Vraag & Antwoord

Beveiliging & privacy

Virus in mail "essa voce precisa ver"

Anoniem
None
41 antwoorden
 • Mijn vrouw heeft mail van vriendin gekregen in het spaans met een link er in. Toen ze daar op klkte werd ze al snel gebeld door vrienden dat ze spam aan het versturen was. Norton ziet geen virus (we deden natuurlijk meteen een scan)

  Onderstaand het log, graag advies

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 17:20:23, on 7-12-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16544)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
  C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
  C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
  C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\TODDSrv.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\igfxtray.exe
  C:\WINDOWS\system32\hkcmd.exe
  C:\WINDOWS\system32\igfxpers.exe
  C:\WINDOWS\RTHDCPL.EXE
  C:\Program Files\Apoint2K\Apoint.exe
  C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
  C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
  C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
  C:\WINDOWS\system32\TPSMain.exe
  C:\WINDOWS\system32\ZoomingHook.exe
  C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Apoint2K\Apntex.exe
  C:\WINDOWS\system32\TCtrlIOHook.exe
  C:\WINDOWS\system32\TPSBattM.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
  C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
  C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
  C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
  C:\WINDOWS\AGRSMMSG.exe
  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
  C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\TomTom HOME\TomTomHOME.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
  C:\WINDOWS\Media\LTaskup.exe
  C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
  C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
  C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
  C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
  C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
  C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
  C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
  O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
  O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
  O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
  O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
  O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
  O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
  O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
  O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
  O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
  O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
  O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
  O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
  O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
  O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
  O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
  O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
  O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
  O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
  O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
  O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
  O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
  O4 - HKLM\..\Run: [SetupType] Portable
  O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
  O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
  O4 - HKLM\..\Run: [wTask] C:\WINDOWS\Media\LTaskup.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.bestemmingsplannen.amsterdam.nl/install/mgaxctrl_65515.cab
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
  O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
  O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
  O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
  O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
  O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
  O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
  O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
  O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
  O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
  O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe


  End of file - 12029 bytes
 • [quote:d427c53885="jorte"]Mijn vrouw heeft mail van vriendin gekregen in het spaans met een link er in. Toen ze daar op klkte werd ze al snel gebeld door vrienden dat ze spam aan het versturen was. Norton ziet geen virus (we deden natuurlijk meteen een scan)
  [/quote:d427c53885]

  Doe die Norton maar weg, want een Trojan die al zo lang bekend is, had ie moeten vangen. Ik heb mijn scanner AVG ook vervangen, en wel door het Duitse AntiVir, dat je gratis kan downloaden bij http://www.free-av.com/.

  Omdat een kennis van me deze Trojan ook heeft, ben ik heel benieuwd of je dit ding met AntiVir weg kan krijgen. De instructies die ik op andere forums zie zijn nogal ingewikkeld namelijk, en dat wil ik haar niet aandoen.

  vriendelijke groeten,

  Enno
 • @ennoborg: Weet jij welke trojan het is?

  Ik heb inmiddels LTASKupexe uit opstarten en uit de directory windows/media verwijderd (die probeerde verbinding te maken en dat bleek dus fout bestand via google). Verder AD-aware en Spybot gedraaid en die hebben er het nodige afgehaald.
  Met de online scanner van panda vind ik verder nix. Kaspersky online zag gisteren nog wat in mijn herstelpunten, dus ik neem aan dat ik die moet weghalen.

  Onderstaand mijn nieuwe log, heel gaag wil ik advies voor eventuele verdere stappen. Vast dank!
  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 15:13:26, on 9-12-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16544)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
  C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
  C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
  C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\TODDSrv.exe
  C:\WINDOWS\system32\igfxtray.exe
  C:\WINDOWS\system32\hkcmd.exe
  C:\WINDOWS\system32\igfxpers.exe
  C:\WINDOWS\RTHDCPL.EXE
  C:\Program Files\Apoint2K\Apoint.exe
  C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
  C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
  C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
  C:\WINDOWS\system32\TPSMain.exe
  C:\WINDOWS\system32\ZoomingHook.exe
  C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
  C:\WINDOWS\system32\TCtrlIOHook.exe
  C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
  C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
  C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
  C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
  C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
  C:\WINDOWS\AGRSMMSG.exe
  C:\Program Files\Apoint2K\Apntex.exe
  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
  C:\WINDOWS\system32\TPSBattM.exe
  C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\TomTom HOME\TomTomHOME.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
  C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
  C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
  C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
  C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
  C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
  C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
  O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
  O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
  O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
  O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
  O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
  O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
  O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
  O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
  O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
  O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
  O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
  O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
  O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
  O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
  O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
  O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
  O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
  O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
  O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
  O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
  O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
  O4 - HKLM\..\Run: [SetupType] Portable
  O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
  O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog
  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
  O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.bestemmingsplannen.amsterdam.nl/install/mgaxctrl_65515.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
  O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
  O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
  O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
  O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
  O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
  O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
  O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
  O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
  O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
  O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe


  End of file - 12854 bytes

  Tot slot nog een vraag: ik lees wel eens dat dit soort malware de instellingen van je virusscanner aanpassen zodat die in feite buiten werking is. Zou je dat ergens aan kunnen zien?
  Goede groet, Jorte
 • [quote:4ded89a1bb="jorte"]@ennoborg: Weet jij welke trojan het is?

  Tot slot nog een vraag: ik lees wel eens dat dit soort malware de instellingen van je virusscanner aanpassen zodat die in feite buiten werking is. Zou je dat ergens aan kunnen zien?
  Goede groet, Jorte[/quote:4ded89a1bb]

  Dag Jorte,

  AntiVir geeft de volgende informatie:

  Virus: TR/Delphi.Downloader.Gen
  Type: Trojan
  In the wild: No
  Reported Infections: Low
  Distribution Potential: Low
  Damage Potential: Low
  Static file: No
  Engine version: 7.01.00.17

  Als ik het goed begrijp, is dit een screensaver die is gemaakt met een soort software kit, die volgens AntiVir niet in het wild voorkomt. Wij weten echter wel beter nu, en dat heb ik hun ook verteld.

  http://www.google.com/search?hl=nl&q=TR%2FDelphi.Downloader.Gen&btnG=Zoeken&lr=lang_nl

  De trojan installeert een aangepaste versie van het bestand svchost.exe, en dat bestand zie ik nog steeds in je log staan. Dat is ook wel logisch, want het is een normaal Windows-bestand dat in dit geval door een kwaadaardige versie vervangen is.

