Mededeling

Collapse
No announcement yet.

Last van storageprotector

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Last van storageprotector

    Hoi allemaal,

    ook ik heb de laatste tijd last van storageprotector, echt heel irritant. Ik heb eerst geprobeerd om zelf dit te verwijderen, met behulp van al geposte berichtjes op hulpsites en overige info op internet.
    Hel leek mij te zijn gelukt, totdat ik mijn pc aanzette vandaag. Het was weer net zo hard terug gekomen... snif
    Ik hoop dat iemand mij zou willen helpen, want het is toch wel erg storend. Alvast bedankt!!

    Groetjes

  • #2
    Dit is overigens mijn HJT:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:14:20, on 29-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\jqxkjigg.exe
    C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
    C:\Program Files\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Carolien.DEWITTE\Mijn documenten\Diversen\Programma's\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://klant.casema.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    file:///C:/Documents%20and%20Settings/Carolien.DEWITTE/Mijn%20documenten/Diversen/Startpagina/Startp

    agina.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

    files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE"

    /s
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
    O4 - HKLM\..\Run: [winlog] winlog.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\Carolien.DEWITTE\Mijn

    documenten\Diversen\Programma's\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKLM\..\Run: [244436490db8] C:\WINDOWS\system32\clusapi9.exe
    O4 - HKLM\..\Run: [70d6b825] rundll32.exe "C:\WINDOWS\system32\jadsnwem.dll",b
    O4 - HKLM\..\RunServices: [winlog] winlog.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\krdsrngr.exe
    O4 - Global Startup: Casema SnelHelp.lnk = C:\bin\matcli.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

    C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

    http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -

    http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) -

    http://express.foto.com/NewUploader/ImageUploader4.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

    http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) -

    http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -

    http://game02.zylom.com/activex/zylomgamesplayer.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program

    Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

    C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\jqxkjigg.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

    Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program

    Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: Microsoft cache control (MSControlService) - Unknown owner -

    C:\WINDOWS\system32\windows
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda

    Software\Panda Antivirus Titanium\Pavsrv51.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware

    Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware

    Doctor\swdsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program

    Files\Webroot\Spy Sweeper\WRSSSDK.exe

    --
    End of file - 8150 bytes
    Last edited by ; 29-12-07, 19:14.

    Comment


    • #3
      Download VirtumundoBegone (mirror)
      Sla dit op op je bureaublad.

      Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
      Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
      Als de fix klaar is, start je de pc opnieuw op.
      Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.


      Download: RVAXO.exe
      • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
      • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
        Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
      • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
      • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
        Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
      • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
      • Post de inhoud van de logfile in je volgende bericht.


      Download Combofix naar je Bureaublad.
      Dubbelklik op Combofix.exe
      Kies voor "Continue" door 1 te typen gevolgd door ENTER.
      Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
      Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
      Plaats deze log in je volgende post.

      NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

      Comment


      • #4
        Allereerst de Virtumundo LOG:


        [12/29/2007, 19:44:45] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Carolien.DEWITTE\Mijn documenten\Diversen\Programma's\Virtumundo\VirtumundoBeGone.exe" )
        [12/29/2007, 19:45:23] - Detected System Information:
        [12/29/2007, 19:45:23] - Windows Version: 5.1.2600, Service Pack 2
        [12/29/2007, 19:45:23] - Current Username: Carolien (Admin)
        [12/29/2007, 19:45:23] - Windows is in NORMAL mode.
        [12/29/2007, 19:45:23] - Searching for Browser Helper Objects:
        [12/29/2007, 19:45:23] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
        [12/29/2007, 19:45:23] - BHO 2: {26E45419-7205-4fac-BBFE-174BC7337A79} (ads_optimizer)
        [12/29/2007, 19:45:23] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
        [12/29/2007, 19:45:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/29/2007, 19:45:23] - Checking for HKLM\...\Winlogon\Notify\SDHelper
        [12/29/2007, 19:45:23] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
        [12/29/2007, 19:45:23] - BHO 4: {734b9dc5-734d-4600-bb4c-ac69d665cfea} ()
        [12/29/2007, 19:45:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/29/2007, 19:45:23] - Checking for HKLM\...\Winlogon\Notify\ogpuqbyi
        [12/29/2007, 19:45:23] - Key not found: HKLM\...\Winlogon\Notify\ogpuqbyi, continuing.
        [12/29/2007, 19:45:23] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
        [12/29/2007, 19:45:23] - BHO 6: {7E6520F4-543F-4CB8-9B7B-6378D71D3FC9} ()
        [12/29/2007, 19:45:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/29/2007, 19:45:23] - Checking for HKLM\...\Winlogon\Notify\ssqpn
        [12/29/2007, 19:45:23] - Key not found: HKLM\...\Winlogon\Notify\ssqpn, continuing.
        [12/29/2007, 19:45:23] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
        [12/29/2007, 19:45:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/29/2007, 19:45:23] - No filename found. Continuing.
        [12/29/2007, 19:45:23] - BHO 8: {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} ()
        [12/29/2007, 19:45:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/29/2007, 19:45:23] - Checking for HKLM\...\Winlogon\Notify\pmnliji
        [12/29/2007, 19:45:23] - Found: HKLM\...\Winlogon\Notify\pmnliji - This is probably Virtumundo.
        [12/29/2007, 19:45:23] - Assigning {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} MSEvents Object
        [12/29/2007, 19:45:23] - BHO list has been changed! Starting over...
        [12/29/2007, 19:45:23] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
        [12/29/2007, 19:45:23] - BHO 2: {26E45419-7205-4fac-BBFE-174BC7337A79} (ads_optimizer)
        [12/29/2007, 19:45:23] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
        [12/29/2007, 19:45:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/29/2007, 19:45:23] - Checking for HKLM\...\Winlogon\Notify\SDHelper
        [12/29/2007, 19:45:23] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
        [12/29/2007, 19:45:23] - BHO 4: {734b9dc5-734d-4600-bb4c-ac69d665cfea} ()
        [12/29/2007, 19:45:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/29/2007, 19:45:23] - Checking for HKLM\...\Winlogon\Notify\ogpuqbyi
        [12/29/2007, 19:45:23] - Key not found: HKLM\...\Winlogon\Notify\ogpuqbyi, continuing.
        [12/29/2007, 19:45:23] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
        [12/29/2007, 19:45:23] - BHO 6: {7E6520F4-543F-4CB8-9B7B-6378D71D3FC9} ()
        [12/29/2007, 19:45:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/29/2007, 19:45:23] - Checking for HKLM\...\Winlogon\Notify\ssqpn
        [12/29/2007, 19:45:23] - Key not found: HKLM\...\Winlogon\Notify\ssqpn, continuing.
        [12/29/2007, 19:45:23] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
        [12/29/2007, 19:45:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/29/2007, 19:45:23] - No filename found. Continuing.
        [12/29/2007, 19:45:23] - BHO 8: {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} (MSEvents Object)
        [12/29/2007, 19:45:23] - ALERT: Found MSEvents Object!
        [12/29/2007, 19:45:23] - BHO 9: {A95B2816-1D7E-4561-A202-68C0DE02353A} ()
        [12/29/2007, 19:45:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/29/2007, 19:45:23] - Checking for HKLM\...\Winlogon\Notify\ibixdfkw
        [12/29/2007, 19:45:23] - Found: HKLM\...\Winlogon\Notify\ibixdfkw - This is probably Virtumundo.
        [12/29/2007, 19:45:23] - Assigning {A95B2816-1D7E-4561-A202-68C0DE02353A} MSEvents Object
        [12/29/2007, 19:45:23] - BHO list has been changed! Starting over...
        [12/29/2007, 19:45:23] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
        [12/29/2007, 19:45:23] - BHO 2: {26E45419-7205-4fac-BBFE-174BC7337A79} (ads_optimizer)
        [12/29/2007, 19:45:23] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
        [12/29/2007, 19:45:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/29/2007, 19:45:23] - Checking for HKLM\...\Winlogon\Notify\SDHelper
        [12/29/2007, 19:45:23] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
        [12/29/2007, 19:45:23] - BHO 4: {734b9dc5-734d-4600-bb4c-ac69d665cfea} ()
        [12/29/2007, 19:45:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/29/2007, 19:45:23] - Checking for HKLM\...\Winlogon\Notify\ogpuqbyi
        [12/29/2007, 19:45:23] - Key not found: HKLM\...\Winlogon\Notify\ogpuqbyi, continuing.
        [12/29/2007, 19:45:23] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
        [12/29/2007, 19:45:23] - BHO 6: {7E6520F4-543F-4CB8-9B7B-6378D71D3FC9} ()
        [12/29/2007, 19:45:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/29/2007, 19:45:23] - Checking for HKLM\...\Winlogon\Notify\ssqpn
        [12/29/2007, 19:45:23] - Key not found: HKLM\...\Winlogon\Notify\ssqpn, continuing.
        [12/29/2007, 19:45:23] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
        [12/29/2007, 19:45:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/29/2007, 19:45:23] - No filename found. Continuing.
        [12/29/2007, 19:45:23] - BHO 8: {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} (MSEvents Object)
        [12/29/2007, 19:45:23] - ALERT: Found MSEvents Object!
        [12/29/2007, 19:45:23] - BHO 9: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
        [12/29/2007, 19:45:23] - ALERT: Found MSEvents Object!
        [12/29/2007, 19:45:23] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
        [12/29/2007, 19:45:23] - BHO 11: {E37962F0-88CC-489A-8331-EF2D1A1FC070} ()
        [12/29/2007, 19:45:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/29/2007, 19:45:23] - Checking for HKLM\...\Winlogon\Notify\gebyx
        [12/29/2007, 19:45:23] - Key not found: HKLM\...\Winlogon\Notify\gebyx, continuing.
        [12/29/2007, 19:45:23] - Finished Searching Browser Helper Objects
