Mededeling

**smeenk** · 27-12-07, 16:28

Download VirtumundoBegone (mirror)
Sla dit op op je bureaublad.

Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
Als de fix klaar is, start je de pc opnieuw op.
Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.

Download: RVAXO.exe

Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
Post de inhoud van de logfile in je volgende bericht.

Download Combofix naar je Bureaublad.
Dubbelklik op Combofix.exe
Kies voor "Continue" door 1 te typen gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

**Jinxx** · 28-12-07, 11:34

Hoi Smeenk

Ik was voor jouw antwoord al bezig met een scan van AVG. Die heb ik eerst afgemaakt, en vond over de 22.000 infecties...
Daarna heb ik Virt., Rvaxo en combofix laten lopen.

Eerst hier nog een Hijackthislog, daarna de resultaten van de verschillende scans:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:22, on 28-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {1F36FFB7-C183-4858-8F58-E919A6B4B6E9} - C:\WINDOWS\system32\xxwtq.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - C:\Program Files\Rvttolcg\ykvfaypi.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [HX0sXumHv5] rundll32.exe "C:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServer
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198077649202
O18 - Protocol: bw+0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 18771 bytes

[12/27/2007, 23:27:38] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\User\Bureaublad\VirtumundoBeGone.exe" )
[12/27/2007, 23:27:50] - User choose NOT to continue. Exiting...

[12/28/2007, 10:42:22] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\User\Bureaublad\VirtumundoBeGone(2).exe" )
[12/28/2007, 10:42:24] - Detected System Information:
[12/28/2007, 10:42:24] - Windows Version: 5.1.2600, Service Pack 2
[12/28/2007, 10:42:24] - Current Username: User (Admin)
[12/28/2007, 10:42:24] - Windows is in NORMAL mode.
[12/28/2007, 10:42:24] - Searching for Browser Helper Objects:
[12/28/2007, 10:42:24] - BHO 1: {1F36FFB7-C183-4858-8F58-E919A6B4B6E9} ()
[12/28/2007, 10:42:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2007, 10:42:25] - Checking for HKLM\...\Winlogon\Notify\xxwtq
[12/28/2007, 10:42:25] - Key not found: HKLM\...\Winlogon\Notify\xxwtq, continuing.
[12/28/2007, 10:42:25] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[12/28/2007, 10:42:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2007, 10:42:25] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[12/28/2007, 10:42:25] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[12/28/2007, 10:42:25] - BHO 3: {6548BF73-58FF-71D5-F97D-17C71E323709} (IntelligentAdvisor)
[12/28/2007, 10:42:25] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/28/2007, 10:42:25] - BHO 5: {76F262CF-0308-0FB4-F7A3-043266F3A47C} ()
[12/28/2007, 10:42:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2007, 10:42:25] - Checking for HKLM\...\Winlogon\Notify\ykvfaypi
[12/28/2007, 10:42:25] - Key not found: HKLM\...\Winlogon\Notify\ykvfaypi, continuing.
[12/28/2007, 10:42:25] - BHO 6: {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} ()
[12/28/2007, 10:42:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2007, 10:42:25] - Checking for HKLM\...\Winlogon\Notify\gebbxwv
[12/28/2007, 10:42:25] - Found: HKLM\...\Winlogon\Notify\gebbxwv - This is probably Virtumundo.
[12/28/2007, 10:42:25] - Assigning {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} MSEvents Object
[12/28/2007, 10:42:25] - BHO list has been changed! Starting over...
[12/28/2007, 10:42:25] - BHO 1: {1F36FFB7-C183-4858-8F58-E919A6B4B6E9} ()
[12/28/2007, 10:42:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2007, 10:42:25] - Checking for HKLM\...\Winlogon\Notify\xxwtq
[12/28/2007, 10:42:25] - Key not found: HKLM\...\Winlogon\Notify\xxwtq, continuing.
[12/28/2007, 10:42:25] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[12/28/2007, 10:42:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2007, 10:42:25] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[12/28/2007, 10:42:26] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[12/28/2007, 10:42:26] - BHO 3: {6548BF73-58FF-71D5-F97D-17C71E323709} (IntelligentAdvisor)
[12/28/2007, 10:42:26] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/28/2007, 10:42:26] - BHO 5: {76F262CF-0308-0FB4-F7A3-043266F3A47C} ()
[12/28/2007, 10:42:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2007, 10:42:26] - Checking for HKLM\...\Winlogon\Notify\ykvfaypi
[12/28/2007, 10:42:26] - Key not found: HKLM\...\Winlogon\Notify\ykvfaypi, continuing.
[12/28/2007, 10:42:26] - BHO 6: {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} (MSEvents Object)
[12/28/2007, 10:42:26] - ALERT: Found MSEvents Object!
[12/28/2007, 10:42:26] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/28/2007, 10:42:26] - BHO 8: {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} (e404mgr Class)
[12/28/2007, 10:42:26] - Finished Searching Browser Helper Objects
[12/28/2007, 10:42:26] - *** Detected MSEvents Object
[12/28/2007, 10:42:26] - Trying to remove MSEvents Object...
[12/28/2007, 10:42:27] - Terminating Process: IEXPLORE.EXE
[12/28/2007, 10:42:28] - Terminating Process: RUNDLL32.EXE
[12/28/2007, 10:42:28] - Disabling Automatic Shell Restart
[12/28/2007, 10:42:28] - Terminating Process: EXPLORER.EXE
[12/28/2007, 10:42:28] - Suspending the NT Session Manager System Service
[12/28/2007, 10:42:29] - Terminating Windows NT Logon/Logoff Manager
[12/28/2007, 10:47:30] - Re-enabling Automatic Shell Restart
[12/28/2007, 10:47:30] - File to disable: C:\WINDOWS\system32\gebbxwv.dll
[12/28/2007, 10:47:30] - Removing HKLM\...\Browser Helper Objects\{8E3FBDE2-7DBD-4040-85D9-29BBC559C129}
[12/28/2007, 10:47:30] - Removing HKCR\CLSID\{8E3FBDE2-7DBD-4040-85D9-29BBC559C129}
[12/28/2007, 10:47:31] - Adding Kill Bit for ActiveX for GUID: {8E3FBDE2-7DBD-4040-85D9-29BBC559C129}
[12/28/2007, 10:47:31] - Deleting ATLEvents/MSEvents Registry entries
[12/28/2007, 10:47:31] - Removing HKLM\...\Winlogon\Notify\gebbxwv
[12/28/2007, 10:47:32] - Searching for Browser Helper Objects:
[12/28/2007, 10:47:32] - BHO 1: {1F36FFB7-C183-4858-8F58-E919A6B4B6E9} ()
[12/28/2007, 10:47:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2007, 10:47:32] - Checking for HKLM\...\Winlogon\Notify\xxwtq
[12/28/2007, 10:47:32] - Key not found: HKLM\...\Winlogon\Notify\xxwtq, continuing.
[12/28/2007, 10:47:32] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[12/28/2007, 10:47:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2007, 10:47:32] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[12/28/2007, 10:47:32] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[12/28/2007, 10:47:32] - BHO 3: {6548BF73-58FF-71D5-F97D-17C71E323709} (IntelligentAdvisor)
[12/28/2007, 10:47:32] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/28/2007, 10:47:32] - BHO 5: {76F262CF-0308-0FB4-F7A3-043266F3A47C} ()
[12/28/2007, 10:47:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/28/2007, 10:47:32] - Checking for HKLM\...\Winlogon\Notify\ykvfaypi
[12/28/2007, 10:47:32] - Key not found: HKLM\...\Winlogon\Notify\ykvfaypi, continuing.
[12/28/2007, 10:47:32] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/28/2007, 10:47:32] - BHO 7: {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} (e404mgr Class)
[12/28/2007, 10:47:32] - Finished Searching Browser Helper Objects
[12/28/2007, 10:47:32] - Finishing up...
[12/28/2007, 10:47:32] - A restart is needed.
[12/28/2007, 10:47:45] - Attempting to Restart via STOP error (Blue Screen!)