  Omdat ik zelf, ondanks de veel te tolerante werking van AVG, niet besmet ben, kan ik je niet vertellen hoe je hem moet verwijderen, maar ik hoop dat je via de bovengenoemde Google link wel aanwijzigingen vindt. Die staan in het eerste resultaat in elk geval wel, en in het tweede zie je dat er maar heel weinig scanners zijn die dit rotding detecteren.

  Wat mij betreft reden te meer om Norton direct de deur uit te doen. Ik heb een soortgelijke Trojan al een keer eerder gehad, en toen wel geinstalleerd om te testen wat ie deed, en toen werd ie ook gewoon door AVG doorgelaten. Ook toen ben ik op AntiVir overgestapt, maar na een system restore was ik tot gisteren weer terug bij AVG.

  Bij die vorige Trojan zag ik niet dat m'n virusscanner werd uitgeschakeld, maar dat was ook niet nodig, omdat die toch al te stom was om dat ding te vinden. Wat ik wel zag was dat Windows waarschuwde dat de firewall werd uitgezet. Dat was namelijk nodig om die rotzooi door te sturen.

  M'n kennis in Assen is haar PC nu aan het scannen, en ik hoop dat ze gauw meldt dat het goed is. Als ze dat meldt, laat ik het weten.

  groeten,

  Enno
 • Dank.
  Bij haar zit er geen svchost in de windows dir, wel in de sys.32 dir, maar daar hoort die ook volgens de info uit jouw link.
  Wel vond ik svchost,ex_ in c:\I386 en svchost.exe-3530f72 .pf in c;\windows\prefetch

  Een online met Mcafee leverde resultaat op:
  wnupd.exe en crss7[1].exe en ook nog A0015008.exe, maar die zit in een herstelpunt geloof ik.
  Uitzoeken leert dat het om de trojan Dloadr-bfj gaat (dat lijkt overigens sprekend op Delphi.Downloader.Gen), maar ik ben er nog niet achter hoe ik het er af moet krijgen.
  Als jij of anderen mij kunnen helpen hoe ik het er af krijg, heel graag, want tot nu toe lukt het niet. Aangezien haar hele kennissenkring is gemailed met dat rottige linkje wil ik graag instructies die ik aan de mensen kan sturen die ook op het linkje in de mail hebben geklikt.
 • Klopt, vooral als je niet zoveel er van af weet. Je ziet een mail van een bekende, je bent nieuwsgierig….. je klikt….en de val slaat dicht.
  *S*…mijn geliefde zal dat voorlopig niet meer doen….. veel telefoontjes en mail gehad van omgeving die meteen zagen dat het fout zat (gelukkig).
  Blijft een deel over die wel klikte……
 • Beste Jorte,

  Omdat mijn PC zelf niet besmet is kan ik niet uit eerste hand vertellen wat je nu moet doen. Ik kan daarom nu niet meer doen dan je verwijzen naar

  http://www.google.com/search?q=Essa+voce+precisa+VER&hl=nl&lr=lang_nl&start=0&sa=N

  Als mijn kennis in Assen nog goed nieuws heeft zal ik dat ook doorvertellen, maar voorlopig zul je het even met Google moeten doen.

  vriendelijke groeten,

  Enno
 • Hoi Jorte,

  Doe het volgende even om deze definitief te verwijderen.

  Download: RVAXO.exe
  [list:693b5aa82f]
  Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
  Open nu de map [b:693b5aa82f]RVAXO[/b:693b5aa82f] op je bureaublad en dubbeklik [b:693b5aa82f]RVAXO.cmd[/b:693b5aa82f]
  Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
  [b:693b5aa82f]Mogelijk[/b:693b5aa82f] start er ook een uninstaller van een rogue scanner op, [b:693b5aa82f]sluit deze niet[/b:693b5aa82f] af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
  Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
  Laat deze lopen en wacht tot er een logfile opent: C:\[b:693b5aa82f]RVAXO-results.log[/b:693b5aa82f]
  Herstart je computer niet vanzelf, of start de tool niet na de reboot, [b:693b5aa82f]doe dit dan handmatig[/b:693b5aa82f].
  Post de inhoud van de logfile in je volgende bericht.
  [/list:u:693b5aa82f]

  Succes.

  Pim :)
 • Beste Enno en Pim, vast veel dank voor de hulp. Pim, onderstaan het logje

  —————-RVAXO.exe first run————-

  Files found:

  C:\WINDOWS\system32\_000005_.tmp.dll
  C:\WINDOWS\lnk_dados_2.dll
  C:\Documents and Settings\Bea\user.dat
  C:\Documents and Settings\Bea\Emails.dat

  Uninstallers Rogue scanners:


  Folders Found:


  Hosts-file was reset, If you use a custom hosts file please replace it…

  ————–RVAXO.exe last run—————

  Files found:

  Folders Found:

  ————–RVAXO.exe finished—————-

  Die files wnupd.exe en crss7[1].exe in de temp heeft ie er niet uitgehaald, zal ik die maar handmatig er uithalen of is dat niet nodig? Aanvulling: die zijn er niet meer zo te zien want ik kan ze niet meer vinden! Lijkt mij een goed teken.


  Ik heb voor alle zekerheid ook maar een Hijack draai gemaakt, onderstaand het logje.

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 19:09:23, on 10-12-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16544)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
  C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
  C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
  C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\TODDSrv.exe
  C:\WINDOWS\system32\igfxtray.exe
  C:\WINDOWS\system32\hkcmd.exe
  C:\WINDOWS\system32\igfxpers.exe
  C:\WINDOWS\RTHDCPL.EXE
  C:\Program Files\Apoint2K\Apoint.exe
  C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
  C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
  C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
  C:\WINDOWS\system32\TPSMain.exe
  C:\WINDOWS\system32\ZoomingHook.exe
  C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
  C:\WINDOWS\system32\TCtrlIOHook.exe
  C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
  C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
  C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
  C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
  C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
  C:\Program Files\Apoint2K\Apntex.exe
  C:\WINDOWS\system32\TPSBattM.exe
  C:\WINDOWS\AGRSMMSG.exe
  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
  C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\TomTom HOME\TomTomHOME.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
  C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
  C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
  C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
  C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
  C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
  C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
  O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
  O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
  O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
  O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
  O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
  O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
  O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
  O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
  O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
  O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
  O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
  O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
  O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
  O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
  O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
  O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
  O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
  O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
  O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
  O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
  O4 - HKLM\..\Run: [SetupType] Portable
  O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
  O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog
  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
  O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.bestemmingsplannen.amsterdam.nl/install/mgaxctrl_65515.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
  O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5181/mcfscan.cab
  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
  O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
  O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
  O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
  O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
  O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
  O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
  O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
  O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
  O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
  O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe


  End of file - 12977 bytes
 • Ziet er goed uit, maar ik wil even nog iets controleren.