        [12/29/2007, 19:45:23] - *** Detected MSEvents Object
        [12/29/2007, 19:45:23] - Trying to remove MSEvents Object...
        [12/29/2007, 19:45:24] - Terminating Process: IEXPLORE.EXE
        [12/29/2007, 19:45:25] - Terminating Process: RUNDLL32.EXE
        [12/29/2007, 19:45:25] - Disabling Automatic Shell Restart
        [12/29/2007, 19:45:25] - Terminating Process: EXPLORER.EXE
        [12/29/2007, 19:45:25] - Suspending the NT Session Manager System Service
        [12/29/2007, 19:45:25] - Terminating Windows NT Logon/Logoff Manager
        [12/29/2007, 19:45:25] - Re-enabling Automatic Shell Restart
        [12/29/2007, 19:45:25] - File to disable: C:\WINDOWS\system32\pmnliji.dll
        [12/29/2007, 19:45:25] - Removing HKLM\...\Browser Helper Objects\{8E3FBDE2-7DBD-4040-85D9-29BBC559C129}
        [12/29/2007, 19:45:25] - Removing HKCR\CLSID\{8E3FBDE2-7DBD-4040-85D9-29BBC559C129}
        [12/29/2007, 19:45:25] - Adding Kill Bit for ActiveX for GUID: {8E3FBDE2-7DBD-4040-85D9-29BBC559C129}
        [12/29/2007, 19:45:25] - Deleting ATLEvents/MSEvents Registry entries
        [12/29/2007, 19:45:26] - Removing HKLM\...\Winlogon\Notify\pmnliji
        [12/29/2007, 19:45:26] - Searching for Browser Helper Objects:
        [12/29/2007, 19:45:26] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
        [12/29/2007, 19:45:26] - BHO 2: {26E45419-7205-4fac-BBFE-174BC7337A79} (ads_optimizer)
        [12/29/2007, 19:45:26] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
        [12/29/2007, 19:45:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/29/2007, 19:45:26] - Checking for HKLM\...\Winlogon\Notify\SDHelper
        [12/29/2007, 19:45:26] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
        [12/29/2007, 19:45:26] - BHO 4: {734b9dc5-734d-4600-bb4c-ac69d665cfea} ()
        [12/29/2007, 19:45:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/29/2007, 19:45:26] - Checking for HKLM\...\Winlogon\Notify\ogpuqbyi
        [12/29/2007, 19:45:26] - Key not found: HKLM\...\Winlogon\Notify\ogpuqbyi, continuing.
        [12/29/2007, 19:45:26] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
        [12/29/2007, 19:45:26] - BHO 6: {7E6520F4-543F-4CB8-9B7B-6378D71D3FC9} ()
        [12/29/2007, 19:45:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/29/2007, 19:45:26] - Checking for HKLM\...\Winlogon\Notify\ssqpn
        [12/29/2007, 19:45:26] - Key not found: HKLM\...\Winlogon\Notify\ssqpn, continuing.
        [12/29/2007, 19:45:26] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
        [12/29/2007, 19:45:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/29/2007, 19:45:26] - No filename found. Continuing.
        [12/29/2007, 19:45:26] - BHO 8: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
        [12/29/2007, 19:45:26] - ALERT: Found MSEvents Object!
        [12/29/2007, 19:45:26] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
        [12/29/2007, 19:45:26] - BHO 10: {E37962F0-88CC-489A-8331-EF2D1A1FC070} ()
        [12/29/2007, 19:45:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/29/2007, 19:45:26] - Checking for HKLM\...\Winlogon\Notify\gebyx
        [12/29/2007, 19:45:26] - Key not found: HKLM\...\Winlogon\Notify\gebyx, continuing.
        [12/29/2007, 19:45:26] - Finished Searching Browser Helper Objects
        [12/29/2007, 19:45:26] - *** Detected MSEvents Object
        [12/29/2007, 19:45:26] - Trying to remove MSEvents Object...
        [12/29/2007, 19:45:27] - Terminating Process: IEXPLORE.EXE
        [12/29/2007, 19:45:27] - Terminating Process: RUNDLL32.EXE
        [12/29/2007, 19:45:28] - Disabling Automatic Shell Restart
        [12/29/2007, 19:45:28] - Terminating Process: EXPLORER.EXE
        [12/29/2007, 19:45:28] - Suspending the NT Session Manager System Service
        [12/29/2007, 19:45:28] - Terminating Windows NT Logon/Logoff Manager
        [12/29/2007, 19:45:28] - Re-enabling Automatic Shell Restart
        [12/29/2007, 19:45:28] - File to disable: C:\WINDOWS\system32\ibixdfkw.dll
        [12/29/2007, 19:45:28] - Renaming C:\WINDOWS\system32\ibixdfkw.dll -> C:\WINDOWS\system32\ibixdfkw.dll.vir
        [12/29/2007, 19:45:28] - File successfully renamed!
        [12/29/2007, 19:45:28] - Removing HKLM\...\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
        [12/29/2007, 19:45:28] - Removing HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
        [12/29/2007, 19:45:28] - Adding Kill Bit for ActiveX for GUID: {A95B2816-1D7E-4561-A202-68C0DE02353A}
        [12/29/2007, 19:45:28] - Deleting ATLEvents/MSEvents Registry entries
        [12/29/2007, 19:45:28] - Removing HKLM\...\Winlogon\Notify\ibixdfkw
        [12/29/2007, 19:45:28] - Searching for Browser Helper Objects:
        [12/29/2007, 19:45:28] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
        [12/29/2007, 19:45:28] - BHO 2: {26E45419-7205-4fac-BBFE-174BC7337A79} (ads_optimizer)
        [12/29/2007, 19:45:28] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
        [12/29/2007, 19:45:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/29/2007, 19:45:28] - Checking for HKLM\...\Winlogon\Notify\SDHelper
        [12/29/2007, 19:45:28] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
        [12/29/2007, 19:45:28] - BHO 4: {734b9dc5-734d-4600-bb4c-ac69d665cfea} ()
        [12/29/2007, 19:45:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/29/2007, 19:45:28] - Checking for HKLM\...\Winlogon\Notify\ogpuqbyi
        [12/29/2007, 19:45:28] - Key not found: HKLM\...\Winlogon\Notify\ogpuqbyi, continuing.
        [12/29/2007, 19:45:28] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
        [12/29/2007, 19:45:28] - BHO 6: {7E6520F4-543F-4CB8-9B7B-6378D71D3FC9} ()
        [12/29/2007, 19:45:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/29/2007, 19:45:28] - Checking for HKLM\...\Winlogon\Notify\ssqpn
        [12/29/2007, 19:45:28] - Key not found: HKLM\...\Winlogon\Notify\ssqpn, continuing.
        [12/29/2007, 19:45:28] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
        [12/29/2007, 19:45:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/29/2007, 19:45:28] - No filename found. Continuing.
        [12/29/2007, 19:45:28] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
        [12/29/2007, 19:45:28] - BHO 9: {E37962F0-88CC-489A-8331-EF2D1A1FC070} ()
        [12/29/2007, 19:45:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [12/29/2007, 19:45:28] - Checking for HKLM\...\Winlogon\Notify\gebyx
        [12/29/2007, 19:45:28] - Key not found: HKLM\...\Winlogon\Notify\gebyx, continuing.
        [12/29/2007, 19:45:28] - Finished Searching Browser Helper Objects
        [12/29/2007, 19:45:28] - Finishing up...
        [12/29/2007, 19:45:28] - A restart is needed.
        [12/29/2007, 19:45:41] - Attempting to Restart via STOP error (Blue Screen!)