----------------RVAXO.exe first run-------------

Files found:

C:\WINDOWS\system32\qtwxx.ini2
C:\WINDOWS\system32\ndaTqsVqrX.dll
C:\WINDOWS\system32\vbzip10.dll
C:\Documents and Settings\User\f.exe
C:\Documents and Settings\User\winlogo.exe
C:\Documents and Settings\User\services.exe
C:\svchost.exe
C:\WINDOWS\system32\pac.txt
C:\install.exe
C:\n.bat
C:\winlogon.exe
C:\8780.bat
C:\Documents and Settings\User\1640.bat
----------------RVAXO.exe first run-------------

Files found:

C:\8780.bat
C:\Documents and Settings\User\1640.bat

ComboFix 07-12-28.1 - User 2007-12-28 11:27:10.1 - NTFSx86
Gestart vanuit: C:\Documents and Settings\User\Bureaublad\ComboFix(2).exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Helper
C:\WINDOWS\ppqvmpqr
C:\WINDOWS\ppqvmpqr\1.png
C:\WINDOWS\ppqvmpqr\2.png
C:\WINDOWS\ppqvmpqr\3.png
C:\WINDOWS\ppqvmpqr\4.png
C:\WINDOWS\ppqvmpqr\5.png
C:\WINDOWS\ppqvmpqr\6.png
C:\WINDOWS\ppqvmpqr\bottom-rc.gif
C:\WINDOWS\ppqvmpqr\content.png
C:\WINDOWS\ppqvmpqr\download.gif
C:\WINDOWS\ppqvmpqr\frame-bottom-left.gif
C:\WINDOWS\ppqvmpqr\frame-h1bg.gif
C:\WINDOWS\ppqvmpqr\head.png
C:\WINDOWS\ppqvmpqr\indexuc.html
C:\WINDOWS\ppqvmpqr\indexud.html
C:\WINDOWS\ppqvmpqr\main.css
C:\WINDOWS\ppqvmpqr\net.png
C:\WINDOWS\ppqvmpqr\pc-mag.gif
C:\WINDOWS\ppqvmpqr\pc.gif
C:\WINDOWS\ppqvmpqr\poloska1.png
C:\WINDOWS\ppqvmpqr\poloska2.png
C:\WINDOWS\ppqvmpqr\poloska3.png
C:\WINDOWS\ppqvmpqr\promouc1.html
C:\WINDOWS\ppqvmpqr\promouc2.html
C:\WINDOWS\ppqvmpqr\promouc3.html
C:\WINDOWS\ppqvmpqr\promouc4.html
C:\WINDOWS\ppqvmpqr\promouc5.html
C:\WINDOWS\ppqvmpqr\promoud1.html
C:\WINDOWS\ppqvmpqr\promoud2.html
C:\WINDOWS\ppqvmpqr\promoud3.html
C:\WINDOWS\ppqvmpqr\promoud4.html
C:\WINDOWS\ppqvmpqr\promoud5.html
C:\WINDOWS\ppqvmpqr\reg.png
C:\WINDOWS\ppqvmpqr\repair.png
C:\WINDOWS\ppqvmpqr\scr-1.png
C:\WINDOWS\ppqvmpqr\scr-2.png
C:\WINDOWS\ppqvmpqr\styles.css
C:\WINDOWS\ppqvmpqr\top-rc.gif
C:\WINDOWS\ppqvmpqr\vline.gif
C:\WINDOWS\system32\drvhamr.dll
C:\WINDOWS\system32\UpMedia
C:\WINDOWS\system32\UpMedia\ContentTool.dll
C:\WINDOWS\system32\UpMedia\SearchTool.dll
C:\WINDOWS\system32\UpMedia\uninstallSE.exe
C:\x.dat
C:\z.dat
C:\WINDOWS\Fonts\'

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_IPRIP
-------\Iprip

(((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-28 ))))))))))))))))))))))))))))))
.