  Download [b:f98d622734]Combofix[/b:f98d622734] naar je [b:f98d622734]bureaublad[/b:f98d622734]

  Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

  OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:f98d622734]download Combofix opnieuw[/b:f98d622734]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

  Dubbelklik op [u:f98d622734]combofix.exe[/u:f98d622734]
  Kies voor "Continue" door [b:f98d622734]1[/b:f98d622734] te typen gevolgd door [b:f98d622734]ENTER[/b:f98d622734].
  Tijdens het runnen van de fix, [b:f98d622734]NIET[/b:f98d622734] in het venster klikken, want dit zal je pc doen vasthangen.

  Wanneer de fix voltooid is en na herstart, zal de log [b:f98d622734]combofix.txt[/b:f98d622734] openen.
  [i:f98d622734]Plaats in je volgende antwoord het logje van combofix (combofix.txt)[/i:f98d622734]
 • Pim, vast dank, onderstaand het log. Tijdens de eerste scan greep teatimer van spybot een paar keer in. Ik kreeg wel een log. Ik heb dat wel bewaard, maar onderstaand dus de tweede draai met een nieuw opgehaalde combofix.

  ComboFix 07-12-09.1 - Bea 2007-12-10 20:43:41.2 - NTFSx86
  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.593 [GMT 1:00]
  Gestart vanuit: C:\Documents and Settings\Bea\Bureaublad\ComboFix.exe
  .

  (((((((((((((((((((( Bestanden Gemaakt van 2007-11-10 to 2007-12-10 ))))))))))))))))))))))))))))))
  .

  2007-12-10 18:57 . 2007-12-10 18:57 <DIR> d——– C:\RVAXO
  2007-12-10 18:56 . 2007-12-10 19:24 522,592 –a—— C:\WINDOWS\system32\RVAXO.bat
  2007-12-10 18:56 . 2001-10-01 14:51 69,632 –a—— C:\WINDOWS\system32\remove.exe
  2007-12-09 15:54 . 2007-12-09 15:54 <DIR> d——– C:\WINDOWS\McAfee.com
  2007-12-09 14:01 . 2007-12-09 15:03 <DIR> d——– C:\WINDOWS\system32\ActiveScan
  2007-12-09 14:01 . 2007-12-09 14:01 30,590 –a—— C:\WINDOWS\system32\pavas.ico
  2007-12-09 14:01 . 2007-12-09 14:01 2,550 –a—— C:\WINDOWS\system32\Uninstall.ico
  2007-12-09 14:01 . 2007-12-09 14:01 1,406 –a—— C:\WINDOWS\system32\Help.ico
  2007-12-08 18:23 . 2007-12-08 18:23 <DIR> d——– C:\WINDOWS\system32\Kaspersky Lab
  2007-12-08 18:23 . 2007-12-08 18:23 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
  2007-12-08 17:17 . 2007-12-08 17:17 <DIR> d——– C:\Program Files\Lavasoft
  2007-12-08 17:17 . 2007-12-08 17:17 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
  2007-12-08 17:17 . 2007-12-08 17:17 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Lavasoft
  2007-12-07 20:46 . 2007-12-07 21:35 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
  2007-12-07 17:19 . 2007-12-07 17:19 <DIR> d——– C:\Program Files\Trend Micro

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2007-12-09 14:14 ——— d—–w C:\Program Files\Common Files\Symantec Shared
  2007-12-09 13:56 ——— d—–w C:\Program Files\TomTom HOME
  2007-12-09 13:56 ——— d—–w C:\Program Files\Symantec
  2007-12-09 13:55 ——— d—–w C:\Program Files\QuickTime
  2007-12-09 13:55 ——— d—–w C:\Program Files\PC Connectivity Solution
  2007-12-09 13:53 ——— d—–w C:\Program Files\iTunes
  2007-12-09 13:48 ——— d—–w C:\Program Files\Apoint2K
  2007-12-09 13:18 ——— d—–w C:\Documents and Settings\Bea\Application Data\Symantec
  2007-12-09 13:16 ——— d—–w C:\Documents and Settings\All Users\Application Data\Symantec
  2007-12-07 14:55 805 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
  2007-12-07 14:55 60,800 —-a-w C:\WINDOWS\system32\S32EVNT1.DLL
  2007-12-07 14:55 123,952 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
  2007-12-07 14:55 10,740 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
  2007-12-07 14:12 ——— d—–w C:\Program Files\DYMO Label
  2007-12-06 08:15 ——— d—–w C:\Program Files\Norton Internet Security
  2007-10-01 13:49 542,088 —-a-w C:\WINDOWS\system32\SymNeti.dll
  2007-10-01 13:49 161,160 —-a-w C:\WINDOWS\system32\SymRedir.dll
  .

  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00]
  "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 09:47]
  "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
  "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2006-11-09 17:15]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 16:39]
  "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 16:36]
  "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 16:40]
  "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 23:34 C:\WINDOWS\RTHDCPL.exe]
  "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 06:40]
  "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-22 10:17]
  "CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2006-04-12 15:31]
  "HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 12:45]
  "SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 12:45]
  "TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2006-04-04 13:57]
  "TPSMain"="TPSMain.exe" [2005-08-11 15:14 C:\WINDOWS\system32\TPSMain.exe]
  "Zooming"="ZoomingHook.exe" [2005-06-06 08:58 C:\WINDOWS\system32\ZoomingHook.exe]
  "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 12:28]
  "TCtryIOHook"="TCtrlIOHook.exe" [2006-01-03 15:11 C:\WINDOWS\system32\TCtrlIOHook.exe]
  "TFncKy"="TFncKy.exe" []
  "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 12:11]
  "NDSTray.exe"="NDSTray.exe" []
  "DDWMon"="C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-28 10:33]
  "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-01 11:04]
  "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 12:37]
  "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 11:41]
  "AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 16:22 C:\WINDOWS\agrsmmsg.exe]
  "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 15:09]
  "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 13:27]
  "SetupType"="Portable" []
  "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 16:04]
  "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-24 16:00]
  "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 15:52]
  "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22]
  "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 11:00]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 11:00]
  "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15]

