Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

autorun en system op al mn schijven? pc 2

Othuroyo
9 antwoorden
  • Hallo,

    Hierbij het zelfde verhaaltje als de vorige keer, nu met een andere computer en ik ga gelijk van start met een Hijackthis logje.
    :wink:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:26:27, on 23-1-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\NDAS\System
    dassvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\NWTRAY.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\UltraMon\UltraMon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\UltraMon\UltraMonTaskbar.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\WinTV\Ir.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\NDAS\System
    dasmgmt.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwproxy.xs4all.nl:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\system32\mstask.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System
    dasmgmt.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.100.53.122/activex/AxisCamControl.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: bw+0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {83AA81C7-A1AD-48B7-B3EB-5146CE36E99F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System
    dassvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Windows_system - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\SYSTEM.exe (file missing)


    End of file - 23025 bytes




  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:b43cd52e5c] O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)[/b:b43cd52e5c]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    Ga nu naar Start -> Uitvoeren
    Typ hier dit commando in: [b:b43cd52e5c]sc stop Windows_system[/b:b43cd52e5c] en druk op OK.
    Herhaal dit met dit commando:[b:b43cd52e5c]sc delete Windows_system[/b:b43cd52e5c].


    Download combofix.exe van deze site: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
    Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
    Wanneer ComboFix klaar is, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje in je volgende bericht.
  • hierbij het logje van ComboFix:

    ComboFix 09-01-21.04 - Marc 2009-01-24 21:59:55.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.511.188 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Marc\Bureaublad\virussesscanss\installs\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\INSTALL.LOG
    c:\program files\Mozilla Firefox\plugins\NPNd2fn.dll
    c:\program files\Need2Find
    c:\program files\Need2Find\bar\History\search
    c:\windows\smdat32m.sys
    c:\windows\system32\Process.exe
    c:\windows\system32\SrchSTS.exe

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-12-24 to 2009-01-24 ))))))))))))))))))))))))))))))
    .

    Geen nieuwe bestanden aangemaakt in deze periode

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-23 13:37 ——— d—–w c:\program files\Google
    2009-01-23 11:05 ——— d—–w c:\program files\Spybot - Search & Destroy
    2009-01-23 11:03 ——— d—–w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-23 11:01 ——— d—–w c:\program files\RTVSoftwareNL
    2009-01-23 11:01 ——— d—–w c:\program files\iPod
    2008-12-16 20:12 ——— d—–w c:\documents and settings\Marc\Application Data\Nokia Multimedia Player
    2008-12-13 13:49 ——— d—–w c:\program files\Java
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    2006-10-17 21:50 81,920 —-a-w c:\documents and settings\Marc\Application Data\ezpinst.exe
    2006-10-17 21:50 47,360 -c–a-w c:\documents and settings\Marc\Application Data\pcouffin.sys
    2006-06-02 19:18 7,856 -c–a-w c:\program files\hijackthis.log
    2005-02-16 10:06 218,112 -c–a-w c:\program files\HijackThis.exe
    2006-05-06 16:42 7,260,160 -c–a-w c:\program files\mozilla firefox\plugins\libvlc.dll
    2007-10-11 19:56 548,443 –sh–w c:\windows\system32\_SYSTEM.exe
    2008-08-24 01:12 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008082420080825\index.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-09-27 190024]
    "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-06-13 36864]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 68856]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
    "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
    "Google Update"="c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-18 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 335872]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
    "QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-04-27 282624]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-05 185896]
    "UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-12 304640]
    "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 223232]
    "CTHelper"="CTHELPER.EXE" [2003-08-28 c:\windows\system32\CTHELPER.EXE]
    "NWTRAY"="NWTRAY.EXE" [2002-03-12 c:\windows\system32
    wtray.exe]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 c:\windows\KHALMNPR.Exe]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2007-05-26 102455]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-06-13 196608]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-05-05 581632]
    NDAS Device Management.lnk - c:\program files\NDAS\System
    dasmgmt.exe [2005-02-10 178688]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "CompatibleRUPSecurity"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.ctmp3"= c:\windows\System32\ctmp3.acm
    "VIDC.3iv2"= 3ivxVfWCodec.dll
    "VIDC.VP31"= vp31vfw.dll
    "msacm.l3fhg"= mp3fhg.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "10264:TCP"= 10264:TCP:BitComet 10264 TCP
    "10264:UDP"= 10264:UDP:BitComet 10264 UDP
    "24842:TCP"= 24842:TCP:BitComet 24842 TCP
    "24842:UDP"= 24842:UDP:BitComet 24842 UDP
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [2005-02-09 109184]
    R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [2003-10-05 123520]
    R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [2003-09-28 5504]
    R1 lfsfilt;Lean File Sharing;c:\windows\system32\drivers\lfsfilt.sys [2007-06-18 120704]
    R3 cmudaxp;C-Media Oxygen HD Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2007-05-26 1393600]
    R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s –> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
    R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers
    dasbus.sys [2005-02-09 38656]
    R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2006-09-24 3584]
    R4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s –> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
    R4 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [2007-03-24 3712]
    R4 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 11776]
    S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers
    dasscsi.sys [2005-02-09 90752]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
    \Shell\Auto\command - C:\SYSTEM.exe
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SYSTEM.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12376d43-90d0-11db-bb62-00105ac03c6d}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
    \Shell\Open(&0)\command - Recycled\ctfmon.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fbd60b9-d51e-11dd-be9e-0009dd506f77}]
    \Shell\Auto\command - I:\SYSTEM.exe
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SYSTEM.exe
    .
    Inhoud van de 'Gedeelde Taken' map