        Dan de RVAXO-LOG:

        ----------------RVAXO.exe first run-------------

        Files found:

        C:\WINDOWS\system32\ibixdfkw.dll.vir
        C:\WINDOWS\system32\fwujvqhw.dllbox
        C:\WINDOWS\system32\ibixdfkw.dllbox
        C:\WINDOWS\system32\ljjkhfe.dll__DELETE_ON_REBOOT
        C:\WINDOWS\system32\npqss.ini
        C:\WINDOWS\system32\xybeg.bak1
        C:\WINDOWS\system32\xybeg.bak2
        C:\WINDOWS\system32\mcrh.tmp
        C:\WINDOWS\system32\rightonadz-uninst.exe
        C:\WINDOWS\system32\vbzip10.dll
        C:\WINDOWS\system32\adssite-remove.exe
        C:\n.bat
        C:\Documents and Settings\Carolien.DEWITTE\MENUST~1\PROGRA~1\OPSTAR~1\TA_Start.lnk
        C:\Documents and Settings\Carolien.DEWITTE\MENUST~1\PROGRA~1\OPSTAR~1\TA_Start.lnk

        Uninstallers Rogue scanners:


        Folders Found:

        C:\Program Files\outlook
        C:\Program Files\Temporary
        C:\Program Files\WinAble

        Hosts-file was reset, If you use a custom hosts file please replace it...

        --------------RVAXO.exe last run---------------

        Files found:

        Folders Found:

        --------------RVAXO.exe finished----------------

        En ten slotte de combo-log:

        ComboFix 07-12-30.1 - Carolien 2007-12-29 19:57:32.1 - NTFSx86
        Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.206 [GMT 1:00]
        Gestart vanuit: C:\Documents and Settings\Carolien.DEWITTE\Mijn documenten\Diversen\Programma's\Combofix\ComboFix.exe
        * Nieuw herstelpunt werd aangemaakt
        .

        (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        C:\WINDOWS\cookies.ini
        C:\WINDOWS\system32\gebyx.dll
        C:\WINDOWS\system32\jadsnwem.dll
        C:\WINDOWS\system32\jqxkjigg.exe
        C:\WINDOWS\system32\mewnsdaj.ini
        C:\WINDOWS\system32\ogpuqbyi.dll
        C:\WINDOWS\system32\windows
        C:\WINDOWS\system32\xybeg.ini

        .
        ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

        .
        -------\LEGACY_DOMAINSERVICE


        (((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-30 ))))))))))))))))))))))))))))))
        .