  C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
  Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
  HPAiODevice(hp officejet g series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe [2002-11-20 17:15:00]

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
  2007-08-31 16:46 1460560 –a—— C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wTask]
  C:\WINDOWS\Media\LTaskup.exe

  R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys
  R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys
  R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
  R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
  R3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
  R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
  S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys

  *Newly Created Service* - COMHOST
  .
  Inhoud van de 'Gedeelde Taken' map
  "2007-01-02 15:50:21 C:\WINDOWS\Tasks\Herinnering voor registratie 1.job"
  - C:\WINDOWS\system32\OOBE\oobebaln.exe
  "2007-01-02 15:50:22 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job"
  - C:\WINDOWS\system32\OOBE\oobebaln.exe
  "2007-01-23 13:20:11 C:\WINDOWS\Tasks\Herinnering voor registratie 3.job"
  - C:\WINDOWS\system32\OOBE\oobebaln.exe
  "2007-08-10 18:00:33 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - Bea.job"
  - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
  .
  ——————— DLLs Loaded Under Running Processes ———————

  PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
  -> C:\DOCUME~1\Bea\LOCALS~1\Temp\motdvmqjR.dll
  .
  **************************************************************************

  catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2007-12-10 20:45:14
  Windows 5.1.2600 Service Pack 2 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************
  .
  Voltooingstijd: 2007-12-10 20:45:39
  C:\ComboFix2.txt … 2007-12-10 20:32
  .
  — E O F —
 • Net wat ik dacht 8)

  Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
  [b:694c42f7ce]
  Registry::
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wTask]
  [/b:694c42f7ce]

  Sla dit op op je Bureaublad als [b:694c42f7ce]CFScript.txt[/b:694c42f7ce]

  Sleep [b:694c42f7ce]CFScript.txt[/b:694c42f7ce] in [b:694c42f7ce]ComboFix.exe[/b:694c42f7ce] zoals getoond in onderstaand voorbeeld :
  [img:694c42f7ce]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:694c42f7ce]

  Dit zal [b:694c42f7ce]ComboFix[/b:694c42f7ce] doen herstarten.
  Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

  Hoe is het met je problemen?
  Pim
 • Beste Pim, onderstaand de logjes. Overigens sloot hij niet af na het draaien van combofix, maar krijg ik een mededeling dat nircmd.cfexe een ddl niet kon vinden (sorry, niet goed genoteerd). Zoals je ziet wel een llogje. Zo te merken draait de pc verder goed, maar ze werkt er nu niet op, maar met haar vaste pc (het is de laptop die was besmet, en uit voorzorg gebruiken we die nu maar even niet).

  ComboFix 07-12-09.1 - Bea 2007-12-11 18:17:15.3 - NTFSx86
  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.509 [GMT 1:00]
  Gestart vanuit: C:\Documents and Settings\Bea\Bureaublad\ComboFix.exe
  Command switches used :: C:\Documents and Settings\Bea\Bureaublad\CFScript.txt
  * Nieuw herstelpunt werd aangemaakt
  .

  (((((((((((((((((((( Bestanden Gemaakt van 2007-11-11 to 2007-12-11 ))))))))))))))))))))))))))))))
  .

  2007-12-10 18:57 . 2007-12-10 18:57 <DIR> d——– C:\RVAXO
  2007-12-10 18:56 . 2007-12-10 19:24 522,592 –a—— C:\WINDOWS\system32\RVAXO.bat
  2007-12-10 18:56 . 2001-10-01 14:51 69,632 –a—— C:\WINDOWS\system32\remove.exe
  2007-12-09 15:54 . 2007-12-09 15:54 <DIR> d——– C:\WINDOWS\McAfee.com
  2007-12-09 14:01 . 2007-12-09 15:03 <DIR> d——– C:\WINDOWS\system32\ActiveScan
  2007-12-09 14:01 . 2007-12-09 14:01 30,590 –a—— C:\WINDOWS\system32\pavas.ico
  2007-12-09 14:01 . 2007-12-09 14:01 2,550 –a—— C:\WINDOWS\system32\Uninstall.ico
  2007-12-09 14:01 . 2007-12-09 14:01 1,406 –a—— C:\WINDOWS\system32\Help.ico
  2007-12-08 18:23 . 2007-12-08 18:23 <DIR> d——– C:\WINDOWS\system32\Kaspersky Lab
  2007-12-08 18:23 . 2007-12-08 18:23 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
  2007-12-08 17:17 . 2007-12-08 17:17 <DIR> d——– C:\Program Files\Lavasoft
  2007-12-08 17:17 . 2007-12-08 17:17 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
  2007-12-08 17:17 . 2007-12-08 17:17 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Lavasoft
  2007-12-07 20:46 . 2007-12-07 21:35 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
  2007-12-07 17:19 . 2007-12-07 17:19 <DIR> d——– C:\Program Files\Trend Micro

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2007-12-09 14:14 ——— d—–w C:\Program Files\Common Files\Symantec Shared
  2007-12-09 13:56 ——— d—–w C:\Program Files\TomTom HOME
  2007-12-09 13:56 ——— d—–w C:\Program Files\Symantec
  2007-12-09 13:55 ——— d—–w C:\Program Files\QuickTime
  2007-12-09 13:55 ——— d—–w C:\Program Files\PC Connectivity Solution
  2007-12-09 13:53 ——— d—–w C:\Program Files\iTunes
  2007-12-09 13:48 ——— d—–w C:\Program Files\Apoint2K
  2007-12-09 13:18 ——— d—–w C:\Documents and Settings\Bea\Application Data\Symantec
  2007-12-09 13:16 ——— d—–w C:\Documents and Settings\All Users\Application Data\Symantec
  2007-12-07 14:55 805 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
  2007-12-07 14:55 60,800 —-a-w C:\WINDOWS\system32\S32EVNT1.DLL
  2007-12-07 14:55 123,952 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
  2007-12-07 14:55 10,740 —-a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
  2007-12-07 14:12 ——— d—–w C:\Program Files\DYMO Label
  2007-12-06 08:15 ——— d—–w C:\Program Files\Norton Internet Security
  2007-10-01 13:49 542,088 —-a-w C:\WINDOWS\system32\SymNeti.dll
  2007-10-01 13:49 161,160 —-a-w C:\WINDOWS\system32\SymRedir.dll
  .

