Mededeling

Collapse
No announcement yet.

Trojan Horses

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Trojan Horses

    Norton kan trojan horses niet verwijderen.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:50:42, on 9-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\TomTom HOME\TomTomHOME.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Rabo\Support\RaboSessionMon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\RaboCommSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Rabo Session Monitor.lnk = C:\Program Files\Rabo\Support\RaboSessionMon.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172315836342
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196881252718
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: Rabo Comm Server (Srv_RaboComm) - Rabobank Nederland - C:\WINDOWS\system32\RaboCommSrv.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    --
    End of file - 10560 bytes

    Graag uw hulp.

    Henk/Huini041

  • #2
    Ik mag er overheen gekeken hebben, maar ik zie eigenlijk geen sporen van infecties

    Ga naar Kaspersky Online Scanner en klik onderaan op Accept.
    Deze scanner werkt uitsluitend met Internet Explorer 6 en hoger !!
    Het zou kunnen dat je aan de bovenkant van je scherm op een gele balk moet klikken om ActiveX bestanden die Kaspersky nodig heeft om te kunnen scannen te downloaden. Sta dit toe.
    • Het programma begint nu met het downloaden van de laatste definitie files. Hierna klik je op Next.
    • Klik vervolgens op de toets Scan Settings.
      Onder de tekst Scan using the following antivirus database: kies je de tweede mogelijkheid: extended - protect your .....
      Onder de tekst Scan options: zet je de twee vinkjes: Scan Archives .... en Scan Mail Bases ....
    • Klik dan op de toets OK.
    • Start nu het scannen door op de tekst My Computer te klikken.


      Hou er rekening mee dat deze scan een tijdje in beslag neemt.
    • Eenmaal de scan volledig is krijg je de gelegenheid om het scanrapport op te slaan.
      Klik op de toets Save Report As te klikken. Sla het rapport op je Bureaublad op met als naam kavscan.txt

    Post dit rapport, samen met een vers Hijackthis logje in je volgende bericht.

    Comment


    • #3
      De Kaspersky scanlog is te groot, per e-mail verzenden?

      Nieuw HJT log:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:44:02, on 13-1-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\system32\VTTimer.exe
      C:\WINDOWS\system32\VTtrayp.exe
      C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
      C:\Program Files\Picasa2\PicasaMediaDetector.exe
      C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\SPAMfighter\SFAgent.exe
      C:\Program Files\TomTom HOME\TomTomHOME.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\Rabo\Support\RaboSessionMon.exe
      C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\Program Files\SPAMfighter\sfus.exe
      C:\WINDOWS\system32\RaboCommSrv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Outlook Express\msimn.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
      O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
      O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
      O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
      O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O4 - Global Startup: Rabo Session Monitor.lnk = C:\Program Files\Rabo\Support\RaboSessionMon.exe
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
      O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
      O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
      O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172315836342
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196881252718
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
      O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
      O23 - Service: Rabo Comm Server (Srv_RaboComm) - Rabobank Nederland - C:\WINDOWS\system32\RaboCommSrv.exe
      O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

      --
      End of file - 9835 bytes

      Norton Antivirus 2007 was afgelopen.
      Norton Antivirus 2008 erover heen gezet(ik hoop dat dat goed gaat).

      Met dank voor de reactie,
      Henk/Huini041

      Comment


      • #4
        Kaspersky on line scan2e maal)De 1e keer is fout gegaan (zie bijlage)

        -------------------------------------------------------------------------------
        KASPERSKY ONLINE SCANNER REPORT
        Sunday, January 13, 2008 7:31:12 PM
        Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
        Kaspersky Online Scanner version: 5.0.98.0
        Kaspersky Anti-Virus database last update: 13/01/2008
        Kaspersky Anti-Virus database records: 510121
        -------------------------------------------------------------------------------

        Scan Settings:
        Scan using the following antivirus database: extended
        Scan Archives: true
        Scan Mail Bases: true

        Scan Target - My Computer:
        A:\
        C:\
        D:\
        E:\
        F:\
        G:\
        H:\
        I:\

        Scan Statistics:
        Total number of scanned objects: 44548
        Number of viruses found: 4
        Number of infected objects: 11
        Number of suspicious objects: 0
        Duration of the scan process: 00:24:11

