows Media Connect 2
    2007-11-16 16:19 ——— d—–w C:\Documents and Settings\All Users\Application Data\Prevx
    2007-11-16 15:13 7,219 —-a-w C:\WINDOWS\system32\drivers\services.xml
    2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-31 09:41 127,034 ——r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-22 09:29 81,920 ——r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
    2007-06-27 18:01 502,412 —-a-w C:\Program Files\QuickPar-0.9.1.0-NLD.exe
    2007-04-10 07:09 1,228 —-a-w C:\Documents and Settings\vandertol\Application Data\wklnhst.dat
    2006-04-05 10:50 10,468,661 —-a-w C:\Program Files
    dntnlst.exe
    2005-12-29 19:35 303,123 —-a-w C:\Program Files\NOD32.FiX.v2.1.exe
    2007-03-21 12:59 0 –sha-w C:\WINDOWS\SMINST\HPCD.sys
    .
    [code:1:62c1dc9b97]<pre>
    —-a-w 39,792 2008-01-06 11:02:58 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
    —-a-w 155,648 2008-01-06 11:02:54 C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
    —-a-w 147,456 2008-01-06 11:03:16 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
    —-a-w 69,216 2008-01-06 11:02:50 C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
    —-a-w 54,832 2008-01-06 11:02:52 C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
    —-a-w 68,856 2008-01-06 11:03:20 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    —-a-w 596,760 2008-01-06 11:03:14 C:\Program Files\Hitman Pro\xphelper .exe
    —-a-w 49,152 2008-01-06 11:02:56 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
    —-a-w 132,496 2008-01-06 11:02:47 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    —-a-w 217,088 2008-01-06 11:03:12 C:\Program Files\Logitech\Video\LogiTray .exe
    —-a-w 196,608 2008-01-06 11:03:23 C:\Program Files\Logitech\Video\ManifestEngine .exe
    —-a-w 1,211,176 2008-01-06 17:39:04 C:\Program Files\Microsoft ActiveSync\wcescomm .exe
    —-a-w 5,674,352 2008-01-06 11:03:27 C:\Program Files\MSN Messenger\MsnMsgr .Exe
    —-a-w 200,704 2008-01-06 11:02:48 C:\Program Files\PowerISO\PWRISOVM .EXE
    —-a-w 98,304 2008-01-06 17:38:53 C:\Program Files\QuickTime\qttask .exe
    —-a-w 22,880,040 2008-01-06 11:03:47 C:\Program Files\Skype\Phone\Skype .exe
    —-a-w 308,880 2008-01-06 11:03:13 C:\Program Files\SPAMfighter\SFAgent .exe
    —-a-w 221,184 2008-01-06 11:02:59 C:\WINDOWS\system32\LVCOMSX .EXE
    </pre>[/code:1:62c1dc9b97]


    ((((((((((((((((((((((((((((( snapshot@2008-01-07_11.32.01,56 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-05-24 11:27:16 213,048 —-a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
    + 2007-08-29 14:47:20 94,208 —-a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    + 2007-08-29 14:49:54 950,272 —-a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
    - 2008-01-07 10:16:55 63,324 —-a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-01-07 12:43:08 63,324 —-a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-01-07 10:16:55 82,426 —-a-w C:\WINDOWS\system32\perfc013.dat
    + 2008-01-07 12:43:08 82,426 —-a-w C:\WINDOWS\system32\perfc013.dat
    - 2008-01-07 10:16:55 404,104 —-a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-01-07 12:43:08 404,104 —-a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-01-07 10:16:56 468,882 —-a-w C:\WINDOWS\system32\perfh013.dat
    + 2008-01-07 12:43:08 468,882 —-a-w C:\WINDOWS\system32\perfh013.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-06 18:39 147456]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
    "H/PC Connection Agent"="C:\PROGRA~1\MICROS~1\wcescomm .exe" [2008-01-06 18:39 1211176]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-06 18:39 68856]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-06 18:39 5674352]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2008-01-06 18:39 196608]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-01-06 18:39 22880040]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 20:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2005-11-11 22:47 1519616 C:\WINDOWS\system32
    wiz.exe]
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 20:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-10-14 18:51 14864384 C:\WINDOWS\RTHDCPL.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-01-06 18:38 98304]
    "PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2008-01-06 18:38 1]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-06 18:38 1]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-06 18:38 1]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2008-01-06 18:38 1]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-01-06 18:38 1]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-06 18:38 1]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-06 18:38 1]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2008-01-06 18:39 1]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2008-01-06 18:39 1]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29 308880]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-06 20:25 579072]
    "rfagent"="C:\Program Files\RFA\rfagent.exe" [2007-11-23 19:16 916800]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-06 20:25 219136]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-15 19:29:40]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-31 10:41:25]
    Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u:62c1dc9b97]0[/u:62c1dc9b97]00.fcl [2006-11-02 16:51]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 15:29]
    S2 System Session Manager Subsystem;MS Session Manager Subsystem;C:\WINDOWS\system32\smss.exe [2004-08-04 20:00]

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-01-07 15:00:00 C:\WINDOWS\Tasks\HPpromotions psc 2350 series.job"
    - C:\Program Files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe
    "2007-10-13 01:30:02 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.ex
    - C:\Program Files\RegistrySmar
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-07 16:06:41
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-01-07 16:07:09
    ComboFix-quarantined-files.txt 2008-01-07 15:07:06
    ComboFix2.txt 2008-01-07 12:42:40
    ComboFix3.txt 2008-01-07 10:32:24
    ComboFix4.txt 2008-01-06 22:07:07
    ComboFix5.txt 2008-01-06 18:38:30
    .
    2008-01-07 10:20:24 — E O F —

    En hier de log-file van de Kaspersky scan (duurde heel lang!):

    ——————————————————————————-
    KASPERSKY ONLINE SCANNER REPORT
    Monday, January 07, 2008 3:56:14 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 7/01/2008
    Kaspersky Anti-Virus database records: 503562
    ——————————————————————————-

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\
    K:\

    Scan Statistics:
    Total number of scanned objects: 106453
    Number of viruses found: 3
    Number of infected objects: 5
    Number of suspicious objects: 0
    Duration of the scan process: 01:08:07