    2008-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

    2009-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-688789844-682003330-1003.job
    - c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-18 00:18]
    .
    - - - - ORPHANS VERWIJDERD - - - -

    HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
    HKLM-Run-NWEReboot - (no file)
    HKLM-Run-Cmaudio8788 - cmicnfgp.cpl
    HKLM-RunServices-SchedulingAgent - c:\windows\system32\mstask.exe


    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = about:blank
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = localhost;*.local
    uInternet Settings,ProxyServer = wwwproxy.xs4all.nl:8080
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: hyves.nl
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    FF - ProfilePath - c:\documents and settings\Marc\Application Data\Mozilla\Firefox\Profiles\gnrqcpyd.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - plugin: c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\1.2.133.33
    pGoogleOneClick7.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins
    pqtplugin.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins
    pqtplugin2.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins
    pqtplugin3.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins
    pqtplugin4.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins
    pqtplugin5.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins
    pitunes.dll

    —- FIREFOX POLICIES —-
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess";);
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-24 22:08:39
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "3140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(756)
    c:\windows\system32\Ati2evxx.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\CTSVCCDA.EXE
    c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\NDAS\System
    dassvc.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\windows\system32\MsPMSPSv.exe
    c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe
    c:\windows\system32\rundll32.exe
    c:\program files\UltraMon\UltraMonTaskbar.exe
    c:\program files\PC Connectivity Solution\ServiceLayer.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\progra~1\MICROS~4\rapimgr.exe
    c:\program files\Logitech\SetPoint\KHALMNPR.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-01-24 22:18:52 - machine werd herstart
    ComboFix-quarantined-files.txt 2009-01-24 21:18:45

    Pre-Run: 13.058.347.008 bytes beschikbaar
    Post-Run: 17,524,895,744 bytes beschikbaar

    WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=AlwaysOff

    216 — E O F — 2009-01-13 20:50:37











  • Ga naar Virustotal.com
    Upload het volgende bestand door het volgende te kopiëren/plakken (dus niet via "Bladeren…" opzoeken!): [b:168bfa5171]c:\windows\system32\_SYSTEM.exe [/b:168bfa5171]
    Wacht totdat het resultaat verschijnt. Post dit mee in je volgende reactie.


    Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
    Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn.
    Dubbelklik op Flash_Disinfector.exe om de tool te starten.
    Als de tool klaar is, zal de computer opnieuw starten.



    Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

  • hier het logje van virustotal.com:

    Dit bestand is reeds gescanned:
    MD5: e582f4b243f81b1af5db7f7ba434f6dc
    First received: 2008.03.25 22:11:03 (CET)
    Datum: 2008.11.08 11:05:50 (CET) [>77D]
    Resultaat: 31/36
    Permalink: analisis/616ba0781c522aa3fe8d1a3d033510d3


    Bestand _SYSTEM.exe ontvangen op 2008.11.08 11:05:50 (CET)
    Huidig status: Einde