        Infected Object Name / Virus Name / Last Action
        C:\Documents and Settings\All Users\Application Data\Rabo Support\Configuratie_3.dbx Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Rabo Support\Configuratie_3.idx Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Rabo Support\Kennisregel_3.dbx Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Rabo Support\Kennisregel_3.idx Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Rabo Support\RCS_SSL.LOG Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Rabo Support\RSM.log Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Rabo Support\SessieMon_3.dbx Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Rabo Support\SessieMon_3.idx Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Rabo Support\Statistiek_3.dbx Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Rabo Support\Statistiek_3.idx Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\ccSubSDK\submissions.idx Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\volatile.DAT Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{A0E09063-3667-45E9-9474-2530667C620A}.DAT Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-01-13_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{28BBE2B6-50EB-425E-99DE-4F6A60E86D2C}.ldb Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{28BBE2B6-50EB-425E-99DE-4F6A60E86D2C}.sds Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\2196A1B9.TMP Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\3043FA6E.TMP Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
        C:\Documents and Settings\Eigenaar\Application Data\SPAMfighter\Logs\Agent.log.txt Object is locked skipped
        C:\Documents and Settings\Eigenaar\Cookies\index.dat Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Google Desktop\5db11650c0bc\dbc2e.ht1 Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Google Desktop\5db11650c0bc\dbdam Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Google Desktop\5db11650c0bc\dbdao Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Google Desktop\5db11650c0bc\dbeam Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Google Desktop\5db11650c0bc\dbeao Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Google Desktop\5db11650c0bc\dbm Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Google Desktop\5db11650c0bc\dbu2d.ht1 Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Google Desktop\5db11650c0bc\dbvm.cf1 Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Google Desktop\5db11650c0bc\dbvmh.ht1 Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Google Desktop\5db11650c0bc\fii.cf1 Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Google Desktop\5db11650c0bc\fiih.ht1 Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Google Desktop\5db11650c0bc\hp Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Google Desktop\5db11650c0bc\hpt2i.ht1 Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Google Desktop\5db11650c0bc\rpm.cf1 Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Google Desktop\5db11650c0bc\rpm1m.cf1 Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Google Desktop\5db11650c0bc\rpm1mh.ht1 Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Google Desktop\5db11650c0bc\rpmh.ht1 Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Google Desktop\5db11650c0bc\safeweb\goog-black-enchashm.cf1 Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Google Desktop\5db11650c0bc\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Google Desktop\5db11650c0bc\safeweb\goog-black-urlm.cf1 Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Google Desktop\5db11650c0bc\safeweb\goog-black-urlmh.ht1 Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Google Desktop\5db11650c0bc\safeweb\goog-malware-domainm.cf1 Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Google Desktop\5db11650c0bc\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Google Desktop\5db11650c0bc\safeweb\goog-white-domainm.cf1 Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Google Desktop\5db11650c0bc\safeweb\goog-white-domainmh.ht1 Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Geschiedenis\History.IE5\MSHist012008011320080114\index.dat Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Temp\~DFB135.tmp Object is locked skipped
        C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
        C:\Documents and Settings\Eigenaar\NTUSER.DAT Object is locked skipped
        C:\Documents and Settings\Eigenaar\ntuser.dat.LOG Object is locked skipped
        C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
        C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
        C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
        C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
        C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
        C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
        C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
        C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
        C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
        C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
        C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
        C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
        C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
        C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
        C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
        C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
        C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
        C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
        C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
        C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
        C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
        C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
        C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
        C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
        C:\System Volume Information\_restore{D824537A-C8AE-425E-939D-58BDC41B5D69}\RP111\A0049311.exe Infected: Backdoor.Win32.Delf.cny skipped
        C:\System Volume Information\_restore{D824537A-C8AE-425E-939D-58BDC41B5D69}\RP117\A0049558.exe Infected: Backdoor.Win32.Delf.cny skipped
        C:\System Volume Information\_restore{D824537A-C8AE-425E-939D-58BDC41B5D69}\RP117\A0049559.exe Infected: Backdoor.Win32.Delf.cny skipped
        C:\System Volume Information\_restore{D824537A-C8AE-425E-939D-58BDC41B5D69}\RP122\A0049779.exe Infected: Backdoor.Win32.Delf.cqy skipped
        C:\System Volume Information\_restore{D824537A-C8AE-425E-939D-58BDC41B5D69}\RP128\A0050056.exe Infected: Trojan-Downloader.Win32.Delf.dpi skipped
        C:\System Volume Information\_restore{D824537A-C8AE-425E-939D-58BDC41B5D69}\RP130\A0051116.exe Infected: Trojan-Downloader.Win32.Delf.dpi skipped
        C:\System Volume Information\_restore{D824537A-C8AE-425E-939D-58BDC41B5D69}\RP131\A0051202.exe Infected: Trojan-Downloader.Win32.Delf.dpi skipped
        C:\System Volume Information\_restore{D824537A-C8AE-425E-939D-58BDC41B5D69}\RP133\A0057201.exe Infected: Backdoor.Win32.Delf.cuc skipped
        C:\System Volume Information\_restore{D824537A-C8AE-425E-939D-58BDC41B5D69}\RP135\A0057263.exe Infected: Backdoor.Win32.Delf.cuc skipped
        C:\System Volume Information\_restore{D824537A-C8AE-425E-939D-58BDC41B5D69}\RP146\A0058746.exe Infected: Backdoor.Win32.Delf.cuc skipped
        C:\System Volume Information\_restore{D824537A-C8AE-425E-939D-58BDC41B5D69}\RP152\change.log Object is locked skipped
        C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
        C:\WINDOWS\Media\LTaskup_OLD.jmp Infected: Backdoor.Win32.Delf.cuc skipped
        C:\WINDOWS\SchedLgU.Txt Object is locked skipped
        C:\WINDOWS\SoftwareDistribution\EventCache\{44BC5D46-20A5-40EB-AFB5-6D2759ACCDDA}.bin Object is locked skipped
        C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
        C:\WINDOWS\Sti_Trace.log Object is locked skipped
        C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
        C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
        C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
        C:\WINDOWS\system32\config\default Object is locked skipped
        C:\WINDOWS\system32\config\default.LOG Object is locked skipped
        C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
        C:\WINDOWS\system32\config\SAM Object is locked skipped
        C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
        C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
        C:\WINDOWS\system32\config\SECURITY Object is locked skipped
        C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
        C:\WINDOWS\system32\config\software Object is locked skipped
        C:\WINDOWS\system32\config\software.LOG Object is locked skipped
        C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
        C:\WINDOWS\system32\config\system Object is locked skipped
        C:\WINDOWS\system32\config\system.LOG Object is locked skipped
        C:\WINDOWS\system32\h323log.txt Object is locked skipped
        C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
        C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
        C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
        C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
        C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
        C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
        C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
        C:\WINDOWS\Temp\JET6457.tmp Object is locked skipped
        C:\WINDOWS\wiadebug.log Object is locked skipped
        C:\WINDOWS\wiaservc.log Object is locked skipped
        C:\WINDOWS\WindowsUpdate.log Object is locked skipped
        D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
        D:\System Volume Information\_restore{D824537A-C8AE-425E-939D-58BDC41B5D69}\RP152\change.log Object is locked skipped

