Mededeling

Collapse
No announcement yet.

essa voce precisa VER

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    essa voce precisa VER

    Geachte heer, mevrouw,

    Gisteren dit ontzettend vervelende ding gekregen. Krijg hem ondanks hijackThis, Spybot Search & Destroy niet weg. Hij blijft zichzelf verzenden via de mail naar al mijn contacten. Hoe kan ik hem wegkrijgen? Gaarne hulp geboden! Onderstaand mijn logfile.
    Dank jullie wel!

    Sandra van Moorsel

    Logfile of HijackThis v1.99.1
    Scan saved at 17:47:07, on 19-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\Media\LTaskup.exe
    C:\WINDOWS\System32\LVComS.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\unzipped\hijackthis_199[1]\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [MISAggregator] C:\PROGRA~1\McAfee\MCAFEE~1\MisAgg.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [wTask] C:\WINDOWS\Media\LTaskup.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Image Transfer.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0C1C6B51-E65D-4D5A-993B-773326D3CCE8} - http://apps2.vol.at/tools/weather/install/install_mayrhofen/setup.cab
    O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://www.midasplayer.com/midasa.cab
    O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
    O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.pagedive.com/pagedive5811/PageDive5.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game17.zylomgames.com/activex/zylomgamesplayer.cab
    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylomgames.com/activex/zylomloader.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    Labels: Geen
    • Citaat
  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht tesamen met een nieuw logje van HijackThis.
    • Citaat

    Comment

    • #3
      Dit is van RVAXO.
      ----------------RVAXO.exe first run-------------

      Files found:

      C:\WINDOWS\tasks\A0C5427F90B6F29B.job
      C:\Program Files\Setup.exe
      C:\WINDOWS\lnk_dados_2.dll
      C:\Documents and Settings\Eigenaar\user.dat
      C:\Documents and Settings\Eigenaar\Emails.dat
      C:\WINDOWS\Media\LTaskup.exe

      Uninstallers Rogue scanners:


      Folders Found:

      C:\Program Files\RXToolBar

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------

      En dit van Hijack This:

      Logfile of HijackThis v1.99.1
      Scan saved at 21:24:49, on 19-12-2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16574)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\SPAMfighter\sfus.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
      C:\Program Files\Messenger Plus! 3\MsgPlus.exe
      C:\Program Files\Logitech\Video\LogiTray.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\SPAMfighter\SFAgent.exe
      C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
      C:\WINDOWS\System32\LVComS.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Digital Line Detect\DLG.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\WINDOWS\system32\msiexec.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\PROGRA~1\WINZIP\winzip32.exe
      C:\unzipped\hijackthis_199[1]\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
      O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [MISAggregator] C:\PROGRA~1\McAfee\MCAFEE~1\MisAgg.exe
      O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Digital Line Detect.lnk = ?
      O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Image Transfer.lnk = ?
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {0C1C6B51-E65D-4D5A-993B-773326D3CCE8} - http://apps2.vol.at/tools/weather/install/install_mayrhofen/setup.cab
      O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://www.midasplayer.com/midasa.cab
      O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
      O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
      O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
      O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
      O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
      O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
      O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.pagedive.com/pagedive5811/PageDive5.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
      O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game17.zylomgames.com/activex/zylomgamesplayer.cab
      O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylomgames.com/activex/zylomloader.cab
      O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

      Ik hoor graag wat nu toe doen!
      Alvast bedankt!

      Sandra
      • Citaat

      Comment

      • #4
        Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
        Dit zal alles van RVAXO doen verwijderen.

        Download Combofix naar je Bureaublad.
        Dubbelklik op Combofix.exe
        Kies voor "Continue" door 1 te typen gevolgd door ENTER.
        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
        Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
        Plaats deze log in je volgende post.

        NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
        • Citaat

        Comment

        • #5
          Dit is mijn log van Combofix.


          ComboFix 07-12-20.4 - Eigenaar 2007-12-20 8:53:21.1 - NTFSx86
          Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.188 [GMT 1:00]Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
          * Nieuw herstelpunt werd aangemaakt
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\WINDOWS\tmlpcert2005
          F:\Autorun.inf

          .
          (((((((((((((((((((( Bestanden Gemaakt van 2007-11-20 to 2007-12-20 ))))))))))))))))))))))))))))))
          .