  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00]
  "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 09:47]
  "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
  "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2006-11-09 17:15]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 16:39]
  "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 16:36]
  "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 16:40]
  "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 23:34 C:\WINDOWS\RTHDCPL.exe]
  "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 06:40]
  "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-22 10:17]
  "CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2006-04-12 15:31]
  "HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 12:45]
  "SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 12:45]
  "TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2006-04-04 13:57]
  "TPSMain"="TPSMain.exe" [2005-08-11 15:14 C:\WINDOWS\system32\TPSMain.exe]
  "Zooming"="ZoomingHook.exe" [2005-06-06 08:58 C:\WINDOWS\system32\ZoomingHook.exe]
  "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 12:28]
  "TCtryIOHook"="TCtrlIOHook.exe" [2006-01-03 15:11 C:\WINDOWS\system32\TCtrlIOHook.exe]
  "TFncKy"="TFncKy.exe" []
  "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 12:11]
  "NDSTray.exe"="NDSTray.exe" []
  "DDWMon"="C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-28 10:33]
  "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-01 11:04]
  "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 12:37]
  "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 11:41]
  "AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 16:22 C:\WINDOWS\agrsmmsg.exe]
  "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 15:09]
  "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 13:27]
  "SetupType"="Portable" []
  "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 16:04]
  "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-24 16:00]
  "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 15:52]
  "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 11:00]
  "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15]

  C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
  Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
  HPAiODevice(hp officejet g series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe [2002-11-20 17:15:00]

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
  2007-08-31 16:46 1460560 –a—— C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

  R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys
  R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys
  R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
  R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
  R3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
  R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
  S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys

  *Newly Created Service* - COMHOST
  .
  Inhoud van de 'Gedeelde Taken' map
  "2007-01-02 15:50:21 C:\WINDOWS\Tasks\Herinnering voor registratie 1.job"
  - C:\WINDOWS\system32\OOBE\oobebaln.exe
  "2007-01-02 15:50:22 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job"
  - C:\WINDOWS\system32\OOBE\oobebaln.exe
  "2007-01-23 13:20:11 C:\WINDOWS\Tasks\Herinnering voor registratie 3.job"
  - C:\WINDOWS\system32\OOBE\oobebaln.exe
  "2007-08-10 18:00:33 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - Bea.job"
  - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
  .
  **************************************************************************

  catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2007-12-11 18:18:49
  Windows 5.1.2600 Service Pack 2 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************
  .
  Voltooingstijd: 2007-12-11 18:19:11
  C:\ComboFix2.txt … 2007-12-10 20:45
  C:\ComboFix3.txt … 2007-12-10 20:32
  .
  — E O F —

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 18:26:09, on 11-12-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16544)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
  C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
  C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\igfxtray.exe
  C:\WINDOWS\system32\hkcmd.exe
  C:\WINDOWS\system32\igfxpers.exe
  C:\WINDOWS\RTHDCPL.EXE
  C:\Program Files\Apoint2K\Apoint.exe
  C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
  C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
  C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
  C:\WINDOWS\system32\TPSMain.exe
  C:\WINDOWS\system32\ZoomingHook.exe
  C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
  C:\WINDOWS\system32\TCtrlIOHook.exe
  C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
  C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
  C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
  C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
  C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\WINDOWS\system32\TPSBattM.exe
  C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
  C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
  C:\WINDOWS\AGRSMMSG.exe
  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
  C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
  C:\Program Files\Apoint2K\Apntex.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\TomTom HOME\TomTomHOME.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
  C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
  C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\TODDSrv.exe
  C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
  C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
  C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
  C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
  C:\WINDOWS\explorer.exe
  C:\WINDOWS\system32\notepad.exe
  C:\Program Files\internet explorer\iexplore.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
  O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
  O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
  O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
  O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
  O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
  O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
  O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
  O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
  O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
  O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
  O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
  O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
  O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
  O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
  O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
  O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
  O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
  O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
  O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
  O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
  O4 - HKLM\..\Run: [SetupType] Portable
  O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
  O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
  O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.bestemmingsplannen.amsterdam.nl/install/mgaxctrl_65515.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
  O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5181/mcfscan.cab
  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
  O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
  O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
  O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
  O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
  O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
  O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
  O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
  O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
  O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
  O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe


  End of file - 12891 bytes
 • Het ziet er weer prima uit :wink:

  Je had hier te maken met een Trojan Banker, oftewel een virus die wachtwoorden verzameld. Daarom is het aan te raden om al je wachtwoorden van website's te veranderen waar je geregistreerd bent, zeker van je internet bankieren!

  Lees ook nog eens deze beveiligingstips door:
  http://users.telenet.be/marcvn/spyware/1564073.htm

  Pim :)
 • Beste Pim, veel dank.
  Is rare ervaring zo'n besmetting, de computer ziet er opeens heel anders uit, voelt anders…….
  Fijn dat we hem weer kunnen gebruiken!
  (en nu weer extra voorzichtig zijn )
  Grote groet, Jorte
 • Graag gedaan Jorte :wink:
 • Hoi Pim,

  Ik volg sinds vandaag je berichten over het "essa voce precisa ver" virus.
  Mijn zus heeft dit virus namelijk ook op haar PC zitten en nu ben ik aan het proberen dit te verwijderen.

  Ik heb RVAXO en ComboFix al laten lopen.

  Onderstaand de logs.

  Ik hoop dat je mij ook verder kunt helpen.

  Alvast bedankt, Pascal

  —————-RVAXO.exe first run————-

  Files found:

  C:\WINDOWS\lnk_dados_2.dll
  C:\Documents and Settings\Schroeder.THUIS-94M6UPI5I\user.dat
  C:\Documents and Settings\Schroeder.THUIS-94M6UPI5I\Emails.dat
  C:\WINDOWS\Media\LTaskup.exe
  C:\start.bat

  Uninstallers Rogue scanners:


  Folders Found:

  C:\Program Files\outlook
  C:\Program Files\pedevice
  C:\Program Files\Common Files\{384F5C17-0A6A-1043-0813-03051403001f}
  C:\Program Files\Common Files\{C84F5C17-0A6A-1043-0813-03051403001f}
  C:\Program Files\Common Files\{C84F5C17-0A6B-1043-0813-03051403001f}
  —————-RVAXO.exe first run————-

  Files found:

  C:\WINDOWS\lnk_dados_2.dll
  C:\Documents and Settings\Schroeder.THUIS-94M6UPI5I\user.dat
  C:\Documents and Settings\Schroeder.THUIS-94M6UPI5I\Emails.dat
  C:\start.bat

  Uninstallers Rogue scanners:


  Folders Found:

  C:\Program Files\pedevice
  C:\Program Files\Common Files\{384F5C17-0A6A-1043-0813-03051403001f}
  C:\Program Files\Common Files\{C84F5C17-0A6A-1043-0813-03051403001f}
  C:\Program Files\Common Files\{C84F5C17-0A6B-1043-0813-03051403001f}

  Hosts-file was reset, If you use a custom hosts file please replace it…

  ————–RVAXO.exe last run—————

  Files found:

  Folders Found:

  ————–RVAXO.exe finished—————-  ComboFix 07-12-12.3 - Schroeder 2007-12-13 22:30:22.1 - NTFSx86
  Gestart vanuit: C:\Documents and Settings\Schroeder.THUIS-94M6UPI5I\Bureaublad\ComboFix.exe
  * Nieuw herstelpunt werd aangemaakt
  .