2007-12-28 11:04 . 2007-12-28 11:04 <DIR> d-------- C:\RVAXO
2007-12-28 10:59 . 2007-12-28 09:55 575,630 --a------ C:\WINDOWS\system32\RVAXO.bat
2007-12-28 10:59 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2007-12-28 10:59 . 2007-12-13 16:46 7,048 --a------ C:\WINDOWS\system32\fixp.bat
2007-12-27 19:02 . 2007-12-27 19:02 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-12-27 18:34 . 2007-12-27 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-27 18:07 . 2007-12-27 22:26 <DIR> d-------- C:\Program Files\Rvttolcg
2007-12-27 18:07 . 2007-12-27 18:07 1,283,174 --a------ C:\Install
2007-12-27 18:07 . 2007-12-27 18:07 104,448 --a------ C:\WINDOWS\system32\drvham.dll
2007-12-27 18:07 . 2007-12-27 18:07 144 --a------ C:\tempdel.bat
2007-12-27 18:06 . 2007-12-27 22:26 <DIR> d-------- C:\Program Files\kjmzsrgn
2007-12-27 18:06 . 2007-12-27 18:06 40,448 --a------ C:\WINDOWS\system32\khfdawx.dll
2007-12-27 17:59 . 2004-03-09 01:00 1,081,616 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2007-12-27 17:49 . 2007-12-27 17:59 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2007-12-27 17:39 . 2007-12-27 17:39 <DIR> d-------- C:\Program Files\Nieuwe map
2007-12-27 17:35 . 2007-12-28 11:38 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-27 17:22 . 2007-12-27 17:22 1,606 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2007-12-27 17:19 . 2007-12-27 19:01 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-27 17:19 . 2007-12-27 17:19 <DIR> d-------- C:\Documents and Settings\User\Application Data\PC Tools
2007-12-27 17:19 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-27 17:19 . 2007-12-27 17:22 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-27 17:19 . 2007-12-27 17:22 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-27 17:19 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-27 17:19 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-27 17:05 . 2007-12-27 17:05 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-27 14:56 . 2007-12-27 14:56 260 --a------ C:\4672.bat
2007-12-27 14:56 . 2007-12-27 14:56 209 --a------ C:\WINDOWS\system32\3557.bat
2007-12-27 14:55 . 2007-12-27 14:55 209 --a------ C:\Documents and Settings\User\8665.bat
2007-12-27 14:55 . 2007-12-27 14:55 77 --a------ C:\Documents and Settings\User\4969.bat
2007-12-26 19:48 . 2007-12-26 19:48 209 --a------ C:\WINDOWS\system32\3728.bat
2007-12-26 19:48 . 2007-12-26 19:48 128 --a------ C:\WINDOWS\system32\wgh.exe
2007-12-26 19:47 . 2007-12-26 19:47 209 --a------ C:\Documents and Settings\User\4282.bat
2007-12-26 19:47 . 2007-12-26 19:47 128 --a------ C:\Documents and Settings\User\install.exe
2007-12-26 19:42 . 2007-12-26 19:42 260 --a------ C:\7858.bat
2007-12-26 19:42 . 2007-12-26 19:42 128 --a------ C:\Documents and Settings\User\app.exe
2007-12-26 19:42 . 2007-12-26 19:42 77 --a------ C:\Documents and Settings\User\5949.bat
2007-12-26 11:58 . 2007-12-26 11:58 260 --a------ C:\8780.bat
2007-12-26 11:58 . 2007-12-26 11:58 167 --a------ C:\Documents and Settings\User\8159.bat
2007-12-26 11:58 . 2007-12-26 11:58 77 --a------ C:\Documents and Settings\User\6657.bat
2007-12-26 10:46 . 2007-12-26 10:46 35,328 --a------ C:\WINDOWS\system32\mljjjgh.dll
2007-12-26 10:46 . 2007-12-26 10:46 260 --a------ C:\9527.bat
2007-12-26 10:46 . 2007-12-26 10:46 167 --a------ C:\WINDOWS\system32\5266.bat
2007-12-26 10:46 . 2007-12-26 10:46 167 --a------ C:\Documents and Settings\User\3164.bat
2007-12-26 10:46 . 2007-12-26 10:46 77 --a------ C:\Documents and Settings\User\8423.bat
2007-12-26 10:44 . 2007-12-26 10:44 326,656 --a------ C:\WINDOWS\system32\RCX24.tmp
2007-12-25 16:11 . 2007-12-25 16:11 260 --a------ C:\2123.bat
2007-12-25 16:11 . 2007-12-25 16:11 167 --a------ C:\Documents and Settings\User\5367.bat
2007-12-25 16:11 . 2007-12-25 16:11 77 --a------ C:\Documents and Settings\User\5315.bat
2007-12-25 16:09 . 2007-12-25 16:09 326,656 --a------ C:\WINDOWS\system32\RCX23.tmp
2007-12-25 13:09 . 2007-12-25 13:09 260 --a------ C:\5647.bat
2007-12-25 13:09 . 2007-12-25 13:09 167 --a------ C:\WINDOWS\system32\7362.bat
2007-12-25 13:09 . 2007-12-25 13:09 167 --a------ C:\Documents and Settings\User\4811.bat
2007-12-25 13:09 . 2007-12-25 13:09 77 --a------ C:\Documents and Settings\User\5914.bat
2007-12-25 10:46 . 2007-12-25 10:46 35,328 --a------ C:\WINDOWS\system32\hggdeee.dll
2007-12-25 10:46 . 2007-12-25 10:46 260 --a------ C:\6089.bat
2007-12-25 10:46 . 2007-12-25 10:46 167 --a------ C:\Documents and Settings\User\8502.bat
2007-12-25 10:46 . 2007-12-25 10:46 77 --a------ C:\Documents and Settings\User\8062.bat
2007-12-25 10:43 . 2007-12-25 10:43 326,656 --a------ C:\WINDOWS\system32\RCX22.tmp
2007-12-24 15:23 . 2007-12-24 15:23 260 --a------ C:\8092.bat
2007-12-24 15:23 . 2007-12-24 15:23 167 --a------ C:\Documents and Settings\User\8604.bat
2007-12-24 15:23 . 2007-12-24 15:23 77 --a------ C:\Documents and Settings\User\1640.bat
2007-12-24 15:21 . 2007-12-24 15:21 326,656 --a------ C:\WINDOWS\system32\RCX21.tmp
2007-12-24 12:16 . 2007-12-24 12:16 35,328 --a------ C:\WINDOWS\system32\urqpnlk.dll
2007-12-24 12:16 . 2007-12-24 12:16 260 --a------ C:\8091.bat
2007-12-24 12:16 . 2007-12-24 12:16 167 --a------ C:\Documents and Settings\User\7337.bat
2007-12-24 12:16 . 2007-12-24 12:16 77 --a------ C:\Documents and Settings\User\6804.bat
2007-12-23 21:59 . 2007-12-23 21:59 363,980 --a------ C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe
2007-12-23 21:59 . 2007-12-23 21:59 18,432 --a------ C:\Documents and Settings\User\Application Data\internaldb41.dat
2007-12-23 21:06 . 2007-12-23 21:06 <DIR> d-------- C:\Documents and Settings\downloads limewire\Nieuwe map (2)
2007-12-23 21:02 . 2007-12-23 21:02 260 --a------ C:\4905.bat
2007-12-23 21:02 . 2007-12-23 21:02 167 --a------ C:\Documents and Settings\User\7664.bat
2007-12-23 21:02 . 2007-12-23 21:02 77 --a------ C:\Documents and Settings\User\2394.bat
2007-12-23 21:01 . 2007-12-27 19:01 <DIR> d--hs---- C:\Documents and Settings\downloads limewire\_
2007-12-23 21:00 . 2007-12-23 21:00 326,656 --a------ C:\WINDOWS\system32\RCX20.tmp
2007-12-23 18:51 . 2007-12-24 15:27 19,641 --a------ C:\Documents and Settings\Incomplete\downloads.dat
2007-12-23 17:42 . 2007-12-23 17:42 167 --a------ C:\Documents and Settings\User\8342.bat
2007-12-23 17:41 . 2007-12-23 17:41 260 --a------ C:\7952.bat
2007-12-23 17:41 . 2007-12-23 17:41 77 --a------ C:\Documents and Settings\User\2373.bat
2007-12-23 17:39 . 2007-12-23 17:39 326,656 --a------ C:\WINDOWS\system32\RCX1F.tmp
2007-12-23 12:07 . 2007-12-23 12:07 167 --a------ C:\Documents and Settings\User\7493.bat
2007-12-23 12:06 . 2007-12-23 12:06 <DIR> d-------- C:\WINDOWS\system32\ardCo07
2007-12-23 12:06 . 2007-12-23 12:06 <DIR> d-------- C:\Temp\cEeer12
2007-12-23 12:06 . 2007-12-26 12:05 <DIR> d-------- C:\Temp
2007-12-23 12:06 . 2007-12-23 12:06 40,448 --a------ C:\WINDOWS\system32\efccccb.dll
2007-12-23 12:06 . 2007-12-23 12:06 260 --a------ C:\6415.bat
2007-12-23 12:06 . 2007-12-23 12:06 77 --a------ C:\Documents and Settings\User\5923.bat
2007-12-23 11:48 . 2007-12-28 00:06 <DIR> d-------- C:\Documents and Settings\User\Application Data\AVG7
2007-12-23 11:48 . 2007-12-23 11:48 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-23 11:29 . 2007-12-27 15:00 <DIR> d-------- C:\Documents and Settings\User\Shared
2007-12-23 11:22 . 2007-12-23 11:22 260 --a------ C:\3773.bat
2007-12-23 11:21 . 2007-12-23 11:21 77 --a------ C:\Documents and Settings\User\8477.bat
2007-12-23 11:10 . 2007-12-27 18:37 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2007-12-23 11:10 . 2007-12-27 18:38 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-22 23:03 . 2007-12-22 23:03 0 --a------ C:\WINDOWS\system32\taskkill.exe
2007-12-22 20:33 . 2007-12-27 18:37 326,656 --a------ C:\WINDOWS\system32\xxwtq.exe
2007-12-22 20:32 . 2007-12-27 19:01 14,471 --ahs---- C:\WINDOWS\system32\qtwxx.ini
2007-12-22 20:24 . 2007-12-27 19:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-22 18:05 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-22 18:05 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-22 13:08 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F36FFB7-C183-4858-8F58-E919A6B4B6E9}]
C:\WINDOWS\system32\xxwtq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6548BF73-58FF-71D5-F97D-17C71E323709}]
2007-12-11 22:27 1019904 --a------ C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76F262CF-0308-0FB4-F7A3-043266F3A47C}]
C:\Program Files\Rvttolcg\ykvfaypi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-03-28 17:38 C:\WINDOWS\KHALMNPR.Exe]
"RegistryMechanic"=""

