Vraag & Antwoord

Beveiliging & privacy

Trojan Vundo mllji en urqqnmm ??

Anoniem
None
38 antwoorden
  • O jee! Ander probleem of niet???
    AVG verwijderd en daarna een andere versie van AVG erop gezet. Echter dit lukt niet!! AVG wil niet weg en ik kan er ook geen andere opzetten??? Wat nu?

    Ik baal…. :cry:
  • Ik heb het AVG probleem zelf opgelost!! :D
    Nu nog het startpagina probleempje….
  • Hoi Pim,

    Het is niet te gelven, maar het start-pagina probleem is ook opgelost!!?
    Misschien toch door het AdAware-programma..
    dit is het rapport:


    Ad-Aware SE Build 1.06r1
    Logfile Created on:vrijdag 11 januari 2008 16:08:11
    Created with Ad-Aware SE Personal, free for private use.
    Using definitions file:SE1R210 27.12.2007
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    References detected during the scan:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Tracking Cookie(TAC index:3):7 total references
    Windows(TAC index:3):1 total references
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Ad-Aware SE Settings
    ===========================
    Set : Search for negligible risk entries
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep-scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan my Hosts file

    Extended Ad-Aware SE Settings
    ===========================
    Set : Unload recognized processes & modules during scan
    Set : Scan registry for all users instead of current user only
    Set : Always try to unload modules before deletion
    Set : During removal, unload Explorer and IE if necessary
    Set : Let Windows remove files in use at next reboot
    Set : Delete quarantined objects after restoring
    Set : Include basic Ad-Aware settings in log file
    Set : Include additional Ad-Aware settings in log file
    Set : Include reference summary in log file
    Set : Include alternate data stream details in log file
    Set : Play sound at scan completion if scan locates critical objects


    11-1-2008 16:08:11 - Scan started. (Full System Scan)

    Listing running processes
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ProcessID : 684
    ThreadCreationTime : 11-1-2008 14:11:09
    BasePriority : Normal


    #:2 [csrss.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 764
    ThreadCreationTime : 11-1-2008 14:11:16
    BasePriority : Normal


    #:3 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\SYSTEM32\
    ProcessID : 788
    ThreadCreationTime : 11-1-2008 14:11:17
    BasePriority : High


    #:4 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 832
    ThreadCreationTime : 11-1-2008 14:11:17
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Besturingssysteem Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Services en controllertoepassingen
    InternalName : services.exe
    LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
    OriginalFilename : services.exe

    #:5 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 844
    ThreadCreationTime : 11-1-2008 14:11:17
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : lsass.exe

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1008
    ThreadCreationTime : 11-1-2008 14:11:17
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:7 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1076
    ThreadCreationTime : 11-1-2008 14:11:18
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:8 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1172
    ThreadCreationTime : 11-1-2008 14:11:18
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:9 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1296
    ThreadCreationTime : 11-1-2008 14:11:18
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:10 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1368
    ThreadCreationTime : 11-1-2008 14:11:18
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:11 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1540
    ThreadCreationTime : 11-1-2008 14:11:18
    BasePriority : Normal
    FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
    ProductVersion : 5.1.2600.2696
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : spoolsv.exe

    #:12 [explorer.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 1840
    ThreadCreationTime : 11-1-2008 14:11:20
    BasePriority : Normal
    FileVersion : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)
    ProductVersion : 6.00.2900.3156
    ProductName : Besturingssysteem Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Windows Verkenner
    InternalName : explorer
    LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
    OriginalFilename : EXPLORER.EXE

    #:13 [jusched.exe]
    FilePath : C:\Program Files\Java\jre1.6.0_03\bin\
    ProcessID : 1976
    ThreadCreationTime : 11-1-2008 14:11:22
    BasePriority : Normal


    #:14 [rthdcpl.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 1996
    ThreadCreationTime : 11-1-2008 14:11:23
    BasePriority : Normal
    FileVersion : 2.0.2.1
    ProductVersion : 2.0.2.1
    ProductName : Realtek HD Audio Sound Effect Manager
    CompanyName : Realtek Semiconductor Corp.
    FileDescription : Realtek HD Audio Control Panel
    LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp.
    OriginalFilename : RTHDCPL.EXE

    #:15 [rfagent.exe]
    FilePath : C:\Program Files\RFA\
    ProcessID : 2008
    ThreadCreationTime : 11-1-2008 14:11:23
    BasePriority : Normal
    FileVersion : 6.1.0.1539
    ProductVersion : 6.1.0.1539
    ProductName : Registry First Aid Agent
    CompanyName : KsL Software
    FileDescription : Registry First Aid Agent, the easy powerful registry cleanup program
    InternalName : rfagent
    LegalCopyright : Copyright © KsL Software, 2001-2007
    OriginalFilename : rfagent.exe

    #:16 [pwrisovm.exe]
    FilePath : C:\Program Files\PowerISO\
    ProcessID : 2016
    ThreadCreationTime : 11-1-2008 14:11:23
    BasePriority : Normal
    FileVersion : 3, 5, 0, 0
    ProductVersion : 3, 5, 0, 0
    ProductName : PowerISO Virtual Drive Manager
    CompanyName : PowerISO Computing, Inc.
    FileDescription : PowerISO Virtual Drive Manager
    InternalName : PowerISO Virtual Drive Manager
    LegalCopyright : Copyright (C) 2004-2006
    OriginalFilename : PWRISOVM.EXE
    Comments : http://www.poweriso.com

    #:17 [logitray.exe]
    FilePath : C:\Program Files\Logitech\Video\
    ProcessID : 160
    ThreadCreationTime : 11-1-2008 14:11:23
    BasePriority : Normal
    FileVersion : 8.4.7.1034
    ProductVersion : 8.4.7.1034
    ProductName : Logitech QuickCam
    CompanyName : Logitech Inc.
    FileDescription : ImageStudio Tray Application
    InternalName : LogiTray.exe
    LegalCopyright : © 1996-2005 Logitech. All rights reserved.
    OriginalFilename : LogiTray.exe

    #:18 [hpwuschd2.exe]
    FilePath : C:\Program Files\HP\HP Software Update\
    ProcessID : 172
    ThreadCreationTime : 11-1-2008 14:11:23
    BasePriority : Normal
    FileVersion : 5, 0, 0, 0
    ProductVersion : 5, 0, 0, 0
    ProductName : HP Software Update Application
    CompanyName : Hewlett-Packard Company
    FileDescription : hpwuSchd
    InternalName : hpwuSchd
    LegalCopyright : Copyright © 2003
    OriginalFilename : hpwuSchd.exe

    #:19 [ctfmon.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 204
    ThreadCreationTime : 11-1-2008 14:11:23
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : CTF Loader
    InternalName : CTFMON
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : CTFMON.EXE

    #:20 [googletoolbarnotifier.exe]
    FilePath : C:\Program Files\Google\GoogleToolbarNotifier\
    ProcessID : 228
    ThreadCreationTime : 11-1-2008 14:11:23
    BasePriority : Normal
    FileVersion : 2, 0, 301, 1654
    ProductVersion : 2, 0, 301, 1654
    ProductName : GoogleToolbarNotifier
    CompanyName : Google Inc.
    FileDescription : GoogleToolbarNotifier
    LegalCopyright : Copyright © 2005-2007
    OriginalFilename : GoogleToolbarNotifier.exe

    #:21 [skype.exe]
    FilePath : C:\Program Files\Skype\Phone\
    ProcessID : 252
    ThreadCreationTime : 11-1-2008 14:11:23
    BasePriority : Normal
    FileVersion : 3.5.0.239
    ProductVersion : 3.5
    ProductName : Skype
    CompanyName : Skype Technologies S.A.
    FileDescription : Skype. Take a deep breath
    InternalName : Skype.exe
    LegalCopyright : © Skype Technologies S.A.
    OriginalFilename : Skype.exe

    #:22 [nmbgmonitor.exe]
    FilePath : C:\Program Files\Common Files\Ahead\Lib\
    ProcessID : 316
    ThreadCreationTime : 11-1-2008 14:11:23
    BasePriority : Normal


    #:23 [nmindexstoresvr.exe]
    FilePath : C:\Program Files\Common Files\Ahead\Lib\
    ProcessID : 440
    ThreadCreationTime : 11-1-2008 14:11:24
    BasePriority : Normal


    #:24 [hpqtra08.exe]
    FilePath : C:\Program Files\HP\Digital Imaging\bin\
    ProcessID : 472
    ThreadCreationTime : 11-1-2008 14:11:24
    BasePriority : Normal
    FileVersion : 45.4.157.000
    ProductVersion : 045.004.157.000
    ProductName : hp digital imaging - hp all-in-one series
    CompanyName : Hewlett-Packard Co.
    FileDescription : HP Digital Imaging Monitor
    InternalName : HPQTRA00
    LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2004
    OriginalFilename : HPQTRA00.EXE
    Comments : HP Digital Imaging Monitor

    #:25 [fxsvr2.exe]
    FilePath : C:\Program Files\Logitech\Video\
    ProcessID : 488
    ThreadCreationTime : 11-1-2008 14:11:24
    BasePriority : Normal
    FileVersion : 8.4.7.1034
    ProductVersion : 8.4.7.1034
    ProductName : Logitech QuickCam
    CompanyName : Logitech Inc.
    FileDescription : QuickCam Framework Server
    InternalName : FxSvr.EXE
    LegalCopyright : © 1996-2005 Logitech. All rights reserved.
    OriginalFilename : FxSvr.EXE

    #:26 [logitechdesktopmessenger.exe]
    FilePath : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\
    ProcessID : 512
    ThreadCreationTime : 11-1-2008 14:11:24
    BasePriority : Normal
    FileVersion : 2.52.21.16
    ProductVersion : 2.52.21.16
    ProductName : Logitech Desktop Messenger
    CompanyName : Logitech Inc.
    FileDescription : Logitech Desktop Messenger
    InternalName : Logitech BackWeb Runner
    LegalCopyright : Copyright (C) Logitech 2000-2007. All rights reserved
    OriginalFilename : runner.exe
    Comments : About:
    www.logitech.com/ldm

    Privacy Policy:
    www.logitech.com/privacy

    #:27 [hpqgalry.exe]
    FilePath : C:\Program Files\HP\Digital Imaging\bin\
    ProcessID : 1240
    ThreadCreationTime : 11-1-2008 14:11:26
    BasePriority : Normal


    #:28 [avgupsvc.exe]
    FilePath : C:\PROGRA~1\Grisoft\AVG7\
    ProcessID : 1492
    ThreadCreationTime : 11-1-2008 14:11:27
    BasePriority : Normal
    FileVersion : 7.5.0.420
    ProductVersion : 7.5.0.420
    ProductName : AVG 7.5 Anti-Virus System
    CompanyName : GRISOFT, s.r.o.
    FileDescription : AVG Update Service
    InternalName : avgupsvc
    LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.
    OriginalFilename : avgupdsvc.EXE