    Resultaat: 31/36 (86.11%)
    Geformatteerd Resultaten afdrukken
    Antivirus Versie Laatst geüpdatet Resultaat
    AhnLab-V3 - - Win-Trojan/Hupigon.548443
    AntiVir - - BDS/Backdoor.Gen
    Authentium - - W32/Hupigon.C.gen!Eldorado
    Avast - - Win32:Trojan-gen {Other}
    AVG - - BackDoor.Hupigon4.SHV
    BitDefender - - Backdoor.Hupigon.AXRD
    CAT-QuickHeal - - Backdoor.Hupigon.aaxv
    ClamAV - - -
    DrWeb - - BackDoor.Pigeon.7031
    eSafe - - Suspicious File
    eTrust-Vet - - Win32/Dowque.GA
    Ewido - - -
    F-Prot - - W32/Hupigon.C.gen!Eldorado
    F-Secure - - Backdoor.Win32.Hupigon.aaxv
    Fortinet - - -
    GData - - Backdoor.Hupigon.AXRD
    Ikarus - - Backdoor.Hupigon
    K7AntiVirus - - Backdoor.Win32.Hupigon.aoir
    Kaspersky - - Backdoor.Win32.Hupigon.aaxv
    McAfee - - BackDoor-AWQ
    Microsoft - - Backdoor:Win32/Hupigon
    NOD32 - - probably a variant of Win32/Hupigon
    Norman - - W32/Hupigon.BGYS
    Panda - - W32/Nuwar.C.worm
    PCTools - - Trojan.Pakes.TO
    Prevx1 - - -
    Rising - - Backdoor.Win32.ShangXing.kd
    SecureWeb-Gateway - - Trojan.Backdoor.Backdoor.Gen
    Sophos - - Mal/Emogen-N
    Sunbelt - - Trojan-Downloader.Win32.VB.ji
    Symantec - - Trojan Horse
    TheHacker - - Backdoor/Hupigon.aaxv
    TrendMicro - - BKDR_HUPIGON.PSB
    VBA32 - - -
    ViRobot - - Backdoor.Win32.Hupigon.548443
    VirusBuster - - Trojan.Pakes.TO
    Extra informatie
    MD5: e582f4b243f81b1af5db7f7ba434f6dc
    SHA1: fa00d39cf963cbff371aca179d98bd59417ca1b1
    SHA256: d5367cd02c4b4750fe84498196d442f29fca61b1cb75653550169af9bc8fd53e
    SHA512: ba36d5d86c1ad26d4bae313bfd4b7274e38df768612c853e48e29fcc0920ed887de0ab3f0c3f1e064746e8d31a1991f1e778ef290ac72061ac4c8676cd3f7dd9



    en het logje van combofix:

    ComboFix 09-01-21.04 - Marc 2009-01-25 11:22:52.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.511.155 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Marc\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Marc\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2008-12-25 to 2009-01-25 ))))))))))))))))))))))))))))))
    .

    Geen nieuwe bestanden aangemaakt in deze periode

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-23 13:37 ——— d—–w c:\program files\Google
    2009-01-23 11:05 ——— d—–w c:\program files\Spybot - Search & Destroy
    2009-01-23 11:03 ——— d—–w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-23 11:01 ——— d—–w c:\program files\RTVSoftwareNL
    2009-01-23 11:01 ——— d—–w c:\program files\iPod
    2008-12-16 20:12 ——— d—–w c:\documents and settings\Marc\Application Data\Nokia Multimedia Player
    2008-12-13 13:49 ——— d—–w c:\program files\Java
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    2006-10-17 21:50 81,920 —-a-w c:\documents and settings\Marc\Application Data\ezpinst.exe
    2006-10-17 21:50 47,360 -c–a-w c:\documents and settings\Marc\Application Data\pcouffin.sys
    2006-06-02 19:18 7,856 -c–a-w c:\program files\hijackthis.log
    2005-02-16 10:06 218,112 -c–a-w c:\program files\HijackThis.exe
    2006-05-06 16:42 7,260,160 -c–a-w c:\program files\mozilla firefox\plugins\libvlc.dll
    2007-10-11 19:56 548,443 –sh–w c:\windows\system32\_SYSTEM.exe
    2008-08-24 01:12 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008082420080825\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-24_22.15.42.71 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-01-25 10:33:55 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_230.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-09-27 190024]
    "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-06-13 36864]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 68856]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
    "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
    "Google Update"="c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-18 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 335872]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
    "QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-04-27 282624]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-05 185896]
    "UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-12 304640]
    "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 223232]
    "CTHelper"="CTHELPER.EXE" [2003-08-28 c:\windows\system32\CTHELPER.EXE]
    "NWTRAY"="NWTRAY.EXE" [2002-03-12 c:\windows\system32
    wtray.exe]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 c:\windows\KHALMNPR.Exe]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2007-05-26 102455]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-06-13 196608]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-05-05 581632]
    NDAS Device Management.lnk - c:\program files\NDAS\System
    dasmgmt.exe [2005-02-10 178688]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "CompatibleRUPSecurity"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.ctmp3"= c:\windows\System32\ctmp3.acm
    "VIDC.3iv2"= 3ivxVfWCodec.dll
    "VIDC.VP31"= vp31vfw.dll
    "msacm.l3fhg"= mp3fhg.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "10264:TCP"= 10264:TCP:BitComet 10264 TCP
    "10264:UDP"= 10264:UDP:BitComet 10264 UDP
    "24842:TCP"= 24842:TCP:BitComet 24842 TCP
    "24842:UDP"= 24842:UDP:BitComet 24842 UDP
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [2005-02-09 109184]
    R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [2003-10-05 123520]
    R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [2003-09-28 5504]
    R1 lfsfilt;Lean File Sharing;c:\windows\system32\drivers\lfsfilt.sys [2007-06-18 120704]
    R3 cmudaxp;C-Media Oxygen HD Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2007-05-26 1393600]
    R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s –> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
    R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers
    dasbus.sys [2005-02-09 38656]
    R3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers
    dasscsi.sys [2005-02-09 90752]
    R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2006-09-24 3584]
    R4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s –> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
    R4 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [2007-03-24 3712]
    R4 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 11776]
    .
    Inhoud van de 'Gedeelde Taken' map