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService
    tuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService
    tuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\$_hpcst$.hpc Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\Skype\tollio5\call256.dbb Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\Skype\tollio5\callmember256.dbb Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\Skype\tollio5\chat512.dbb Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\Skype\tollio5\chatmember256.dbb Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\Skype\tollio5\chatmsg256.dbb Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\Skype\tollio5\chatmsg512.dbb Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\Skype\tollio5\contactgroup256.dbb Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\Skype\tollio5\dyncontent\bundle.dat Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\Skype\tollio5\index2.dat Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\Skype\tollio5\profile16384.dbb Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\Skype\tollio5\user1024.dbb Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\Skype\tollio5\user16384.dbb Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\Skype\tollio5\user256.dbb Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\SPAMfighter\Logs\Agent.log.txt Object is locked skipped
    C:\Documents and Settings\vandertol\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\Identities\{0944ED5B-5A64-4B14-885E-D4360726481F}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\Identities\{0944ED5B-5A64-4B14-885E-D4360726481F}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Temp\hpodvd09.log Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Temp\WCESLog.log Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Temp\~DF5827.tmp Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Temp\~DFA1E3.tmp Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\vandertol\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\vandertol
    tuser.dat.LOG Object is locked skipped
    C:\My old Disk Structure – 15-09-06 1347\Documents and Settings\Fam. van der Tol\Local Settings\Temp\hsperfdata_Fam. van der Tol\3748 Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\chandir.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\chandir.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\chn.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\chn.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\D0000000.FCS Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\inuse.txt Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\L0000002.FCS Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\main.log Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\prs.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\prs.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\prs_die.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\prs_die.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\prs_dnd.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\prs_dnd.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\prs_ext.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\prs_ext.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\prs_rcv.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\prs_rcv.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\storydb.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\storydb.idx Object is locked skipped
    C:\QooBox\Quarantine\catchme2008-01-06_192919.76.zip/urqqnmm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.djh skipped
    C:\QooBox\Quarantine\catchme2008-01-06_192919.76.zip ZIP: infected - 1 skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{E57C3CFF-0C70-4A5C-A867-EEEC9895148D}\RP359\A0062574.dll Object is locked skipped
    C:\System Volume Information\_restore{E57C3CFF-0C70-4A5C-A867-EEEC9895148D}\RP364\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    D:\86be3a3ed2411e5551743913a0f5ad\update\update.exe Object is locked skipped
    D:\eb7c4068816182acbf3109d5\msxml4-KB927978-enu.log Object is locked skipped
    D:\f6593983071d1ceeb82ca21f221ae4\update\update.exe Object is locked skipped
    D:\Gedownloade programma's\Nero 7.7.5.1 + KeyGen\Nero 7.7.5.1 + KeyGen.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
    D:\Gedownloade programma's\Nero 7.7.5.1 + KeyGen\Nero 7.7.5.1 + KeyGen.exe RAR: infected - 1 skipped
    D:\RECYCLER\S-1-5-21-2199471875-1195473123-1494889471-1007\Dd158.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    D:\System Volume Information\_restore{E57C3CFF-0C70-4A5C-A867-EEEC9895148D}\RP359\A0062613.exe Object is locked skipped
    D:\System Volume Information\_restore{E57C3CFF-0C70-4A5C-A867-EEEC9895148D}\RP364\change.log Object is locked skipped

    Scan process completed.

    Ik hoop dat er nu meer duidelijkheid is…
    gr Linda




  • We zijn er bijna :)

    Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:817314a40d]
    RENV::
    —-a-w 39,792 2008-01-06 11:02:58 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
    —-a-w 155,648 2008-01-06 11:02:54 C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
    —-a-w 147,456 2008-01-06 11:03:16 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
    —-a-w 69,216 2008-01-06 11:02:50 C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
    —-a-w 54,832 2008-01-06 11:02:52 C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
    —-a-w 68,856 2008-01-06 11:03:20 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    —-a-w 596,760 2008-01-06 11:03:14 C:\Program Files\Hitman Pro\xphelper .exe
    —-a-w 49,152 2008-01-06 11:02:56 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
    —-a-w 132,496 2008-01-06 11:02:47 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    —-a-w 217,088 2008-01-06 11:03:12 C:\Program Files\Logitech\Video\LogiTray .exe
    —-a-w 196,608 2008-01-06 11:03:23 C:\Program Files\Logitech\Video\ManifestEngine .exe
    —-a-w 1,211,176 2008-01-06 17:39:04 C:\Program Files\Microsoft ActiveSync\wcescomm .exe
    —-a-w 5,674,352 2008-01-06 11:03:27 C:\Program Files\MSN Messenger\MsnMsgr .Exe
    —-a-w 200,704 2008-01-06 11:02:48 C:\Program Files\PowerISO\PWRISOVM .EXE
    —-a-w 98,304 2008-01-06 17:38:53 C:\Program Files\QuickTime\qttask .exe
    —-a-w 22,880,040 2008-01-06 11:03:47 C:\Program Files\Skype\Phone\Skype .exe
    —-a-w 308,880 2008-01-06 11:03:13 C:\Program Files\SPAMfighter\SFAgent .exe
    —-a-w 221,184 2008-01-06 11:02:59 C:\WINDOWS\system32\LVCOMSX .EXE

    Driver::
    "MS Session Manager Subsystem"
    [/b:817314a40d]

    Sla dit op op je Bureaublad als [b:817314a40d]CFScript.txt[/b:817314a40d]

    Sleep [b:817314a40d]CFScript.txt[/b:817314a40d] in [b:817314a40d]ComboFix.exe[/b:817314a40d] zoals getoond in onderstaand voorbeeld :
    [img:817314a40d]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:817314a40d]

    Dit zal [b:817314a40d]ComboFix[/b:817314a40d] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

    Pim
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:52:00, on 7-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\RFA\rfagent.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MICROS~1\wcescomm .exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\MICROS~1\rapimgr.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.martkplaats.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~1\wcescomm .exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: Download with &FileFactory Turbo - C:\Program Files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com
    esource/download/scanner/wlscbase4009.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe


    End of file - 9867 bytes


    ComboFix:

    ComboFix 08-01-04.1 - vandertol 2008-01-07 16:40:12.6 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.487 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\vandertol\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\vandertol\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))
    .