    #:29 [googleupdaterservice.exe]
    FilePath : C:\Program Files\Google\Common\Google Updater\
    ProcessID : 1652
    ThreadCreationTime : 11-1-2008 14:11:27
    BasePriority : Normal
    FileVersion : 2.2.824.5515.beta
    ProductVersion : 2.2.824.5515.beta
    ProductName : Google Updater
    CompanyName : Google
    FileDescription : gusvc
    InternalName : gusvc
    LegalCopyright : ©2005-2006 Google. All Rights Reserved.
    OriginalFilename : GoogleUpdaterService.exe
    Comments : Google Updater

    #:30 [nvsvc32.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1724
    ThreadCreationTime : 11-1-2008 14:11:27
    BasePriority : Normal
    FileVersion : 6.14.10.8195
    ProductVersion : 6.14.10.8195
    ProductName : NVIDIA Driver Helper Service, Version 81.95
    CompanyName : NVIDIA Corporation
    FileDescription : NVIDIA Driver Helper Service, Version 81.95
    InternalName : NVSVC
    LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
    OriginalFilename : nvsvc32.exe

    #:31 [hpzipm12.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 2052
    ThreadCreationTime : 11-1-2008 14:11:30
    BasePriority : Normal
    FileVersion : 9, 0, 0, 0
    ProductVersion : 9, 0, 0, 0
    ProductName : HP PML
    CompanyName : HP
    FileDescription : PML Driver
    InternalName : PmlDrv
    LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
    OriginalFilename : PmlDrv.exe

    #:32 [richvideo.exe]
    FilePath : C:\Program Files\CyberLink\Shared Files\
    ProcessID : 2108
    ThreadCreationTime : 11-1-2008 14:11:30
    BasePriority : Normal
    FileVersion : 1.1.0808
    ProductVersion : 1.1.0808
    ProductName : RichVideo Module
    FileDescription : RichVideo Module
    InternalName : RichVideo
    LegalCopyright : Copyright 2004
    OriginalFilename : RichVideo.EXE

    #:33 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 2224
    ThreadCreationTime : 11-1-2008 14:11:30
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:34 [alg.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 3132
    ThreadCreationTime : 11-1-2008 14:11:34
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Application Layer Gateway Service
    InternalName : ALG.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : ALG.exe

    #:35 [skypepm.exe]
    FilePath : C:\Program Files\Skype\Plugin Manager\
    ProcessID : 3676
    ThreadCreationTime : 11-1-2008 14:11:35
    BasePriority : Normal
    FileVersion : 1.5.0.3
    ProductVersion : 1.0.0.0
    CompanyName : Skype Technologies
    FileDescription : Skype Extras Manager
    LegalCopyright : Skype Limited

    #:36 [nmindexingservice.exe]
    FilePath : C:\Program Files\Common Files\Ahead\Lib\
    ProcessID : 3976
    ThreadCreationTime : 11-1-2008 14:11:39
    BasePriority : Normal


    #:37 [sfagent.exe]
    FilePath : C:\Program Files\SPAMfighter\
    ProcessID : 2972
    ThreadCreationTime : 11-1-2008 14:41:23
    BasePriority : Normal


    #:38 [iexplore.exe]
    FilePath : C:\Program Files\Internet Explorer\
    ProcessID : 3528
    ThreadCreationTime : 11-1-2008 15:00:07
    BasePriority : Normal
    FileVersion : 7.00.6000.16574 (vista_gdr.071008-1500)
    ProductVersion : 7.00.6000.16574
    ProductName : Windows® Internet Explorer
    CompanyName : Microsoft Corporation
    FileDescription : Internet Explorer
    InternalName : iexplore
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : IEXPLORE.EXE

    #:39 [ad-aware.exe]
    FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
    ProcessID : 2520
    ThreadCreationTime : 11-1-2008 15:07:04
    BasePriority : Normal
    FileVersion : 6.2.0.236
    ProductVersion : SE 106
    ProductName : Lavasoft Ad-Aware SE
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-Aware SE Core application
    InternalName : Ad-Aware.exe
    LegalCopyright : Copyright © Lavasoft AB Sweden
    OriginalFilename : Ad-Aware.exe
    Comments : All Rights Reserved

    Memory scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 0


    Started registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Windows Object Recognized!
    Type : RegData
    Data : %1 %*
    TAC Rating : 3
    Category : Vulnerability
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : exefile\shell\open\command
    Value :
    Data : %1 %*

    Registry Scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 1
    Objects found so far: 1


    Started deep registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Deep registry scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 1


    Started Tracking Cookie scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : vandertol@com[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:1
    Value : Cookie:vandertol@com.com/
    Expires : 9-1-2018 13:47:18
    LastSync : Hits:1
    UseCount : 0
    Hits : 1

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : vandertol@stat.onestat[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:18
    Value : Cookie:vandertol@stat.onestat.com/
    Expires : 10-1-2018 1:00:00
    LastSync : Hits:18
    UseCount : 0
    Hits : 18

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : vandertol@partypoker[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:4
    Value : Cookie:vandertol@partypoker.com/
    Expires : 7-1-2018 13:56:56
    LastSync : Hits:4
    UseCount : 0
    Hits : 4

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : vandertol@adserver.adremedy[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:1
    Value : Cookie:vandertol@adserver.adremedy.nl/
    Expires : 9-1-2010 13:41:14
    LastSync : Hits:1
    UseCount : 0
    Hits : 1

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : vandertol@adserver.adremedy[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:2
    Value : Cookie:vandertol@adserver.adremedy.com/
    Expires : 9-1-2010 13:41:14
    LastSync : Hits:2
    UseCount : 0
    Hits : 2

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : vandertol@adultfriendfinder[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:2
    Value : Cookie:vandertol@adultfriendfinder.com/
    Expires : 9-2-2008 13:57:32
    LastSync : Hits:2
    UseCount : 0
    Hits : 2

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : vandertol@boltblue.adbureau[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:2
    Value : Cookie:vandertol@boltblue.adbureau.net/
    Expires : 1-3-2012 1:00:00
    LastSync : Hits:2
    UseCount : 0
    Hits : 2

    Tracking cookie scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 7
    Objects found so far: 8



    Deep scanning and examining files (C:)
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Disk Scan Result for C:\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 8


    Deep scanning and examining files (D:)
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Disk Scan Result for D:\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 8


    Scanning Hosts file……
    Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Hosts file scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    1 entries scanned.
    New critical objects:0
    Objects found so far: 8




    Performing conditional scans…
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Conditional scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 8

    16:26:05 Scan Complete

    Summary Of This Scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Total scanning time:00:17:54.360
    Objects scanned:244096
    Objects identified:8
    Objects ignored:0
    New critical objects:8


    dus…nogmaals bedankt!!
    gr Linda
  • [quote:f9a890a533="vandertol"]Hoi Pim,

    Logfile Created on:vrijdag 11 januari 2008 16:08:11

    dus…nogmaals bedankt!!
    gr Linda[/quote:f9a890a533]

    Eh Linda, misschien nog even de datum van je Pc goed zetten :wink: .

    Mooi dat het is opgelost.
  • Wie kan mj helpen? Ik heb elders al gelezen welke programma's ik moet gebruiken en zal zsm de log-files posten…

    vr gr Linda
  • ComboFix 08-01-06.5 - vandertol 2008-01-06 19:20:32.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.502 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\vandertol\Local Settings\Temporary Internet Files\Content.IE5\OP460F9H\ComboFix[1].exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\ijllm.ini
    C:\WINDOWS\system32\ijllm.ini2
    C:\WINDOWS\system32\mllji.dll
    C:\WINDOWS\system32\urqqnmm.dll

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))
    .

    2008-01-06 19:30 . 2008-01-06 19:30 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-06 18:55 . 2008-01-06 19:28 <DIR> d——– C:\Program Files\Spyware Doctor
    2008-01-06 18:55 . 2008-01-06 18:55 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\PC Tools
    2008-01-06 18:45 . 2008-01-06 18:46 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\PrevxCSI
    2008-01-05 19:22 . 2008-01-05 19:22 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\ESET
    2008-01-05 19:21 . 2008-01-05 19:21 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ESET

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-06 18:35 ——— d—–w C:\Documents and Settings\vandertol\Application Data\Skype
    2008-01-06 18:34 ——— d—–w C:\Program Files\SPAMfighter
    2008-01-06 17:57 74,240 —-a-w C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-01-06 17:57 56,832 —-a-w C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-01-06 17:38 ——— d—–w C:\Program Files\QuickTime
    2008-01-06 17:38 ——— d—–w C:\Program Files\PowerISO
    2008-01-06 17:37 ——— d—–w C:\Program Files\MSN Messenger
    2008-01-06 17:37 ——— d—–w C:\Program Files\Microsoft ActiveSync
    2008-01-06 17:32 ——— d—–w C:\Program Files\Windows Live Safety Center
    2008-01-06 17:03 ——— d—–w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-01-06 15:43 ——— d—–w C:\Program Files\Hitman Pro
    2008-01-06 15:42 ——— d—–w C:\Program Files\Webroot
    2008-01-06 15:42 ——— d—–w C:\Documents and Settings\vandertol\Application Data\Lavasoft
    2008-01-06 15:42 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-06 11:02 221,184 —-a-w C:\WINDOWS\system32\LVCOMSX .EXE
    2008-01-05 18:16 ——— d—–w C:\Documents and Settings\vandertol\Application Data\uTorrent
    2007-12-22 09:39 ——— d—–w C:\Program Files\LimeWire
    2007-12-21 07:21 33,800 —-a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
    2007-12-21 07:20 30,216 —-a-w C:\WINDOWS\system32\drivers\easdrv.sys
    2007-12-21 07:19 39,944 —-a-w C:\WINDOWS\system32\drivers\eamon.sys
    2007-12-03 18:04 ——— d—–w C:\Documents and Settings\All Users\Application Data\Avg7
    2007-11-27 21:19 ——— d—–w C:\Program Files\Windows Media Connect 2
    2007-11-16 16:19 ——— d—–w C:\Documents and Settings\All Users\Application Data\Prevx
    2007-11-16 15:13 7,219 —-a-w C:\WINDOWS\system32\drivers\services.xml
    2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-31 09:41 127,034 ——r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-22 09:29 81,920 ——r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
    2007-06-27 18:01 502,412 —-a-w C:\Program Files\QuickPar-0.9.1.0-NLD.exe
    2007-04-10 07:09 1,228 —-a-w C:\Documents and Settings\vandertol\Application Data\wklnhst.dat
    2006-04-05 10:50 10,468,661 —-a-w C:\Program Files\ndntnlst.exe
    2005-12-29 19:35 303,123 —-a-w C:\Program Files\NOD32.FiX.v2.1.exe
    2007-03-21 12:59 0 –sha-w C:\WINDOWS\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-06 18:39 147456]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
    "H/PC Connection Agent"="C:\PROGRA~1\MICROS~1\wcescomm .exe" [2008-01-06 18:39 1211176]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-06 18:39 68856]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-06 18:39 5674352]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2008-01-06 18:39 196608]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-01-06 18:39 22880040]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 20:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2005-11-11 22:47 1519616 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 20:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-10-14 18:51 14864384 C:\WINDOWS\RTHDCPL.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-01-06 18:38 98304]
    "PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2008-01-06 18:38 1]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-06 18:38 1]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-06 18:38 1]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2008-01-06 18:38 1]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-01-06 18:38 1]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-06 18:38 1]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-06 18:38 1]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2008-01-06 18:38 1]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2008-01-06 18:39 1]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2008-01-06 18:39 1]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-06 18:39 1]
    "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-01-06 18:39 1]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24 1065800]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-15 19:29:40]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-31 10:41:25]
    Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]