"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe"

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Monitor.lnk - C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe [2007-12-21 18:08:44]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"HX0sXumHv5"= rundll32.exe "C:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServer

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
rundll32.exe C:\WINDOWS\system32\drvham.dll,startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2007-12-06 16:04 32768 --a------ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
2007-12-27 18:37 326656 --a------ C:\WINDOWS\system32\xxwtq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

S3 p2pgasvc;Groepsverificatie van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2006-03-02 13:00]
S3 p2pimsvc;Identiteitsbeheer van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2006-03-02 13:00]
S3 p2psvc;Peer-netwerken;C:\WINDOWS\system32\svchost.exe [2006-03-02 13:00]
S3 PNRPSvc;Naamomzettingsprotocol van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2006-03-02 13:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 11:40:04
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2007-12-28 11:42:20 - machine was rebooted
.
2007-12-22 17:43:22 --- E O F ---

Wat mij wel opviel is, dat Spyware doctor niet meer automatisch opstart als Windows opstart.

Ook geeft hij tijdens opstarten het volgende aan:
kan C:\WINDOWS\system32\ndaTqsVqrX.dll niet opstarten... of iets dergelijks.

**smeenk** · 28-12-07, 11:48

Open de map RVAXO en dubbelklik Uninstall.cmd
Dit zal alles van RVAXO verwijderen.

Download RVAXO nu even opnieuw en voer het opnieuw uit(inclusief herstart en run na de herstart)

Post na de herstart C:\RVAXO-results.log en een nieuw logje van Combofix

**Jinxx** · 28-12-07, 12:26

Hoi smeenk,

Hier het nieuwe logje van RVAXO.

P.S. De pc is nu wel zéér traag..... het duurt minstens 10 min. voordat ik iets met de pc kan doen na opstarten. Ook IE is errrug traag.
AVG start blijkbaar wél op, maar is niet zichtbaar rechtsonder (pictogram) maar in taakbeheer staat hij wel vermeld als actief proces. Spydoctor niet.

----------------RVAXO.exe first run-------------

Files found:

C:\8780.bat
C:\Documents and Settings\User\1640.bat
C:\8091.bat
C:\Documents and Settings\User\4811.bat
C:\4672.bat
C:\7952.bat
C:\8092.bat
C:\Documents and Settings\User\4282.bat
C:\Documents and Settings\User\8062.bat
C:\Documents and Settings\User\8342.bat
C:\Documents and Settings\User\8502.bat
C:\WINDOWS\system32\7362.bat
C:\2123.bat
C:\3773.bat
C:\Documents and Settings\User\2373.bat
C:\Documents and Settings\User\5923.bat
C:\Documents and Settings\User\7493.bat
C:\Documents and Settings\User\8423.bat
C:\4905.bat
C:\6415.bat
C:\Documents and Settings\User\5315.bat
C:\Documents and Settings\User\8665.bat
C:\5647.bat
C:\9527.bat
C:\Documents and Settings\User\5367.bat
C:\Documents and Settings\User\6657.bat
C:\Documents and Settings\User\7337.bat
C:\Documents and Settings\User\8477.bat
C:\WINDOWS\system32\3557.bat
C:\7858.bat
C:\WINDOWS\system32\3728.bat
C:\6089.bat
C:\Documents and Settings\User\4969.bat
C:\Documents and Settings\User\5949.bat
C:\Documents and Settings\User\8159.bat
C:\WINDOWS\system32\7362.bat
C:\WINDOWS\system32\5266.bat
C:\WINDOWS\system32\3557.bat
C:\WINDOWS\system32\3728.bat
C:\Documents and Settings\User\1640.bat
C:\Documents and Settings\User\4811.bat
C:\Documents and Settings\User\4282.bat
C:\Documents and Settings\User\8062.bat
C:\Documents and Settings\User\8342.bat
C:\Documents and Settings\User\8502.bat
C:\Documents and Settings\User\2373.bat
C:\Documents and Settings\User\5923.bat
C:\Documents and Settings\User\7493.bat
C:\Documents and Settings\User\8423.bat
C:\Documents and Settings\User\2394.bat
C:\Documents and Settings\User\3164.bat
C:\Documents and Settings\User\5914.bat
C:\Documents and Settings\User\6804.bat
C:\Documents and Settings\User\7664.bat
C:\Documents and Settings\User\8604.bat
C:\Documents and Settings\User\5315.bat
C:\Documents and Settings\User\8665.bat
C:\Documents and Settings\User\5367.bat
C:\Documents and Settings\User\6657.bat
C:\Documents and Settings\User\7337.bat
C:\Documents and Settings\User\8477.bat
C:\Documents and Settings\User\4969.bat
C:\Documents and Settings\User\5949.bat
C:\Documents and Settings\User\8159.bat