  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
  .

  C:\Documents and Settings\Schroeder.THUIS-94M6UPI5I\Application Data\DOBE~1
  C:\Documents and Settings\Schroeder.THUIS-94M6UPI5I\Application Data\ICROSO~1.NET
  C:\Program Files\Common Files\{384F5~1
  C:\Program Files\Common Files\{C84F5~1
  C:\Program Files\Common Files\{C84F5~2
  C:\Program Files\Common Files\curity~1
  C:\Program Files\Common Files\scurit~1
  C:\Program Files\Common Files\uninstall information
  C:\Program Files\Common Files\ystem~1
  C:\Program Files\mantec~1
  C:\Program Files\ppatch~1
  C:\Program Files\smante~1
  C:\Program Files\stem~1
  C:\WINDOWS\fnts~1
  C:\WINDOWS\sks~1
  C:\WINDOWS\sstem3~1
  C:\WINDOWS\stem32~1
  C:\WINDOWS\system32\racle~1
  C:\WINDOWS\system32\wnsxs~1
  C:\WINDOWS\ymante~1

  .
  (((((((((((((((((((( Bestanden Gemaakt van 2007-11-13 to 2007-12-13 ))))))))))))))))))))))))))))))
  .

  2007-12-13 22:25 . 2007-12-13 22:26 <DIR> d——– C:\RVAXO
  2007-12-13 22:20 . 2007-12-13 20:19 532,459 –a—— C:\WINDOWS\system32\RVAXO.bat
  2007-12-13 22:20 . 2001-10-01 14:51 69,632 –a—— C:\WINDOWS\system32\remove.exe
  2007-12-13 22:01 . 2007-12-13 22:01 994,176 –a—— C:\WINDOWS\XOU Clock.exe
  2007-12-13 22:01 . 2007-12-13 22:01 400,512 –a—— C:\WINDOWS\XOU Clock.scr
  2007-12-13 22:01 . 2007-12-13 22:01 40,960 –a—— C:\WINDOWS\XOU Clock.dll
  2007-12-13 22:01 . 2007-12-13 22:01 18,192 –a—— C:\WINDOWS\XOU Clock.dat
  2007-12-13 11:02 . 2007-12-13 11:02 <DIR> d——– C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\SurfRight
  2007-12-09 11:58 . 2007-12-09 11:58 <DIR> d——– C:\Program Files\SurfRight
  2007-12-09 11:58 . 2007-12-09 11:58 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\SurfRight
  2007-11-30 16:40 . 2007-11-30 16:40 16,640 –a-s—- C:\WINDOWS\system32\drivers\ctredrv.sys

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2007-12-13 21:26 ——— d—–w C:\Program Files\Hitman Pro
  2007-12-13 10:18 ——— d—–w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
  2007-12-13 10:02 ——— d—–w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
  2007-12-09 14:27 ——— d—–w C:\Program Files\Spyware Doctor
  2007-12-09 11:16 ——— d—–w C:\Program Files\SpywareBlaster
  2007-12-07 04:46 ——— d—–w C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\SiteAdvisor
  2007-12-06 14:17 ——— d—–w C:\Documents and Settings\Schroeder.THUIS-94M6UPI5I\Application Data\SiteAdvisor
  2007-12-03 19:55 ——— d—–w C:\Documents and Settings\Schroeder.THUIS-94M6UPI5I\Application Data\LimeWire
  2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
  2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
  2007-10-26 18:35 ——— d—–w C:\Program Files\Logitech
  2007-10-26 18:35 ——— d—–w C:\Program Files\Common Files\Logitech
  2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
  2007-10-19 15:03 ——— d—–w C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx
  2007-10-19 14:16 512,096 —-a-w C:\WINDOWS\system32\drivers\amon.sys
  2007-10-19 14:16 298,104 —-a-w C:\WINDOWS\system32\imon.dll
  2007-10-19 14:16 15,424 —-a-w C:\WINDOWS\system32\drivers\nod32drv.sys
  2007-09-13 18:40 234,008 —-a-w C:\WINDOWS\system32\WmJoyFrc.dll
  .

  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33E7A132-12F8-1906-F23A-6BE33A95F3E1}]
  C:\WINDOWS\system32\ntcrdvte.dll

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03]
  "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 09:03 C:\WINDOWS\system32\rundll32.exe]
  "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 12:12]
  "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" []
  "Npaa"="C:\DOCUME~1\SCHROE~2\MIJNDO~1\SMBOLS~1\wuaclt.exe" []
  "Imtwotjd"="C:\Documents and Settings\Schroeder.THUIS-94M6UPI5I\Application Data\?icrosoft.NET\e?plorer.exe" []

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05]
  "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [2005-09-22 18:29]
  "SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-02-03 19:25]
  "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-06-25 14:03]
  "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 13:41]
  "CaretakerNotifier"="C:\Program Files\SurfRight\Caretaker\Notifier.exe" [2007-11-30 16:41]
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03]
  "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" []

  C:\Documents and Settings\Schroeder.THUIS-94M6UPI5I\Menu Start\Programma's\Opstarten\
  Opruimen.bat [2006-12-29 17:15:04]

  C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
  Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-01-10 20:02:47]
  HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 00:20:40]
  Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-12-28 18:53:15]
  Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 18:05:56]

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
  @=""

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
  @=""