    R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u:0d99f2b083]0[/u:0d99f2b083]00.fcl [2006-11-02 16:51]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 15:29]
    S2 System Session Manager Subsystem;MS Session Manager Subsystem;c:\windows\system32\drivers\etc\smss.exe []
    S2 Windows Services Control;Windows Services Control;c:\windows\system32\drivers\services.exe []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
    \Shell\AutoRun\command - Z:\Info.exe folder.htt 480 480

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-01-06 15:00:23 C:\WINDOWS\Tasks\HPpromotions psc 2350 series.job"
    - C:\Program Files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe
    "2007-10-13 01:30:02 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.ex
    - C:\Program Files\RegistrySmar
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-06 19:29:34
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-01-06 19:38:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-06 18:38:23
    .
    2007-12-12 08:33:44 — E O F —




    en hier de hijack.log
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:46:27, on 6-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MICROS~1\wcescomm .exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\MICROS~1\rapimgr.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.martkplaats.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~1\wcescomm .exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: Download with &FileFactory Turbo - C:\Program Files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: MS Session Manager Subsystem (System Session Manager Subsystem) - Unknown owner - c:\windows\system32\drivers\etc\smss.exe (file missing)
    O23 - Service: Windows Services Control - Unknown owner - c:\windows\system32\drivers\services.exe (file missing)


    End of file - 9992 bytes


    gr Linda
  • 1. Ga naar start –> uitvoeren en typ daar:
    [b:a70e8a8c4f]sc delete System Session Manager Subsystem[/b:a70e8a8c4f]
    Bevestig met Ok.

    Herhaal dit voor:
    [b:a70e8a8c4f]sc delete Windows Services Control[/b:a70e8a8c4f]

    2. Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan, indien aanwezig:
    [b:a70e8a8c4f]
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O23 - Service: Windows Services Control - Unknown owner - c:\windows\system32\drivers\services.exe (file missing)
    [/b:a70e8a8c4f]
    Sluit nu alle openstaande vensters, behalve Hijackthis en klik op 'fix checked'.

    Herstart je PC en plaats een Hijackthis logfile ter controle.
    Hoe is het met je problemen?

    Pim :)
  • Sorry nog steeds hetzelfde..ik zie veel window-tjes verschijnen en weer verdwijnen. Dan blijft er één staan met de naam LVComSX.exe

    Het log file heb ik niet??

    gr Linda
  • Maak een nieuw Combofix logje en een nieuw Hijackthis log en post deze :)
  • Ik heb inmiddels gelezen dat LVComSX.exe bij de webcam hoort en dit handmatig verwijderd. Deze zie ik nu ook niet meer,
    Wel een aantal andere (programma's) bij het opstarten, echter deze gaan weer weg.

    Hier volg de log van ComboFix:
    ComboFix 08-01-04.1 - vandertol 2008-01-06 23:03:13.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.439 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\vandertol\Local Settings\Temporary Internet Files\Content.IE5\VNXNNT0V\ComboFix[1].exe
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))
    .

    2008-01-06 20:26 . 2008-01-06 20:27 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\AVG7
    2008-01-06 20:25 . 2008-01-06 20:25 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-01-06 20:25 . 2008-01-06 20:25 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-06 19:52 . 2008-01-06 19:52 <DIR> d——– C:\VundoFix Backups
    2008-01-06 19:30 . 2008-01-06 22:50 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-06 19:17 . 2000-08-31 08:00 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2008-01-06 18:55 . 2008-01-06 19:38 <DIR> d——– C:\Program Files\Spyware Doctor
    2008-01-06 18:55 . 2008-01-06 18:55 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\PC Tools
    2008-01-06 18:55 . 2008-01-06 18:57 74,240 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-01-06 18:55 . 2008-01-06 18:57 56,832 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-01-06 18:55 . 2007-10-18 00:14 41,288 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-01-06 18:55 . 2007-10-18 00:16 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2008-01-06 18:45 . 2008-01-06 18:46 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\PrevxCSI
    2008-01-06 18:38 . 2008-01-06 18:38 1 –a—— C:\WINDOWS\system32\PSDrvCheck.exe
    2008-01-06 12:02 . 2008-01-06 12:02 221,184 –a—— C:\WINDOWS\system32\LVCOMSX .EXE
    2008-01-06 10:42 . 2008-01-06 12:06 1 –a—— C:\WINDOWS\system32\mllji.exe
    2008-01-05 19:22 . 2008-01-05 19:22 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\ESET
    2008-01-05 19:21 . 2008-01-05 19:21 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ESET
    2007-12-07 16:23 . 2007-12-07 16:23 <DIR> d–h—– C:\WINDOWS\PIF

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-06 22:06 ——— d—–w C:\Documents and Settings\vandertol\Application Data\Skype
    2008-01-06 21:51 ——— d—–w C:\Program Files\SPAMfighter
    2008-01-06 19:27 ——— d—–w C:\Documents and Settings\All Users\Application Data\Avg7
    2008-01-06 17:38 ——— d—–w C:\Program Files\QuickTime
    2008-01-06 17:38 ——— d—–w C:\Program Files\PowerISO
    2008-01-06 17:37 ——— d—–w C:\Program Files\MSN Messenger
    2008-01-06 17:37 ——— d—–w C:\Program Files\Microsoft ActiveSync
    2008-01-06 17:32 ——— d—–w C:\Program Files\Windows Live Safety Center
    2008-01-06 17:03 ——— d—–w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-01-06 15:43 ——— d—–w C:\Program Files\Hitman Pro
    2008-01-06 15:42 ——— d—–w C:\Program Files\Webroot
    2008-01-06 15:42 ——— d—–w C:\Documents and Settings\vandertol\Application Data\Lavasoft
    2008-01-06 15:42 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-05 18:16 ——— d—–w C:\Documents and Settings\vandertol\Application Data\uTorrent
    2007-12-22 09:39 ——— d—–w C:\Program Files\LimeWire
    2007-11-27 21:19 ——— d—–w C:\Program Files\Windows Media Connect 2
    2007-11-16 16:19 ——— d—–w C:\Documents and Settings\All Users\Application Data\Prevx
    2007-11-16 15:13 7,219 —-a-w C:\WINDOWS\system32\drivers\services.xml
    2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-31 09:41 127,034 ——r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-22 09:29 81,920 ——r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
    2007-06-27 18:01 502,412 —-a-w C:\Program Files\QuickPar-0.9.1.0-NLD.exe
    2007-04-10 07:09 1,228 —-a-w C:\Documents and Settings\vandertol\Application Data\wklnhst.dat
    2006-04-05 10:50 10,468,661 —-a-w C:\Program Files\ndntnlst.exe
    2005-12-29 19:35 303,123 —-a-w C:\Program Files\NOD32.FiX.v2.1.exe
    2007-03-21 12:59 0 –sha-w C:\WINDOWS\SMINST\HPCD.sys
    .
    [code:1:fcc77de0af]<pre>
    —-a-w 39,792 2008-01-06 11:02:58 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
    —-a-w 155,648 2008-01-06 11:02:54 C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
    —-a-w 147,456 2008-01-06 11:03:16 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
    —-a-w 69,216 2008-01-06 11:02:50 C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
    —-a-w 54,832 2008-01-06 11:02:52 C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
    —-a-w 68,856 2008-01-06 11:03:20 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    —-a-w 596,760 2008-01-06 11:03:14 C:\Program Files\Hitman Pro\xphelper .exe
    —-a-w 49,152 2008-01-06 11:02:56 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
    —-a-w 132,496 2008-01-06 11:02:47 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    —-a-w 217,088 2008-01-06 11:03:12 C:\Program Files\Logitech\Video\LogiTray .exe
    —-a-w 196,608 2008-01-06 11:03:23 C:\Program Files\Logitech\Video\ManifestEngine .exe
    —-a-w 1,211,176 2008-01-06 17:39:04 C:\Program Files\Microsoft ActiveSync\wcescomm .exe
    —-a-w 5,674,352 2008-01-06 11:03:27 C:\Program Files\MSN Messenger\MsnMsgr .Exe
    —-a-w 200,704 2008-01-06 11:02:48 C:\Program Files\PowerISO\PWRISOVM .EXE
    —-a-w 98,304 2008-01-06 17:38:53 C:\Program Files\QuickTime\qttask .exe
    —-a-w 22,880,040 2008-01-06 11:03:47 C:\Program Files\Skype\Phone\Skype .exe
    —-a-w 308,880 2008-01-06 11:03:13 C:\Program Files\SPAMfighter\SFAgent .exe
    —-a-w 221,184 2008-01-06 11:02:59 C:\WINDOWS\system32\LVCOMSX .EXE
    </pre>[/code:1:fcc77de0af]