          2007-12-19 14:51 . 2007-12-19 20:21 <DIR> d-------- C:\Documents and Settings\Eigenaar\.housecall6.6
          2007-12-19 12:11 . 2007-12-19 14:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2007-12-11 11:27 . 2007-12-11 11:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hema Album Software Advanced

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-08-27 08:57 47,437 ----a-w C:\Documents and Settings\Eigenaar\Application Data\mdb.bin
          2008-08-27 07:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
          2008-08-26 11:34 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
          2008-08-26 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
          2007-12-20 07:43 --------- d-----w C:\Program Files\SPAMfighter
          2007-12-19 12:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
          2007-12-18 15:58 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\AVG7
          2007-12-15 09:42 --------- d-----w C:\Program Files\Zylom Games
          2007-12-15 09:42 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Zylom
          2007-12-11 10:28 --------- d-----w C:\Program Files\Hema Album Software Advanced
          2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
          2007-11-09 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2007-11-09 18:42 --------- d-----w C:\Program Files\Enlight
          2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
          2007-10-29 12:16 --------- d-----w C:\Program Files\Belastingdienst
          2007-10-29 09:49 --------- d-----w C:\Program Files\Common Files\Ankiro
          2007-10-29 09:48 --------- d-----w C:\Program Files\Common Files\Application
          2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
          2007-10-24 17:58 --------- d-----w C:\Program Files\Java
          2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
          2002-11-06 09:27 217,088 ------w C:\Program Files\Image.exe
          2002-09-03 21:44 124,512 ------w C:\Program Files\Norton.exe
          2001-10-25 12:11 3,578,328 ------w C:\Program Files\Setup.1.exe
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03]
          "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 20:45]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 15:44]
          "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 07:59]
          "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 07:59]
          "Mirabilis ICQ"="C:\Program Files\ICQ\NDetect.exe"
          "MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [2004-07-25 17:01]
          "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-12-16 21:39]
          "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 09:03 C:\WINDOWS\system32\rundll32.exe]
          "nwiz"="nwiz.exe" [2001-12-31 17:04 C:\WINDOWS\system32\nwiz.exe]
          "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 09:03 C:\WINDOWS\system32\rundll32.exe]
          "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-05-04 16:21]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-06-15 20:02]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
          "MISAggregator"="C:\PROGRA~1\McAfee\MCAFEE~1\MisAgg.exe"
          "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29]
          "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-08-26 12:34]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03]
          "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-08-26 12:34]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-02-10 14:52:39]
          Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-08-13 13:28:30]
          Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-06 20:45:56]
          HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
          Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [2003-08-23 13:36:16]
          Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 18:05:56]
          Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]
          WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-03-10 22:36:45]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
          backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^MyWebSearch Email Plugin.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\MyWebSearch Email Plugin.lnk
          backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^MyWebSearch Email Plugin.lnk]
          path=C:\Documents and Settings\Eigenaar\Menu Start\Programma's\Opstarten\MyWebSearch Email Plugin.lnk
          backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
          BCMSMMSG.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
          2005-05-11 23:12 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Access]
          rundll32.exe p2esocks_1014.dll,InstantAccess

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
          2004-10-15 14:19 16384 --a------ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
          2003-12-16 21:37 188416 --a------ C:\Program Files\Logitech\Video\ISStart.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Guardian]
          C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
          c:\PROGRA~1\mcafee.com\agent\mcagent.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
          C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFTray]
          C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
          C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
          C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
          C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
          c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
          c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe /checktask

          R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 15:29]
          R3 BT4501D;SpeedTouch 120g Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\BT4501D.sys [2004-05-20 10:01]
          S3 s3legacy;s3legacy;C:\WINDOWS\system32\DRIVERS\s3legacy.sys [2001-08-17 20:57]

          *Newly Created Service* - CATCHME
          *Newly Created Service* - PROCEXP90
          .
          Inhoud van de 'Gedeelde Taken' map
          "2007-12-18 17:29:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          .
          **************************************************************************

          catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2007-12-20 09:00:41
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          **************************************************************************
          .
          Voltooingstijd: 2007-12-20 9:02:18
          .
          2007-12-12 17:43:40 --- E O F ---

