Doe dit maar eens:
Download Dr.Web CureIt en sla het op je bureaublad op.

• Dubbelklik drweb-cureit.exe en sta het toe om te express scan te starten.
  Indien er een popup verschijnt met het voorstel tot kopen/50% korting mag je deze sluiten.
• De express scan zal de bestanden scannen die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt klik op 'alles selecteren' kies nu voor 'repareren' en uit het kleine menutje dat verschijnt kies je 'verplaatsen'.
• Kies bovenaan in het menu voor Language/Taal en wijzig deze naar Dutch (Nederlands) indien deze bij jou anders staat ingesteld.
• Druk op F9, kies daarna voor het tabblad Acties en stel daar het volgende in onder Malware:
  • Adware: Verplaats
  • Dialers: Verplaats
  • Jokes: Rapportage
  • Riskware: Rapportage
  • Hacktools: Verplaats
  • Haal dan het vinkje weg bij 'Prompt bij actie'.
• Kies daarna voor het tabblad Scan en verwijder het vinkje bij Heuristische analyse.
  Druk vervolgens op Toepassen gevolgd door OK.
• Eenmaal als de korte scan is beëindigd vink je aan: Volledige scan.
  Druk daarna op het groene pijltje (start knop) om de scan te starten.
• Gevonden bestanden worden naar '%USERPROFILE%\DocterWeb\Quarantine' -map verplaatst indien het herstellen niet mogelijk is.
• Nadat de scan gedaan is ga dan naar Bestand en kies Rapportage lijst opslaan.
  Bewaar deze op je bureaublad en sluit daarna Dr.Web CureIt.
• Herstart vervolgens de computer!! Dit is een belangrijke stap want het kan zijn dat Dr.Web CureIt bestanden zal verplaatsen/verwijderen tijdens herstart.
• Na het herstarten, kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

Post ook een nieuw logje van Hijackthis ;

Bedankt voor je reactie.

Log file van Dr.Web:

_install.exe.vir C:\QooBox\Quarantine\C\Bdienst Trojan.Packed.261 Verwijderd.
_install.exe.vir C:\QooBox\Quarantine\C\Bdienst\2002 Trojan.Packed.261 Verwijderd.
_install.exe.vir C:\QooBox\Quarantine\C\Bdienst\2003 Trojan.Packed.261 Verwijderd.
_install.exe.vir C:\QooBox\Quarantine\C\Bdienst\2004 Trojan.Packed.261 Verwijderd.
_install.exe.vir C:\QooBox\Quarantine\C\Bdienst\Kinderopvangtoeslag Trojan.Packed.261 Verwijderd.
_install.exe.vir C:\QooBox\Quarantine\C\dell\drivers\R113813 Trojan.Packed.261 Verwijderd.
_install.exe.vir C:\QooBox\Quarantine\C\dell\drivers\R155386 Trojan.Packed.261 Verwijderd.
_install.exe.vir C:\QooBox\Quarantine\C\dell\drivers\R155386\XP\Apps\x32 Trojan.Packed.261 Verwijderd.
_install.exe.vir C:\QooBox\Quarantine\C\dell\drivers\R155386\XP\Apps\x32\iProData Trojan.Packed.261 Verwijderd.
_install.exe.vir C:\QooBox\Quarantine\C\dell\drivers\R155386\XP\Apps\x64 Trojan.Packed.261 Verwijderd.
_install.exe.vir C:\QooBox\Quarantine\C\dell\drivers\R155386\XP\Apps\x64\iProData Trojan.Packed.261 Verwijderd.
_install.exe.vir C:\QooBox\Quarantine\C\dell\drivers\R155386\XP\Drivers Trojan.Packed.261 Verwijderd.
_install.exe.vir C:\QooBox\Quarantine\C\Documents and Settings\Administrator\.limewire\.NetworkShare Trojan.Packed.261 Verwijderd.
_install.exe.vir C:\QooBox\Quarantine\C\Documents and Settings\Administrator\.limewire\.NetworkShare\Incomplete Trojan.Packed.261 Verwijderd.
_install.exe.vir C:\QooBox\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory Trojan.Packed.261 Verwijderd.
_install.exe.vir C:\QooBox\Quarantine\C\Documents and Settings\Administrator.RETESTRAK\Application Data\Adobe\Acrobat\7.0\Updater Trojan.Packed.261 Verwijderd.
_install.exe.vir C:\QooBox\Quarantine\C\Documents and Settings\Administrator.RETESTRAK\Application Data\GetRightToGo Trojan.Packed.261 Verwijderd.
_install.exe.vir C:\QooBox\Quarantine\C\Documents and Settings\Administrator.RETESTRAK\Application Data\Microsoft\Installer\{81A34902-9D0B-4920- Trojan.Packed.261 Verwijderd.
_install.exe.vir C:\QooBox\Quarantine\C\Documents and Settings\Administrator.RETESTRAK\Local Settings\Temp\CDM\{464460A8-A68B-465F-866F-30EE4095 Trojan.Packed.261 Verwijderd.
_install.exe.vir C:\QooBox\Quarantine\C\Documents and Settings\Administrator.RETESTRAK\Local Settings\Temp\ImInstaller\IncrediMail Trojan.Packed.261 Verwijderd.
_install.exe.vir C:\QooBox\Quarantine\C\Documents and Settings\Administrator.RETESTRAK\Local Settings\Temp\Titanium2007\Files Trojan.Packed.261 Verwijderd.
_install.exe E:\dell\MEDIAEXE Trojan.Packed.261 Verwijderd.


Log file Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:14, on 2007-12-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Administrator.RETESTRAK\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ntfyapp] C:\WINDOWS\ntfyapp.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153843661437
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5077 bytes

Bedankt in elk geval voor je antwoord.

Groet,

Arjan

Start HijackThis nog een keer, kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKCU\..\Run: [ntfyapp] C:\WINDOWS\ntfyapp.exe
Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

Download Combofix naar je Bureaublad.
Dubbelklik op Combofix.exe
Kies voor "Continue" door 1 te typen gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

Wederom bedankt voor de reactie. En natuurlijk de beste wensen voor 2008. Ik wens een virus en worm vrij jaar, maar dat zal wel een utopie zijn :-)

Hieronder de log. Moet zeggen dat na verwijderen uit Hijackthis van de regels, en het runnen van Combofix, door Antiver wederom of nog steeds verdacht bedankt _install.exe werd gevonden met virus/worm. Verder, geen herstart. Het logfile opende zich na de scan. Eea ter info.

Hieronder de log van Combofix. Bedankt alvast voor het checken.

ComboFix 07-12-30.1 - Administrator 2008-01-01 14:21:20.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.64 [GMT 1:00]Running from: C:\Documents and Settings\Administrator.RETESTRAK\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-12-01 to 2008-01-01 )))))))))))))))))))))))))))))))
.

2007-12-31 10:35 . 2007-12-31 10:35 <DIR> d-------- C:\Documents and Settings\Administrator.RETESTRAK\DoctorWeb
2007-12-28 14:35 . 2007-12-31 09:36 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-12-28 14:27 . 2007-12-28 14:27 <DIR> d-------- C:\Program Files\Avira
2007-12-28 14:27 . 2007-12-28 14:27 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2007-12-25 10:21 . 2007-12-25 10:21 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-12-23 12:05 . 2007-12-23 12:05 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intel
2007-12-16 09:20 . 2004-08-03 22:58 207,360 --a------ C:\WINDOWS\system32\drivers\Dot4.sys
2007-12-16 09:20 . 2001-08-17 13:47 23,808 --a------ C:\WINDOWS\system32\drivers\Dot4usb.sys
2007-12-16 09:20 . 2001-08-17 13:47 12,928 --a------ C:\WINDOWS\system32\drivers\Dot4Prt.sys
2007-12-07 19:01 . 2007-12-07 19:03 <DIR> d-------- C:\Program Files\Belastingdienst

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 21:43 --------- d-----w C:\Program Files\Xvid
2007-12-30 21:43 --------- d-----w C:\Program Files\TweakNow RegCleaner Std
2007-12-30 21:43 --------- d-----w C:\Program Files\Shareaza
2007-12-30 21:43 --------- d-----w C:\Program Files\QuickTime
2007-12-30 21:43 --------- d-----w C:\Program Files\QuickPar
2007-12-30 21:43 --------- d-----w C:\Program Files\NetWaiting
2007-12-30 21:43 --------- d-----w C:\Program Files\MSN Messenger
2007-12-30 21:43 --------- d-----w C:\Program Files\Modem Helper
2007-12-30 21:43 --------- d-----w C:\Program Files\Microsoft Works
2007-12-30 21:43 --------- d-----w C:\Program Files\MediaMonkey
2007-12-30 21:43 --------- d-----w C:\Program Files\Media Player Classic
2007-12-30 21:43 --------- d-----w C:\Program Files\LimeWire Plus
2007-12-30 21:43 --------- d-----w C:\Program Files\LimeWire
2007-12-30 21:43 --------- d-----w C:\Program Files\iTunes
2007-12-30 21:43 --------- d-----w C:\Program Files\IrfanView
2007-12-30 21:43 --------- d-----w C:\Program Files\HT Ratings
2007-12-30 21:42 --------- d---a-w C:\Program Files\Classic_0.91.7
2007-12-30 21:42 --------- d-----w C:\Program Files\GrabIt
2007-12-30 21:42 --------- d-----w C:\Program Files\FTDv3.8
2007-12-30 21:42 --------- d-----w C:\Program Files\Filzip
2007-12-30 21:42 --------- d-----w C:\Program Files\DivX
2007-12-30 21:42 --------- d-----w C:\Program Files\Digital Line Detect
2007-12-30 21:42 --------- d-----w C:\Program Files\DIFX
2007-12-30 21:42 --------- d-----w C:\Program Files\AviSynth 2.5
2007-12-30 21:42 --------- d-----w C:\Program Files\avi.NET
2007-12-30 21:42 --------- d-----w C:\Program Files\Apple Software Update
2007-12-30 21:42 --------- d-----w C:\Program Files\Apoint
2007-12-30 21:42 --------- d-----w C:\Documents and Settings\Administrator.RETESTRAK\Application Data\GetRightToGo
2007-12-29 19:47 --------- d-----w C:\Program Files\InterActual
2007-12-29 19:45 --------- d-----w C:\Program Files\Common Files\Real
2007-12-29 19:44 --------- d-----w C:\Program Files\Dell Photo Printer 720
2007-11-23 16:02 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-22 20:13 --------- d-----w C:\Program Files\iMesh Applications
2007-11-22 20:07 --------- d-----w C:\Documents and Settings\Administrator.RETESTRAK\Application Data\LimeWirePlus
2007-11-22 19:10 --------- d-----w C:\Documents and Settings\Administrator.RETESTRAK\Application Data\LimeWire
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 08:38 --------- d-----w C:\Program Files\Java
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 16:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2006-06-06 18:16 47,650 -c--a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_06_06_11_48_33_small.dmp.zip
2006-06-06 18:16 39,017 -c--a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_06_06_11_48_26_small.dmp.zip
2006-05-28 08:41 41,612 -c--a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_05_27_11_53_48_small.dmp.zip
2006-05-28 08:41 41,463 -c--a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_05_27_11_53_14_small.dmp.zip
2006-05-27 09:52 41,172 -c--a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_05_26_07_23_10_small.dmp.zip
2006-05-27 09:52 35,313 -c--a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_05_26_07_23_04_small.dmp.zip
2006-04-04 07:47 48,671 -c--a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_04_03_18_16_33_small.dmp.zip
2006-04-04 07:47 39,190 -c--a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_04_03_18_16_24_small.dmp.zip
2006-03-28 08:05 12,877,944 -c--a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_03_28_09_43_15_full.dmp.zip
2006-03-28 08:04 38,122 -c--a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_03_28_09_42_51_small.dmp.zip
2005-11-04 18:36 11,333 -c--a-w C:\Program Files\Catan install.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-15 15:02]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 18:40]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-28 14:31]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 13:13]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-15 15:02]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2007-07-30 17:19:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe /automount

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2004-07-30 11:04 245760 --a--c--- C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-10-30 09:36 256576 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