Uninstallers Rogue scanners:

Folders Found:

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------

Files found:

Folders Found:

--------------RVAXO.exe finished----------------

**smeenk** · 28-12-07, 12:35

Maak een nieuw logje met Combofix en post dat.

**Jinxx** · 28-12-07, 13:09

Hoi Smeenk,

Logje van ComboFix:

ComboFix 07-12-28.1 - User 2007-12-28 13:36:09.2 - NTFSx86
Gestart vanuit: C:\Documents and Settings\User\Bureaublad\ComboFix.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-28 ))))))))))))))))))))))))))))))
.

2007-12-28 13:07 . 2007-12-28 13:07 <DIR> d-------- C:\RVAXO
2007-12-28 13:03 . 2007-12-28 09:55 575,630 --a------ C:\WINDOWS\system32\RVAXO.bat
2007-12-28 13:03 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2007-12-27 19:02 . 2007-12-27 19:02 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-12-27 18:34 . 2007-12-27 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-27 18:07 . 2007-12-27 22:26 <DIR> d-------- C:\Program Files\Rvttolcg
2007-12-27 18:07 . 2007-12-27 18:07 1,283,174 --a------ C:\Install
2007-12-27 18:07 . 2007-12-27 18:07 104,448 --a------ C:\WINDOWS\system32\drvham.dll
2007-12-27 18:07 . 2007-12-27 18:07 144 --a------ C:\tempdel.bat
2007-12-27 18:06 . 2007-12-27 22:26 <DIR> d-------- C:\Program Files\kjmzsrgn
2007-12-27 18:06 . 2007-12-27 18:06 40,448 --a------ C:\WINDOWS\system32\khfdawx.dll
2007-12-27 17:59 . 2004-03-09 01:00 1,081,616 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2007-12-27 17:49 . 2007-12-27 17:59 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2007-12-27 17:39 . 2007-12-27 17:39 <DIR> d-------- C:\Program Files\Nieuwe map
2007-12-27 17:35 . 2007-12-28 13:08 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-27 17:22 . 2007-12-27 17:22 1,606 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2007-12-27 17:19 . 2007-12-27 19:01 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-27 17:19 . 2007-12-27 17:19 <DIR> d-------- C:\Documents and Settings\User\Application Data\PC Tools
2007-12-27 17:19 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-27 17:19 . 2007-12-27 17:22 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-27 17:19 . 2007-12-27 17:22 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-27 17:19 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-27 17:19 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-27 17:05 . 2007-12-27 17:05 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-26 19:48 . 2007-12-26 19:48 128 --a------ C:\WINDOWS\system32\wgh.exe
2007-12-26 19:47 . 2007-12-26 19:47 128 --a------ C:\Documents and Settings\User\install.exe
2007-12-26 19:42 . 2007-12-26 19:42 128 --a------ C:\Documents and Settings\User\app.exe
2007-12-26 10:46 . 2007-12-26 10:46 35,328 --a------ C:\WINDOWS\system32\mljjjgh.dll
2007-12-26 10:44 . 2007-12-26 10:44 326,656 --a------ C:\WINDOWS\system32\RCX24.tmp
2007-12-25 16:09 . 2007-12-25 16:09 326,656 --a------ C:\WINDOWS\system32\RCX23.tmp
2007-12-25 10:46 . 2007-12-25 10:46 35,328 --a------ C:\WINDOWS\system32\hggdeee.dll
2007-12-25 10:43 . 2007-12-25 10:43 326,656 --a------ C:\WINDOWS\system32\RCX22.tmp
2007-12-24 15:21 . 2007-12-24 15:21 326,656 --a------ C:\WINDOWS\system32\RCX21.tmp
2007-12-24 12:16 . 2007-12-24 12:16 35,328 --a------ C:\WINDOWS\system32\urqpnlk.dll
2007-12-23 21:59 . 2007-12-23 21:59 363,980 --a------ C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe
2007-12-23 21:59 . 2007-12-23 21:59 18,432 --a------ C:\Documents and Settings\User\Application Data\internaldb41.dat
2007-12-23 21:06 . 2007-12-23 21:06 <DIR> d-------- C:\Documents and Settings\downloads limewire\Nieuwe map (2)
2007-12-23 21:01 . 2007-12-27 19:01 <DIR> d--hs---- C:\Documents and Settings\downloads limewire\_
2007-12-23 21:00 . 2007-12-23 21:00 326,656 --a------ C:\WINDOWS\system32\RCX20.tmp
2007-12-23 18:51 . 2007-12-24 15:27 19,641 --a------ C:\Documents and Settings\Incomplete\downloads.dat
2007-12-23 17:39 . 2007-12-23 17:39 326,656 --a------ C:\WINDOWS\system32\RCX1F.tmp
2007-12-23 12:06 . 2007-12-23 12:06 <DIR> d-------- C:\WINDOWS\system32\ardCo07
2007-12-23 12:06 . 2007-12-23 12:06 <DIR> d-------- C:\Temp\cEeer12
2007-12-23 12:06 . 2007-12-26 12:05 <DIR> d-------- C:\Temp
2007-12-23 12:06 . 2007-12-23 12:06 40,448 --a------ C:\WINDOWS\system32\efccccb.dll
2007-12-23 11:48 . 2007-12-28 11:55 <DIR> d-------- C:\Documents and Settings\User\Application Data\AVG7
2007-12-23 11:48 . 2007-12-23 11:48 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-23 11:29 . 2007-12-27 15:00 <DIR> d-------- C:\Documents and Settings\User\Shared
2007-12-23 11:10 . 2007-12-27 18:37 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2007-12-23 11:10 . 2007-12-27 18:38 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-22 23:03 . 2007-12-22 23:03 0 --a------ C:\WINDOWS\system32\taskkill.exe
2007-12-22 20:33 . 2007-12-27 18:37 326,656 --a------ C:\WINDOWS\system32\xxwtq.exe
2007-12-22 20:32 . 2007-12-27 19:01 14,471 --ahs---- C:\WINDOWS\system32\qtwxx.ini
2007-12-22 20:24 . 2007-12-28 11:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-22 18:05 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-22 18:05 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-22 13:08 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-21 23:48 . 2007-12-21 23:48 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-21 23:41 . 2007-12-22 18:00 <DIR> d-------- C:\Documents and Settings\User\Contacts
2007-12-21 23:20 . 2007-12-22 18:00 <DIR> d----c--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-21 23:19 . 2007-12-22 00:27 <DIR> d-------- C:\Program Files\Windows Live
2007-12-21 23:18 . 2007-12-21 23:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-21 22:10 . 2007-12-23 11:26 <DIR> d-------- C:\Documents and Settings\downloads limewire\Nieuwe map
2007-12-21 18:36 . 2007-12-21 18:36 <DIR> d-------- C:\Documents and Settings\User\Application Data\ArcSoft
2007-12-21 18:27 . 2007-12-21 18:34 <DIR> d-------- C:\Documents and Settings\User\Application Data\muvee Technologies
2007-12-21 18:10 . 2007-12-21 18:10 <DIR> d-------- C:\Program Files\muvee Technologies
2007-12-21 18:10 . 2007-12-21 18:10 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies
2007-12-21 18:09 . 2007-12-21 18:09 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2007-12-21 18:09 . 2006-01-23 19:20 1,645,320 --a------ C:\WINDOWS\system32\GdiPlus.dll
2007-12-21 18:09 . 2005-06-20 19:29 245,408 --a------ C:\WINDOWS\system32\unicows.dll
2007-12-21 18:08 . 2004-08-27 16:00 180,224 --a------ C:\WINDOWS\system32\ArcSoft Screen Saver.scr
2007-12-21 18:07 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2007-12-21 18:03 . 2007-12-21 18:09 <DIR> d-------- C:\Program Files\ArcSoft
2007-12-21 18:03 . 2007-12-21 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies
2007-12-21 18:03 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-12-21 17:58 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-12-21 17:58 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-12-21 17:58 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2007-12-21 17:57 . 2007-12-21 17:57 <DIR> d-------- C:\WINDOWS\V58N
2007-12-21 17:57 . 2007-12-21 17:57 <DIR> d-------- C:\Program Files\DV 8800N
2007-12-21 17:57 . 2004-10-27 16:29 3,584 --a------ C:\WINDOWS\system32\CoachDlg.lng
2007-12-21 16:44 . 2007-12-28 13:01 <DIR> d-------- C:\Program Files\IntelligentAdvisor
2007-12-21 16:34 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-21 16:29 . 2007-12-21 16:34 <DIR> d-------- C:\Documents and Settings\downloads limewire\Incomplete
2007-12-21 16:28 . 2007-12-27 15:01 <DIR> d-------- C:\Documents and Settings\User\Incomplete
2007-12-21 16:27 . 2007-12-27 15:00 <DIR> d-------- C:\Documents and Settings\User\Application Data\LimeWire
2007-12-20 09:10 . 2007-12-21 16:33 <DIR> d-------- C:\Program Files\Java
2007-12-20 08:59 . 2007-12-20 08:59 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-20 08:54 . 2007-12-20 08:54 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-19 23:41 . 2007-12-19 23:42 <DIR> d-------- C:\Program Files\Opera
2007-12-19 23:33 . 2001-09-06 19:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-12-19 23:33 . 2001-09-06 19:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-12-19 23:32 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-12-19 23:32 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-12-19 22:24 . 2004-11-17 18:43 352,768 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-12-19 18:37 . 2007-07-01 04:36 1,032,192 --a------ C:\WINDOWS\system32\ieframe.dll.mui
2007-12-19 18:34 . 2007-12-19 23:04 <DIR> d-------- C:\WINDOWS\system32\nl-nl
2007-12-19 18:28 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-19 18:28 . 2007-07-01 04:36 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-19 18:28 . 2007-10-11 00:53 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F36FFB7-C183-4858-8F58-E919A6B4B6E9}]
C:\WINDOWS\system32\xxwtq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6548BF73-58FF-71D5-F97D-17C71E323709}]
2007-12-11 22:27 1019904 --a------ C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76F262CF-0308-0FB4-F7A3-043266F3A47C}]
C:\Program Files\Rvttolcg\ykvfaypi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-28 12:44]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-03-28 17:38 C:\WINDOWS\KHALMNPR.Exe]
"RegistryMechanic"=""

"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe"

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-28 11:54]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-28 11:54]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Monitor.lnk - C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe [2007-12-21 18:08:44]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
rundll32.exe C:\WINDOWS\system32\drvham.dll,startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2007-12-06 16:04 32768 --a------ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
2007-12-27 18:37 326656 --a------ C:\WINDOWS\system32\xxwtq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 13:44:53
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

**************************************************************************
.
Voltooingstijd: 2007-12-28 13:49:00
.
2007-12-22 17:43:22 --- E O F ---

**smeenk** · 28-12-07, 13:41

Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
Dit zal alles van RVAXO doen verwijderen.

Download de bijlage: CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.