          Hartelijk dank voor uw volgende instructies!
          • Citaat

          Comment

          • #6
            Download de bijlage: CFScript.txt

            Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



            Dit zal ComboFix doen herstarten.
            Start opnieuw op als daarom gevraagd wordt,
            en post de inhoud van de Combofix.txt in je volgende antwoord.
            Bijgevoegde Bestanden
            • Citaat

            Comment

            • #7
              ComboFix 07-12-20.4 - Eigenaar 2007-12-20 16:30:00.3 - NTFSx86
              Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.127 [GMT 1:00]
              Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
              Command switches used :: C:\Documents and Settings\Eigenaar\Bureaublad\cfscript.txt
              * Nieuw herstelpunt werd aangemaakt

              FILE
              C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup
              C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup
              C:\WINDOWS\system32\p2esocks_1014.dll
              .

              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
              .

              C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup
              C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

              .
              (((((((((((((((((((( Bestanden Gemaakt van 2007-11-20 to 2007-12-20 ))))))))))))))))))))))))))))))
              .

              2007-12-19 14:51 . 2007-12-19 20:21 <DIR> d-------- C:\Documents and Settings\Eigenaar\.housecall6.6
              2007-12-19 12:11 . 2007-12-19 14:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
              2007-12-11 11:27 . 2007-12-11 11:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hema Album Software Advanced

              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2008-08-27 08:57 47,437 ----a-w C:\Documents and Settings\Eigenaar\Application Data\mdb.bin
              2008-08-27 07:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
              2008-08-26 11:34 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
              2008-08-26 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
              2007-12-20 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
              2007-12-20 07:43 --------- d-----w C:\Program Files\SPAMfighter
              2007-12-18 15:58 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\AVG7
              2007-12-15 09:42 --------- d-----w C:\Program Files\Zylom Games
              2007-12-15 09:42 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Zylom
              2007-12-11 10:28 --------- d-----w C:\Program Files\Hema Album Software Advanced
              2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
              2007-11-09 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
              2007-11-09 18:42 --------- d-----w C:\Program Files\Enlight
              2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
              2007-10-29 12:16 --------- d-----w C:\Program Files\Belastingdienst
              2007-10-29 09:49 --------- d-----w C:\Program Files\Common Files\Ankiro
              2007-10-29 09:48 --------- d-----w C:\Program Files\Common Files\Application
              2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
              2007-10-24 17:58 --------- d-----w C:\Program Files\Java
              2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
              2002-11-06 09:27 217,088 ------w C:\Program Files\Image.exe
              2002-09-03 21:44 124,512 ------w C:\Program Files\Norton.exe
              2001-10-25 12:11 3,578,328 ------w C:\Program Files\Setup.1.exe
              .

              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              REGEDIT4
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03]
              "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 20:45]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 15:44]
              "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 07:59]
              "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 07:59]
              "Mirabilis ICQ"="C:\Program Files\ICQ\NDetect.exe"
              "MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [2004-07-25 17:01]
              "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-12-16 21:39]
              "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 09:03 C:\WINDOWS\system32\rundll32.exe]
              "nwiz"="nwiz.exe" [2001-12-31 17:04 C:\WINDOWS\system32\nwiz.exe]
              "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 09:03 C:\WINDOWS\system32\rundll32.exe]
              "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-05-04 16:21]
              "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-06-15 20:02]
              "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
              "MISAggregator"="C:\PROGRA~1\McAfee\MCAFEE~1\MisAgg.exe"
              "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29]
              "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-08-26 12:34]

              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03]
              "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-08-26 12:34]

              C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
              Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-02-10 14:52:39]
              Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-08-13 13:28:30]
              Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-06 20:45:56]
              HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
              Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [2003-08-23 13:36:16]
              Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 18:05:56]
              Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]
              WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-03-10 22:36:45]

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
              path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
              backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
              BCMSMMSG.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
              2005-05-11 23:12 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
              2004-10-15 14:19 16384 --a------ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
              2003-12-16 21:37 188416 --a------ C:\Program Files\Logitech\Video\ISStart.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Guardian]
              C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
              c:\PROGRA~1\mcafee.com\agent\mcagent.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
              C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFTray]
              C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
              C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
              C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
              c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
              c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe /checktask