        2007-12-29 19:52 . 2007-12-29 19:53 <DIR> d-------- C:\RVAXO
        2007-12-29 19:51 . 2007-12-29 00:34 579,934 --a------ C:\WINDOWS\system32\RVAXO.bat
        2007-12-29 19:51 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
        2007-12-29 19:35 . 2007-12-29 19:36 14,033 --a------ C:\pos972.tmp
        2007-12-29 19:12 . 2007-12-29 19:12 14,033 --a------ C:\pos7CB.tmp
        2007-12-29 19:11 . 2007-12-29 19:12 14,033 --a------ C:\pos67E.tmp
        2007-12-29 18:54 . 2007-12-29 18:54 14,033 --a------ C:\pos5CA.tmp
        2007-12-29 18:53 . 2007-12-29 18:53 14,033 --a------ C:\pos52B.tmp
        2007-12-29 16:51 . 2007-12-29 16:51 14,033 --a------ C:\pos3DF.tmp
        2007-12-29 16:50 . 2007-12-29 16:51 14,033 --a------ C:\pos218.tmp
        2007-12-29 16:01 . 2007-12-29 16:01 14,033 --a------ C:\posF6.tmp
        2007-12-29 16:00 . 2007-12-29 16:00 165,472 --a------ C:\WINDOWS\system32\xmumegnt.dll
        2007-12-27 20:16 . 2007-12-29 15:57 <DIR> d-------- C:\Program Files\Morpheus
        2007-12-26 13:43 . 2007-12-26 13:43 <DIR> d-------- C:\Program Files\Samsung
        2007-12-26 13:42 . 2007-12-26 13:44 <DIR> d-------- C:\Program Files\LimeWire
        2007-12-26 13:42 . 2007-12-26 13:42 <DIR> d-------- C:\Documents and Settings\Carolien\.limewire
        2007-12-26 13:42 . 2007-12-27 21:12 <DIR> d-------- C:\Documents and Settings\Carolien.DEWITTE\Application Data\LimeWire
        2007-12-26 13:15 . 2007-12-26 13:15 <DIR> d-------- C:\Program Files\Enigma Software Group
        2007-12-22 22:43 . 2007-12-26 13:42 <DIR> d-------- C:\Program Files\Windows Defender
        2007-12-16 14:13 . 2007-12-16 18:50 102,432 -r------- C:\WINDOWS\system32\avmeter6.exe
        2007-11-26 21:02 . 2007-11-26 21:02 268 --ah----- C:\sqmdata00.sqm
        2007-11-26 21:02 . 2007-11-26 21:02 244 --ah----- C:\sqmnoopt00.sqm
        2007-11-03 00:11 . 2007-11-03 00:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
        2007-11-03 00:11 . 2007-11-03 00:11 1,409 --a------ C:\WINDOWS\QTFont.for

        .
        ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2007-12-26 15:59 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
        2007-12-26 15:34 --------- d-----w C:\Program Files\Hitman Pro
        2007-12-26 15:23 --------- d-----w C:\Program Files\Spyware Doctor
        2007-12-26 14:27 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
        2007-12-26 13:17 --------- d-----w C:\Program Files\SpywareBlaster
        2007-12-26 12:43 --------- d-----w C:\Program Files\Dvd Shrink
        2007-12-22 19:40 --------- d-----w C:\Program Files\Java
        2007-12-19 20:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
        2007-12-18 22:37 --------- d-----w C:\Documents and Settings\Carolien.DEWITTE\Application Data\Vso
        2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
        2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
        2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
        2006-12-29 19:19 87,608 -c--a-w C:\Documents and Settings\Carolien.DEWITTE\Application Data\ezpinst.exe
        2006-12-29 19:19 47,360 -c--a-w C:\Documents and Settings\Carolien.DEWITTE\Application Data\pcouffin.sys
        .

        ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        REGEDIT4
        *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E6520F4-543F-4CB8-9B7B-6378D71D3FC9}]
        C:\WINDOWS\system32\ssqpn.dll

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2005-08-05 18:09]
        "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-30 19:09]
        "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 11:06]
        "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
        "Mail.com"="C:\Program Files\mail.com\mcalert.exe"

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "APVXDWIN"="C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.exe" [2003-03-11 18:06]
        "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
        "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52]
        "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 11:31]
        "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 11:24]
        "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]
        "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-09 20:42]
        "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 10:56 C:\WINDOWS\system32\CTHELPER.EXE]
        "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
        "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
        "CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 01:00]
        "QuickTime Task"="C:\Documents and Settings\Carolien.DEWITTE\Mijn documenten\Diversen\Programma's\QuickTime\qttask.exe" [2007-04-27 08:41]
        "244436490db8"="C:\WINDOWS\system32\clusapi9.exe"

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2005-08-05 18:09]

        C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
        Casema SnelHelp.lnk - C:\bin\matcli.exe [2006-10-28 22:30:25]
        Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-30 19:09:13]
        Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56]

        [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
        "{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}"= C:\WINDOWS\system32\ljjkhfe.dll [ ]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjkhfe]
        ljjkhfe.dll

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
        @=""

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
        @=""

        S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows

        .
        Inhoud van de 'Gedeelde Taken' map
        "2007-12-22 19:51:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
        - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
        "2007-12-26 12:34:33 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
        - C:\Program Files\Windows Defender\MpCmdRun.exe
        .
        **************************************************************************

        catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2007-12-30 20:04:20
        Windows 5.1.2600 Service Pack 2 NTFS

        scannen van verborgen processen ...

        scannen van verborgen autostart items ...

        HKLM\Software\Microsoft\Windows\CurrentVersion\Run
        CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&2???9~??9~????????\???\???????????U?9~??9~\???\? [email protected]?\???\??????s????\??????s\????&2?A??s?&[email protected]?x???`|?w\[email protected]

        scannen van verborgen bestanden ...