    2008-01-07 13:50 . 2008-01-07 13:50 <DIR> d——– C:\WINDOWS\system32\Kaspersky Lab
    2008-01-07 13:50 . 2008-01-07 13:50 <DIR> d——– C:\WINDOWS\LastGood
    2008-01-07 13:50 . 2008-01-07 13:50 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-01-07 10:43 . 2008-01-07 10:55 <DIR> d——– C:\Program Files\RFA
    2008-01-07 10:43 . 2008-01-07 11:01 <DIR> d——– C:\Documents and Settings\All Users\Application Data\RFA_Backups
    2008-01-07 07:53 . 2008-01-07 07:53 <DIR> d——– C:\Program Files\Lavasoft
    2008-01-07 07:37 . 2008-01-07 16:39 <DIR> dr-h—– C:\Documents and Settings\vandertol\Onlangs geopend
    2008-01-06 20:26 . 2008-01-07 08:00 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\AVG7
    2008-01-06 20:25 . 2008-01-06 20:25 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-01-06 20:25 . 2008-01-06 20:25 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-06 19:30 . 2008-01-07 10:26 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-06 19:17 . 2000-08-31 08:00 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2008-01-06 18:55 . 2008-01-07 10:26 <DIR> d——– C:\Program Files\Spyware Doctor
    2008-01-06 18:55 . 2008-01-06 18:55 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\PC Tools
    2008-01-06 18:55 . 2008-01-06 18:57 74,240 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-01-06 18:55 . 2008-01-06 18:57 56,832 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-01-06 18:55 . 2007-10-18 00:14 41,288 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-01-06 18:55 . 2007-10-18 00:16 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2008-01-06 18:45 . 2008-01-06 18:46 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\PrevxCSI
    2008-01-06 18:38 . 2008-01-06 18:38 1 –a—— C:\WINDOWS\system32\PSDrvCheck.exe
    2008-01-06 12:02 . 2008-01-06 12:02 221,184 –a—— C:\WINDOWS\system32\LVCOMSX .EXE
    2008-01-05 19:22 . 2008-01-05 19:22 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\ESET
    2008-01-05 19:21 . 2008-01-05 19:21 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ESET
    2007-12-07 16:23 . 2007-12-07 16:23 <DIR> d–h—– C:\WINDOWS\PIF

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-07 15:42 ——— d—–w C:\Documents and Settings\vandertol\Application Data\Skype
    2008-01-07 12:40 ——— d—–w C:\Program Files\SPAMfighter
    2008-01-07 10:10 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-07 09:26 ——— d—–w C:\Program Files\Hitman Pro
    2008-01-07 06:55 ——— d—–w C:\Documents and Settings\vandertol\Application Data\Lavasoft
    2008-01-06 19:27 ——— d—–w C:\Documents and Settings\All Users\Application Data\Avg7
    2008-01-06 17:38 ——— d—–w C:\Program Files\QuickTime
    2008-01-06 17:38 ——— d—–w C:\Program Files\PowerISO
    2008-01-06 17:37 ——— d—–w C:\Program Files\MSN Messenger
    2008-01-06 17:37 ——— d—–w C:\Program Files\Microsoft ActiveSync
    2008-01-06 17:32 ——— d—–w C:\Program Files\Windows Live Safety Center
    2008-01-06 17:03 ——— d—–w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-01-06 15:42 ——— d—–w C:\Program Files\Webroot
    2008-01-05 18:16 ——— d—–w C:\Documents and Settings\vandertol\Application Data\uTorrent
    2007-12-22 09:39 ——— d—–w C:\Program Files\LimeWire
    2007-11-27 21:19 ——— d—–w C:\Program Files\Windows Media Connect 2
    2007-11-16 16:19 ——— d—–w C:\Documents and Settings\All Users\Application Data\Prevx
    2007-11-16 15:13 7,219 —-a-w C:\WINDOWS\system32\drivers\services.xml
    2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-31 09:41 127,034 ——r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-22 09:29 81,920 ——r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
    2007-06-27 18:01 502,412 —-a-w C:\Program Files\QuickPar-0.9.1.0-NLD.exe
    2007-04-10 07:09 1,228 —-a-w C:\Documents and Settings\vandertol\Application Data\wklnhst.dat
    2006-04-05 10:50 10,468,661 —-a-w C:\Program Files
    dntnlst.exe
    2005-12-29 19:35 303,123 —-a-w C:\Program Files\NOD32.FiX.v2.1.exe
    2007-03-21 12:59 0 –sha-w C:\WINDOWS\SMINST\HPCD.sys
    .
    [code:1:ec42c21c6e]<pre>
    ——w 39,792 2008-01-06 11:02:58 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
    —-a-w 155,648 2008-01-06 11:02:54 C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
    —-a-w 147,456 2008-01-06 11:03:16 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
    —-a-w 69,216 2008-01-06 11:02:50 C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
    —-a-w 54,832 2008-01-06 11:02:52 C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
    —-a-w 68,856 2008-01-06 11:03:20 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    —-a-w 596,760 2008-01-06 11:03:14 C:\Program Files\Hitman Pro\xphelper .exe
    —-a-w 49,152 2008-01-06 11:02:56 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
    —-a-w 132,496 2008-01-06 11:02:47 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    —-a-w 217,088 2008-01-06 11:03:12 C:\Program Files\Logitech\Video\LogiTray .exe
    —-a-w 196,608 2008-01-06 11:03:23 C:\Program Files\Logitech\Video\ManifestEngine .exe
    —-a-w 1,211,176 2008-01-06 17:39:04 C:\Program Files\Microsoft ActiveSync\wcescomm .exe
    —-a-w 5,674,352 2008-01-06 11:03:27 C:\Program Files\MSN Messenger\MsnMsgr .Exe
    —-a-w 200,704 2008-01-06 11:02:48 C:\Program Files\PowerISO\PWRISOVM .EXE
    —-a-w 98,304 2008-01-06 17:38:53 C:\Program Files\QuickTime\qttask .exe
    —-a-w 22,880,040 2008-01-06 11:03:47 C:\Program Files\Skype\Phone\Skype .exe
    —-a-w 308,880 2008-01-06 11:03:13 C:\Program Files\SPAMfighter\SFAgent .exe
    —-a-w 221,184 2008-01-06 11:02:59 C:\WINDOWS\system32\LVCOMSX .EXE
    </pre>[/code:1:ec42c21c6e]