              R3 BT4501D;SpeedTouch 120g Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\BT4501D.sys [2004-05-20 10:01]
              S3 s3legacy;s3legacy;C:\WINDOWS\system32\DRIVERS\s3legacy.sys [2001-08-17 20:57]

              *Newly Created Service* - CATCHME
              *Newly Created Service* - PROCEXP90
              .
              Inhoud van de 'Gedeelde Taken' map
              "2007-12-18 17:29:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
              - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
              .
              **************************************************************************

              catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2007-12-20 16:34:26
              Windows 5.1.2600 Service Pack 2 NTFS

              scannen van verborgen processen ...

              scannen van verborgen autostart items ...

              scannen van verborgen bestanden ...

              Scan succesvol afgerond
              verborgen bestanden: 0

              **************************************************************************
              .
              Voltooingstijd: 2007-12-20 16:35:44
              C:\ComboFix2.txt ... 2007-12-20 09:33
              C:\ComboFix3.txt ... 2007-12-20 09:02
              .
              2007-12-12 17:43:40 --- E O F ---
              • Citaat

              Comment

              • #8
                Download dit bestand: Deljob.exe (mirror)
                Plaats het op je bureaublad.
                Indien je virusscanner de download van deljob.exe blokkeert,
                schakel dan tijdelijk je virusscanner uit of download de zip-versie
                deljob.zip en pak deze uit naar je Bureaublad.
                Dubbelklik Deljob.exe.
                Een logje(logit.txt) zal openen, het bestandje kan je ook terugvinden op je bureaublad.
                Post de inhoud van logit.txt in je volgende bericht.
                • Citaat

                Comment

                • #9
                  --------------------------------------------------------
                  No LOP jobs found
                  --------------------------------------------------------
                  Files remaining after cleaning

                  AppleSoftwareUpdate.job
                  --------------------------------------------------------
                  App data folders

                  Het volume in station C heeft geen naam.
                  Het volumenummer is 5895-45C0

                  Map van C:\Documents and Settings\Eigenaar\Application Data

                  26-08-2008 12:35 <DIR> .
                  26-08-2008 12:35 <DIR> ..
                  17-03-2004 19:26 <DIR> ACDSYS~1 ACD Systems
                  10-02-2005 14:55 <DIR> Adobe
                  15-06-2005 20:02 <DIR> APPLEC~1 Apple Computer
                  18-12-2007 16:58 <DIR> AVG7
                  28-11-2006 14:34 <DIR> AVG7(2)
                  30-11-2006 23:13 <DIR> AVG7(4)
                  14-04-2004 22:21 <DIR> CYBERL~1 CyberLink
                  01-07-2007 08:21 <DIR> EYEBLA~1 Eyeblaster
                  15-07-2007 12:03 <DIR> GAIJIN~1 Gaijin Ent
                  06-01-2006 17:38 <DIR> Google
                  17-03-2004 19:08 <DIR> Help
                  28-11-2005 17:34 <DIR> HP
                  15-12-2007 10:42 <DIR> IDENTI~1 Identities
                  10-03-2004 22:43 <DIR> INTERT~1 InterTrust
                  04-12-2006 09:05 <DIR> iWin
                  17-08-2004 21:34 <DIR> MACROM~1 Macromedia
                  29-11-2004 22:36 <DIR> McAfee
                  27-09-2005 17:18 <DIR> MCAFEE~1.COM McAfee.com Personal Firewall
                  18-01-2006 20:57 <DIR> MICROG~1 Microgaming
                  22-04-2007 10:02 <DIR> MICROS~1 Microsoft
                  18-09-2003 20:54 <DIR> MICROS~2 Microsoft Web Folders
                  04-07-2007 17:19 <DIR> Mozilla
                  30-06-2004 16:45 <DIR> MSN6
                  28-07-2007 13:13 <DIR> MYGAME~1 My Games
                  25-02-2007 13:09 <DIR> PLAYFI~1 PlayFirst
                  29-11-2004 19:57 <DIR> Skype
                  16-04-2007 17:39 <DIR> SPAMFI~1 SPAMfighter
                  30-11-2006 23:08 <DIR> STORED~1 StoreDvdSign
                  01-06-2006 08:55 <DIR> Sun
                  27-08-2003 18:23 <DIR> Template
                  13-10-2005 21:06 <DIR> Wildfire
                  15-12-2007 10:42 <DIR> Zylom
                  0 bestand(en) 0 bytes
                  34 map(pen) 13.625.446.400 bytes beschikbaar
                  Het volume in station C heeft geen naam.
                  Het volumenummer is 5895-45C0