        Scan succesvol afgerond
        verborgen bestanden: 0

        **************************************************************************
        .
        Voltooingstijd: 2007-12-30 20:05:24 - machine was rebooted
        C:\qoobox\ComboFix-quarantined-files.txt 2007-12-30 19:04:47
        C:\qoobox\ComboFix2.txt 2007-12-26 11:20:21
        .
        2007-12-26 16:00:48 --- E O F ---


        Ik ben erg benieuwd... Ik wacht af.
        Alvast bedankt he!!!

        Comment


        • #5
          Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd

          Download de bijlage: CFScript.txt

          Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



          Dit zal ComboFix doen herstarten.
          Start opnieuw op als daarom gevraagd wordt,
          en post de inhoud van de Combofix.txt in je volgende antwoord.
          Post ook een nieuw logje van Hijackthis en vertel of je nog problemen ondervindt
          Bijgevoegde Bestanden

          Comment


          • #6
            Hoihoi,

            wat zijn jullie snel en goed!

            Anyway: mijn combolog:


            ComboFix 07-12-30.1 - Carolien 2007-12-31 13:03:22.2 - NTFSx86
            Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.237 [GMT 1:00]
            Gestart vanuit: C:\Documents and Settings\Carolien.DEWITTE\Mijn documenten\Diversen\Programma's\Combofix\ComboFix.exe
            Command switches used :: C:\Documents and Settings\Carolien.DEWITTE\Mijn documenten\Diversen\Programma's\Combofix\cfscript.txt
            * Nieuw herstelpunt werd aangemaakt

            FILE
            C:\pos218.tmp
            C:\pos3DF.tmp
            C:\pos52B.tmp
            C:\pos5CA.tmp
            C:\pos67E.tmp
            C:\pos7CB.tmp
            C:\pos972.tmp
            C:\posF6.tmp
            C:\WINDOWS\system32\xmumegnt.dll
            .

            (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            C:\pos218.tmp
            C:\pos3DF.tmp
            C:\pos52B.tmp
            C:\pos5CA.tmp
            C:\pos67E.tmp
            C:\pos7CB.tmp
            C:\pos972.tmp
            C:\posF6.tmp
            C:\WINDOWS\system32\xmumegnt.dll

            .
            ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

            .
            -------\LEGACY_MSCONTROLSERVICE
            -------\MSControlService


            (((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-31 ))))))))))))))))))))))))))))))
            .

            2007-12-29 19:35 . 2007-12-29 19:36 14,033 --a------ C:\pos96E.tmp
            2007-12-29 19:12 . 2007-12-29 19:12 14,033 --a------ C:\pos7A3.tmp
            2007-12-29 19:11 . 2007-12-29 19:11 14,033 --a------ C:\pos65C.tmp
            2007-12-29 18:54 . 2007-12-29 18:54 14,033 --a------ C:\pos5BD.tmp
            2007-12-29 18:53 . 2007-12-29 18:53 14,033 --a------ C:\pos52A.tmp
            2007-12-29 16:51 . 2007-12-29 16:51 14,033 --a------ C:\pos3DB.tmp
            2007-12-29 16:50 . 2007-12-29 16:50 14,033 --a------ C:\pos217.tmp
            2007-12-29 16:01 . 2007-12-29 16:01 14,033 --a------ C:\posF0.tmp
            2007-12-29 16:00 . 2007-12-29 16:00 14,033 --a------ C:\posC.tmp
            2007-12-27 20:16 . 2007-12-29 15:57 <DIR> d-------- C:\Program Files\Morpheus
            2007-12-26 13:43 . 2007-12-26 13:43 <DIR> d-------- C:\Program Files\Samsung
            2007-12-26 13:42 . 2007-12-26 13:44 <DIR> d-------- C:\Program Files\LimeWire
            2007-12-26 13:42 . 2007-12-26 13:42 <DIR> d-------- C:\Documents and Settings\Carolien\.limewire
            2007-12-26 13:42 . 2007-12-27 21:12 <DIR> d-------- C:\Documents and Settings\Carolien.DEWITTE\Application Data\LimeWire
            2007-12-26 13:15 . 2007-12-26 13:15 <DIR> d-------- C:\Program Files\Enigma Software Group
            2007-12-22 22:43 . 2007-12-26 13:42 <DIR> d-------- C:\Program Files\Windows Defender
            2007-12-16 14:13 . 2007-12-16 18:50 102,432 -r------- C:\WINDOWS\system32\avmeter6.exe
            2007-11-26 21:02 . 2007-11-26 21:02 268 --ah----- C:\sqmdata00.sqm
            2007-11-26 21:02 . 2007-11-26 21:02 244 --ah----- C:\sqmnoopt00.sqm
            2007-11-03 00:11 . 2007-11-03 00:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
            2007-11-03 00:11 . 2007-11-03 00:11 1,409 --a------ C:\WINDOWS\QTFont.for

            .
            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2007-12-26 15:59 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
            2007-12-26 15:34 --------- d-----w C:\Program Files\Hitman Pro
            2007-12-26 15:23 --------- d-----w C:\Program Files\Spyware Doctor
            2007-12-26 14:27 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
            2007-12-26 13:17 --------- d-----w C:\Program Files\SpywareBlaster
            2007-12-26 12:43 --------- d-----w C:\Program Files\Dvd Shrink
            2007-12-22 19:40 --------- d-----w C:\Program Files\Java
            2007-12-19 20:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
            2007-12-18 22:37 --------- d-----w C:\Documents and Settings\Carolien.DEWITTE\Application Data\Vso
            2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
            2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
            2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
            2006-12-29 19:19 87,608 -c--a-w C:\Documents and Settings\Carolien.DEWITTE\Application Data\ezpinst.exe
            2006-12-29 19:19 47,360 -c--a-w C:\Documents and Settings\Carolien.DEWITTE\Application Data\pcouffin.sys
            .