Bijgevoegde Bestanden

cfscript.txt (1,2 KB, 114 keer bekeken)

**Jinxx** · 28-12-07, 14:16

Hoi Smeenk, hier het logje:

ComboFix 07-12-28.1 - User 2007-12-28 14:58:36.3 - NTFSx86
Gestart vanuit: C:\Documents and Settings\User\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Bureaublad\cfscript.txt
* Nieuw herstelpunt werd aangemaakt

FILE
C:\Documents and Settings\User\app.exe
C:\Documents and Settings\User\install.exe
C:\Install
C:\tempdel.bat
C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe
C:\WINDOWS\system32\drvham.dll
C:\WINDOWS\system32\efccccb.dll
C:\WINDOWS\system32\hggdeee.dll
C:\WINDOWS\system32\khfdawx.dll
C:\WINDOWS\system32\mljjjgh.dll
C:\WINDOWS\system32\qtwxx.ini
C:\WINDOWS\system32\RCX1F.tmp
C:\WINDOWS\system32\RCX20.tmp
C:\WINDOWS\system32\RCX21.tmp
C:\WINDOWS\system32\RCX22.tmp
C:\WINDOWS\system32\RCX23.tmp
C:\WINDOWS\system32\RCX24.tmp
C:\WINDOWS\system32\urqpnlk.dll
C:\WINDOWS\system32\wgh.exe
C:\WINDOWS\system32\xxwtq.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\User\app.exe
C:\Documents and Settings\User\install.exe
C:\Install
C:\Program Files\IntelligentAdvisor
C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll
C:\Program Files\IntelligentAdvisor\IntelligentAdvisor.dat
C:\Program Files\IntelligentAdvisor\pcre3.dll
C:\Program Files\IntelligentAdvisor\uninstall.exe
C:\Program Files\kjmzsrgn
C:\Program Files\Rvttolcg
C:\Temp\cEeer12
C:\tempdel.bat
C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe
C:\WINDOWS\system32\ardCo07
C:\WINDOWS\system32\ardCo07\ardCo071084.exe
C:\WINDOWS\system32\drvham.dll
C:\WINDOWS\system32\efccccb.dll
C:\WINDOWS\system32\hggdeee.dll
C:\WINDOWS\system32\khfdawx.dll
C:\WINDOWS\system32\mljjjgh.dll
C:\WINDOWS\system32\qtwxx.ini
C:\WINDOWS\system32\RCX1F.tmp
C:\WINDOWS\system32\RCX20.tmp
C:\WINDOWS\system32\RCX21.tmp
C:\WINDOWS\system32\RCX22.tmp
C:\WINDOWS\system32\RCX23.tmp
C:\WINDOWS\system32\RCX24.tmp
C:\WINDOWS\system32\urqpnlk.dll
C:\WINDOWS\system32\wgh.exe
C:\WINDOWS\system32\xxwtq.exe

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-28 ))))))))))))))))))))))))))))))
.

2007-12-27 19:02 . 2007-12-27 19:02 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-12-27 18:34 . 2007-12-27 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-27 17:59 . 2004-03-09 01:00 1,081,616 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2007-12-27 17:49 . 2007-12-27 17:59 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2007-12-27 17:39 . 2007-12-27 17:39 <DIR> d-------- C:\Program Files\Nieuwe map
2007-12-27 17:35 . 2007-12-28 13:53 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-27 17:22 . 2007-12-27 17:22 1,606 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2007-12-27 17:19 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-27 17:05 . 2007-12-27 17:05 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-23 21:59 . 2007-12-23 21:59 18,432 --a------ C:\Documents and Settings\User\Application Data\internaldb41.dat
2007-12-23 21:06 . 2007-12-23 21:06 <DIR> d-------- C:\Documents and Settings\downloads limewire\Nieuwe map (2)
2007-12-23 21:01 . 2007-12-27 19:01 <DIR> d--hs---- C:\Documents and Settings\downloads limewire\_
2007-12-23 18:51 . 2007-12-24 15:27 19,641 --a------ C:\Documents and Settings\Incomplete\downloads.dat
2007-12-23 12:06 . 2007-12-28 15:05 <DIR> d-------- C:\Temp
2007-12-23 11:48 . 2007-12-28 11:55 <DIR> d-------- C:\Documents and Settings\User\Application Data\AVG7
2007-12-23 11:48 . 2007-12-23 11:48 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-23 11:29 . 2007-12-27 15:00 <DIR> d-------- C:\Documents and Settings\User\Shared
2007-12-23 11:10 . 2007-12-27 18:37 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2007-12-23 11:10 . 2007-12-27 18:38 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-22 23:03 . 2007-12-22 23:03 0 --a------ C:\WINDOWS\system32\taskkill.exe
2007-12-22 20:24 . 2007-12-28 11:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-22 18:05 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-22 18:05 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-22 13:08 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-21 23:48 . 2007-12-21 23:48 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-21 23:41 . 2007-12-22 18:00 <DIR> d-------- C:\Documents and Settings\User\Contacts
2007-12-21 23:20 . 2007-12-22 18:00 <DIR> d----c--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-21 23:19 . 2007-12-22 00:27 <DIR> d-------- C:\Program Files\Windows Live
2007-12-21 23:18 . 2007-12-21 23:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-21 22:10 . 2007-12-23 11:26 <DIR> d-------- C:\Documents and Settings\downloads limewire\Nieuwe map
2007-12-21 18:36 . 2007-12-21 18:36 <DIR> d-------- C:\Documents and Settings\User\Application Data\ArcSoft
2007-12-21 18:27 . 2007-12-21 18:34 <DIR> d-------- C:\Documents and Settings\User\Application Data\muvee Technologies
2007-12-21 18:10 . 2007-12-21 18:10 <DIR> d-------- C:\Program Files\muvee Technologies
2007-12-21 18:10 . 2007-12-21 18:10 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies
2007-12-21 18:09 . 2007-12-21 18:09 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2007-12-21 18:09 . 2006-01-23 19:20 1,645,320 --a------ C:\WINDOWS\system32\GdiPlus.dll