    2008-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

    2009-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-688789844-682003330-1003.job
    - c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-18 00:18]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = about:blank
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = localhost;*.local
    uInternet Settings,ProxyServer = wwwproxy.xs4all.nl:8080
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: hyves.nl
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    FF - ProfilePath - c:\documents and settings\Marc\Application Data\Mozilla\Firefox\Profiles\gnrqcpyd.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - plugin: c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\1.2.133.33
    pGoogleOneClick7.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins
    pqtplugin.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins
    pqtplugin2.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins
    pqtplugin3.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins
    pqtplugin4.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins
    pqtplugin5.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins
    pitunes.dll

    —- FIREFOX POLICIES —-
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess";);
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-25 11:34:30
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "3140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(760)
    c:\windows\system32\Ati2evxx.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\CTSVCCDA.EXE
    c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\NDAS\System
    dassvc.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\windows\system32\MsPMSPSv.exe
    c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe
    c:\windows\system32\rundll32.exe
    c:\program files\UltraMon\UltraMonTaskbar.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\progra~1\MICROS~4\rapimgr.exe
    c:\program files\Logitech\SetPoint\KHALMNPR.exe
    c:\program files\PC Connectivity Solution\ServiceLayer.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-01-25 11:44:53 - machine werd herstart
    ComboFix-quarantined-files.txt 2009-01-25 10:44:48
    ComboFix2.txt 2009-01-24 21:18:56

    Pre-Run: 16.966.332.416 bytes beschikbaar
    Post-Run: 16,951,689,216 bytes beschikbaar

    191 — E O F — 2009-01-13 20:50:37


    thnx 4 sofar :)











  • Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

  • het combofix logje:

    ComboFix 09-01-21.04 - Marc 2009-01-25 13:45:51.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.511.139 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Marc\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Marc\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt

    FILE ::
    c:\windows\system32\_SYSTEM.exe
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\_SYSTEM.exe

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-12-25 to 2009-01-25 ))))))))))))))))))))))))))))))
    .