            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            REGEDIT4
            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2005-08-05 18:09]
            "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-30 19:09]
            "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 11:06]
            "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "APVXDWIN"="C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.exe" [2003-03-11 18:06]
            "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
            "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52]
            "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 11:31]
            "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 11:24]
            "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]
            "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-09 20:42]
            "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 10:56 C:\WINDOWS\system32\CTHELPER.EXE]
            "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
            "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
            "CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 01:00]
            "QuickTime Task"="C:\Documents and Settings\Carolien.DEWITTE\Mijn documenten\Diversen\Programma's\QuickTime\qttask.exe" [2007-04-27 08:41]

            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
            "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2005-08-05 18:09]

            C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
            Casema SnelHelp.lnk - C:\bin\matcli.exe [2006-10-28 22:30:25]
            Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-30 19:09:13]
            Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56]

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
            @=""

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
            @=""


            .
            Inhoud van de 'Gedeelde Taken' map
            "2007-12-22 19:51:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
            - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
            "2007-12-26 12:34:33 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
            - C:\Program Files\Windows Defender\MpCmdRun.exe
            .
            **************************************************************************

            catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2007-12-31 13:08:07
            Windows 5.1.2600 Service Pack 2 NTFS

            scannen van verborgen processen ...

            scannen van verborgen autostart items ...

            HKLM\Software\Microsoft\Windows\CurrentVersion\Run
            CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&2???9~??9~????????\???\???????????U?9~??9~\???\? ???????#[email protected]?\???\??????s????\??????s\????&2?A??s?&[email protected]?x???`|?w\[email protected]

            scannen van verborgen bestanden ...

            Scan succesvol afgerond
            verborgen bestanden: 0

            **************************************************************************
            .
            Voltooingstijd: 2007-12-31 13:09:04 - machine was rebooted
            C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 12:08:34
            C:\qoobox\ComboFix2.txt 2007-12-30 19:05:24
            C:\qoobox\ComboFix3.txt 2007-12-26 11:20:21
            .
            2007-12-26 16:00:48 --- E O F ---

            En HJT:



            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 13:12:05, on 31-12-2007
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.6000.16574)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\system32\CTsvcCDA.exe
            C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
            C:\WINDOWS\system32\LVCOMSX.EXE
            C:\Program Files\Logitech\Video\LogiTray.exe
            C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
            C:\Program Files\Common Files\Real\Update_OB\realsched.exe
            C:\WINDOWS\system32\CTHELPER.EXE
            C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
            C:\Program Files\Messenger\msmsgs.exe
            C:\bin\mpbtn.exe
            C:\Program Files\Logitech\Video\FxSvr2.exe
            C:\Program Files\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\MsPMSPSv.exe
            C:\WINDOWS\system32\wscntfy.exe
            C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe
            C:\WINDOWS\system32\wuauclt.exe
            C:\WINDOWS\system32\notepad.exe
            C:\Program Files\Internet Explorer\IEXPLORE.EXE
            C:\Documents and Settings\Carolien.DEWITTE\Mijn documenten\Diversen\Programma's\HJT\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Carolien.DEWITTE/Mijn%20documenten/Diversen/Startpagina/Startpagina.htm
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
            O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
            O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
            O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
            O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
            O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
            O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
            O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
            O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
            O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
            O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
            O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\Carolien.DEWITTE\Mijn documenten\Diversen\Programma's\QuickTime\qttask.exe" -atboottime
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
            O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
            O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
            O4 - Global Startup: Casema SnelHelp.lnk = C:\bin\matcli.exe
            O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
            O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
            O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
            O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/NewUploader/ImageUploader4.cab
            O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
            O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
            O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
            O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
            O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
            O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
            O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
            O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
            O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

            --
            End of file - 7788 bytes


            Analyse: ik krijg niet meer die irritante errors (joehoe!!), maar heb nog wel 2 halve icoontjes en een hele lijst met tmp bestanden bij mijn docs staan. Wat moet ik hiermee doen??
            Zie je verder nog gekke dingen?

            Thanks again!!

            Comment


            • #7
              Verwijder de volgende map:
              C:\Qoobox

              Maak dan je prullenbak leeg.