  R1 ctredrv.sys;ctredrv.sys;\??\C:\WINDOWS\system32\drivers\ctredrv.sys
  R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
  R2 CaretakerAntispam;Caretaker Antispam Service;"C:\Program Files\SurfRight\Caretaker\AntispamService.exe"
  R2 CaretakerProxy;Caretaker Proxy;"C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe"
  R2 CaretakerSvc;Caretaker Service;"C:\Program Files\SurfRight\Caretaker\CaretakerService.exe"
  R2 CaretakerUpdate;Caretaker Updater;"C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe"
  R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
  R3 WmXlCore;Logitech Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
  S3 SNCP106;PC Camera (6009 CIF);C:\WINDOWS\system32\DRIVERS\sncp106.sys
  S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
  S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
  S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

  *Newly Created Service* - CATCHME
  *Newly Created Service* - PROCEXP90
  .
  Inhoud van de 'Gedeelde Taken' map
  "2007-12-13 21:26:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"
  - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
  .
  **************************************************************************

  catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2007-12-13 22:33:55
  Windows 5.1.2600 Service Pack 2 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************
  .
  Voltooingstijd: 2007-12-13 22:35:02
  .
  2007-12-13 10:56:53 — E O F —
 • Hoi Pascal,

  RVAXO heeft het virus al opgeruimd, toch zitten er nog enkele resten:

  Open de map RXAVO en dubbelklik op [b:69288d6fb9]Uninstall.cmd[/b:69288d6fb9]
  RVAXO zal zich nu verwijderen.

  Ga naar Jotti: http://virusscan.jotti.org.
  In het venster '[b:69288d6fb9]File to upload and scan[/b:69288d6fb9]' kopieer je het volgende:
  [b:69288d6fb9]C:\WINDOWS\XOU Clock.exe[/b:69288d6fb9]

  Klik vervolgens op Submit, je file wordt gescand.
  Plaats de uitslag van de scan in je volgende bericht.

  Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
  [b:69288d6fb9]
  Registry::
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33E7A132-12F8-1906-F23A-6BE33A95F3E1}]
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Npaa"=-
  "Imtwotjd"=-
  [/b:69288d6fb9]

  Sla dit op op je Bureaublad als [b:69288d6fb9]CFScript.txt[/b:69288d6fb9]

  Sleep [b:69288d6fb9]CFScript.txt[/b:69288d6fb9] in [b:69288d6fb9]ComboFix.exe[/b:69288d6fb9] zoals getoond in onderstaand voorbeeld :
  [img:69288d6fb9]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:69288d6fb9]

  Dit zal [b:69288d6fb9]ComboFix[/b:69288d6fb9] doen herstarten.
  Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

  Lees hier hoe je een Hijackthis logje maakt:
  http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=115358

  Pim
 • Pim,

  Ik met belangstelling je bovengemelde oplossingen gelezen inzake virus een essa …

  Zou je mij ook kunnen helpen.

  RVAXO geeft:
  —————-RVAXO.exe first run————-

  Files found:

  C:\WINDOWS\tasks\A54FC14691847C26.job
  C:\WINDOWS\lnk_dados_2.dll
  C:\Documents and Settings\Ton van Doorn\user.dat
  C:\Documents and Settings\Ton van Doorn\Emails.dat
  C:\WINDOWS\Media\LTaskup.exe

  Uninstallers Rogue scanners:


  Folders Found:


  Hosts-file was reset, If you use a custom hosts file please replace it…

  ————–RVAXO.exe last run—————

  Files found:

  Folders Found:

  ————–RVAXO.exe finished—————-

  Combofix geeft:

  ComboFix 07-12-21.4 - Ton van Doorn 2007-12-21 14:49:31.1 - NTFSx86
  Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.196 [GMT 1:00]
  Gestart vanuit: C:\Documents and Settings\Ton van Doorn\Bureaublad\ComboFix.exe
  * Nieuw herstelpunt werd aangemaakt
  .

  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
  .

  C:\Documents and Settings\Ton van Doorn\Application Data\inst.exe

  .
  (((((((((((((((((((( Bestanden Gemaakt van 2007-11-21 to 2007-12-21 ))))))))))))))))))))))))))))))
  .

  2007-12-21 14:42 . 2007-12-21 14:42 <DIR> d——– C:\RVAXO
  2007-12-21 14:40 . 2007-12-21 12:51 555,344 –a—— C:\WINDOWS\system32\RVAXO.bat
  2007-12-21 14:40 . 2001-10-01 14:51 69,632 –a—— C:\WINDOWS\system32\remove.exe
  2007-12-21 13:55 . 2007-12-21 13:55 <DIR> d——– C:\Documents and Settings\Ton van Doorn\Application Data\K9
  2007-12-21 10:24 . 2007-12-21 10:24 <DIR> d——– C:\Documents and Settings\All Users\Application Data\pdf995
  2007-12-21 10:03 . 2007-12-21 10:03 <DIR> d——– C:\Documents and Settings\Ton van Doorn\Application Data\Symantec
  2007-12-19 23:09 . 2007-12-19 23:29 <DIR> d——– C:\Program Files\Norton AntiVirus
  2007-12-19 23:05 . 2007-12-19 23:26 123,952 –a—— C:\WINDOWS\system32\drivers\SYMEVENT.SYS
  2007-12-19 23:05 . 2007-12-19 23:26 60,800 –a—— C:\WINDOWS\system32\S32EVNT1.DLL
  2007-12-19 23:05 . 2007-12-19 23:26 10,740 –a—— C:\WINDOWS\system32\drivers\SYMEVENT.CAT
  2007-12-19 23:05 . 2007-12-19 23:26 805 –a—— C:\WINDOWS\system32\drivers\SYMEVENT.INF
  2007-12-19 23:04 . 2007-12-19 23:26 <DIR> d——– C:\Program Files\Symantec
  2007-12-19 19:57 . 2007-01-12 23:50 215,144 –a—— C:\WINDOWS\patchw32.dll
  2007-12-19 19:56 . 2007-01-12 23:50 215,144 –a—— C:\WINDOWS\pw32a.dll
  2007-12-19 19:30 . 2007-12-21 13:56 <DIR> d——– C:\Program Files\Common Files\Symantec Shared
  2007-12-19 19:30 . 2007-12-19 23:25 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Symantec
  2007-11-30 23:57 . 2007-11-30 23:57 317,616 –a—— C:\WINDOWS\system32\drivers\srtspl.sys
  2007-11-30 23:57 . 2007-11-30 23:57 279,088 –a—— C:\WINDOWS\system32\drivers\srtsp.sys
  2007-11-30 23:57 . 2007-11-30 23:57 43,696 –a—— C:\WINDOWS\system32\drivers\srtspx.sys
  2007-11-30 23:57 . 2007-11-30 23:57 10,549 –a—— C:\WINDOWS\system32\drivers\srtspx.cat
  2007-11-30 23:57 . 2007-11-30 23:57 10,549 –a—— C:\WINDOWS\system32\drivers\srtspl.cat
  2007-11-30 23:57 . 2007-11-30 23:57 10,545 –a—— C:\WINDOWS\system32\drivers\srtsp.cat
  2007-11-30 23:57 . 2007-11-30 23:57 1,430 –a—— C:\WINDOWS\system32\drivers\srtspl.inf
  2007-11-30 23:57 . 2007-11-30 23:57 1,421 –a—— C:\WINDOWS\system32\drivers\srtspx.inf
  2007-11-30 23:57 . 2007-11-30 23:57 1,415 –a—— C:\WINDOWS\system32\drivers\srtsp.inf
  2007-11-23 21:24 . 2007-11-23 21:35 <DIR> d——– C:\Documents and Settings\Ton van Doorn\Application Data\ICAClient
  2007-11-23 21:21 . 2007-11-23 21:21 <DIR> d——– C:\Program Files\Citrix