    ((((((((((((((((((((((((((((( snapshot@2008-01-07_11.32.01,56 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-05-24 11:27:16 213,048 —-a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
    + 2007-08-29 14:47:20 94,208 —-a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    + 2007-08-29 14:49:54 950,272 —-a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
    - 2008-01-07 10:16:55 63,324 —-a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-01-07 12:43:08 63,324 —-a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-01-07 10:16:55 82,426 —-a-w C:\WINDOWS\system32\perfc013.dat
    + 2008-01-07 12:43:08 82,426 —-a-w C:\WINDOWS\system32\perfc013.dat
    - 2008-01-07 10:16:55 404,104 —-a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-01-07 12:43:08 404,104 —-a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-01-07 10:16:56 468,882 —-a-w C:\WINDOWS\system32\perfh013.dat
    + 2008-01-07 12:43:08 468,882 —-a-w C:\WINDOWS\system32\perfh013.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-06 18:39 147456]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
    "H/PC Connection Agent"="C:\PROGRA~1\MICROS~1\wcescomm .exe" [2008-01-06 18:39 1211176]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-06 18:39 68856]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-06 18:39 5674352]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2008-01-06 18:39 196608]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-01-06 18:39 22880040]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 20:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2005-11-11 22:47 1519616 C:\WINDOWS\system32
    wiz.exe]
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 20:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-10-14 18:51 14864384 C:\WINDOWS\RTHDCPL.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-01-06 18:38 98304]
    "PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2008-01-06 18:38 1]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-06 18:38 1]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-06 18:38 1]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2008-01-06 18:38 1]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-01-06 18:38 1]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-06 18:38 1]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2008-01-06 18:39 1]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2008-01-06 18:39 1]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29 308880]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-06 20:25 579072]
    "rfagent"="C:\Program Files\RFA\rfagent.exe" [2007-11-23 19:16 916800]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-06 20:25 219136]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-15 19:29:40]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-31 10:41:25]
    Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u:ec42c21c6e]0[/u:ec42c21c6e]00.fcl [2006-11-02 16:51]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 15:29]
    S2 System Session Manager Subsystem;MS Session Manager Subsystem;C:\WINDOWS\system32\smss.exe [2004-08-04 20:00]

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-01-07 15:00:00 C:\WINDOWS\Tasks\HPpromotions psc 2350 series.job"
    - C:\Program Files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe
    "2007-10-13 01:30:02 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.ex
    - C:\Program Files\RegistrySmar
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-07 16:42:02
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-01-07 16:42:30
    ComboFix-quarantined-files.txt 2008-01-07 15:42:28
    ComboFix2.txt 2008-01-07 15:07:09
    ComboFix3.txt 2008-01-07 12:42:40
    ComboFix4.txt 2008-01-07 10:32:24
    ComboFix5.txt 2008-01-06 22:07:07
    .
    2008-01-07 10:20:24 — E O F —


    Gr Linda




  • Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:ea50f8a63f]
    File::
    C:\Program Files
    dntnlst.exe

    Driver::
    MS Session Manager Subsystem

    RENV::
    ——w 39,792 2008-01-06 11:02:58 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
    —-a-w 155,648 2008-01-06 11:02:54 C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
    —-a-w 147,456 2008-01-06 11:03:16 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
    —-a-w 69,216 2008-01-06 11:02:50 C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
    —-a-w 54,832 2008-01-06 11:02:52 C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
    —-a-w 68,856 2008-01-06 11:03:20 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    —-a-w 596,760 2008-01-06 11:03:14 C:\Program Files\Hitman Pro\xphelper .exe
    —-a-w 49,152 2008-01-06 11:02:56 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
    —-a-w 132,496 2008-01-06 11:02:47 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    —-a-w 217,088 2008-01-06 11:03:12 C:\Program Files\Logitech\Video\LogiTray .exe
    —-a-w 196,608 2008-01-06 11:03:23 C:\Program Files\Logitech\Video\ManifestEngine .exe
    —-a-w 1,211,176 2008-01-06 17:39:04 C:\Program Files\Microsoft ActiveSync\wcescomm .exe
    —-a-w 5,674,352 2008-01-06 11:03:27 C:\Program Files\MSN Messenger\MsnMsgr .Exe
    —-a-w 200,704 2008-01-06 11:02:48 C:\Program Files\PowerISO\PWRISOVM .EXE
    —-a-w 98,304 2008-01-06 17:38:53 C:\Program Files\QuickTime\qttask .exe
    —-a-w 22,880,040 2008-01-06 11:03:47 C:\Program Files\Skype\Phone\Skype .exe
    —-a-w 308,880 2008-01-06 11:03:13 C:\Program Files\SPAMfighter\SFAgent .exe
    —-a-w 221,184 2008-01-06 11:02:59 C:\WINDOWS\system32\LVCOMSX .EXE
    [/b:ea50f8a63f]
    Sla dit op op je Bureaublad als [b:ea50f8a63f]CFScript.txt[/b:ea50f8a63f]

    Sleep [b:ea50f8a63f]CFScript.txt[/b:ea50f8a63f] in [b:ea50f8a63f]ComboFix.exe[/b:ea50f8a63f] zoals getoond in onderstaand voorbeeld :

    [img:ea50f8a63f]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:ea50f8a63f]

    Dit zal [b:ea50f8a63f]ComboFix[/b:ea50f8a63f] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de [b:ea50f8a63f]Combofix.txt[/b:ea50f8a63f] in je volgende antwoord samen met een nieuw HijackThislogje.
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:02:34, on 7-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\RFA\rfagent.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MICROS~1\wcescomm .exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\MICROS~1\rapimgr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.martkplaats.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~1\wcescomm .exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: Download with &FileFactory Turbo - C:\Program Files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com
    esource/download/scanner/wlscbase4009.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe


    End of file - 9867 bytes

    ComboFix 08-01-04.1 - vandertol 2008-01-07 21:52:33.7 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.530 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\vandertol\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\vandertol\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt

    FILE
    C:\Program Files
    dntnlst.exe
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files
    dntnlst.exe

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))
    .