              Je Java software is verouderd. oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
              Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
              • Download Java Runtime Environment (JRE) 6.3 en bewaar het naar je Bureaublad.
              • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
              • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
              • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
              • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
              • Herhaal dit tot alle oudere versies verdwenen zijn.
              • Na het verwijderen van alle oudere versies, herstart je pc.
              • Dubbelklik vervolgens op jre-6u3-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


              Download ATF cleaner (mirror)(gemaakt door Atribune)

              Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

              Dubbelklik op ATF cleaner om het programma te starten.
              Op het tabblad "Main", plaats je een vinkje bij Select All.
              Klik op de knop Empty Selected.

              Het volgende doen als je ook FireFox als browser hebt:
              Klik op tabblad "Firefox", plaats een vinkje bij Select All.
              Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
              (dit haalt het vinkje weer weg bij "Firefox saved passwords")
              Klik op de knop Empty Selected.

              Het volgende doen als je ook Opera als browser hebt:
              Klik op tabblad "Opera", plaats een vinkje bij Select All.
              Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
              Klik op de knop Empty Selected.
              Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

              Ga naar Start - Uitvoeren en geef hier het volgende in:
              Combofix /U
              Druk daarna op OK.
              Let op: Er moet een spatie tussen Combofix en /U zitten.

              Dit zal Combofix deïnstalleren.

              Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
              Kijk hier hoe je je systeemherstel moet uitschakelen.
              Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

              Post als laatste nog een nieuw logje van Hijackthis ter controle en vertel of er nog problemen zijn

              Comment


              • #8
                Heej, daar was ze weer! Heb braaf alles gedaan!
                Onderstaand weer de HJT log.
                Ik heb wel nog steeds die 2 halve icoontjes en rare tmp-bestanden in mijn documenten staan, moet ik daar nog iets mee doen?
                Oh ja, en mijn klok staat opeens op morgen...hoort dat?

                Logfile of Trend Micro HijackThis v2.0.2
                Scan saved at 19:14:47, on 31-12-2007
                Platform: Windows XP SP2 (WinNT 5.01.2600)
                MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                Boot mode: Normal

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\system32\spoolsv.exe
                C:\WINDOWS\Explorer.EXE
                C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
                C:\WINDOWS\system32\LVCOMSX.EXE
                C:\Program Files\Logitech\Video\LogiTray.exe
                C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                C:\WINDOWS\system32\CTHELPER.EXE
                C:\WINDOWS\system32\CTsvcCDA.exe
                C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
                C:\WINDOWS\system32\ctfmon.exe
                C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                C:\Program Files\Messenger\msmsgs.exe
                C:\Program Files\mail.com\mcalert.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\system32\MsPMSPSv.exe
                C:\Program Files\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
                C:\Program Files\Logitech\Video\FxSvr2.exe
                C:\bin\mpbtn.exe
                C:\WINDOWS\system32\wscntfy.exe
                C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe
                C:\WINDOWS\system32\wuauclt.exe
                C:\Program Files\Internet Explorer\IEXPLORE.EXE
                C:\Documents and Settings\Carolien.DEWITTE\Mijn documenten\Diversen\Programma's\HJT\HijackThis.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Carolien.DEWITTE/Mijn%20documenten/Diversen/Startpagina/Startpagina.htm
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
                O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
                O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
                O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
                O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
                O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
                O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
                O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
                O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
                O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
                O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\Carolien.DEWITTE\Mijn documenten\Diversen\Programma's\QuickTime\qttask.exe" -atboottime
                O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
                O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
                O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                O4 - Global Startup: Casema SnelHelp.lnk = C:\bin\matcli.exe
                O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
                O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
                O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
                O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/NewUploader/ImageUploader4.cab
                O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
                O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
                O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
                O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
                O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
                O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
                O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
                O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
                O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

                --
                End of file - 7868 bytes

                Comment


                • #9
                  Probeer de datum eens goed te zetten en verwijder die rare bestandjes.

                  Daarna nog problemen?

                  Comment


                  • #10
                    Heej,

                    ik heb mijn datum gewoon kunnen wijzigen en die bestandjes kunnen verwijderen, dus dat is mooi.
                    Zag je nog gekke dingen in de HJT?

                    Ik heb even een aantal programma's geprobeerd en alles lijkt te werken, op Limewire na, die krijgt geen verbinding... Heeft dat hiermee te maken?

                    Baai
                    Last edited by ; 30-12-07, 20:06.

                    Comment


                    • #11
                      Logje lijkt me schoon te zijn.

                      Weet jij wat dit is:
                      O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto

                      Probleem met LimeWire is mij niet bekend, ik heb geen ervaring met dit programma.
                      Misschien moet je het programma toegang geven tot internet via je firewall.
                      Of het programma eens opnieuw installeren?

                      Comment


                      • #12
                        Hoihoi,

                        ja, dat programmaatje is Mail alert, ik heb namelijk een mailadres van mail.com! Dus die is oke, haha.

                        Limewire heb ik reeds opnieuw geinstalleerd, maar hielp niet. Maar eens googlen voor mede-probleem-eigenaren, hihi.

                        Een hele fijne jaarwisseling gewenst, doe voorzichtig met vuurwerk, anders wordt het lastig typen!! En een super 2008 gewenst!!
                        Ik ga weer het nieuwe jaar in met een schone pc! Joehoe

                        Baai

                        Comment


                        • #13
                          Jij ook de beste wensen voor 2008

                          Comment

                          Sorry, you are not authorized to view this page
                          Working...
                          X