    Geen nieuwe bestanden aangemaakt in deze periode

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-23 13:37 ——— d—–w c:\program files\Google
    2009-01-23 11:05 ——— d—–w c:\program files\Spybot - Search & Destroy
    2009-01-23 11:03 ——— d—–w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-23 11:01 ——— d—–w c:\program files\RTVSoftwareNL
    2009-01-23 11:01 ——— d—–w c:\program files\iPod
    2008-12-16 20:12 ——— d—–w c:\documents and settings\Marc\Application Data\Nokia Multimedia Player
    2008-12-13 13:49 ——— d—–w c:\program files\Java
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    2006-10-17 21:50 81,920 —-a-w c:\documents and settings\Marc\Application Data\ezpinst.exe
    2006-10-17 21:50 47,360 -c–a-w c:\documents and settings\Marc\Application Data\pcouffin.sys
    2006-06-02 19:18 7,856 -c–a-w c:\program files\hijackthis.log
    2005-02-16 10:06 218,112 -c–a-w c:\program files\HijackThis.exe
    2006-05-06 16:42 7,260,160 -c–a-w c:\program files\mozilla firefox\plugins\libvlc.dll
    2008-08-24 01:12 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008082420080825\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-24_22.15.42.71 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-01-25 12:54:50 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_224.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-09-27 190024]
    "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-06-13 36864]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 68856]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
    "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
    "Google Update"="c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-18 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 335872]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
    "QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-04-27 282624]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-05 185896]
    "UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-12 304640]
    "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 223232]
    "CTHelper"="CTHELPER.EXE" [2003-08-28 c:\windows\system32\CTHELPER.EXE]
    "NWTRAY"="NWTRAY.EXE" [2002-03-12 c:\windows\system32
    wtray.exe]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 c:\windows\KHALMNPR.Exe]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2007-05-26 102455]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-06-13 196608]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-05-05 581632]
    NDAS Device Management.lnk - c:\program files\NDAS\System
    dasmgmt.exe [2005-02-10 178688]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "CompatibleRUPSecurity"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.ctmp3"= c:\windows\System32\ctmp3.acm
    "VIDC.3iv2"= 3ivxVfWCodec.dll
    "VIDC.VP31"= vp31vfw.dll
    "msacm.l3fhg"= mp3fhg.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "10264:TCP"= 10264:TCP:BitComet 10264 TCP
    "10264:UDP"= 10264:UDP:BitComet 10264 UDP
    "24842:TCP"= 24842:TCP:BitComet 24842 TCP
    "24842:UDP"= 24842:UDP:BitComet 24842 UDP
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [2005-02-09 109184]
    R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [2003-10-05 123520]
    R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [2003-09-28 5504]
    R1 lfsfilt;Lean File Sharing;c:\windows\system32\drivers\lfsfilt.sys [2007-06-18 120704]
    R3 cmudaxp;C-Media Oxygen HD Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2007-05-26 1393600]
    R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s –> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
    R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers
    dasbus.sys [2005-02-09 38656]
    R3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers
    dasscsi.sys [2005-02-09 90752]
    R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2006-09-24 3584]
    R4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s –> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
    R4 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [2007-03-24 3712]
    R4 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 11776]
    .
    Inhoud van de 'Gedeelde Taken' map

    2008-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

    2009-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-688789844-682003330-1003.job
    - c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-18 00:18]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = about:blank
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = localhost;*.local
    uInternet Settings,ProxyServer = wwwproxy.xs4all.nl:8080
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: hyves.nl
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    FF - ProfilePath - c:\documents and settings\Marc\Application Data\Mozilla\Firefox\Profiles\gnrqcpyd.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - plugin: c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\1.2.133.33
    pGoogleOneClick7.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins
    pqtplugin.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins
    pqtplugin2.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins
    pqtplugin3.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins
    pqtplugin4.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins
    pqtplugin5.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins
    pitunes.dll

    —- FIREFOX POLICIES —-
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess";);
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-25 13:55:33
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "3140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(760)
    c:\windows\system32\Ati2evxx.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\CTSVCCDA.EXE
    c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\NDAS\System
    dassvc.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\windows\system32\MsPMSPSv.exe
    c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe
    c:\windows\system32\rundll32.exe
    c:\program files\UltraMon\UltraMonTaskbar.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\progra~1\MICROS~4\rapimgr.exe
    c:\program files\Logitech\SetPoint\KHALMNPR.exe
    c:\program files\PC Connectivity Solution\ServiceLayer.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-01-25 14:05:47 - machine werd herstart
    ComboFix-quarantined-files.txt 2009-01-25 13:05:42
    ComboFix2.txt 2009-01-25 10:44:57
    ComboFix3.txt 2009-01-24 21:18:56

    Pre-Run: 16.935.452.672 bytes beschikbaar
    Post-Run: 16,910,675,968 bytes beschikbaar

    197 — E O F — 2009-01-13 20:50:37











  • Hoe staat het met de problemen?
  • me schijven zien er weer goed uit,

    op deze pc heb ik trouwens wel al enige tijd last dat CCC.exe niet afsluit wanneer ik de computer wil uitzetten, dan zie je in een fractie van een seconde een venster met zo'n balkje wat oploopt om hem af te sluiten

    ik heb verder ook geen enkel idee wat voor iets het is

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.