    ((((((((((((((((((((((((((((( snapshot@2008-01-06_19.37.41.12 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-06 19:25:47 821,856 —-a-w C:\WINDOWS\system32\drivers\avg7core.sys
    + 2008-01-06 19:25:50 4,224 —-a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
    + 2008-01-06 19:25:51 27,776 —-a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
    + 2008-01-06 19:25:53 10,760 —-a-w C:\WINDOWS\system32\drivers\avgclean.sys
    + 2008-01-06 19:25:53 26,952 —-a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
    - 2008-01-06 17:57:00 63,324 —-a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-01-06 21:54:35 63,324 —-a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-01-06 17:57:00 82,426 —-a-w C:\WINDOWS\system32\perfc013.dat
    + 2008-01-06 21:54:35 82,426 —-a-w C:\WINDOWS\system32\perfc013.dat
    - 2008-01-06 17:57:00 404,104 —-a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-01-06 21:54:35 404,104 —-a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-01-06 17:57:00 468,882 —-a-w C:\WINDOWS\system32\perfh013.dat
    + 2008-01-06 21:54:35 468,882 —-a-w C:\WINDOWS\system32\perfh013.dat
    .
    – Snapshot reset to current date –
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-06 18:39 147456]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
    "H/PC Connection Agent"="C:\PROGRA~1\MICROS~1\wcescomm .exe" [2008-01-06 18:39 1211176]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-06 18:39 68856]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-06 18:39 5674352]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2008-01-06 18:39 196608]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-01-06 18:39 22880040]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 20:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2005-11-11 22:47 1519616 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 20:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-10-14 18:51 14864384 C:\WINDOWS\RTHDCPL.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-01-06 18:38 98304]
    "PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2008-01-06 18:38 1]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-06 18:38 1]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-06 18:38 1]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2008-01-06 18:38 1]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-01-06 18:38 1]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-06 18:38 1]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-06 18:38 1]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [ ]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2008-01-06 18:39 1]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2008-01-06 18:39 1]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-06 18:39 1]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24 1065800]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-06 20:25 579072]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-06 20:25 219136]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-15 19:29:40]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-31 10:41:25]
    Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u:fcc77de0af]0[/u:fcc77de0af]00.fcl [2006-11-02 16:51]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 15:29]
    S2 System Session Manager Subsystem;MS Session Manager Subsystem;c:\windows\system32\drivers\etc\smss.exe []
    S4 Windows Services Control;Windows Services Control;c:\windows\system32\drivers\services.exe []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
    \Shell\AutoRun\command - Z:\Info.exe folder.htt 480 480

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-01-06 19:00:00 C:\WINDOWS\Tasks\HPpromotions psc 2350 series.job"
    - C:\Program Files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe
    "2007-10-13 01:30:02 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.ex
    - C:\Program Files\RegistrySmar
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-06 23:06:07
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwClose

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-01-06 23:07:06
    ComboFix-quarantined-files.txt 2008-01-06 22:07:01
    ComboFix2.txt 2008-01-06 18:38:30
    .
    2007-12-12 08:33:44 — E O F —



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:58:31, on 6-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\QuickTime\qttask .exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\PROGRA~1\MICROS~1\wcescomm .exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\PROGRA~1\MICROS~1\rapimgr.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.martkplaats.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~1\wcescomm .exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: Download with &FileFactory Turbo - C:\Program Files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: MS Session Manager Subsystem (System Session Manager Subsystem) - Unknown owner - c:\windows\system32\drivers\etc\smss.exe (file missing)


    End of file - 9976 bytes

    Met vr gr Linda
  • Hallo,

    Heb inmiddels hitman pro gedraaid en een registry cleaner. Daar kwam niet veel uit. Bij het opstarten zie ik nog steeds een aantal zwarte vensters verschijnen. Deze verdwijnen ook weer…verder is alles ok?
    Wat kan ik nu nog doen???

    Gr Linda
  • Voor de volledigheeid na alle scans hier nogmaal de logs van Combofix he hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:34:07, on 7-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\RFA\rfagent.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MICROS~1\wcescomm .exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\MICROS~1\rapimgr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.martkplaats.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~1\wcescomm .exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: Download with &FileFactory Turbo - C:\Program Files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe


    End of file - 9721 bytes



    ComboFix:

    ComboFix 08-01-04.1 - vandertol 2008-01-07 11:29:43.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.519 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\vandertol\Bureaublad\ComboFix.exe
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))
    .

    2008-01-07 11:16 . 2008-01-07 11:16 <DIR> d——– C:\WINDOWS\LastGood
    2008-01-07 10:43 . 2008-01-07 10:55 <DIR> d——– C:\Program Files\RFA
    2008-01-07 10:43 . 2008-01-07 11:01 <DIR> d——– C:\Documents and Settings\All Users\Application Data\RFA_Backups
    2008-01-07 07:53 . 2008-01-07 07:53 <DIR> d——– C:\Program Files\Lavasoft
    2008-01-07 07:37 . 2008-01-07 10:54 <DIR> dr-h—– C:\Documents and Settings\vandertol\Onlangs geopend
    2008-01-06 20:26 . 2008-01-07 08:00 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\AVG7
    2008-01-06 20:25 . 2008-01-06 20:25 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-01-06 20:25 . 2008-01-06 20:25 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-06 19:52 . 2008-01-06 19:52 <DIR> d——– C:\VundoFix Backups
    2008-01-06 19:30 . 2008-01-07 10:26 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-06 19:17 . 2000-08-31 08:00 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2008-01-06 18:55 . 2008-01-07 10:26 <DIR> d——– C:\Program Files\Spyware Doctor
    2008-01-06 18:55 . 2008-01-06 18:55 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\PC Tools
    2008-01-06 18:55 . 2008-01-06 18:57 74,240 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-01-06 18:55 . 2008-01-06 18:57 56,832 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-01-06 18:55 . 2007-10-18 00:14 41,288 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-01-06 18:55 . 2007-10-18 00:16 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2008-01-06 18:45 . 2008-01-06 18:46 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\PrevxCSI
    2008-01-06 18:38 . 2008-01-06 18:38 1 –a—— C:\WINDOWS\system32\PSDrvCheck.exe
    2008-01-06 12:02 . 2008-01-06 12:02 221,184 –a—— C:\WINDOWS\system32\LVCOMSX .EXE
    2008-01-06 10:42 . 2008-01-06 12:06 1 –a—— C:\WINDOWS\system32\mllji.exe
    2008-01-05 19:22 . 2008-01-05 19:22 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\ESET
    2008-01-05 19:21 . 2008-01-05 19:21 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ESET
    2007-12-07 16:23 . 2007-12-07 16:23 <DIR> d–h—– C:\WINDOWS\PIF

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-07 10:31 ——— d—–w C:\Documents and Settings\vandertol\Application Data\Skype
    2008-01-07 10:14 ——— d—–w C:\Program Files\SPAMfighter
    2008-01-07 10:10 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-07 09:26 ——— d—–w C:\Program Files\Hitman Pro
    2008-01-07 06:55 ——— d—–w C:\Documents and Settings\vandertol\Application Data\Lavasoft
    2008-01-06 19:27 ——— d—–w C:\Documents and Settings\All Users\Application Data\Avg7
    2008-01-06 17:38 ——— d—–w C:\Program Files\QuickTime
    2008-01-06 17:38 ——— d—–w C:\Program Files\PowerISO
    2008-01-06 17:37 ——— d—–w C:\Program Files\MSN Messenger
    2008-01-06 17:37 ——— d—–w C:\Program Files\Microsoft ActiveSync
    2008-01-06 17:32 ——— d—–w C:\Program Files\Windows Live Safety Center
    2008-01-06 17:03 ——— d—–w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-01-06 15:42 ——— d—–w C:\Program Files\Webroot
    2008-01-05 18:16 ——— d—–w C:\Documents and Settings\vandertol\Application Data\uTorrent
    2007-12-22 09:39 ——— d—–w C:\Program Files\LimeWire
    2007-11-27 21:19 ——— d—–w C:\Program Files\Windows Media Connect 2
    2007-11-16 16:19 ——— d—–w C:\Documents and Settings\All Users\Application Data\Prevx
    2007-11-16 15:13 7,219 —-a-w C:\WINDOWS\system32\drivers\services.xml
    2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-31 09:41 127,034 ——r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-22 09:29 81,920 ——r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
    2007-06-27 18:01 502,412 —-a-w C:\Program Files\QuickPar-0.9.1.0-NLD.exe
    2007-04-10 07:09 1,228 —-a-w C:\Documents and Settings\vandertol\Application Data\wklnhst.dat
    2006-04-05 10:50 10,468,661 —-a-w C:\Program Files\ndntnlst.exe
    2005-12-29 19:35 303,123 —-a-w C:\Program Files\NOD32.FiX.v2.1.exe
    2007-03-21 12:59 0 –sha-w C:\WINDOWS\SMINST\HPCD.sys
    .
    [code:1:1ca2c7e6f7]<pre>
    —-a-w 39,792 2008-01-06 11:02:58 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
    —-a-w 155,648 2008-01-06 11:02:54 C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
    —-a-w 147,456 2008-01-06 11:03:16 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
    —-a-w 69,216 2008-01-06 11:02:50 C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
    —-a-w 54,832 2008-01-06 11:02:52 C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
    —-a-w 68,856 2008-01-06 11:03:20 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    —-a-w 596,760 2008-01-06 11:03:14 C:\Program Files\Hitman Pro\xphelper .exe
    —-a-w 49,152 2008-01-06 11:02:56 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
    —-a-w 132,496 2008-01-06 11:02:47 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    —-a-w 217,088 2008-01-06 11:03:12 C:\Program Files\Logitech\Video\LogiTray .exe
    —-a-w 196,608 2008-01-06 11:03:23 C:\Program Files\Logitech\Video\ManifestEngine .exe
    —-a-w 1,211,176 2008-01-06 17:39:04 C:\Program Files\Microsoft ActiveSync\wcescomm .exe
    —-a-w 5,674,352 2008-01-06 11:03:27 C:\Program Files\MSN Messenger\MsnMsgr .Exe
    —-a-w 200,704 2008-01-06 11:02:48 C:\Program Files\PowerISO\PWRISOVM .EXE
    —-a-w 98,304 2008-01-06 17:38:53 C:\Program Files\QuickTime\qttask .exe
    —-a-w 22,880,040 2008-01-06 11:03:47 C:\Program Files\Skype\Phone\Skype .exe
    —-a-w 308,880 2008-01-06 11:03:13 C:\Program Files\SPAMfighter\SFAgent .exe
    —-a-w 221,184 2008-01-06 11:02:59 C:\WINDOWS\system32\LVCOMSX .EXE
    </pre>[/code:1:1ca2c7e6f7]


    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-06 18:39 147456]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
    "H/PC Connection Agent"="C:\PROGRA~1\MICROS~1\wcescomm .exe" [2008-01-06 18:39 1211176]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-06 18:39 68856]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-06 18:39 5674352]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2008-01-06 18:39 196608]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-01-06 18:39 22880040]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 20:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2005-11-11 22:47 1519616 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 20:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-10-14 18:51 14864384 C:\WINDOWS\RTHDCPL.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-01-06 18:38 98304]
    "PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2008-01-06 18:38 1]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-06 18:38 1]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-06 18:38 1]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2008-01-06 18:38 1]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-01-06 18:38 1]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-06 18:38 1]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-06 18:38 1]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2008-01-06 18:39 1]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2008-01-06 18:39 1]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29 308880]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-06 20:25 579072]
    "rfagent"="C:\Program Files\RFA\rfagent.exe" [2007-11-23 19:16 916800]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-06 20:25 219136]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-15 19:29:40]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-31 10:41:25]
    Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u:1ca2c7e6f7]0[/u:1ca2c7e6f7]00.fcl [2006-11-02 16:51]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 15:29]
    S2 System Session Manager Subsystem;MS Session Manager Subsystem;C:\WINDOWS\system32\smss.exe [2004-08-04 20:00]
    S4 Windows Services Control;Windows Services Control;C:\WINDOWS\system32\services.exe [2004-08-04 20:00]

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-01-07 07:00:01 C:\WINDOWS\Tasks\HPpromotions psc 2350 series.job"
    - C:\Program Files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe
    "2007-10-13 01:30:02 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.ex
    - C:\Program Files\RegistrySmar
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-07 11:31:53
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-01-07 11:32:23
    ComboFix-quarantined-files.txt 2008-01-07 10:32:21
    ComboFix2.txt 2008-01-06 22:07:07
    ComboFix3.txt 2008-01-06 18:38:30
    .
    2008-01-07 10:20:24 — E O F —


    Ik hoop dat u hiermee iets kan en alvast heel erg bedankt!!
    gr Linda
  • Opgelet! Je hebt Combofix gestart vanuit het download venster van je internet browser!
    Download Combofix [b:df05a95d09]opnieuw[/b:df05a95d09] naar je [b:df05a95d09]Bureaublad[/b:df05a95d09]!!