                  Map van C:\Documents and Settings\All Users\Application Data

                  19-12-2007 12:11 <DIR> .
                  19-12-2007 12:11 <DIR> ..
                  17-03-2004 19:14 <DIR> ACDSYS~1 ACD Systems
                  10-02-2005 14:58 <DIR> Adobe
                  30-11-2006 23:14 <DIR> APPLEC~1 Apple Computer
                  27-08-2008 08:42 <DIR> Avg7
                  30-11-2006 23:14 <DIR> Avg7(2)
                  30-11-2006 23:13 <DIR> avg7(4)
                  30-11-2006 23:08 <DIR> BIASBA~1 BIASBASHTESTCORN
                  13-08-2003 13:24 <DIR> BVRPSO~1 BVRP Software
                  06-06-2007 20:42 <DIR> Google
                  20-12-2007 16:27 <DIR> GOOGLE~1 Google Updater
                  26-08-2008 12:34 <DIR> Grisoft
                  30-11-2006 23:14 <DIR> GRISOF~1 Grisoft(2)
                  30-11-2006 23:13 <DIR> GRISOF~3 Grisoft(4)
                  11-12-2007 11:28 <DIR> HEMAAL~1 Hema Album Software Advanced
                  23-11-2005 21:33 <DIR> HP
                  04-12-2006 09:05 <DIR> iWin
                  19-09-2007 08:31 <DIR> JOLLYB~1 JollyBear
                  29-11-2004 17:51 <DIR> JUMPTH~1 Jumptheflapproc
                  08-11-2005 22:00 <DIR> McAfee
                  16-05-2006 17:52 <DIR> McAfee.com
                  03-08-2007 11:35 <DIR> MICROS~1 Microsoft
                  09-08-2007 08:42 <DIR> MICROS~2 Microsoft Help
                  13-08-2003 15:21 <DIR> MSN6
                  29-09-2007 08:36 <DIR> MUMBOJ~1 MumboJumbo
                  10-10-2007 21:10 <DIR> NANNYM~1 NannyMania
                  25-12-2006 12:24 <DIR> PLAYFI~1 PlayFirst
                  15-06-2005 20:01 <DIR> QUICKT~1 QuickTime
                  03-06-2007 10:00 <DIR> SANDLO~1 Sandlot Games
                  07-10-2004 16:34 <DIR> Skype
                  23-11-2005 21:32 <DIR> Sonic
                  19-12-2007 14:07 <DIR> SPYBOT~1 Spybot - Search & Destroy
                  11-10-2004 14:48 <DIR> Symantec
                  19-09-2007 12:08 <DIR> TERMIN~1 TERMINAL Studio
                  24-12-2004 18:01 <DIR> Trymedia
                  04-08-2006 09:17 <DIR> WINDOW~1 Windows Genuine Advantage
                  01-07-2007 08:15 <DIR> Zylom
                  0 bestand(en) 0 bytes
                  38 map(pen) 13.625.442.304 bytes beschikbaar
                  --------------------------------------------------------
                  • Citaat

                  Comment

                  • #10
                    Open het bestandje CFscript.txt en verwijder alle text die daar in staat.
                    Zet de volgende vetgedrukte tekst daar weer in:


                    Folder::
                    C:\Documents and Settings\Eigenaar\Application Data\StoreDvdSign
                    C:\Documents and Settings\All Users\Application Data\BIASBASHTESTCORN
                    C:\Documents and Settings\All Users\Application Data\Jumptheflapproc
                    C:\Program Files\StoreDvdSign


                    Sla de wijzigingen op en sleep CFscript.txt over Combofix.exe zoals je dat eerder deed.
                    Post het nieuwe logje van Combofix in je volgende bericht
                    • Citaat

                    Comment

                    • #11
                      Hierbij ComboFix! Kom het nog ooit goed....:-(

                      ComboFix 07-12-20.4 - Eigenaar 2007-12-21 10:08:16.4 - NTFSx86
                      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.173 [GMT 1:00]
                      Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
                      Command switches used :: C:\Documents and Settings\Eigenaar\Bureaublad\cfscript.txt
                      * Nieuw herstelpunt werd aangemaakt
                      .