2007-12-21 18:09 . 2005-06-20 19:29 245,408 --a------ C:\WINDOWS\system32\unicows.dll
2007-12-21 18:08 . 2004-08-27 16:00 180,224 --a------ C:\WINDOWS\system32\ArcSoft Screen Saver.scr
2007-12-21 18:07 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2007-12-21 18:03 . 2007-12-21 18:09 <DIR> d-------- C:\Program Files\ArcSoft
2007-12-21 18:03 . 2007-12-21 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies
2007-12-21 18:03 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-12-21 17:58 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-12-21 17:58 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-12-21 17:58 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2007-12-21 17:57 . 2007-12-21 17:57 <DIR> d-------- C:\WINDOWS\V58N
2007-12-21 17:57 . 2007-12-21 17:57 <DIR> d-------- C:\Program Files\DV 8800N
2007-12-21 17:57 . 2004-10-27 16:29 3,584 --a------ C:\WINDOWS\system32\CoachDlg.lng
2007-12-21 16:34 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-21 16:29 . 2007-12-21 16:34 <DIR> d-------- C:\Documents and Settings\downloads limewire\Incomplete
2007-12-21 16:28 . 2007-12-27 15:01 <DIR> d-------- C:\Documents and Settings\User\Incomplete
2007-12-21 16:27 . 2007-12-27 15:00 <DIR> d-------- C:\Documents and Settings\User\Application Data\LimeWire
2007-12-20 09:10 . 2007-12-21 16:33 <DIR> d-------- C:\Program Files\Java
2007-12-20 08:59 . 2007-12-20 08:59 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-20 08:54 . 2007-12-20 08:54 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-19 23:41 . 2007-12-19 23:42 <DIR> d-------- C:\Program Files\Opera
2007-12-19 23:33 . 2001-09-06 19:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-12-19 23:33 . 2001-09-06 19:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-12-19 23:32 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-12-19 23:32 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-12-19 22:24 . 2004-11-17 18:43 352,768 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-12-19 18:37 . 2007-07-01 04:36 1,032,192 --a------ C:\WINDOWS\system32\ieframe.dll.mui
2007-12-19 18:34 . 2007-12-19 23:04 <DIR> d-------- C:\WINDOWS\system32\nl-nl
2007-12-19 18:28 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-19 18:28 . 2007-07-01 04:36 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-19 18:28 . 2007-10-11 00:53 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-19 18:28 . 2007-10-11 00:53 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-19 18:28 . 2007-10-11 00:53 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-19 18:28 . 2007-10-11 00:53 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-19 18:28 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-19 18:27 . 2007-10-11 00:53 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-19 18:27 . 2007-10-11 00:53 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-19 17:08 . 2007-12-19 17:08 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-19 16:34 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-12-19 16:22 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-19 16:20 . 2007-12-19 16:20 <DIR> d---s---- C:\Documents and Settings\User\UserData
2007-12-13 14:38 . 2007-12-18 12:26 49 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-13 14:35 . 2003-12-19 19:48 89,184 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2007-12-13 14:35 . 2003-12-23 15:40 57,344 --a------ C:\WINDOWS\system32\ImageDrive.cpl
2007-12-13 14:28 . 2007-12-13 15:39 <DIR> d-------- C:\Documents and Settings\User\Application Data\Ahead
2007-12-13 14:26 . 2003-12-16 15:36 1,331,200 --------- C:\WINDOWS\UNNeroVision.exe
2007-12-13 14:26 . 2003-12-22 12:34 72,743 --------- C:\WINDOWS\UNNeroVision.cfg
2007-12-13 14:26 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-12-13 14:25 . 2007-12-13 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-12-13 14:24 . 2007-12-13 14:24 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-12-13 14:24 . 2007-12-13 14:35 <DIR> d-------- C:\Program Files\Ahead
2007-12-13 14:24 . 2001-07-06 13:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2007-12-13 14:24 . 2001-07-06 11:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2007-12-13 14:24 . 2001-07-06 17:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2007-12-13 14:24 . 2001-06-26 07:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2007-12-13 14:00 . 2007-12-13 14:02 63 --a------ C:\WINDOWS\WINHELP.BMK
2007-12-13 12:53 . 2007-12-13 12:53 23,416 --a------ C:\WINDOWS\ACCEX.hbr
2007-12-13 12:53 . 2007-12-13 14:02 90 --a------ C:\WINDOWS\hyprview.ini
2007-12-13 12:42 . 2007-12-13 12:42 <DIR> d-------- C:\Program Files\Davilex
2007-12-10 13:33 . 2004-01-14 02:10 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE
2007-12-10 13:32 . 2003-09-18 14:32 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-12-10 13:32 . 2003-09-18 14:32 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-12-10 13:32 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-12-10 13:31 . 2007-12-10 13:31 <DIR> d-------- C:\WINDOWS\StartHtmico
2007-12-10 13:31 . 2005-03-25 06:10 139,776 --a------ C:\WINDOWS\system32\CNMLM75.DLL