    1. Open een kladblokbestand.
    Kopieer het ondestaande vetgedrukte, en plak dit in het kladblokbestand.
    Sla het kladblokbestand op als CFScript.txt
    [b:df05a95d09]
    File::
    C:\WINDOWS\system32\mllji.exe

    Folder::
    C:\VundoFix Backups

    Driver::
    "MS Session Manager Subsystem"
    "Windows Services Control"
    [/b:df05a95d09]
    Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe
    [img:df05a95d09]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:df05a95d09]
    ComboFix zal opnieuw starten.
    Start opnieuw op als daarom gevraagd wordt.

    2. Download RenV.exe naar je Bureaublad.

    Open Kladblok, kopiëer en plak het volgende (ENKEL de INHOUD van het code-venster) in een leeg venster:
    [code:1:df05a95d09]
    —-a-w 39,792 2008-01-06 11:02:58 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
    —-a-w 155,648 2008-01-06 11:02:54 C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
    —-a-w 147,456 2008-01-06 11:03:16 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
    —-a-w 69,216 2008-01-06 11:02:50 C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
    —-a-w 54,832 2008-01-06 11:02:52 C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
    —-a-w 68,856 2008-01-06 11:03:20 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    —-a-w 596,760 2008-01-06 11:03:14 C:\Program Files\Hitman Pro\xphelper .exe
    —-a-w 49,152 2008-01-06 11:02:56 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
    —-a-w 132,496 2008-01-06 11:02:47 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    —-a-w 217,088 2008-01-06 11:03:12 C:\Program Files\Logitech\Video\LogiTray .exe
    —-a-w 196,608 2008-01-06 11:03:23 C:\Program Files\Logitech\Video\ManifestEngine .exe
    —-a-w 1,211,176 2008-01-06 17:39:04 C:\Program Files\Microsoft ActiveSync\wcescomm .exe
    —-a-w 5,674,352 2008-01-06 11:03:27 C:\Program Files\MSN Messenger\MsnMsgr .Exe
    —-a-w 200,704 2008-01-06 11:02:48 C:\Program Files\PowerISO\PWRISOVM .EXE
    —-a-w 98,304 2008-01-06 17:38:53 C:\Program Files\QuickTime\qttask .exe
    —-a-w 22,880,040 2008-01-06 11:03:47 C:\Program Files\Skype\Phone\Skype .exe
    —-a-w 308,880 2008-01-06 11:03:13 C:\Program Files\SPAMfighter\SFAgent .exe
    —-a-w 221,184 2008-01-06 11:02:59 C:\WINDOWS\system32\LVCOMSX .EXE
    [/code:1:df05a95d09]

    Sla dit op op je Bureaublad als [b:df05a95d09]Log.txt[/b:df05a95d09]

    Sleep [b:df05a95d09]Log.txt[/b:df05a95d09] in [b:df05a95d09]RenV.exe[/b:df05a95d09] zoals getoond in onderstaand voorbeeld :
    [img:df05a95d09]http://img.photobucket.com/albums/v666/sUBs/RenV.gif[/img:df05a95d09]

    3. Ga naar [b:df05a95d09] en klik onderaan op [b:df05a95d09]Accept[/b:df05a95d09].
    Deze scanner werkt uitsluitend met
  • Ok hier komt eerst de log-file van ComboFix:

    ComboFix 08-01-04.1 - vandertol 2008-01-07 16:03:21.5 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.373 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\vandertol\Bureaublad\ComboFix.exe
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))
    .

    2008-01-07 13:50 . 2008-01-07 13:50 <DIR> d——– C:\WINDOWS\system32\Kaspersky Lab
    2008-01-07 13:50 . 2008-01-07 13:50 <DIR> d——– C:\WINDOWS\LastGood
    2008-01-07 13:50 . 2008-01-07 13:50 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-01-07 10:43 . 2008-01-07 10:55 <DIR> d——– C:\Program Files\RFA
    2008-01-07 10:43 . 2008-01-07 11:01 <DIR> d——– C:\Documents and Settings\All Users\Application Data\RFA_Backups
    2008-01-07 07:53 . 2008-01-07 07:53 <DIR> d——– C:\Program Files\Lavasoft
    2008-01-07 07:37 . 2008-01-07 15:56 <DIR> dr-h—– C:\Documents and Settings\vandertol\Onlangs geopend
    2008-01-06 20:26 . 2008-01-07 08:00 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\AVG7
    2008-01-06 20:25 . 2008-01-06 20:25 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-01-06 20:25 . 2008-01-06 20:25 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-06 19:30 . 2008-01-07 10:26 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-06 19:17 . 2000-08-31 08:00 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2008-01-06 18:55 . 2008-01-07 10:26 <DIR> d——– C:\Program Files\Spyware Doctor
    2008-01-06 18:55 . 2008-01-06 18:55 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\PC Tools
    2008-01-06 18:55 . 2008-01-06 18:57 74,240 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-01-06 18:55 . 2008-01-06 18:57 56,832 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-01-06 18:55 . 2007-10-18 00:14 41,288 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-01-06 18:55 . 2007-10-18 00:16 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2008-01-06 18:45 . 2008-01-06 18:46 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\PrevxCSI
    2008-01-06 18:38 . 2008-01-06 18:38 1 –a—— C:\WINDOWS\system32\PSDrvCheck.exe
    2008-01-06 12:02 . 2008-01-06 12:02 221,184 –a—— C:\WINDOWS\system32\LVCOMSX .EXE
    2008-01-05 19:22 . 2008-01-05 19:22 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\ESET
    2008-01-05 19:21 . 2008-01-05 19:21 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ESET
    2007-12-07 16:23 . 2007-12-07 16:23 <DIR> d–h—– C:\WINDOWS\PIF

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-07 14:54 ——— d—–w C:\Documents and Settings\vandertol\Application Data\Skype
    2008-01-07 12:40 ——— d—–w C:\Program Files\SPAMfighter
    2008-01-07 10:10 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-07 09:26 ——— d—–w C:\Program Files\Hitman Pro
    2008-01-07 06:55 ——— d—–w C:\Documents and Settings\vandertol\Application Data\Lavasoft
    2008-01-06 19:27 ——— d—–w C:\Documents and Settings\All Users\Application Data\Avg7
    2008-01-06 17:38 ——— d—–w C:\Program Files\QuickTime
    2008-01-06 17:38 ——— d—–w C:\Program Files\PowerISO
    2008-01-06 17:37 ——— d—–w C:\Program Files\MSN Messenger
    2008-01-06 17:37 ——— d—–w C:\Program Files\Microsoft ActiveSync
    2008-01-06 17:32 ——— d—–w C:\Program Files\Windows Live Safety Center
    2008-01-06 17:03 ——— d—–w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-01-06 15:42 ——— d—–w C:\Program Files\Webroot
    2008-01-05 18:16 ——— d—–w C:\Documents and Settings\vandertol\Application Data\uTorrent
    2007-12-22 09:39 ——— d—–w C:\Program Files\LimeWire
    2007-11-27 21:19 ——— d—–w C:\Program Files\Windows Media Connect 2
    2007-11-16 16:19 ——— d—–w C:\Documents and Settings\All Users\Application Data\Prevx
    2007-11-16 15:13 7,219 —-a-w C:\WINDOWS\system32\drivers\services.xml
    2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-31 09:41 127,034 ——r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-22 09:29 81,920 ——r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
    2007-06-27 18:01 502,412 —-a-w C:\Program Files\QuickPar-0.9.1.0-NLD.exe
    2007-04-10 07:09 1,228 —-a-w C:\Documents and Settings\vandertol\Application Data\wklnhst.dat
    2006-04-05 10:50 10,468,661 —-a-w C:\Program Files\ndntnlst.exe
    2005-12-29 19:35 303,123 —-a-w C:\Program Files\NOD32.FiX.v2.1.exe
    2007-03-21 12:59 0 –sha-w C:\WINDOWS\SMINST\HPCD.sys
    .
    [code:1:62c1dc9b97]<pre>
    —-a-w 39,792 2008-01-06 11:02:58 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
    —-a-w 155,648 2008-01-06 11:02:54 C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
    —-a-w 147,456 2008-01-06 11:03:16 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
    —-a-w 69,216 2008-01-06 11:02:50 C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
    —-a-w 54,832 2008-01-06 11:02:52 C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
    —-a-w 68,856 2008-01-06 11:03:20 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    —-a-w 596,760 2008-01-06 11:03:14 C:\Program Files\Hitman Pro\xphelper .exe
    —-a-w 49,152 2008-01-06 11:02:56 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
    —-a-w 132,496 2008-01-06 11:02:47 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    —-a-w 217,088 2008-01-06 11:03:12 C:\Program Files\Logitech\Video\LogiTray .exe
    —-a-w 196,608 2008-01-06 11:03:23 C:\Program Files\Logitech\Video\ManifestEngine .exe
    —-a-w 1,211,176 2008-01-06 17:39:04 C:\Program Files\Microsoft ActiveSync\wcescomm .exe
    —-a-w 5,674,352 2008-01-06 11:03:27 C:\Program Files\MSN Messenger\MsnMsgr .Exe
    —-a-w 200,704 2008-01-06 11:02:48 C:\Program Files\PowerISO\PWRISOVM .EXE
    —-a-w 98,304 2008-01-06 17:38:53 C:\Program Files\QuickTime\qttask .exe
    —-a-w 22,880,040 2008-01-06 11:03:47 C:\Program Files\Skype\Phone\Skype .exe
    —-a-w 308,880 2008-01-06 11:03:13 C:\Program Files\SPAMfighter\SFAgent .exe
    —-a-w 221,184 2008-01-06 11:02:59 C:\WINDOWS\system32\LVCOMSX .EXE
    </pre>[/code:1:62c1dc9b97]


    ((((((((((((((((((((((((((((( snapshot@2008-01-07_11.32.01,56 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-05-24 11:27:16 213,048 —-a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
    + 2007-08-29 14:47:20 94,208 —-a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    + 2007-08-29 14:49:54 950,272 —-a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
    - 2008-01-07 10:16:55 63,324 —-a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-01-07 12:43:08 63,324 —-a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-01-07 10:16:55 82,426 —-a-w C:\WINDOWS\system32\perfc013.dat
    + 2008-01-07 12:43:08 82,426 —-a-w C:\WINDOWS\system32\perfc013.dat
    - 2008-01-07 10:16:55 404,104 —-a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-01-07 12:43:08 404,104 —-a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-01-07 10:16:56 468,882 —-a-w C:\WINDOWS\system32\perfh013.dat
    + 2008-01-07 12:43:08 468,882 —-a-w C:\WINDOWS\system32\perfh013.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-06 18:39 147456]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
    "H/PC Connection Agent"="C:\PROGRA~1\MICROS~1\wcescomm .exe" [2008-01-06 18:39 1211176]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-06 18:39 68856]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-06 18:39 5674352]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2008-01-06 18:39 196608]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-01-06 18:39 22880040]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 20:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2005-11-11 22:47 1519616 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 20:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-10-14 18:51 14864384 C:\WINDOWS\RTHDCPL.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-01-06 18:38 98304]
    "PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2008-01-06 18:38 1]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-06 18:38 1]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-06 18:38 1]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2008-01-06 18:38 1]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-01-06 18:38 1]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-06 18:38 1]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-06 18:38 1]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2008-01-06 18:39 1]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2008-01-06 18:39 1]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29 308880]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-06 20:25 579072]
    "rfagent"="C:\Program Files\RFA\rfagent.exe" [2007-11-23 19:16 916800]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-06 20:25 219136]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-15 19:29:40]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-31 10:41:25]
    Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u:62c1dc9b97]0[/u:62c1dc9b97]00.fcl [2006-11-02 16:51]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 15:29]
    S2 System Session Manager Subsystem;MS Session Manager Subsystem;C:\WINDOWS\system32\smss.exe [2004-08-04 20:00]

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-01-07 15:00:00 C:\WINDOWS\Tasks\HPpromotions psc 2350 series.job"
    - C:\Program Files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe
    "2007-10-13 01:30:02 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.ex
    - C:\Program Files\RegistrySmar
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-07 16:06:41
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-01-07 16:07:09
    ComboFix-quarantined-files.txt 2008-01-07 15:07:06
    ComboFix2.txt 2008-01-07 12:42:40
    ComboFix3.txt 2008-01-07 10:32:24
    ComboFix4.txt 2008-01-06 22:07:07
    ComboFix5.txt 2008-01-06 18:38:30
    .
    2008-01-07 10:20:24 — E O F —

    En hier de log-file van de Kaspersky scan (duurde heel lang!):

    ——————————————————————————-
    KASPERSKY ONLINE SCANNER REPORT
    Monday, January 07, 2008 3:56:14 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 7/01/2008
    Kaspersky Anti-Virus database records: 503562
    ——————————————————————————-

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\
    K:\

    Scan Statistics:
    Total number of scanned objects: 106453
    Number of viruses found: 3
    Number of infected objects: 5
    Number of suspicious objects: 0
    Duration of the scan process: 01:08:07

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\$_hpcst$.hpc Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\Skype\tollio5\call256.dbb Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\Skype\tollio5\callmember256.dbb Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\Skype\tollio5\chat512.dbb Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\Skype\tollio5\chatmember256.dbb Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\Skype\tollio5\chatmsg256.dbb Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\Skype\tollio5\chatmsg512.dbb Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\Skype\tollio5\contactgroup256.dbb Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\Skype\tollio5\dyncontent\bundle.dat Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\Skype\tollio5\index2.dat Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\Skype\tollio5\profile16384.dbb Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\Skype\tollio5\user1024.dbb Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\Skype\tollio5\user16384.dbb Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\Skype\tollio5\user256.dbb Object is locked skipped
    C:\Documents and Settings\vandertol\Application Data\SPAMfighter\Logs\Agent.log.txt Object is locked skipped
    C:\Documents and Settings\vandertol\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\Identities\{0944ED5B-5A64-4B14-885E-D4360726481F}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\Identities\{0944ED5B-5A64-4B14-885E-D4360726481F}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Temp\hpodvd09.log Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Temp\WCESLog.log Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Temp\~DF5827.tmp Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Temp\~DFA1E3.tmp Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\vandertol\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\vandertol\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\vandertol\ntuser.dat.LOG Object is locked skipped
    C:\My old Disk Structure – 15-09-06 1347\Documents and Settings\Fam. van der Tol\Local Settings\Temp\hsperfdata_Fam. van der Tol\3748 Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\chandir.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\chandir.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\chn.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\chn.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\D0000000.FCS Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\inuse.txt Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\L0000002.FCS Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\main.log Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\prs.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\prs.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\prs_die.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\prs_die.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\prs_dnd.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\prs_dnd.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\prs_ext.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\prs_ext.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\prs_rcv.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\prs_rcv.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\storydb.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\vandertol\Data\storydb.idx Object is locked skipped
    C:\QooBox\Quarantine\catchme2008-01-06_192919.76.zip/urqqnmm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.djh skipped
    C:\QooBox\Quarantine\catchme2008-01-06_192919.76.zip ZIP: infected - 1 skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{E57C3CFF-0C70-4A5C-A867-EEEC9895148D}\RP359\A0062574.dll Object is locked skipped
    C:\System Volume Information\_restore{E57C3CFF-0C70-4A5C-A867-EEEC9895148D}\RP364\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    D:\86be3a3ed2411e5551743913a0f5ad\update\update.exe Object is locked skipped
    D:\eb7c4068816182acbf3109d5\msxml4-KB927978-enu.log Object is locked skipped
    D:\f6593983071d1ceeb82ca21f221ae4\update\update.exe Object is locked skipped
    D:\Gedownloade programma's\Nero 7.7.5.1 + KeyGen\Nero 7.7.5.1 + KeyGen.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
    D:\Gedownloade programma's\Nero 7.7.5.1 + KeyGen\Nero 7.7.5.1 + KeyGen.exe RAR: infected - 1 skipped
    D:\RECYCLER\S-1-5-21-2199471875-1195473123-1494889471-1007\Dd158.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    D:\System Volume Information\_restore{E57C3CFF-0C70-4A5C-A867-EEEC9895148D}\RP359\A0062613.exe Object is locked skipped
    D:\System Volume Information\_restore{E57C3CFF-0C70-4A5C-A867-EEEC9895148D}\RP364\change.log Object is locked skipped

    Scan process completed.

    Ik hoop dat er nu meer duidelijkheid is…
    gr Linda
  • Inderdaad, goed dat je zelf tot de oplossing bent gekomen :)
  • We zijn er bijna :)

    Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:817314a40d]
    RENV::
    —-a-w 39,792 2008-01-06 11:02:58 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
    —-a-w 155,648 2008-01-06 11:02:54 C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
    —-a-w 147,456 2008-01-06 11:03:16 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
    —-a-w 69,216 2008-01-06 11:02:50 C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
    —-a-w 54,832 2008-01-06 11:02:52 C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
    —-a-w 68,856 2008-01-06 11:03:20 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    —-a-w 596,760 2008-01-06 11:03:14 C:\Program Files\Hitman Pro\xphelper .exe
    —-a-w 49,152 2008-01-06 11:02:56 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
    —-a-w 132,496 2008-01-06 11:02:47 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    —-a-w 217,088 2008-01-06 11:03:12 C:\Program Files\Logitech\Video\LogiTray .exe
    —-a-w 196,608 2008-01-06 11:03:23 C:\Program Files\Logitech\Video\ManifestEngine .exe
    —-a-w 1,211,176 2008-01-06 17:39:04 C:\Program Files\Microsoft ActiveSync\wcescomm .exe
    —-a-w 5,674,352 2008-01-06 11:03:27 C:\Program Files\MSN Messenger\MsnMsgr .Exe
    —-a-w 200,704 2008-01-06 11:02:48 C:\Program Files\PowerISO\PWRISOVM .EXE
    —-a-w 98,304 2008-01-06 17:38:53 C:\Program Files\QuickTime\qttask .exe
    —-a-w 22,880,040 2008-01-06 11:03:47 C:\Program Files\Skype\Phone\Skype .exe
    —-a-w 308,880 2008-01-06 11:03:13 C:\Program Files\SPAMfighter\SFAgent .exe
    —-a-w 221,184 2008-01-06 11:02:59 C:\WINDOWS\system32\LVCOMSX .EXE

    Driver::
    "MS Session Manager Subsystem"
    [/b:817314a40d]

    Sla dit op op je Bureaublad als [b:817314a40d]CFScript.txt[/b:817314a40d]

    Sleep [b:817314a40d]CFScript.txt[/b:817314a40d] in [b:817314a40d]ComboFix.exe[/b:817314a40d] zoals getoond in onderstaand voorbeeld :
    [img:817314a40d]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:817314a40d]

    Dit zal [b:817314a40d]ComboFix[/b:817314a40d] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

    Pim
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:52:00, on 7-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\RFA\rfagent.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MICROS~1\wcescomm .exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\MICROS~1\rapimgr.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.martkplaats.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~1\wcescomm .exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: Download with &FileFactory Turbo - C:\Program Files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe


    End of file - 9867 bytes


    ComboFix:

    ComboFix 08-01-04.1 - vandertol 2008-01-07 16:40:12.6 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.487 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\vandertol\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\vandertol\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))
    .

    2008-01-07 13:50 . 2008-01-07 13:50 <DIR> d——– C:\WINDOWS\system32\Kaspersky Lab
    2008-01-07 13:50 . 2008-01-07 13:50 <DIR> d——– C:\WINDOWS\LastGood
    2008-01-07 13:50 . 2008-01-07 13:50 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-01-07 10:43 . 2008-01-07 10:55 <DIR> d——– C:\Program Files\RFA
    2008-01-07 10:43 . 2008-01-07 11:01 <DIR> d——– C:\Documents and Settings\All Users\Application Data\RFA_Backups
    2008-01-07 07:53 . 2008-01-07 07:53 <DIR> d——– C:\Program Files\Lavasoft
    2008-01-07 07:37 . 2008-01-07 16:39 <DIR> dr-h—– C:\Documents and Settings\vandertol\Onlangs geopend
    2008-01-06 20:26 . 2008-01-07 08:00 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\AVG7
    2008-01-06 20:25 . 2008-01-06 20:25 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-01-06 20:25 . 2008-01-06 20:25 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-06 19:30 . 2008-01-07 10:26 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-06 19:17 . 2000-08-31 08:00 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2008-01-06 18:55 . 2008-01-07 10:26 <DIR> d——– C:\Program Files\Spyware Doctor
    2008-01-06 18:55 . 2008-01-06 18:55 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\PC Tools
    2008-01-06 18:55 . 2008-01-06 18:57 74,240 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-01-06 18:55 . 2008-01-06 18:57 56,832 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-01-06 18:55 . 2007-10-18 00:14 41,288 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-01-06 18:55 . 2007-10-18 00:16 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2008-01-06 18:45 . 2008-01-06 18:46 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\PrevxCSI
    2008-01-06 18:38 . 2008-01-06 18:38 1 –a—— C:\WINDOWS\system32\PSDrvCheck.exe
    2008-01-06 12:02 . 2008-01-06 12:02 221,184 –a—— C:\WINDOWS\system32\LVCOMSX .EXE
    2008-01-05 19:22 . 2008-01-05 19:22 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\ESET
    2008-01-05 19:21 . 2008-01-05 19:21 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ESET
    2007-12-07 16:23 . 2007-12-07 16:23 <DIR> d–h—– C:\WINDOWS\PIF

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-07 15:42 ——— d—–w C:\Documents and Settings\vandertol\Application Data\Skype
    2008-01-07 12:40 ——— d—–w C:\Program Files\SPAMfighter
    2008-01-07 10:10 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-07 09:26 ——— d—–w C:\Program Files\Hitman Pro
    2008-01-07 06:55 ——— d—–w C:\Documents and Settings\vandertol\Application Data\Lavasoft
    2008-01-06 19:27 ——— d—–w C:\Documents and Settings\All Users\Application Data\Avg7
    2008-01-06 17:38 ——— d—–w C:\Program Files\QuickTime
    2008-01-06 17:38 ——— d—–w C:\Program Files\PowerISO
    2008-01-06 17:37 ——— d—–w C:\Program Files\MSN Messenger
    2008-01-06 17:37 ——— d—–w C:\Program Files\Microsoft ActiveSync
    2008-01-06 17:32 ——— d—–w C:\Program Files\Windows Live Safety Center
    2008-01-06 17:03 ——— d—–w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-01-06 15:42 ——— d—–w C:\Program Files\Webroot
    2008-01-05 18:16 ——— d—–w C:\Documents and Settings\vandertol\Application Data\uTorrent
    2007-12-22 09:39 ——— d—–w C:\Program Files\LimeWire
    2007-11-27 21:19 ——— d—–w C:\Program Files\Windows Media Connect 2
    2007-11-16 16:19 ——— d—–w C:\Documents and Settings\All Users\Application Data\Prevx
    2007-11-16 15:13 7,219 —-a-w C:\WINDOWS\system32\drivers\services.xml
    2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-31 09:41 127,034 ——r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-22 09:29 81,920 ——r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
    2007-06-27 18:01 502,412 —-a-w C:\Program Files\QuickPar-0.9.1.0-NLD.exe
    2007-04-10 07:09 1,228 —-a-w C:\Documents and Settings\vandertol\Application Data\wklnhst.dat
    2006-04-05 10:50 10,468,661 —-a-w C:\Program Files\ndntnlst.exe
    2005-12-29 19:35 303,123 —-a-w C:\Program Files\NOD32.FiX.v2.1.exe
    2007-03-21 12:59 0 –sha-w C:\WINDOWS\SMINST\HPCD.sys
    .
    [code:1:ec42c21c6e]<pre>
    ——w 39,792 2008-01-06 11:02:58 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
    —-a-w 155,648 2008-01-06 11:02:54 C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
    —-a-w 147,456 2008-01-06 11:03:16 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
    —-a-w 69,216 2008-01-06 11:02:50 C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
    —-a-w 54,832 2008-01-06 11:02:52 C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
    —-a-w 68,856 2008-01-06 11:03:20 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    —-a-w 596,760 2008-01-06 11:03:14 C:\Program Files\Hitman Pro\xphelper .exe
    —-a-w 49,152 2008-01-06 11:02:56 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
    —-a-w 132,496 2008-01-06 11:02:47 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    —-a-w 217,088 2008-01-06 11:03:12 C:\Program Files\Logitech\Video\LogiTray .exe
    —-a-w 196,608 2008-01-06 11:03:23 C:\Program Files\Logitech\Video\ManifestEngine .exe
    —-a-w 1,211,176 2008-01-06 17:39:04 C:\Program Files\Microsoft ActiveSync\wcescomm .exe
    —-a-w 5,674,352 2008-01-06 11:03:27 C:\Program Files\MSN Messenger\MsnMsgr .Exe
    —-a-w 200,704 2008-01-06 11:02:48 C:\Program Files\PowerISO\PWRISOVM .EXE
    —-a-w 98,304 2008-01-06 17:38:53 C:\Program Files\QuickTime\qttask .exe
    —-a-w 22,880,040 2008-01-06 11:03:47 C:\Program Files\Skype\Phone\Skype .exe
    —-a-w 308,880 2008-01-06 11:03:13 C:\Program Files\SPAMfighter\SFAgent .exe
    —-a-w 221,184 2008-01-06 11:02:59 C:\WINDOWS\system32\LVCOMSX .EXE
    </pre>[/code:1:ec42c21c6e]


    ((((((((((((((((((((((((((((( snapshot@2008-01-07_11.32.01,56 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-05-24 11:27:16 213,048 —-a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
    + 2007-08-29 14:47:20 94,208 —-a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    + 2007-08-29 14:49:54 950,272 —-a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
    - 2008-01-07 10:16:55 63,324 —-a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-01-07 12:43:08 63,324 —-a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-01-07 10:16:55 82,426 —-a-w C:\WINDOWS\system32\perfc013.dat
    + 2008-01-07 12:43:08 82,426 —-a-w C:\WINDOWS\system32\perfc013.dat
    - 2008-01-07 10:16:55 404,104 —-a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-01-07 12:43:08 404,104 —-a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-01-07 10:16:56 468,882 —-a-w C:\WINDOWS\system32\perfh013.dat
    + 2008-01-07 12:43:08 468,882 —-a-w C:\WINDOWS\system32\perfh013.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-06 18:39 147456]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
    "H/PC Connection Agent"="C:\PROGRA~1\MICROS~1\wcescomm .exe" [2008-01-06 18:39 1211176]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-06 18:39 68856]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-06 18:39 5674352]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2008-01-06 18:39 196608]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-01-06 18:39 22880040]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 20:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2005-11-11 22:47 1519616 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 20:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-10-14 18:51 14864384 C:\WINDOWS\RTHDCPL.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-01-06 18:38 98304]
    "PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2008-01-06 18:38 1]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-06 18:38 1]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-06 18:38 1]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2008-01-06 18:38 1]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-01-06 18:38 1]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-06 18:38 1]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2008-01-06 18:39 1]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2008-01-06 18:39 1]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29 308880]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-06 20:25 579072]
    "rfagent"="C:\Program Files\RFA\rfagent.exe" [2007-11-23 19:16 916800]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-06 20:25 219136]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-15 19:29:40]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-31 10:41:25]
    Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u:ec42c21c6e]0[/u:ec42c21c6e]00.fcl [2006-11-02 16:51]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 15:29]
    S2 System Session Manager Subsystem;MS Session Manager Subsystem;C:\WINDOWS\system32\smss.exe [2004-08-04 20:00]

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-01-07 15:00:00 C:\WINDOWS\Tasks\HPpromotions psc 2350 series.job"
    - C:\Program Files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe
    "2007-10-13 01:30:02 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.ex
    - C:\Program Files\RegistrySmar
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-07 16:42:02
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-01-07 16:42:30
    ComboFix-quarantined-files.txt 2008-01-07 15:42:28
    ComboFix2.txt 2008-01-07 15:07:09
    ComboFix3.txt 2008-01-07 12:42:40
    ComboFix4.txt 2008-01-07 10:32:24
    ComboFix5.txt 2008-01-06 22:07:07
    .
    2008-01-07 10:20:24 — E O F —


    Gr Linda
  • Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:ea50f8a63f]
    File::
    C:\Program Files\ndntnlst.exe

    Driver::
    MS Session Manager Subsystem

    RENV::
    ——w 39,792 2008-01-06 11:02:58 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
    —-a-w 155,648 2008-01-06 11:02:54 C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
    —-a-w 147,456 2008-01-06 11:03:16 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
    —-a-w 69,216 2008-01-06 11:02:50 C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
    —-a-w 54,832 2008-01-06 11:02:52 C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
    —-a-w 68,856 2008-01-06 11:03:20 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    —-a-w 596,760 2008-01-06 11:03:14 C:\Program Files\Hitman Pro\xphelper .exe
    —-a-w 49,152 2008-01-06 11:02:56 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
    —-a-w 132,496 2008-01-06 11:02:47 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    —-a-w 217,088 2008-01-06 11:03:12 C:\Program Files\Logitech\Video\LogiTray .exe
    —-a-w 196,608 2008-01-06 11:03:23 C:\Program Files\Logitech\Video\ManifestEngine .exe
    —-a-w 1,211,176 2008-01-06 17:39:04 C:\Program Files\Microsoft ActiveSync\wcescomm .exe
    —-a-w 5,674,352 2008-01-06 11:03:27 C:\Program Files\MSN Messenger\MsnMsgr .Exe
    —-a-w 200,704 2008-01-06 11:02:48 C:\Program Files\PowerISO\PWRISOVM .EXE
    —-a-w 98,304 2008-01-06 17:38:53 C:\Program Files\QuickTime\qttask .exe
    —-a-w 22,880,040 2008-01-06 11:03:47 C:\Program Files\Skype\Phone\Skype .exe
    —-a-w 308,880 2008-01-06 11:03:13 C:\Program Files\SPAMfighter\SFAgent .exe
    —-a-w 221,184 2008-01-06 11:02:59 C:\WINDOWS\system32\LVCOMSX .EXE
    [/b:ea50f8a63f]
    Sla dit op op je Bureaublad als [b:ea50f8a63f]CFScript.txt[/b:ea50f8a63f]

    Sleep [b:ea50f8a63f]CFScript.txt[/b:ea50f8a63f] in [b:ea50f8a63f]ComboFix.exe[/b:ea50f8a63f] zoals getoond in onderstaand voorbeeld :

    [img:ea50f8a63f]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:ea50f8a63f]

    Dit zal [b:ea50f8a63f]ComboFix[/b:ea50f8a63f] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de [b:ea50f8a63f]Combofix.txt[/b:ea50f8a63f] in je volgende antwoord samen met een nieuw HijackThislogje.
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:02:34, on 7-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\RFA\rfagent.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MICROS~1\wcescomm .exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\MICROS~1\rapimgr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.martkplaats.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~1\wcescomm .exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: Download with &FileFactory Turbo - C:\Program Files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe


    End of file - 9867 bytes

    ComboFix 08-01-04.1 - vandertol 2008-01-07 21:52:33.7 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.530 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\vandertol\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\vandertol\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt

    FILE
    C:\Program Files\ndntnlst.exe
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\ndntnlst.exe

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))
    .

    2008-01-07 18:21 . 2008-01-07 18:23 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\AVG7
    2008-01-07 18:21 . 2008-01-07 18:21 <DIR> d——– C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-01-07 18:21 . 2008-01-07 18:21 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-07 18:14 . 2008-01-07 19:31 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Avg7
    2008-01-07 13:50 . 2008-01-07 13:50 <DIR> d——– C:\WINDOWS\system32\Kaspersky Lab
    2008-01-07 13:50 . 2008-01-07 13:50 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-01-07 10:43 . 2008-01-07 10:55 <DIR> d——– C:\Program Files\RFA
    2008-01-07 10:43 . 2008-01-07 11:01 <DIR> d——– C:\Documents and Settings\All Users\Application Data\RFA_Backups
    2008-01-07 07:53 . 2008-01-07 07:53 <DIR> d——– C:\Program Files\Lavasoft
    2008-01-07 07:37 . 2008-01-07 21:51 <DIR> dr-h—– C:\Documents and Settings\vandertol\Onlangs geopend
    2008-01-06 19:30 . 2008-01-07 10:26 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-06 19:17 . 2000-08-31 08:00 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2008-01-06 18:55 . 2008-01-07 10:26 <DIR> d——– C:\Program Files\Spyware Doctor
    2008-01-06 18:55 . 2008-01-06 18:55 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\PC Tools
    2008-01-06 18:55 . 2008-01-06 18:57 74,240 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-01-06 18:55 . 2008-01-06 18:57 56,832 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-01-06 18:55 . 2007-10-18 00:14 41,288 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-01-06 18:55 . 2007-10-18 00:16 29,000 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2008-01-06 18:45 . 2008-01-06 18:46 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\PrevxCSI
    2008-01-06 18:38 . 2008-01-06 18:38 1 –a—— C:\WINDOWS\system32\PSDrvCheck.exe
    2008-01-06 12:02 . 2008-01-06 12:02 221,184 –a—— C:\WINDOWS\system32\LVCOMSX .EXE
    2008-01-05 19:22 . 2008-01-05 19:22 <DIR> d——– C:\Documents and Settings\vandertol\Application Data\ESET
    2008-01-05 19:21 . 2008-01-05 19:21 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ESET
    2007-12-07 16:23 . 2007-12-07 16:23 <DIR> d–h—– C:\WINDOWS\PIF

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-07 20:55 ——— d—–w C:\Documents and Settings\vandertol\Application Data\Skype
    2008-01-07 19:07 ——— d—–w C:\Program Files\SPAMfighter
    2008-01-07 18:03 ——— d—–w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-01-07 10:10 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-07 09:26 ——— d—–w C:\Program Files\Hitman Pro
    2008-01-07 06:55 ——— d—–w C:\Documents and Settings\vandertol\Application Data\Lavasoft
    2008-01-06 17:38 ——— d—–w C:\Program Files\QuickTime
    2008-01-06 17:38 ——— d—–w C:\Program Files\PowerISO
    2008-01-06 17:37 ——— d—–w C:\Program Files\MSN Messenger
    2008-01-06 17:37 ——— d—–w C:\Program Files\Microsoft ActiveSync
    2008-01-06 17:32 ——— d—–w C:\Program Files\Windows Live Safety Center
    2008-01-06 15:42 ——— d—–w C:\Program Files\Webroot
    2008-01-05 18:16 ——— d—–w C:\Documents and Settings\vandertol\Application Data\uTorrent
    2007-12-22 09:39 ——— d—–w C:\Program Files\LimeWire
    2007-11-27 21:19 ——— d—–w C:\Program Files\Windows Media Connect 2
    2007-11-16 16:19 ——— d—–w C:\Documents and Settings\All Users\Application Data\Prevx
    2007-11-16 15:13 7,219 —-a-w C:\WINDOWS\system32\drivers\services.xml
    2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-31 09:41 127,034 ——r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-22 09:29 81,920 ——r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
    2007-06-27 18:01 502,412 —-a-w C:\Program Files\QuickPar-0.9.1.0-NLD.exe
    2007-04-10 07:09 1,228 —-a-w C:\Documents and Settings\vandertol\Application Data\wklnhst.dat
    2005-12-29 19:35 303,123 —-a-w C:\Program Files\NOD32.FiX.v2.1.exe
    2007-03-21 12:59 0 –sha-w C:\WINDOWS\SMINST\HPCD.sys
    .
    [code:1:f7af04c1c9]<pre>
    —-a-w 155,648 2008-01-06 11:02:54 C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
    —-a-w 147,456 2008-01-06 11:03:16 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
    —-a-w 69,216 2008-01-06 11:02:50 C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
    —-a-w 54,832 2008-01-06 11:02:52 C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
    —-a-w 68,856 2008-01-06 11:03:20 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    —-a-w 596,760 2008-01-06 11:03:14 C:\Program Files\Hitman Pro\xphelper .exe
    —-a-w 49,152 2008-01-06 11:02:56 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
    —-a-w 132,496 2008-01-06 11:02:47 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    —-a-w 217,088 2008-01-06 11:03:12 C:\Program Files\Logitech\Video\LogiTray .exe
    —-a-w 196,608 2008-01-06 11:03:23 C:\Program Files\Logitech\Video\ManifestEngine .exe
    —-a-w 1,211,176 2008-01-06 17:39:04 C:\Program Files\Microsoft ActiveSync\wcescomm .exe
    —-a-w 5,674,352 2008-01-06 11:03:27 C:\Program Files\MSN Messenger\MsnMsgr .Exe
    —-a-w 200,704 2008-01-06 11:02:48 C:\Program Files\PowerISO\PWRISOVM .EXE
    —-a-w 98,304 2008-01-06 17:38:53 C:\Program Files\QuickTime\qttask .exe
    —-a-w 22,880,040 2008-01-06 11:03:47 C:\Program Files\Skype\Phone\Skype .exe
    —-a-w 308,880 2008-01-06 11:03:13 C:\Program Files\SPAMfighter\SFAgent .exe
    —-a-w 221,184 2008-01-06 11:02:59 C:\WINDOWS\system32\LVCOMSX .EXE
    </pre>[/code:1:f7af04c1c9]


    ((((((((((((((((((((((((((((( snapshot@2008-01-07_11.32.01,56 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-06 19:25:47 821,856 —-a-w C:\WINDOWS\system32\drivers\avg7core.sys
    + 2008-01-07 17:21:24 821,856 —-a-w C:\WINDOWS\system32\drivers\avg7core.sys
    - 2008-01-06 19:25:50 4,224 —-a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
    + 2008-01-07 17:21:28 4,224 —-a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
    - 2008-01-06 19:25:51 27,776 —-a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
    + 2008-01-07 17:21:28 27,776 —-a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
    - 2008-01-06 19:25:53 10,760 —-a-w C:\WINDOWS\system32\drivers\avgclean.sys
    + 2008-01-07 17:21:29 10,760 —-a-w C:\WINDOWS\system32\drivers\avgclean.sys
    - 2008-01-06 19:25:53 26,952 —-a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
    + 2008-01-07 17:21:29 26,952 —-a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
    + 2005-05-24 11:27:16 213,048 —-a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
    + 2007-08-29 14:47:20 94,208 —-a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    + 2007-08-29 14:49:54 950,272 —-a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
    - 2008-01-07 10:16:55 63,324 —-a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-01-07 19:10:00 63,324 —-a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-01-07 10:16:55 82,426 —-a-w C:\WINDOWS\system32\perfc013.dat
    + 2008-01-07 19:10:00 82,426 —-a-w C:\WINDOWS\system32\perfc013.dat
    - 2008-01-07 10:16:55 404,104 —-a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-01-07 19:10:00 404,104 —-a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-01-07 10:16:56 468,882 —-a-w C:\WINDOWS\system32\perfh013.dat
    + 2008-01-07 19:10:00 468,882 —-a-w C:\WINDOWS\system32\perfh013.dat
    .
    – Snapshot reset to current date –
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-06 18:39 147456]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
    "H/PC Connection Agent"="C:\PROGRA~1\MICROS~1\wcescomm .exe" [2008-01-06 18:39 1211176]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-06 18:39 68856]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-06 18:39 5674352]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2008-01-06 18:39 196608]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-01-06 18:39 22880040]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 20:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2005-11-11 22:47 1519616 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 20:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-10-14 18:51 14864384 C:\WINDOWS\RTHDCPL.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-01-06 18:38 98304]
    "PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2008-01-06 18:38 1]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-06 18:38 1]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-06 18:38 1]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2008-01-06 18:38 1]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-01-06 18:38 1]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-06 18:38 1]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-06 12:02 39792]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2008-01-06 18:39 1]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2008-01-06 18:39 1]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29 308880]
    "rfagent"="C:\Program Files\RFA\rfagent.exe" [2007-11-23 19:16 916800]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-07 18:21 579072]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-07 18:21 219136]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-15 19:29:40]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-31 10:41:25]
    Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u:f7af04c1c9]0[/u:f7af04c1c9]00.fcl [2006-11-02 16:51]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 15:29]
    S2 System Session Manager Subsystem;MS Session Manager Subsystem;C:\WINDOWS\system32\smss.exe [2004-08-04 20:00]

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-01-07 19:00:00 C:\WINDOWS\Tasks\HPpromotions psc 2350 series.job"
    - C:\Program Files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe
    "2007-10-13 01:30:02 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.ex
    - C:\Program Files\RegistrySmar
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-07 21:55:50
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-01-07 21:56:16
    ComboFix-quarantined-files.txt 2008-01-07 20:56:15
    ComboFix2.txt 2008-01-07 15:42:31
    ComboFix3.txt 2008-01-07 15:07:09
    ComboFix4.txt 2008-01-07 12:42:40
    ComboFix5.txt 2008-01-07 10:32:24
    .
    2008-01-07 10:20:24 — E O F —
  • Ik heb inmiddels een andere AVG versie laten scannen en deze heeft wel het één en ander gevonden!
    Staat nu in quarantaine….weet niet zo goed wat ik hiermee moet doen. Verwijderen? of misschien herstellen?

    gr Linda

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.