    2008-01-07 18:21 . 2008-01-07 18:23 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\AVG7
    2008-01-07 18:21 . 2008-01-07 18:21 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-01-07 18:21 . 2008-01-07 18:21 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-07 18:14 . 2008-01-07 19:31 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Avg7
    2008-01-07 13:50 . 2008-01-07 13:50 <DIR> d——– C:\WINDOWS\system32\Kaspersky Lab
    2008-01-07 13:50 . 2008-01-07 13:50 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-01-07 10:43 . 2008-01-07 10:55 <DIR> d——– C:\Program Files\RFA
    2008-01-07 10:43 . 2008-01-07 11:01 <DIR> d——– C:\Documents and Settings\All Users\Application Data\RFA_Backups
    2008-01-07 07:53 . 2008-01-07 07:53 <DIR> d——– C:\Program Files\Lavasoft
    2008-01-07 07:37 . 2008-01-07 21:51 <DIR> dr-h—– C:\Documents and Settings\vandertol\Onlangs geopend
    2008-01-06 19:30 . 2008-01-07 10:26 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-06 19:17 . 2000-08-31 08:00 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2008-01-06 18:55 . 2008-01-07 10:26 <DIR> d——– C:\Program Files\Spyware Doctor
    2008-01-06 18:55 . 2008-01-06 18:55 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\PC Tools
    2008-01-06 18:55 . 2008-01-06 18:57 74,240 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-01-06 18:55 . 2008-01-06 18:57 56,832 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-01-06 18:55 . 2007-10-18 00:14 41,288 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-01-06 18:55 . 2007-10-18 00:16 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2008-01-06 18:45 . 2008-01-06 18:46 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\PrevxCSI
    2008-01-06 18:38 . 2008-01-06 18:38 1 –a—— C:\WINDOWS\system32\PSDrvCheck.exe
    2008-01-06 12:02 . 2008-01-06 12:02 221,184 –a—— C:\WINDOWS\system32\LVCOMSX .EXE
    2008-01-05 19:22 . 2008-01-05 19:22 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\ESET
    2008-01-05 19:21 . 2008-01-05 19:21 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ESET
    2007-12-07 16:23 . 2007-12-07 16:23 <DIR> d–h—– C:\WINDOWS\PIF

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-07 20:55 ——— d—–w C:\Documents and Settings\vandertol\Application Data\Skype
    2008-01-07 19:07 ——— d—–w C:\Program Files\SPAMfighter
    2008-01-07 18:03 ——— d—–w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-01-07 10:10 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-07 09:26 ——— d—–w C:\Program Files\Hitman Pro
    2008-01-07 06:55 ——— d—–w C:\Documents and Settings\vandertol\Application Data\Lavasoft
    2008-01-06 17:38 ——— d—–w C:\Program Files\QuickTime
    2008-01-06 17:38 ——— d—–w C:\Program Files\PowerISO
    2008-01-06 17:37 ——— d—–w C:\Program Files\MSN Messenger
    2008-01-06 17:37 ——— d—–w C:\Program Files\Microsoft ActiveSync
    2008-01-06 17:32 ——— d—–w C:\Program Files\Windows Live Safety Center
    2008-01-06 15:42 ——— d—–w C:\Program Files\Webroot
    2008-01-05 18:16 ——— d—–w C:\Documents and Settings\vandertol\Application Data\uTorrent
    2007-12-22 09:39 ——— d—–w C:\Program Files\LimeWire
    2007-11-27 21:19 ——— d—–w C:\Program Files\Windows Media Connect 2
    2007-11-16 16:19 ——— d—–w C:\Documents and Settings\All Users\Application Data\Prevx
    2007-11-16 15:13 7,219 —-a-w C:\WINDOWS\system32\drivers\services.xml
    2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-31 09:41 127,034 ——r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-22 09:29 81,920 ——r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
    2007-06-27 18:01 502,412 —-a-w C:\Program Files\QuickPar-0.9.1.0-NLD.exe
    2007-04-10 07:09 1,228 —-a-w C:\Documents and Settings\vandertol\Application Data\wklnhst.dat
    2005-12-29 19:35 303,123 —-a-w C:\Program Files\NOD32.FiX.v2.1.exe
    2007-03-21 12:59 0 –sha-w C:\WINDOWS\SMINST\HPCD.sys
    .
    [code:1:f7af04c1c9]<pre>
    —-a-w 155,648 2008-01-06 11:02:54 C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
    —-a-w 147,456 2008-01-06 11:03:16 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
    —-a-w 69,216 2008-01-06 11:02:50 C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
    —-a-w 54,832 2008-01-06 11:02:52 C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
    —-a-w 68,856 2008-01-06 11:03:20 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    —-a-w 596,760 2008-01-06 11:03:14 C:\Program Files\Hitman Pro\xphelper .exe
    —-a-w 49,152 2008-01-06 11:02:56 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
    —-a-w 132,496 2008-01-06 11:02:47 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    —-a-w 217,088 2008-01-06 11:03:12 C:\Program Files\Logitech\Video\LogiTray .exe
    —-a-w 196,608 2008-01-06 11:03:23 C:\Program Files\Logitech\Video\ManifestEngine .exe
    —-a-w 1,211,176 2008-01-06 17:39:04 C:\Program Files\Microsoft ActiveSync\wcescomm .exe
    —-a-w 5,674,352 2008-01-06 11:03:27 C:\Program Files\MSN Messenger\MsnMsgr .Exe
    —-a-w 200,704 2008-01-06 11:02:48 C:\Program Files\PowerISO\PWRISOVM .EXE
    —-a-w 98,304 2008-01-06 17:38:53 C:\Program Files\QuickTime\qttask .exe
    —-a-w 22,880,040 2008-01-06 11:03:47 C:\Program Files\Skype\Phone\Skype .exe
    —-a-w 308,880 2008-01-06 11:03:13 C:\Program Files\SPAMfighter\SFAgent .exe
    —-a-w 221,184 2008-01-06 11:02:59 C:\WINDOWS\system32\LVCOMSX .EXE
    </pre>[/code:1:f7af04c1c9]