                      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                      .

                      C:\Documents and Settings\All Users\Application Data\BIASBASHTESTCORN
                      C:\Documents and Settings\All Users\Application Data\BIASBASHTESTCORN\city body online
                      C:\Documents and Settings\All Users\Application Data\Jumptheflapproc
                      C:\Documents and Settings\All Users\Application Data\Jumptheflapproc\mags dale cdrom
                      C:\Documents and Settings\Eigenaar\Application Data\StoreDvdSign
                      C:\Documents and Settings\Eigenaar\Application Data\StoreDvdSign\2D9EE111
                      C:\Documents and Settings\Eigenaar\Application Data\StoreDvdSign\D4E88347
                      C:\Program Files\StoreDvdSign

                      .
                      (((((((((((((((((((( Bestanden Gemaakt van 2007-11-21 to 2007-12-21 ))))))))))))))))))))))))))))))
                      .

                      2007-12-19 14:51 . 2007-12-19 20:21 <DIR> d-------- C:\Documents and Settings\Eigenaar\.housecall6.6
                      2007-12-19 12:11 . 2007-12-19 14:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                      2007-12-11 11:27 . 2007-12-11 11:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hema Album Software Advanced

                      .
                      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      2008-08-27 08:57 47,437 ----a-w C:\Documents and Settings\Eigenaar\Application Data\mdb.bin
                      2008-08-27 07:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
                      2008-08-26 11:34 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
                      2008-08-26 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
                      2007-12-21 08:46 --------- d-----w C:\Program Files\SPAMfighter
                      2007-12-20 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
                      2007-12-18 15:58 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\AVG7
                      2007-12-15 09:42 --------- d-----w C:\Program Files\Zylom Games
                      2007-12-15 09:42 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Zylom
                      2007-12-11 10:28 --------- d-----w C:\Program Files\Hema Album Software Advanced
                      2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
                      2007-11-09 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
                      2007-11-09 18:42 --------- d-----w C:\Program Files\Enlight
                      2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
                      2007-10-29 12:16 --------- d-----w C:\Program Files\Belastingdienst
                      2007-10-29 09:49 --------- d-----w C:\Program Files\Common Files\Ankiro
                      2007-10-29 09:48 --------- d-----w C:\Program Files\Common Files\Application
                      2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
                      2007-10-24 17:58 --------- d-----w C:\Program Files\Java
                      2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
                      2002-11-06 09:27 217,088 ------w C:\Program Files\Image.exe
                      2002-09-03 21:44 124,512 ------w C:\Program Files\Norton.exe
                      2001-10-25 12:11 3,578,328 ------w C:\Program Files\Setup.1.exe
                      .

                      ((((((((((((((((((((((((((((( [email protected]_ 9.00.46,90 )))))))))))))))))))))))))))))))))))))))))
                      .
                      - 2007-12-20 07:46:25 56,448 ----a-w C:\WINDOWS\system32\perfc009.dat
                      + 2007-12-21 08:49:20 56,448 ----a-w C:\WINDOWS\system32\perfc009.dat
                      - 2007-12-20 07:46:26 74,370 ----a-w C:\WINDOWS\system32\perfc013.dat
                      + 2007-12-21 08:49:20 74,370 ----a-w C:\WINDOWS\system32\perfc013.dat
                      - 2007-12-20 07:46:26 387,282 ----a-w C:\WINDOWS\system32\perfh009.dat
                      + 2007-12-21 08:49:20 387,282 ----a-w C:\WINDOWS\system32\perfh009.dat
                      - 2007-12-20 07:46:26 451,054 ----a-w C:\WINDOWS\system32\perfh013.dat
                      + 2007-12-21 08:49:20 451,054 ----a-w C:\WINDOWS\system32\perfh013.dat
                      .
                      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      REGEDIT4
                      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03]
                      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 20:45]