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-28 12:44]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-03-28 17:38 C:\WINDOWS\KHALMNPR.Exe]
"RegistryMechanic"=""

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-28 11:54]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-28 11:54]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Monitor.lnk - C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe [2007-12-21 18:08:44]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2007-12-06 16:04 32768 --a------ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 15:05:54
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

**************************************************************************
.
Voltooingstijd: 2007-12-28 15:08:00
C:\ComboFix2.txt ... 2007-12-28 13:49
.
2007-12-22 17:43:22 --- E O F ---

**smeenk** · 28-12-07, 14:26

Verwijder de volgende map:
C:\Qoobox

Maak dan je prullenbak leeg.

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Ga naar Start - Uitvoeren en geef hier het volgende in:
Combofix /U
Druk daarna op OK.
Let op: Er moet een spatie tussen Combofix en /U zitten.

Dit zal Combofix deïnstalleren.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Post als laatste nog een nieuw logje van Hijackthis ter controle en vertel of je nog problemen ondervindt

**Jinxx** · 28-12-07, 15:06

Hier het logje van Hijackthis.
Ik vind dat de pc nog steeds heel erg traag opstart, vooral AVG... zolang die bezig is met opstarten, kun je bijna 10 min. niets doen. Is er een alternatief?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:47, on 28-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLime.dll
O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLime.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLime.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198077649202
O18 - Protocol: bw+0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CDECD663-A2CC-458F-B6CB-EF7DD0327125} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 17556 bytes

**smeenk** · 28-12-07, 15:10

Ik zou deze eens deïnstalleren: http://www.castlecops.com/tk39433-Li...s_Toolbar.html

Meld daarna of dat verbetering geeft

**Jinxx** · 28-12-07, 15:27

Casstlecops verwijderd, was een toolbar van LimewirePlus.
Maar het opstarten van de pc loopt nog steeds errrugg traag.
In Taakbeheer staat, dat AVG wel al loopt, maar er is niets te zien. Na verloop van tijd verschijnt eindelijk het pictogram rechtsonder, maar dat is pas ná ong. 10 min.
Iets is er nog niet helemaal in orde.... Openen van programmas of mappen verloopt ook nog erg traag...

**smeenk** · 28-12-07, 15:33

Je zou ook dit nog even kunnen proberen:
Download Dial-a-fix-2006 en pak beide bestanden in hun eigen map uit naar je Bureaublad.

In de map Dial-a-fix-v0.60.0.24, dubbelklik op Dial-a-fix.exe
In het venster dat opengaat, klik onderaan op het icoontje met het dubbele groene vinkje (check all).
Klik daarna op "GO" en laat de tool alle instellingen terugzetten.
Sluit dit venster na afloop door onderaan op "Exit" te klikken.

Meld of dat verbetering geeft.

**Jinxx** · 28-12-07, 16:01

Nog niet echt een verbetering. Als je nog suggesties hebt, hoor ik het graag, voor nu bedankt, en ik ga morgen weer verder.

Mededeling

Hijacky

Hijacky

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment