Open hijackthis, klik 'config' (rechts onderaan)
Kies de tab 'misc Tools' bovenaan.
Kies 'delete a file on reboot'
In het veld, kopieer en plak het volgend lijntje:

C:\WINDOWS\system32\witiitpk.exe

Klik open.
Hijackthis zal je zeggen dat dit bestand zal verwijderen worden na volgende reboot en of je nu wilt rebooten.
Klik ja/ok

Je pc zal nu rebooten.

Download VirtumundoBegone (mirror)
Sla dit op op je bureaublad.

Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
Als de fix klaar is, start je de pc opnieuw op.
Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.


Download: RVAXO.exe

• Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
• Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
  Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
• Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
  
• Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
  Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
• Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
• Post de inhoud van de logfile in je volgende bericht.

Download Combofix naar je Bureaublad.
Dubbelklik op Combofix.exe
Kies voor "Continue" door 1 te typen gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

VBG-log

Goedemorgen Smeenk,

Hier mijn VB-log alvast:

[12/31/2007, 10:47:10] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Fam. Ferwerda\Mijn documenten\VirtumundoBeGone.exe" )
[12/31/2007, 10:47:21] - Detected System Information:
[12/31/2007, 10:47:21] - Windows Version: 5.1.2600, Service Pack 2
[12/31/2007, 10:47:21] - Current Username: Fam. Ferwerda (Admin)
[12/31/2007, 10:47:21] - Windows is in NORMAL mode.
[12/31/2007, 10:47:21] - Searching for Browser Helper Objects:
[12/31/2007, 10:47:21] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
[12/31/2007, 10:47:21] - BHO 2: {4011a12d-85a2-429b-92f0-c44a98f7f5d1} ()
[12/31/2007, 10:47:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/31/2007, 10:47:21] - Checking for HKLM\...\Winlogon\Notify\exyisjjq
[12/31/2007, 10:47:21] - Key not found: HKLM\...\Winlogon\Notify\exyisjjq, continuing.
[12/31/2007, 10:47:21] - BHO 3: {409E6631-E727-42BA-A2D4-73E3254168A3} ()
[12/31/2007, 10:47:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/31/2007, 10:47:21] - Checking for HKLM\...\Winlogon\Notify\awvst
[12/31/2007, 10:47:21] - Key not found: HKLM\...\Winlogon\Notify\awvst, continuing.
[12/31/2007, 10:47:21] - BHO 4: {4dfbea32-91ac-423c-97a2-0aa3ce25d745} ()
[12/31/2007, 10:47:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/31/2007, 10:47:21] - No filename found. Continuing.
[12/31/2007, 10:47:21] - BHO 5: {6607C683-AE7C-11D4-ACD7-0050DAC291A2} ()
[12/31/2007, 10:47:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/31/2007, 10:47:21] - No filename found. Continuing.
[12/31/2007, 10:47:21] - BHO 6: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[12/31/2007, 10:47:21] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/31/2007, 10:47:21] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[12/31/2007, 10:47:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/31/2007, 10:47:21] - No filename found. Continuing.
[12/31/2007, 10:47:21] - BHO 9: {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} ()
[12/31/2007, 10:47:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/31/2007, 10:47:21] - Checking for HKLM\...\Winlogon\Notify\ddcabcb
[12/31/2007, 10:47:21] - Found: HKLM\...\Winlogon\Notify\ddcabcb - This is probably Virtumundo.
[12/31/2007, 10:47:21] - Assigning {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} MSEvents Object
[12/31/2007, 10:47:21] - BHO list has been changed! Starting over...
[12/31/2007, 10:47:21] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
[12/31/2007, 10:47:21] - BHO 2: {4011a12d-85a2-429b-92f0-c44a98f7f5d1} ()
[12/31/2007, 10:47:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/31/2007, 10:47:22] - Checking for HKLM\...\Winlogon\Notify\exyisjjq
[12/31/2007, 10:47:22] - Key not found: HKLM\...\Winlogon\Notify\exyisjjq, continuing.
[12/31/2007, 10:47:22] - BHO 3: {409E6631-E727-42BA-A2D4-73E3254168A3} ()
[12/31/2007, 10:47:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/31/2007, 10:47:22] - Checking for HKLM\...\Winlogon\Notify\awvst
[12/31/2007, 10:47:22] - Key not found: HKLM\...\Winlogon\Notify\awvst, continuing.
[12/31/2007, 10:47:22] - BHO 4: {4dfbea32-91ac-423c-97a2-0aa3ce25d745} ()
[12/31/2007, 10:47:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/31/2007, 10:47:22] - No filename found. Continuing.
[12/31/2007, 10:47:22] - BHO 5: {6607C683-AE7C-11D4-ACD7-0050DAC291A2} ()
[12/31/2007, 10:47:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/31/2007, 10:47:22] - No filename found. Continuing.
[12/31/2007, 10:47:22] - BHO 6: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[12/31/2007, 10:47:22] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/31/2007, 10:47:22] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[12/31/2007, 10:47:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/31/2007, 10:47:22] - No filename found. Continuing.
[12/31/2007, 10:47:22] - BHO 9: {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} (MSEvents Object)
[12/31/2007, 10:47:22] - ALERT: Found MSEvents Object!
[12/31/2007, 10:47:22] - BHO 10: {A7C761A9-819B-4131-9B16-91799CE57E4E} ()
[12/31/2007, 10:47:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/31/2007, 10:47:22] - No filename found. Continuing.
[12/31/2007, 10:47:22] - Finished Searching Browser Helper Objects
[12/31/2007, 10:47:22] - *** Detected MSEvents Object
[12/31/2007, 10:47:22] - Trying to remove MSEvents Object...
[12/31/2007, 10:47:23] - Terminating Process: IEXPLORE.EXE
[12/31/2007, 10:47:24] - Terminating Process: RUNDLL32.EXE
[12/31/2007, 10:47:24] - Disabling Automatic Shell Restart
[12/31/2007, 10:47:24] - Terminating Process: EXPLORER.EXE
[12/31/2007, 10:47:24] - Suspending the NT Session Manager System Service
[12/31/2007, 10:47:25] - Terminating Windows NT Logon/Logoff Manager
[12/31/2007, 10:47:25] - Re-enabling Automatic Shell Restart
[12/31/2007, 10:47:25] - File to disable: C:\WINDOWS\system32\ddcabcb.dll
[12/31/2007, 10:47:25] - Renaming C:\WINDOWS\system32\ddcabcb.dll -> C:\WINDOWS\system32\ddcabcb.dll.vir
[12/31/2007, 10:47:25] - File successfully renamed!
[12/31/2007, 10:47:25] - Removing HKLM\...\Browser Helper Objects\{8E3FBDE2-7DBD-4040-85D9-29BBC559C129}
[12/31/2007, 10:47:25] - Removing HKCR\CLSID\{8E3FBDE2-7DBD-4040-85D9-29BBC559C129}
[12/31/2007, 10:47:25] - Adding Kill Bit for ActiveX for GUID: {8E3FBDE2-7DBD-4040-85D9-29BBC559C129}
[12/31/2007, 10:47:25] - Deleting ATLEvents/MSEvents Registry entries
[12/31/2007, 10:47:25] - Removing HKLM\...\Winlogon\Notify\ddcabcb
[12/31/2007, 10:47:26] - Searching for Browser Helper Objects:
[12/31/2007, 10:47:26] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
[12/31/2007, 10:47:26] - BHO 2: {4011a12d-85a2-429b-92f0-c44a98f7f5d1} ()
[12/31/2007, 10:47:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/31/2007, 10:47:26] - Checking for HKLM\...\Winlogon\Notify\exyisjjq
[12/31/2007, 10:47:26] - Key not found: HKLM\...\Winlogon\Notify\exyisjjq, continuing.
[12/31/2007, 10:47:26] - BHO 3: {409E6631-E727-42BA-A2D4-73E3254168A3} ()
[12/31/2007, 10:47:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/31/2007, 10:47:26] - Checking for HKLM\...\Winlogon\Notify\awvst
[12/31/2007, 10:47:26] - Key not found: HKLM\...\Winlogon\Notify\awvst, continuing.
[12/31/2007, 10:47:26] - BHO 4: {4dfbea32-91ac-423c-97a2-0aa3ce25d745} ()
[12/31/2007, 10:47:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/31/2007, 10:47:26] - No filename found. Continuing.
[12/31/2007, 10:47:26] - BHO 5: {6607C683-AE7C-11D4-ACD7-0050DAC291A2} ()
[12/31/2007, 10:47:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/31/2007, 10:47:26] - No filename found. Continuing.
[12/31/2007, 10:47:26] - BHO 6: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[12/31/2007, 10:47:26] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/31/2007, 10:47:26] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[12/31/2007, 10:47:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/31/2007, 10:47:26] - No filename found. Continuing.
[12/31/2007, 10:47:26] - BHO 9: {A7C761A9-819B-4131-9B16-91799CE57E4E} ()
[12/31/2007, 10:47:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/31/2007, 10:47:26] - No filename found. Continuing.
[12/31/2007, 10:47:26] - Finished Searching Browser Helper Objects
[12/31/2007, 10:47:26] - Finishing up...
[12/31/2007, 10:47:26] - A restart is needed.
[12/31/2007, 10:47:35] - Attempting to Restart via STOP error (Blue Screen!)


M.v.g. Ingrid

Smeenk, nog even dit:

Kan het lijntje "C:\WINDOWS\system32\witiitpk.exe" niet plaatsen in Hijack?! Druk op "delete a file on reboot" maar dan sluit Hijack zich af?!

RVAXO-log

Hoi Smeenk, ben ik weer. Zo dadelijk ga ik je laatste tip uitvoeren van je reactie.

----------------RVAXO.exe first run-------------

Files found:

C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\b122.exe
C:\WINDOWS\Fonts\a.zip
C:\n.bat
C:\winlogon.exe
C:\z.dat
C:\x.dat

Uninstallers Rogue scanners:


Folders Found:

C:\Documents and Settings\All Users\Application Data\SalesMonitor

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------

Files found:

C:\Documents and Settings\Fam. Ferwerda\Mijn documenten\Mijn ontvangen bestanden\AnyDVD3611Wregcrack.zip
C:\Documents and Settings\Fam. Ferwerda\Mijn documenten\Mijn ontvangen bestanden\KEYGEN.zip
C:\Documents and Settings\Fam. Ferwerda\Mijn documenten\Mijn ontvangen bestanden\Nero_Burning_ROM_v6[1].0.0.15_Ultra_Edition_by_Alienz.zip
C:\Documents and Settings\Fam. Ferwerda\Mijn documenten\Mijn ontvangen bestanden\Pinnacle_Studio_10_plus_(Serial).zip
C:\Documents and Settings\Fam. Ferwerda\Mijn documenten\Mijn ontvangen bestanden\Ulead CD & DVD PictureShow 4.zip
Folders Found:

--------------RVAXO.exe finished----------------

Groeten, Ingrid.

Combifix-log

Hoi Smeenk,


Ben zeer benieuwd of dit wat oplevert. Alvast hartelijk dank voor deze tips.

Groeten, Ingrid




ComboFix 07-12-31.4 - Fam. Ferwerda 2007-12-31 11:12:11.1 - NTFSx86

Gestart vanuit: C:\Documents and Settings\Fam. Ferwerda\Bureaublad\ComboFix.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files.\netpe32.inf
C:\WINDOWS\system32\acapjbfs.ini
C:\WINDOWS\system32\ahmksqpo.ini
C:\WINDOWS\system32\awvst.dll
C:\WINDOWS\system32\bkbkfkqi.dll
C:\WINDOWS\system32\bljbnceh.ini
C:\WINDOWS\system32\bsgkvwon.ini
C:\WINDOWS\system32\cegkjcrp.ini
C:\WINDOWS\system32\chnqgans.ini
C:\WINDOWS\system32\epniwjqh.dll
C:\WINDOWS\system32\ettkopqx.ini
C:\WINDOWS\system32\exyisjjq.dll
C:\WINDOWS\system32\felofhyg.ini
C:\WINDOWS\system32\fuljorth.dll
C:\WINDOWS\system32\gebxwxw.dll
C:\WINDOWS\system32\gincwooj.dll
C:\WINDOWS\system32\glmsrfpv.exe
C:\WINDOWS\system32\gyhfolef.dll
C:\WINDOWS\system32\hecnbjlb.dll
C:\WINDOWS\system32\hkryomdq.ini
C:\WINDOWS\system32\hktklusy.exe
C:\WINDOWS\system32\hotppcdy.exe
C:\WINDOWS\system32\hqjwinpe.ini
C:\WINDOWS\system32\hydwxtfg.exe
C:\WINDOWS\system32\ikexnpqv.dll
C:\WINDOWS\system32\iqcudfst.dll
C:\WINDOWS\system32\jbpwcpoi.exe
C:\WINDOWS\system32\jfmcjwjk.dll
C:\WINDOWS\system32\jmgyvbsq.exe
C:\WINDOWS\system32\jxdjtopq.dll
C:\WINDOWS\system32\karyslbj.dll
C:\WINDOWS\system32\kjwjcmfj.ini
C:\WINDOWS\system32\lplvcxen.ini
C:\WINDOWS\system32\lrkphkwq.dll
C:\WINDOWS\system32\ltskthbh.dll
C:\WINDOWS\system32\mcdawqqh.exe
C:\WINDOWS\system32\miyawwxf.dll
C:\WINDOWS\system32\mljhgec.dll
C:\WINDOWS\system32\nnnkkhe.dll
C:\WINDOWS\system32\nnnllif.dll
C:\WINDOWS\system32\oarrivcq.ini
C:\WINDOWS\system32\pmnkkjh.dll
C:\WINDOWS\system32\pmnmkii.dll
C:\WINDOWS\system32\pmnomjj.dll
C:\WINDOWS\system32\pmnopmm.dll
C:\WINDOWS\system32\pqgnyila.exe
C:\WINDOWS\system32\qcvirrao.dll
C:\WINDOWS\system32\qidxqppn.dll
C:\WINDOWS\system32\qlxncewj.dll
C:\WINDOWS\system32\rhmudsef.exe
C:\WINDOWS\system32\rilkfvhl.exe
C:\WINDOWS\system32\rnaxvcid.dll
C:\WINDOWS\system32\rxxdukcw.ini
C:\WINDOWS\system32\scyyhlcj.ini
C:\WINDOWS\system32\sexoidgf.exe
C:\WINDOWS\system32\sfbjpaca.dll
C:\WINDOWS\system32\snagqnhc.dll
C:\WINDOWS\system32\sqjcqhsd.exe
C:\WINDOWS\system32\ssqppno.dll
C:\WINDOWS\system32\ssqppqq.dll
C:\WINDOWS\system32\tsfducqi.ini
C:\WINDOWS\system32\tsvwa.ini
C:\WINDOWS\system32\tsvwa.ini2
C:\WINDOWS\system32\tuvutuv.dll
C:\WINDOWS\system32\ubvrnjyy.exe
C:\WINDOWS\system32\udpokrrd.dll
C:\WINDOWS\system32\uninstall.exe
C:\WINDOWS\system32\upgbjppm.dll
C:\WINDOWS\system32\urqqrrs.dll
C:\WINDOWS\system32\uwiyctrn.dll
C:\WINDOWS\system32\vhgoiyyw.dll
C:\WINDOWS\system32\vqpnxeki.ini
C:\WINDOWS\system32\vtutuvu.dll
C:\WINDOWS\system32\wckudxxr.dll
C:\WINDOWS\system32\witiitpk.exe
C:\WINDOWS\system32\wjrkglof.exe
C:\WINDOWS\system32\wrodwdro.dll
C:\WINDOWS\system32\wsocvmhl.dll
C:\WINDOWS\system32\wugjuhyn.ini
C:\WINDOWS\system32\wvutqqn.dll
C:\WINDOWS\system32\wymyshxl.exe
C:\WINDOWS\system32\xvoqtigw.dll
C:\WINDOWS\system32\yaywwtt.dll
C:\WINDOWS\system32\ykjqcepe.dll
C:\WINDOWS\system32\ynglpayb.exe
C:\WINDOWS\system32\yvdvnqat.exe
C:\WINDOWS\Fonts\'

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\nm


(((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-31 ))))))))))))))))))))))))))))))
.

2007-12-31 11:10 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-31 11:03 . 2007-12-31 11:04 <DIR> d-------- C:\RVAXO
2007-12-31 10:59 . 2007-12-30 23:22 580,216 --a------ C:\WINDOWS\system32\RVAXO.bat
2007-12-31 10:59 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2007-12-30 18:51 . 2007-12-30 19:59 <DIR> dr-h----- C:\Documents and Settings\Fam. Ferwerda\Onlangs geopend
2007-12-29 16:00 . 2007-12-29 16:03 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-12-29 14:39 . 2007-12-30 15:27 1,031,739 ---hs---- C:\WINDOWS\system32\bocsfgpe.ini
2007-12-29 12:25 . 2007-12-29 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-28 14:20 . 2007-12-29 14:34 1,031,379 ---hs---- C:\WINDOWS\system32\olpnrlqd.ini
2007-12-24 17:46 . 2007-12-26 14:16 1,025,300 ---hs---- C:\WINDOWS\system32\eobqcphk.ini
2007-12-24 12:04 . 2007-12-24 12:04 <DIR> d-------- C:\tmp
2007-12-24 12:04 . 2007-12-24 12:04 <DIR> d-------- C:\SibFiles
2007-12-24 12:04 . 2007-12-24 12:04 <DIR> d-------- C:\MIJN FILM 2 00C101D2
2007-12-24 12:04 . 2007-12-24 12:04 <DIR> d-------- C:\AuxFiles
2007-12-19 20:13 . 2007-12-19 20:13 <DIR> d-------- C:\Program Files\Common Files\Ankiro
2007-12-19 20:12 . 2007-12-31 11:23 <DIR> d-------- C:\Program Files\SPAMfighter
2007-12-19 20:12 . 2007-12-19 20:12 <DIR> d-------- C:\Program Files\Common Files\Application
2007-12-15 17:07 . 2007-12-15 17:07 <DIR> d-------- C:\Documents and Settings\Fam. Ferwerda\Application Data\Thinstall
2007-12-14 10:03 . 2007-12-14 10:03 <DIR> d-------- C:\Program Files\Microsoft Works
2007-12-10 21:12 . 2007-12-21 09:04 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-12-07 13:24 . 2007-12-07 13:24 147,456 --------- C:\WINDOWS\system32\vbzip10.dll_tobedeleted_old
2007-12-07 13:19 . 2007-12-29 12:41 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-05 18:40 . 2006-09-15 13:36 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2007-12-05 18:40 . 2006-09-15 13:36 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2007-12-03 16:17 . 2005-07-12 14:25 401,408 --a------ C:\WINDOWS\system32\pvmjpg30.dll
2007-12-03 16:16 . 2004-03-03 12:50 1,013,248 --------- C:\WINDOWS\system32\Ltwvc13n.dll
2007-12-03 16:16 . 2004-03-03 12:50 884,736 --------- C:\WINDOWS\system32\LMUIRes.dll
2007-12-03 16:16 . 2004-03-03 12:50 12,288 --------- C:\WINDOWS\system32\LMLRes.dll
2007-12-03 16:01 . 2004-02-24 13:04 41,219 --a------ C:\WINDOWS\RSETPATH.exe
2007-11-29 17:49 . 2007-12-10 13:06 <DIR> d-------- C:\Program Files\Opinionbar
2007-11-27 20:36 . 2001-03-05 11:15 61,598 --a------ C:\WINDOWS\system32\E_SL2352.DLL
2007-11-27 20:36 . 2000-06-07 02:01 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2007-11-27 20:36 . 2000-06-26 03:20 32,768 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2007-11-27 20:36 . 2000-09-14 03:03 145 --a------ C:\WINDOWS\system32\EBPPORT.DAT
2007-11-26 20:11 . 2007-11-26 20:11 <DIR> d-------- C:\Documents and Settings\Fam. Ferwerda\Application Data\Leadertech
2007-11-22 22:10 . 2007-11-22 22:10 <DIR> d-------- C:\Documents and Settings\Fam. Ferwerda\Application Data\AdobeAUM
2007-11-20 19:32 . 2002-12-17 17:23 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll
2007-11-20 19:32 . 2002-10-20 15:05 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll
2007-11-20 19:31 . 2007-11-20 19:31 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-11-20 19:30 . 2007-11-20 19:30 <DIR> d-------- C:\WINDOWS\Cache
2007-11-20 19:30 . 2003-03-19 04:04 765,952 --------- C:\WINDOWS\system32\msvcp71d.dll
2007-11-20 19:30 . 2003-03-19 04:03 544,768 --------- C:\WINDOWS\system32\msvcr71d.dll
2007-11-20 19:19 . 2007-11-20 19:19 <DIR> d-------- C:\Program Files\SmartSound Software
2007-11-20 19:19 . 2007-12-23 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2007-11-20 18:56 . 2007-11-20 18:56 <DIR> d-------- C:\Program Files\CCleaner
2007-11-18 13:39 . 2007-12-26 14:42 1,290 --a------ C:\WINDOWS\VFO.INI
2007-11-18 13:38 . 2005-06-02 19:28 171,008 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
2007-11-18 13:29 . 2007-11-18 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2007-11-02 17:16 . 2007-11-02 17:17 <DIR> d-------- C:\Documents and Settings\Fam. Ferwerda\Application Data\IE7Pro

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 18:04 --------- d-----w C:\Program Files\Java
2007-12-29 17:48 --------- d-----w C:\Program Files\MSN Messenger
2007-12-29 17:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 17:39 --------- d-----w C:\Program Files\Pinnacle
2007-12-14 09:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-11 20:33 --------- d-----w C:\Program Files\Picasa2
2007-12-11 17:56 --------- d-----w C:\Program Files\CyberLink
2007-12-11 17:53 --------- d-----w C:\Program Files\Logitech
2007-12-10 11:46 --------- d-----w C:\Documents and Settings\Fam. Ferwerda\Application Data\Lavasoft
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-24 08:31 --------- d-----w C:\Program Files\DesignPro
2007-11-19 13:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-18 13:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-02-28 17:39 92,064 -c--a-w C:\Documents and Settings\Fam. Ferwerda\mqdmmdm.sys
2007-02-28 17:39 9,232 -c--a-w C:\Documents and Settings\Fam. Ferwerda\mqdmmdfl.sys
2007-02-28 17:39 79,328 -c--a-w C:\Documents and Settings\Fam. Ferwerda\mqdmserd.sys
2007-02-28 17:39 66,656 ----a-w C:\Documents and Settings\Fam. Ferwerda\mqdmbus.sys
2007-02-28 17:39 6,208 -c--a-w C:\Documents and Settings\Fam. Ferwerda\mqdmcmnt.sys
2007-02-28 17:39 5,936 -c--a-w C:\Documents and Settings\Fam. Ferwerda\mqdmwhnt.sys
2007-02-28 17:39 4,048 ----a-w C:\Documents and Settings\Fam. Ferwerda\mqdmcr.sys
2007-02-28 17:39 25,600 -c--a-w C:\Documents and Settings\Fam. Ferwerda\usbsermptxp.sys
2007-02-28 17:39 22,768 -c--a-w C:\Documents and Settings\Fam. Ferwerda\usbsermpt.sys
2005-12-04 15:22 526 -c--a-w C:\Program Files\Snelkoppeling naar mobile PhoneTools.lnk
2003-06-07 12:56 87,920 -c--a-w C:\Documents and Settings\Fam. Ferwerda\Application Data\GDIPFONTCACHEV1.DAT
2007-01-01 19:49 56 -csh--r C:\WINDOWS\system32\3C0DB58E21.sys
2007-01-01 19:49 5,018 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 09:46 196608]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\nbj.exe" [2005-10-11 17:25 1961984]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-15 10:42 4112384]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-12-14 09:55 308880]
"nwiz"="nwiz.exe" [2004-07-15 10:42 843776 C:\WINDOWS\system32\nwiz.exe]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 01:26 406016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="C:\WINDOWS\System32\msiexec.exe" [2005-03-21 14:00 78848]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2005-12-26 09:54:15]
VAIO Action Setup (Server).lnk - C:\Program Files\Sony\VAIO Action Setup\VAServ.exe [2003-01-18 20:26:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkjhh]
jkkkjhh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7c53a30f]
rundll32.exe C:\WINDOWS\system32\wckudxxr.dll,b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
C:\Program Files\BearShare\BearShare.exe /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
\Program\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2004-06-01 10:09 458752 --------- C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2004-06-01 10:03 217088 --------- C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MusicMatch\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 --a--c--- C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
2002-11-04 10:40 32768 --a--c--- C:\PROGRA~1\Pinnacle\PPE\ppe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSDrvCheck]
c:\program files\pinnacle\edition 5\program\PSDrvCheck.exe -CheckReg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Virtuele Katja]


.
Inhoud van de 'Gedeelde Taken' map
"2005-02-25 21:00:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
"2005-04-28 16:01:51 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 11:23:54
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2007-12-31 11:30:26 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 10:30:23
.
2007-12-12 11:10:58 --- E O F ---

Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
Dit zal alles van RVAXO doen verwijderen.

Download de bijlage: CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.

Post ook een nieuw logje van Hijackthis en vertel ook of er nog problemen zijn.

Nieuwe combifix- en hijack log

ComboFix 07-12-31.4 - Fam. Ferwerda 2007-12-31 13:58:20.2 - NTFSx86

Gestart vanuit: C:\Documents and Settings\Fam. Ferwerda\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Fam. Ferwerda\Bureaublad\cfscript.txt

FILE
C:\WINDOWS\system32\bocsfgpe.ini
C:\WINDOWS\system32\eobqcphk.ini
C:\WINDOWS\system32\olpnrlqd.ini
C:\WINDOWS\system32\vbzip10.dll_tobedeleted_old
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bocsfgpe.ini
C:\WINDOWS\system32\eobqcphk.ini
C:\WINDOWS\system32\olpnrlqd.ini
C:\WINDOWS\system32\vbzip10.dll_tobedeleted_old

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-31 ))))))))))))))))))))))))))))))
.

2007-12-31 11:10 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-30 18:51 . 2007-12-31 13:57 <DIR> dr-h----- C:\Documents and Settings\Fam. Ferwerda\Onlangs geopend
2007-12-29 16:00 . 2007-12-29 16:03 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-12-29 12:25 . 2007-12-29 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-24 12:04 . 2007-12-24 12:04 <DIR> d-------- C:\tmp
2007-12-24 12:04 . 2007-12-24 12:04 <DIR> d-------- C:\SibFiles
2007-12-24 12:04 . 2007-12-24 12:04 <DIR> d-------- C:\MIJN FILM 2 00C101D2
2007-12-24 12:04 . 2007-12-24 12:04 <DIR> d-------- C:\AuxFiles
2007-12-19 20:13 . 2007-12-19 20:13 <DIR> d-------- C:\Program Files\Common Files\Ankiro
2007-12-19 20:12 . 2007-12-31 11:25 <DIR> d-------- C:\Program Files\SPAMfighter
2007-12-19 20:12 . 2007-12-19 20:12 <DIR> d-------- C:\Program Files\Common Files\Application
2007-12-15 17:07 . 2007-12-15 17:07 <DIR> d-------- C:\Documents and Settings\Fam. Ferwerda\Application Data\Thinstall
2007-12-14 10:03 . 2007-12-14 10:03 <DIR> d-------- C:\Program Files\Microsoft Works
2007-12-10 21:12 . 2007-12-21 09:04 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-12-07 13:19 . 2007-12-29 12:41 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-05 18:40 . 2006-09-15 13:36 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2007-12-05 18:40 . 2006-09-15 13:36 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2007-12-03 16:17 . 2005-07-12 14:25 401,408 --a------ C:\WINDOWS\system32\pvmjpg30.dll
2007-12-03 16:16 . 2004-03-03 12:50 1,013,248 --------- C:\WINDOWS\system32\Ltwvc13n.dll
2007-12-03 16:16 . 2004-03-03 12:50 884,736 --------- C:\WINDOWS\system32\LMUIRes.dll
2007-12-03 16:16 . 2004-03-03 12:50 12,288 --------- C:\WINDOWS\system32\LMLRes.dll
2007-12-03 16:01 . 2004-02-24 13:04 41,219 --a------ C:\WINDOWS\RSETPATH.exe
2007-11-29 17:49 . 2007-12-10 13:06 <DIR> d-------- C:\Program Files\Opinionbar
2007-11-27 20:36 . 2001-03-05 11:15 61,598 --a------ C:\WINDOWS\system32\E_SL2352.DLL
2007-11-27 20:36 . 2000-06-07 02:01 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2007-11-27 20:36 . 2000-06-26 03:20 32,768 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2007-11-27 20:36 . 2000-09-14 03:03 145 --a------ C:\WINDOWS\system32\EBPPORT.DAT
2007-11-26 20:11 . 2007-11-26 20:11 <DIR> d-------- C:\Documents and Settings\Fam. Ferwerda\Application Data\Leadertech
2007-11-22 22:10 . 2007-11-22 22:10 <DIR> d-------- C:\Documents and Settings\Fam. Ferwerda\Application Data\AdobeAUM
2007-11-20 19:32 . 2002-12-17 17:23 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll
2007-11-20 19:32 . 2002-10-20 15:05 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll
2007-11-20 19:31 . 2007-11-20 19:31 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-11-20 19:30 . 2007-11-20 19:30 <DIR> d-------- C:\WINDOWS\Cache
2007-11-20 19:30 . 2003-03-19 04:04 765,952 --------- C:\WINDOWS\system32\msvcp71d.dll
2007-11-20 19:30 . 2003-03-19 04:03 544,768 --------- C:\WINDOWS\system32\msvcr71d.dll
2007-11-20 19:19 . 2007-11-20 19:19 <DIR> d-------- C:\Program Files\SmartSound Software
2007-11-20 19:19 . 2007-12-23 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2007-11-20 18:56 . 2007-11-20 18:56 <DIR> d-------- C:\Program Files\CCleaner
2007-11-18 13:39 . 2007-12-26 14:42 1,290 --a------ C:\WINDOWS\VFO.INI
2007-11-18 13:38 . 2005-06-02 19:28 171,008 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
2007-11-18 13:29 . 2007-11-18 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2007-11-02 17:16 . 2007-11-02 17:17 <DIR> d-------- C:\Documents and Settings\Fam. Ferwerda\Application Data\IE7Pro

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 18:04 --------- d-----w C:\Program Files\Java
2007-12-29 17:48 --------- d-----w C:\Program Files\MSN Messenger
2007-12-29 17:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 17:39 --------- d-----w C:\Program Files\Pinnacle
2007-12-14 09:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-11 20:33 --------- d-----w C:\Program Files\Picasa2
2007-12-11 17:56 --------- d-----w C:\Program Files\CyberLink
2007-12-11 17:53 --------- d-----w C:\Program Files\Logitech
2007-12-10 11:46 --------- d-----w C:\Documents and Settings\Fam. Ferwerda\Application Data\Lavasoft
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-24 08:31 --------- d-----w C:\Program Files\DesignPro
2007-11-19 13:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-18 13:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-02-28 17:39 92,064 -c--a-w C:\Documents and Settings\Fam. Ferwerda\mqdmmdm.sys
2007-02-28 17:39 9,232 -c--a-w C:\Documents and Settings\Fam. Ferwerda\mqdmmdfl.sys
2007-02-28 17:39 79,328 -c--a-w C:\Documents and Settings\Fam. Ferwerda\mqdmserd.sys
2007-02-28 17:39 66,656 ----a-w C:\Documents and Settings\Fam. Ferwerda\mqdmbus.sys
2007-02-28 17:39 6,208 -c--a-w C:\Documents and Settings\Fam. Ferwerda\mqdmcmnt.sys
2007-02-28 17:39 5,936 -c--a-w C:\Documents and Settings\Fam. Ferwerda\mqdmwhnt.sys
2007-02-28 17:39 4,048 ----a-w C:\Documents and Settings\Fam. Ferwerda\mqdmcr.sys
2007-02-28 17:39 25,600 -c--a-w C:\Documents and Settings\Fam. Ferwerda\usbsermptxp.sys
2007-02-28 17:39 22,768 -c--a-w C:\Documents and Settings\Fam. Ferwerda\usbsermpt.sys
2005-12-04 15:22 526 -c--a-w C:\Program Files\Snelkoppeling naar mobile PhoneTools.lnk
2003-06-07 12:56 87,920 -c--a-w C:\Documents and Settings\Fam. Ferwerda\Application Data\GDIPFONTCACHEV1.DAT
2007-01-01 19:49 56 -csh--r C:\WINDOWS\system32\3C0DB58E21.sys
2007-01-01 19:49 5,018 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 09:46 196608]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\nbj.exe" [2005-10-11 17:25 1961984]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-15 10:42 4112384]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-12-14 09:55 308880]
"nwiz"="nwiz.exe" [2004-07-15 10:42 843776 C:\WINDOWS\system32\nwiz.exe]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 01:26 406016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="C:\WINDOWS\System32\msiexec.exe" [2005-03-21 14:00 78848]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2005-12-26 09:54:15]
VAIO Action Setup (Server).lnk - C:\Program Files\Sony\VAIO Action Setup\VAServ.exe [2003-01-18 20:26:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
\Program\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2004-06-01 10:09 458752 --------- C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2004-06-01 10:03 217088 --------- C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MusicMatch\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 --a--c--- C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
2002-11-04 10:40 32768 --a--c--- C:\PROGRA~1\Pinnacle\PPE\ppe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSDrvCheck]
c:\program files\pinnacle\edition 5\program\PSDrvCheck.exe -CheckReg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Virtuele Katja]


.
Inhoud van de 'Gedeelde Taken' map
"2005-02-25 21:00:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
"2005-04-28 16:01:51 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 13:59:42
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2007-12-31 14:00:51
C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 13:00:09
C:\qoobox\ComboFix2.txt 2007-12-31 10:30:27
.
2007-12-12 11:10:58 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:04:36, on 31-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\LVComsX.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bookmarkpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bookmarkpagina.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1060284298-746137067-2147074707-1004\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (User '?')
O4 - HKUS\S-1-5-21-1060284298-746137067-2147074707-1004\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: Logitech
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://fotoservice.tntpost.nl/TNT/UserControls/Part/Upload/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.nl/clients/uploader_v2.1.0.56.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/dlaccell.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O18 - Protocol: bw+0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: offline-8876480 - {3B702E13-41FE-411E-AC77-93836B746B41} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Venturi2 Client (Venturi2) - Unknown owner - C:\Program Files\Venturi2\Client\ventc.exe (file missing)
O24 - Desktop Component 10: (no name) - http://images.google.com/images?q=tbn:1ddtC9yRRU0J:ictcafe.opweb.nl/4images/data/thumbnails/63/Scania_Betonmixer.jpg
O24 - Desktop Component 2: (no name) - http://www.campersite.nl/particulier/koop1500/1815a.jpg
O24 - Desktop Component 3: (no name) - http://www.joopdekokmotoren.nl/images/trikes1.jpg
O24 - Desktop Component 4: (no name) - http://bilder.mobile.de/images/autos/0/11111111127084986-14255-1066076909.bild
O24 - Desktop Component 5: (no name) - http://www.katjastaartjes.nl/main/images/thumb-07.jpg
O24 - Desktop Component 6: (no name) - http://www.katjastaartjes.nl/main/images/800x600-7.jpg
O24 - Desktop Component 7: (no name) - http://www.katjastaartjes.nl/main/images/08.jpg
O24 - Desktop Component 8: (no name) - http://www.joopdekokmotoren.nl/images/backgr.gif
O24 - Desktop Component 9: (no name) - http://www.htn-trikes.de/gebrfaindex-Dateien/M4110055.JPG

--
End of file - 22385 bytes

Als ik IE opstart zie ik dat deze wordt "aangeboden door @home" terwijl wij geen @home meer hebben sinds 01-10-2007, maar gebruik maken van Hetnet. Hoe veranderen we dit??

Bij het opstarten van de computer (wat overigens zeer traag verloopt) opent steeds een scherm met Logitec mapjes... dit kan ik wel wegklikken op het rode kruisje, maar ik wil &#252;berhaupt niet dat dit tevoorschijn komt?

En bij het opstarten van Outlook (Office 2007) krijg ik een melding dat een invoegtoepassing in de weg zit. Ik heb die op aanraden verwijderd, maar de melding blijft. Klik ik dan op "ok", kan ik gewoon verzenden/ontvangen. Maar... zou het probleem pas verholpen zijn als ik Office 2007 opnieuw installeer?

Eerst deze stappen maar even:

Verwijder de volgende map:
C:\Qoobox

Maak dan je prullenbak leeg.

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Ga naar Start - Uitvoeren en geef hier het volgende in:
Combofix /U
Druk daarna op OK.
Let op: Er moet een spatie tussen Combofix en /U zitten.

Dit zal Combofix deïnstalleren.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Vertel welke problemen zich nu allemaal nog voor doen

Goedemorgen! Gelukkg Nieuwjaar en de beste wensen voor 2008!!
We merken hier al verschil. Het surfen gaat al veel prettiger. Maar de kleine probleempjes doen zich nog voor, dus heb ik toch nog een paar vragen:

1.) Waardoor krijg ik dat scherm van Logitec weg? (Verkenner opent zich en mappen lijst wordt niet weergeven, maar wel 2 mapjes van Logitech.
2.) Wat kan ik doen tegen pop-ups? Ben die reclames op internet beetje zat...
3.) moet ik alle andere dingetjes waarmee ik o.a. een logje heb moeten maken, nog bewaren? (Hijack this, VBG en ATF-cleaner)
4.) Als ik IE opstart zie ik dat deze wordt "aangeboden door @home" terwijl wij geen @home meer hebben sinds 01-10-2007, maar gebruik maken van Hetnet. Hoe veranderen we dit??
5.) Bij het opstarten van Outlook (office 2007) krijg ik altijd een melding dat een invoegtoepassing van motorola phonetools ...... dll in de weg zit. Dan moet ik met de leverancier kontakt opnemen voor evt. updates, of toepassing verwijderen. Gekozen voor het laatste (exact verwijderd van de door de melding aangegeven locatie), maar de melding blijft.
6.) Spybot en Ad-Aware had ik in eerste instantie verwijderd op aanraden van anderen. Maar bij het herinstalleren van Spybot ging het tijdens de scan al mis: de computer gaat dan eng piepen en het contr&#244;lelampje verkleurt van blauw naar rose... (oranje is de kleur van standby). Voor een leek lijkt het of het ding op ontploffen staat of zo.

Heb alle vertrouwen in dit forum... echt super dat er zoiets bestaat dat (wildvreemde) mensen je gewoon for free willen helpen. Mooi hoor. Bedankt! That's the spirit!

Groeten, Ingrid.

Je zou dit even kunnen proberen:
Download Dial-a-fix-2006 en pak beide bestanden in hun eigen map uit naar je Bureaublad.

• In de map Dial-a-fix-v0.60.0.24, dubbelklik op Dial-a-fix.exe
  In het venster dat opengaat, klik onderaan op het icoontje met het dubbele groene vinkje (check all).
  Klik daarna op "GO" en laat de tool alle instellingen terugzetten.
  Sluit dit venster na afloop door onderaan op "Exit" te klikken.

Download ook dit bestand: titelbalk.exe
Dubbelklik dit bestand.
Meld of dat verbetering geeft.