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2007-12-19 21:05 ——— d—–w C:\Program Files\Google
  2007-12-19 20:40 ——— d—–w C:\Program Files\Hema Album Software Advanced
  2007-12-19 20:29 ——— d—–w C:\Program Files\Windows Live Toolbar
  2007-12-19 20:26 ——— d—–w C:\Program Files\Common Files\Adobe
  2007-12-19 17:55 ——— d—–w C:\Documents and Settings\All Users\Application Data\Grisoft
  2007-12-11 20:33 ——— d—–w C:\Documents and Settings\All Users\Application Data\DVD Shrink
  2007-11-11 13:52 ——— d—–w C:\Program Files\directx
  2007-10-30 18:55 625,032 —-a-w C:\WINDOWS\system32\SymNeti.dll
  2007-10-30 18:55 39,856 —-a-w C:\WINDOWS\system32\drivers\symids.sys
  2007-10-30 18:55 37,936 —-a-w C:\WINDOWS\system32\drivers\symndisv.sys
  2007-10-30 18:55 35,120 —-a-w C:\WINDOWS\system32\drivers\symndis.sys
  2007-10-30 18:55 27,696 —-a-w C:\WINDOWS\system32\drivers\symredrv.sys
  2007-10-30 18:55 242,056 —-a-w C:\WINDOWS\system32\SymRedir.dll
  2007-10-30 18:55 191,536 —-a-w C:\WINDOWS\system32\drivers\symtdi.sys
  2007-10-30 18:55 145,968 —-a-w C:\WINDOWS\system32\drivers\symfw.sys
  2007-10-30 18:55 12,848 —-a-w C:\WINDOWS\system32\drivers\symdns.sys
  2007-10-30 18:24 12,963 —-a-w C:\WINDOWS\system32\drivers\SymRedir.cat
  2007-10-30 18:24 1,358 —-a-w C:\WINDOWS\system32\drivers\SymRedir.inf
  2007-10-26 17:20 ——— d—–w C:\Program Files\Bonjour
  2007-10-26 16:52 ——— d—–w C:\Program Files\Java
  2007-10-26 16:50 47,360 —-a-w C:\Documents and Settings\Ton van Doorn\Application Data\pcouffin.sys
  2007-10-26 16:50 ——— d—–w C:\Documents and Settings\Ton van Doorn\Application Data\Vso
  .

  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03]
  "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
  "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 19:51]
  "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:03 C:\WINDOWS\system32\rundll32.exe]
  "nwiz"="nwiz.exe" [2006-08-11 20:43 C:\WINDOWS\system32\nwiz.exe]
  "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:03 C:\WINDOWS\system32\rundll32.exe]
  "GSICONEXE"="gsicon.exe" [2003-09-07 23:11 C:\WINDOWS\system32\gsicon.exe]
  "DSLAGENTEXE"="dslagent.exe" [2003-09-07 23:11 C:\WINDOWS\system32\dslagent.exe]
  "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
  "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-03 19:49]
  "RemoteControl"="d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57]
  "LanguageShortcut"="d:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
  "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-27 23:38]
  "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 17:22]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:03]

  R2 BCMNTIO;BCMNTIO;D:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
  R2 MAPMEM;MAPMEM;D:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]
  R3 NPDriver;Norton UnErase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2006-10-10 05:17]
  R3 wanusb;HM121dp USB ADSL WAN Modem;C:\WINDOWS\system32\DRIVERS\gwausb.sys [2003-09-07 23:11]
  S3 ICAM5USB;Intel(r) PC Camera CS110;C:\WINDOWS\system32\Drivers\Icam5USB.sys [2001-08-17 21:06]
  S3 SDdriver;SDdriver;C:\WINDOWS\system32\Drivers\sddriver.sys [2005-11-03 18:43]

  *Newly Created Service* - CATCHME
  *Newly Created Service* - PROCEXP90
  .
  Inhoud van de 'Gedeelde Taken' map
  "2007-12-21 13:09:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
  - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
  "2007-12-19 22:18:27 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan - Ton van Doorn.job"
  - C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
  "2007-12-19 22:13:58 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
  - D:\Program Files\Norton SystemWorks\OBC.exe
  .
  **************************************************************************

  catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2007-12-21 14:51:35
  Windows 5.1.2600 Service Pack 2 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************
  .
  Voltooingstijd: 2007-12-21 14:52:16


  Al vast ontzettend bedankt
 • Hoi tonlab,

  Die infectie lijkt al volledig verwijderd door RVAXO.
  Daarom mag je RVAXO uninstall.cmd dubbelklikken in de RVAXO map op je bureaublad.

  Misschien heb je nog restanten van een LOP-infectie op je Systeem.
  Doe dit eens:
  Download dit bestand: [b:03006a1706]Deljob.exe[/b:03006a1706] (mirror)
  Plaats het op je bureaublad.
  Indien je virusscanner de download van deljob.exe blokkeert,
  schakel dan tijdelijk je virusscanner uit of download de zip-versie
  deljob.zip en pak deze uit naar je Bureaublad.
  Dubbelklik Deljob.exe.
  Een logje(logit.txt) zal openen, het bestandje kan je ook terugvinden op je bureaublad.
  Post de inhoud van [b:03006a1706]logit.txt[/b:03006a1706] in je volgende bericht.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.