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 15:44]
                      "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 07:59]
                      "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 07:59]
                      "Mirabilis ICQ"="C:\Program Files\ICQ\NDetect.exe"
                      "MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [2004-07-25 17:01]
                      "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-12-16 21:39]
                      "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 09:03 C:\WINDOWS\system32\rundll32.exe]
                      "nwiz"="nwiz.exe" [2001-12-31 17:04 C:\WINDOWS\system32\nwiz.exe]
                      "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 09:03 C:\WINDOWS\system32\rundll32.exe]
                      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-05-04 16:21]
                      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-06-15 20:02]
                      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
                      "MISAggregator"="C:\PROGRA~1\McAfee\MCAFEE~1\MisAgg.exe"
                      "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29]
                      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-08-26 12:34]

                      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03]
                      "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-08-26 12:34]

                      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                      Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-02-10 14:52:39]
                      Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-08-13 13:28:30]
                      Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-06 20:45:56]
                      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
                      Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [2003-08-23 13:36:16]
                      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 18:05:56]
                      Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]
                      WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-03-10 22:36:45]

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
                      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
                      backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
                      BCMSMMSG.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
                      2005-05-11 23:12 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
                      2004-10-15 14:19 16384 --a------ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
                      2003-12-16 21:37 188416 --a------ C:\Program Files\Logitech\Video\ISStart.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Guardian]
                      C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
                      c:\PROGRA~1\mcafee.com\agent\mcagent.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
                      C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFTray]
                      C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
                      C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
                      C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
                      c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
                      c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe /checktask

                      R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 15:29]
                      R3 BT4501D;SpeedTouch 120g Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\BT4501D.sys [2004-05-20 10:01]
                      S3 s3legacy;s3legacy;C:\WINDOWS\system32\DRIVERS\s3legacy.sys [2001-08-17 20:57]

                      .
                      Inhoud van de 'Gedeelde Taken' map
                      "2007-12-18 17:29:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
                      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
                      .
                      **************************************************************************

                      catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                      Rootkit scan 2007-12-21 10:13:51
                      Windows 5.1.2600 Service Pack 2 NTFS

                      scannen van verborgen processen ...

                      scannen van verborgen autostart items ...

                      scannen van verborgen bestanden ...

                      Scan succesvol afgerond
                      verborgen bestanden: 0

                      **************************************************************************
                      .
                      Voltooingstijd: 2007-12-21 10:14:58
                      C:\ComboFix2.txt ... 2007-12-20 16:35
                      C:\ComboFix3.txt ... 2007-12-20 09:33
                      .
                      2007-12-12 17:43:40 --- E O F ---
                      • Citaat

                      Comment

                      • #12
                        Volgens mij is nu alles bijna goed

                        Doe deze stappen nog:

                        Verwijder de volgende map:
                        C:\Qoobox

                        Maak dan je prullenbak leeg.

                        Download ATF cleaner (mirror)(gemaakt door Atribune)

                        Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                        Dubbelklik op ATF cleaner om het programma te starten.
                        Op het tabblad "Main", plaats je een vinkje bij Select All.
                        Klik op de knop Empty Selected.

                        Het volgende doen als je ook FireFox als browser hebt:
                        Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                        Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                        (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                        Klik op de knop Empty Selected.

                        Het volgende doen als je ook Opera als browser hebt:
                        Klik op tabblad "Opera", plaats een vinkje bij Select All.
                        Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                        Klik op de knop Empty Selected.
                        Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                        Ga naar Start - Uitvoeren en geef hier het volgende in:
                        Combofix /U
                        Druk daarna op OK.
                        Let op: Er moet een spatie tussen Combofix en /U zitten.

                        Dit zal Combofix de&#239;nstalleren.

                        Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                        Kijk hier hoe je je systeemherstel moet uitschakelen.
                        Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                        Als je dan geen problemen meer ondervindt denk ik dat we helemaal klaar zijn

                        P.s. Alle gedownloade programma's en bijbehorende logjes mag je verwijderen.
                        • Citaat

                        Comment

                        • #13
                          Beste Smeenk,

                          Hartelijk dank voor alle hulp!
                          Alvast hele fijne kerstdagen gewenst!

                          Groetjes,
                          Sandra
                          • Citaat

                          Comment

                          • #14
                            Graag gedaan hoor Sandra
                            • Citaat

                            Comment

                            Vorige template Volgende
                            Sorry, you are not authorized to view this page
                            Working...
                            X