    ((((((((((((((((((((((((((((( snapshot@2008-01-07_11.32.01,56 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-06 19:25:47 821,856 —-a-w C:\WINDOWS\system32\drivers\avg7core.sys
    + 2008-01-07 17:21:24 821,856 —-a-w C:\WINDOWS\system32\drivers\avg7core.sys
    - 2008-01-06 19:25:50 4,224 —-a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
    + 2008-01-07 17:21:28 4,224 —-a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
    - 2008-01-06 19:25:51 27,776 —-a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
    + 2008-01-07 17:21:28 27,776 —-a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
    - 2008-01-06 19:25:53 10,760 —-a-w C:\WINDOWS\system32\drivers\avgclean.sys
    + 2008-01-07 17:21:29 10,760 —-a-w C:\WINDOWS\system32\drivers\avgclean.sys
    - 2008-01-06 19:25:53 26,952 —-a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
    + 2008-01-07 17:21:29 26,952 —-a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
    + 2005-05-24 11:27:16 213,048 —-a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
    + 2007-08-29 14:47:20 94,208 —-a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    + 2007-08-29 14:49:54 950,272 —-a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
    - 2008-01-07 10:16:55 63,324 —-a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-01-07 19:10:00 63,324 —-a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-01-07 10:16:55 82,426 —-a-w C:\WINDOWS\system32\perfc013.dat
    + 2008-01-07 19:10:00 82,426 —-a-w C:\WINDOWS\system32\perfc013.dat
    - 2008-01-07 10:16:55 404,104 —-a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-01-07 19:10:00 404,104 —-a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-01-07 10:16:56 468,882 —-a-w C:\WINDOWS\system32\perfh013.dat
    + 2008-01-07 19:10:00 468,882 —-a-w C:\WINDOWS\system32\perfh013.dat
    .
    – Snapshot reset to current date –
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-06 18:39 147456]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
    "H/PC Connection Agent"="C:\PROGRA~1\MICROS~1\wcescomm .exe" [2008-01-06 18:39 1211176]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-06 18:39 68856]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-06 18:39 5674352]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2008-01-06 18:39 196608]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-01-06 18:39 22880040]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 20:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2005-11-11 22:47 1519616 C:\WINDOWS\system32
    wiz.exe]
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 20:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-10-14 18:51 14864384 C:\WINDOWS\RTHDCPL.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-01-06 18:38 98304]
    "PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2008-01-06 18:38 1]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-06 18:38 1]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-06 18:38 1]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2008-01-06 18:38 1]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-01-06 18:38 1]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-06 18:38 1]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-06 12:02 39792]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2008-01-06 18:39 1]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2008-01-06 18:39 1]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29 308880]
    "rfagent"="C:\Program Files\RFA\rfagent.exe" [2007-11-23 19:16 916800]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-07 18:21 579072]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-07 18:21 219136]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-15 19:29:40]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-31 10:41:25]
    Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u:f7af04c1c9]0[/u:f7af04c1c9]00.fcl [2006-11-02 16:51]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 15:29]
    S2 System Session Manager Subsystem;MS Session Manager Subsystem;C:\WINDOWS\system32\smss.exe [2004-08-04 20:00]

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-01-07 19:00:00 C:\WINDOWS\Tasks\HPpromotions psc 2350 series.job"
    - C:\Program Files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe
    "2007-10-13 01:30:02 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.ex
    - C:\Program Files\RegistrySmar
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-07 21:55:50
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-01-07 21:56:16
    ComboFix-quarantined-files.txt 2008-01-07 20:56:15
    ComboFix2.txt 2008-01-07 15:42:31
    ComboFix3.txt 2008-01-07 15:07:09
    ComboFix4.txt 2008-01-07 12:42:40
    ComboFix5.txt 2008-01-07 10:32:24
    .
    2008-01-07 10:20:24 — E O F —





  • Ik heb inmiddels een andere AVG versie laten scannen en deze heeft wel het één en ander gevonden!
    Staat nu in quarantaine….weet niet zo goed wat ik hiermee moet doen. Verwijderen? of misschien herstellen?

    gr Linda
  • Als AVG de bestanden in quarantaine heeft gezet is er niks aan de hand :)

    Download RenV.exe naar je Bureaublad.

    Open Kladblok, kopiëer en plak het volgende (ENKEL de INHOUD van het code-venster) in een leeg venster:
    [code:1:7f206e5d31]
    —-a-w 155,648 2008-01-06 11:02:54 C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
    —-a-w 147,456 2008-01-06 11:03:16 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
    —-a-w 69,216 2008-01-06 11:02:50 C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
    —-a-w 54,832 2008-01-06 11:02:52 C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
    —-a-w 68,856 2008-01-06 11:03:20 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    —-a-w 596,760 2008-01-06 11:03:14 C:\Program Files\Hitman Pro\xphelper .exe
    —-a-w 49,152 2008-01-06 11:02:56 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
    —-a-w 132,496 2008-01-06 11:02:47 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    —-a-w 217,088 2008-01-06 11:03:12 C:\Program Files\Logitech\Video\LogiTray .exe
    —-a-w 196,608 2008-01-06 11:03:23 C:\Program Files\Logitech\Video\ManifestEngine .exe
    —-a-w 1,211,176 2008-01-06 17:39:04 C:\Program Files\Microsoft ActiveSync\wcescomm .exe
    —-a-w 5,674,352 2008-01-06 11:03:27 C:\Program Files\MSN Messenger\MsnMsgr .Exe
    —-a-w 200,704 2008-01-06 11:02:48 C:\Program Files\PowerISO\PWRISOVM .EXE
    —-a-w 98,304 2008-01-06 17:38:53 C:\Program Files\QuickTime\qttask .exe
    —-a-w 22,880,040 2008-01-06 11:03:47 C:\Program Files\Skype\Phone\Skype .exe
    —-a-w 308,880 2008-01-06 11:03:13 C:\Program Files\SPAMfighter\SFAgent .exe
    —-a-w 221,184 2008-01-06 11:02:59 C:\WINDOWS\system32\LVCOMSX .EXE
    [/code:1:7f206e5d31]

    Sla dit op op je Bureaublad als [b:7f206e5d31]Log.txt[/b:7f206e5d31]

    Sleep [b:7f206e5d31]Log.txt[/b:7f206e5d31] in [b:7f206e5d31]RenV.exe[/b:7f206e5d31] zoals getoond in onderstaand voorbeeld:
    [img:7f206e5d31]http://img.photobucket.com/albums/v666/sUBs/RenV.gif[/img:7f206e5d31]

    Plaats een Combofix logfile ter controle.
    Pim
  • ComboFix 08-01-04.1 - vandertol 2008-01-07 22:19:13.8 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.506 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\vandertol\Bureaublad\ComboFix.exe
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))
    .