R2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [2003-11-13 12:29]
R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 21:28]
S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys
S3 noskrnl.sys;noskrnl.sys;C:\WINDOWS\system32\noskrnl.sys
S3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 12:52]
S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-07-30 02:55]

.
Contents of the 'Scheduled Tasks' folder
"2007-08-08 13:31:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 14:27:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-01 14:30:21
.
2007-12-30 22:47:37 --- E O F ---

Download de bijlage: CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.
Post ook een nieuw logje van Hijackthis en vertel of je nog problemen ondervindt

Bedankt voor de reactie. Heb eea uitgevoerd, hierbij de logs:

ComboFix:

ComboFix 07-12-30.1 - Administrator 2008-01-03 7:14:40.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.49 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator.RETESTRAK\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator.RETESTRAK\Desktop\cfscript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\DRIVERS\COMFiltr.sys
C:\WINDOWS\system32\noskrnl.sys
.

((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.

2008-01-01 16:55 . 2008-01-01 16:55 7,296 --a------ C:\WINDOWS\DellBIOS.Sys
2007-12-31 10:35 . 2007-12-31 10:35 <DIR> d-------- C:\Documents and Settings\Administrator.RETESTRAK\DoctorWeb
2007-12-28 14:35 . 2007-12-31 09:36 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-12-28 14:27 . 2007-12-28 14:27 <DIR> d-------- C:\Program Files\Avira
2007-12-28 14:27 . 2007-12-28 14:27 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2007-12-25 10:21 . 2007-12-25 10:21 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-12-23 12:05 . 2007-12-23 12:05 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intel
2007-12-16 09:20 . 2004-08-03 22:58 207,360 --a------ C:\WINDOWS\system32\drivers\Dot4.sys
2007-12-16 09:20 . 2001-08-17 13:47 23,808 --a------ C:\WINDOWS\system32\drivers\Dot4usb.sys
2007-12-16 09:20 . 2001-08-17 13:47 12,928 --a------ C:\WINDOWS\system32\drivers\Dot4Prt.sys
2007-12-07 19:01 . 2007-12-07 19:03 <DIR> d-------- C:\Program Files\Belastingdienst

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 20:24 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-30 21:43 --------- d-----w C:\Program Files\Xvid
2007-12-30 21:43 --------- d-----w C:\Program Files\TweakNow RegCleaner Std
2007-12-30 21:43 --------- d-----w C:\Program Files\Shareaza
2007-12-30 21:43 --------- d-----w C:\Program Files\QuickTime
2007-12-30 21:43 --------- d-----w C:\Program Files\QuickPar
2007-12-30 21:43 --------- d-----w C:\Program Files\NetWaiting
2007-12-30 21:43 --------- d-----w C:\Program Files\MSN Messenger
2007-12-30 21:43 --------- d-----w C:\Program Files\Modem Helper
2007-12-30 21:43 --------- d-----w C:\Program Files\Microsoft Works
2007-12-30 21:43 --------- d-----w C:\Program Files\MediaMonkey
2007-12-30 21:43 --------- d-----w C:\Program Files\Media Player Classic
2007-12-30 21:43 --------- d-----w C:\Program Files\LimeWire Plus
2007-12-30 21:43 --------- d-----w C:\Program Files\LimeWire
2007-12-30 21:43 --------- d-----w C:\Program Files\iTunes
2007-12-30 21:43 --------- d-----w C:\Program Files\IrfanView
2007-12-30 21:43 --------- d-----w C:\Program Files\HT Ratings
2007-12-30 21:42 --------- d---a-w C:\Program Files\Classic_0.91.7
2007-12-30 21:42 --------- d-----w C:\Program Files\GrabIt
2007-12-30 21:42 --------- d-----w C:\Program Files\FTDv3.8
2007-12-30 21:42 --------- d-----w C:\Program Files\Filzip
2007-12-30 21:42 --------- d-----w C:\Program Files\DivX
2007-12-30 21:42 --------- d-----w C:\Program Files\Digital Line Detect
2007-12-30 21:42 --------- d-----w C:\Program Files\DIFX
2007-12-30 21:42 --------- d-----w C:\Program Files\AviSynth 2.5
2007-12-30 21:42 --------- d-----w C:\Program Files\avi.NET
2007-12-30 21:42 --------- d-----w C:\Program Files\Apple Software Update
2007-12-30 21:42 --------- d-----w C:\Program Files\Apoint
2007-12-30 21:42 --------- d-----w C:\Documents and Settings\Administrator.RETESTRAK\Application Data\GetRightToGo
2007-12-29 19:47 --------- d-----w C:\Program Files\InterActual
2007-12-29 19:45 --------- d-----w C:\Program Files\Common Files\Real
2007-12-29 19:44 --------- d-----w C:\Program Files\Dell Photo Printer 720
2007-11-23 16:02 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-22 20:13 --------- d-----w C:\Program Files\iMesh Applications
2007-11-22 20:07 --------- d-----w C:\Documents and Settings\Administrator.RETESTRAK\Application Data\LimeWirePlus
2007-11-22 19:10 --------- d-----w C:\Documents and Settings\Administrator.RETESTRAK\Application Data\LimeWire
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 08:38 --------- d-----w C:\Program Files\Java
2006-06-06 18:16 47,650 -c--a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_06_06_11_48_33_small.dmp.zip
2006-06-06 18:16 39,017 -c--a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_06_06_11_48_26_small.dmp.zip
2006-05-28 08:41 41,612 -c--a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_05_27_11_53_48_small.dmp.zip
2006-05-28 08:41 41,463 -c--a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_05_27_11_53_14_small.dmp.zip
2006-05-27 09:52 41,172 -c--a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_05_26_07_23_10_small.dmp.zip
2006-05-27 09:52 35,313 -c--a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_05_26_07_23_04_small.dmp.zip
2006-04-04 07:47 48,671 -c--a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_04_03_18_16_33_small.dmp.zip
2006-04-04 07:47 39,190 -c--a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_04_03_18_16_24_small.dmp.zip
2006-03-28 08:05 12,877,944 -c--a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_03_28_09_43_15_full.dmp.zip
2006-03-28 08:04 38,122 -c--a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_03_28_09_42_51_small.dmp.zip
2005-11-04 18:36 11,333 -c--a-w C:\Program Files\Catan install.txt
.

((((((((((((((((((((((((((((( [email protected]_14.27.48.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-01-01 20:24:53 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1043-7B44-A81000000003}\SC_Reader.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-15 15:02]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 18:40]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-28 14:31]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 13:13]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-15 15:02]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2007-07-30 17:19:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe /automount

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2004-07-30 11:04 245760 --a--c--- C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-10-30 09:36 256576 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

R2 DellBIOS;DellBIOS;C:\WINDOWS\DellBIOS.Sys [2008-01-01 16:55]
R2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [2003-11-13 12:29]
R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 21:28]
S3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 12:52]
S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-07-30 02:55]

.
Contents of the 'Scheduled Tasks' folder
"2007-08-08 13:31:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 07:25:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-03 7:28:36 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-03 06:28:05
C:\qoobox\ComboFix2.txt 2008-01-01 13:30:32
.
2007-12-30 22:47:37 --- E O F ---

Heb 3x melding gehad dat AntiVer bestand _install.exe heeft gevonden. Heb ze laten deleten.

Hierbij Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:33, on 3-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator.RETESTRAK\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153843661437
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5367 bytes


Alvast bedankt voor verdere hulp (hoop eigenlijk dat het niet nodig is :-) )

Ik hoop dat het gewoon restanten zijn die gevonden worden.

Verwijder de volgende map:
C:\Qoobox

Maak dan je prullenbak leeg.

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Ga naar Start - Uitvoeren en geef hier het volgende in:
Combofix /U
Druk daarna op OK.
Let op: Er moet een spatie tussen Combofix en /U zitten.

Dit zal Combofix deïnstalleren.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Wordt er daarna nog wat gevonden?

Bedankt voor alle tips.

Het lijkt nu dat alles weg is. Geen meldingen meer.

Vriendelijke groet,

Arjan Tiemens

Graag gedaan hoor