    2008-01-07 18:21 . 2008-01-07 18:23 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\AVG7
    2008-01-07 18:21 . 2008-01-07 18:21 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-01-07 18:21 . 2008-01-07 18:21 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-07 18:14 . 2008-01-07 19:31 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Avg7
    2008-01-07 13:50 . 2008-01-07 13:50 <DIR> d——– C:\WINDOWS\system32\Kaspersky Lab
    2008-01-07 13:50 . 2008-01-07 13:50 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-01-07 10:43 . 2008-01-07 10:55 <DIR> d——– C:\Program Files\RFA
    2008-01-07 10:43 . 2008-01-07 11:01 <DIR> d——– C:\Documents and Settings\All Users\Application Data\RFA_Backups
    2008-01-07 07:53 . 2008-01-07 07:53 <DIR> d——– C:\Program Files\Lavasoft
    2008-01-07 07:37 . 2008-01-07 22:17 <DIR> dr-h—– C:\Documents and Settings\vandertol\Onlangs geopend
    2008-01-06 19:30 . 2008-01-07 10:26 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-06 19:17 . 2000-08-31 08:00 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2008-01-06 18:55 . 2008-01-07 10:26 <DIR> d——– C:\Program Files\Spyware Doctor
    2008-01-06 18:55 . 2008-01-06 18:55 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\PC Tools
    2008-01-06 18:55 . 2008-01-06 18:57 74,240 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-01-06 18:55 . 2008-01-06 18:57 56,832 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-01-06 18:55 . 2007-10-18 00:14 41,288 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-01-06 18:55 . 2007-10-18 00:16 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2008-01-06 18:45 . 2008-01-06 18:46 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\PrevxCSI
    2008-01-06 18:38 . 2008-01-06 18:38 1 –a—— C:\WINDOWS\system32\PSDrvCheck.exe
    2008-01-06 12:02 . 2008-01-06 12:02 221,184 –a—— C:\WINDOWS\system32\LVCOMSX .EXE
    2008-01-05 19:22 . 2008-01-05 19:22 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\ESET
    2008-01-05 19:21 . 2008-01-05 19:21 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ESET
    2007-12-07 16:23 . 2007-12-07 16:23 <DIR> d–h—– C:\WINDOWS\PIF

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-07 21:06 ——— d—–w C:\Documents and Settings\vandertol\Application Data\Skype
    2008-01-07 19:07 ——— d—–w C:\Program Files\SPAMfighter
    2008-01-07 18:03 ——— d—–w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-01-07 10:10 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-07 09:26 ——— d—–w C:\Program Files\Hitman Pro
    2008-01-07 06:55 ——— d—–w C:\Documents and Settings\vandertol\Application Data\Lavasoft
    2008-01-06 17:38 ——— d—–w C:\Program Files\QuickTime
    2008-01-06 17:38 ——— d—–w C:\Program Files\PowerISO
    2008-01-06 17:37 ——— d—–w C:\Program Files\MSN Messenger
    2008-01-06 17:37 ——— d—–w C:\Program Files\Microsoft ActiveSync
    2008-01-06 17:32 ——— d—–w C:\Program Files\Windows Live Safety Center
    2008-01-06 15:42 ——— d—–w C:\Program Files\Webroot
    2008-01-05 18:16 ——— d—–w C:\Documents and Settings\vandertol\Application Data\uTorrent
    2007-12-22 09:39 ——— d—–w C:\Program Files\LimeWire
    2007-11-27 21:19 ——— d—–w C:\Program Files\Windows Media Connect 2
    2007-11-16 16:19 ——— d—–w C:\Documents and Settings\All Users\Application Data\Prevx
    2007-11-16 15:13 7,219 —-a-w C:\WINDOWS\system32\drivers\services.xml
    2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-31 09:41 127,034 ——r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-22 09:29 81,920 ——r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
    2007-06-27 18:01 502,412 —-a-w C:\Program Files\QuickPar-0.9.1.0-NLD.exe
    2007-04-10 07:09 1,228 —-a-w C:\Documents and Settings\vandertol\Application Data\wklnhst.dat
    2005-12-29 19:35 303,123 —-a-w C:\Program Files\NOD32.FiX.v2.1.exe
    2007-03-21 12:59 0 –sha-w C:\WINDOWS\SMINST\HPCD.sys
    .
    [code:1:ae27e7a6b5]<pre>
    —-a-w 155,648 2008-01-06 11:02:54 C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
    —-a-w 147,456 2008-01-06 11:03:16 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
    —-a-w 69,216 2008-01-06 11:02:50 C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
    —-a-w 54,832 2008-01-06 11:02:52 C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
    —-a-w 68,856 2008-01-06 11:03:20 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    —-a-w 596,760 2008-01-06 11:03:14 C:\Program Files\Hitman Pro\xphelper .exe
    —-a-w 49,152 2008-01-06 11:02:56 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
    —-a-w 132,496 2008-01-06 11:02:47 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    —-a-w 217,088 2008-01-06 11:03:12 C:\Program Files\Logitech\Video\LogiTray .exe
    —-a-w 196,608 2008-01-06 11:03:23 C:\Program Files\Logitech\Video\ManifestEngine .exe
    —-a-w 1,211,176 2008-01-06 17:39:04 C:\Program Files\Microsoft ActiveSync\wcescomm .exe
    —-a-w 5,674,352 2008-01-06 11:03:27 C:\Program Files\MSN Messenger\MsnMsgr .Exe
    —-a-w 200,704 2008-01-06 11:02:48 C:\Program Files\PowerISO\PWRISOVM .EXE
    —-a-w 98,304 2008-01-06 17:38:53 C:\Program Files\QuickTime\qttask .exe
    —-a-w 22,880,040 2008-01-06 11:03:47 C:\Program Files\Skype\Phone\Skype .exe
    —-a-w 308,880 2008-01-06 11:03:13 C:\Program Files\SPAMfighter\SFAgent .exe
    —-a-w 221,184 2008-01-06 11:02:59 C:\WINDOWS\system32\LVCOMSX .EXE
    </pre>[/code:1:ae27e7a6b5]


    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-06 18:39 147456]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
    "H/PC Connection Agent"="C:\PROGRA~1\MICROS~1\wcescomm .exe" [2008-01-06 18:39 1211176]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-06 18:39 68856]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-06 18:39 5674352]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2008-01-06 18:39 196608]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-01-06 18:39 22880040]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 20:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2005-11-11 22:47 1519616 C:\WINDOWS\system32
    wiz.exe]
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 20:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-10-14 18:51 14864384 C:\WINDOWS\RTHDCPL.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-01-06 18:38 98304]
    "PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2008-01-06 18:38 1]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-06 18:38 1]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-06 18:38 1]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2008-01-06 18:38 1]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-01-06 18:38 1]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-06 18:38 1]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-06 12:02 39792]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2008-01-06 18:39 1]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2008-01-06 18:39 1]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29 308880]
    "rfagent"="C:\Program Files\RFA\rfagent.exe" [2007-11-23 19:16 916800]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-07 18:21 579072]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-07 18:21 219136]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-15 19:29:40]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-31 10:41:25]
    Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u:ae27e7a6b5]0[/u:ae27e7a6b5]00.fcl [2006-11-02 16:51]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 15:29]
    S2 System Session Manager Subsystem;MS Session Manager Subsystem;C:\WINDOWS\system32\smss.exe [2004-08-04 20:00]

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-01-07 19:00:00 C:\WINDOWS\Tasks\HPpromotions psc 2350 series.job"
    - C:\Program Files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe
    "2007-10-13 01:30:02 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.ex
    - C:\Program Files\RegistrySmar
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-07 22:19:59
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-01-07 22:20:26
    ComboFix-quarantined-files.txt 2008-01-07 21:20:24
    ComboFix2.txt 2008-01-07 20:56:17
    ComboFix3.txt 2008-01-07 15:42:31
    ComboFix4.txt 2008-01-07 15:07:09
    ComboFix5.txt 2008-01-07 12:42:40
    .
    2008-01-07 10:20:24 — E O F —
  • Open een leeg kladblok venster en kopieer/plak onderstaande dikgedrukte tekst daarin:

    [b:0503cf3eb1]
    @echo off
    Vfind -ltf -s+335360 -d+2008-01-06 %systemdrive%\*.exe > Log.txt
    echo.>>Log.txt
    echo. =============>>Log.txt
    echo.>>Log.txt
    Vfind -tf -s+335360 -d+2008-01-06 %systemdrive%\*.exe |(
    FindStr.exe -MIF:/ "BlankVm\.dll \\Start\.pdb" )>>Log.txt 2>>&1
    Start Log.txt
    Del %0
    [/b:0503cf3eb1]

    Sla het vervolgens op als [b:0503cf3eb1]fix.bat[/b:0503cf3eb1] op je [u:0503cf3eb1]Bureaublad[/u:0503cf3eb1]
    Kies bij Opslaan als type voor [b:0503cf3eb1]Alle bestanden[/b:0503cf3eb1].

    Dubbelklik vervolgens op fix.bat.
    Er opent een logfile, plaats die in je volgende bericht :)
  • —-a-w 1,485,915 2008-01-07 10:29:09 C:\Documents and Settings\vandertol\Bureaublad\ComboFix.exe
    —-a-w 418,816 2008-01-07 17:21:24 C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    —-a-w 579,072 2008-01-07 17:21:30 C:\Program Files\Grisoft\AVG7\avgcc.exe
    —-a-w 1,441,280 2008-01-07 17:21:30 C:\Program Files\Grisoft\AVG7\avgdiag.exe
    —-a-w 510,976 2008-01-07 17:21:30 C:\Program Files\Grisoft\AVG7\avginet.exe
    —-a-w 389,632 2008-01-07 17:21:31 C:\Program Files\Grisoft\AVG7\avgvv.exe
    —-a-w 2,007,552 2008-01-07 17:21:35 C:\Program Files\Grisoft\AVG7\setup.exe
    —-a-w 396,288 2008-01-06 18:46:10 C:\Program Files\Hijackthis\HijackThis.exe
    —-a-w 812,344 2008-01-06 18:45:50 C:\Program Files\Hijackthis\HJTInstall.exe
    —-a-w 3,147,008 2008-01-07 06:45:42 C:\Program Files\Hitman Pro\hitmanpro2.exe
    —-a-w 547,912 2008-01-07 06:51:26 C:\Program Files\Hitman Pro\srhelper.exe
    —-a-w 751,480 2008-01-07 06:51:22 C:\Program Files\Hitman Pro\surfright.exe
    —-a-w 683,563 2008-01-07 06:41:01 C:\Program Files\Hitman Pro\unins000.exe
    —-a-w 596,760 2008-01-06 11:03:14 C:\Program Files\Hitman Pro\xphelper .exe
    —-a-w 2,855,080 2008-01-07 06:51:02 C:\Program Files\Hitman Pro\downloads\aawsepersonal.exe
    —-a-w 532,480 2008-01-07 06:50:31 C:\Program Files\Hitman Pro\downloads\cwshredder.exe
    —-a-w 1,563,704 2008-01-07 06:52:22 C:\Program Files\Hitman Pro\downloads\PrevxcsiPP3642.EXE
    —-a-w 5,037,072 2008-01-07 06:51:10 C:\Program Files\Hitman Pro\downloads\spybotsd14.exe
    —-a-w 547,912 2008-01-07 06:51:26 C:\Program Files\Hitman Pro\downloads\srhelper.exe
    —-a-w 1,211,176 2008-01-06 17:39:04 C:\Program Files\Microsoft ActiveSync\wcescomm .exe
    —-a-w 1,211,176 2008-01-06 16:08:14 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    —-a-w 5,674,352 2008-01-06 11:03:27 C:\Program Files\MSN Messenger\MsnMsgr .Exe
    —-a-w 5,674,352 2008-01-06 17:39:10 C:\Program Files\MSN Messenger\MsnMsgr.Exe
    —-a-w 670,245 2008-01-07 09:42:46 C:\Program Files\RFA\unins000.exe
    —-a-w 22,880,040 2008-01-06 11:03:47 C:\Program Files\Skype\Phone\Skype .exe
    —-a-w 22,880,040 2008-01-06 17:39:27 C:\Program Files\Skype\Phone\Skype.exe
    —-a-w 707,919 2008-01-06 17:55:22 C:\Program Files\Spyware Doctor\unins000.exe
    —-a-w 1,245,736 2008-01-06 17:32:13 C:\Program Files\Windows Live Safety Center\SetupOneCare.exe

    Entries: 28 (28)
    Directories: 0 Files: 28
    Bytes: 86,459,882 Blocks: 168,879

    =============

    Gr Linda
  • Hoi Linda,

    Het is een lastige, voer de instructies met RENV nogmaals uit met onderstaande, dikgedrukte code:
    [b:609e9de631]
    C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
    C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    C:\Program Files\Hitman Pro\xphelper .exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    C:\Program Files\Logitech\Video\LogiTray .exe
    C:\Program Files\Logitech\Video\ManifestEngine .exe
    C:\Program Files\Microsoft ActiveSync\wcescomm .exe
    C:\Program Files\MSN Messenger\MsnMsgr .Exe
    C:\Program Files\PowerISO\PWRISOVM .EXE
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\Skype\Phone\Skype .exe
    C:\Program Files\SPAMfighter\SFAgent .exe
    C:\WINDOWS\system32\LVCOMSX .EXE
    [/b:609e9de631]
    Maak vervolgens een nieuw Combofix logfile en post deze.

    Pim :)

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.