        Scan process completed.


        Norton 2008 heeft niets meer gevonden.

        Nieuw HJT log:

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 16:44:02, on 13-1-2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16574)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
        C:\WINDOWS\RTHDCPL.EXE
        C:\WINDOWS\system32\VTTimer.exe
        C:\WINDOWS\system32\VTtrayp.exe
        C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
        C:\Program Files\Picasa2\PicasaMediaDetector.exe
        C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
        C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
        C:\Program Files\SPAMfighter\SFAgent.exe
        C:\Program Files\TomTom HOME\TomTomHOME.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
        C:\Program Files\Google\Google Updater\GoogleUpdater.exe
        C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
        C:\Program Files\Rabo\Support\RaboSessionMon.exe
        C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
        C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        C:\Program Files\Common Files\LightScribe\LSSrvc.exe
        C:\Program Files\SPAMfighter\sfus.exe
        C:\WINDOWS\system32\RaboCommSrv.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Outlook Express\msimn.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
        O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
        O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
        O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
        O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
        O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
        O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
        O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
        O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
        O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
        O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
        O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
        O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
        O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
        O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
        O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
        O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
        O4 - Global Startup: Rabo Session Monitor.lnk = C:\Program Files\Rabo\Support\RaboSessionMon.exe
        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
        O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
        O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
        O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
        O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172315836342
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196881252718
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
        O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
        O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
        O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
        O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
        O23 - Service: Rabo Comm Server (Srv_RaboComm) - Rabobank Nederland - C:\WINDOWS\system32\RaboCommSrv.exe
        O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

        --
        End of file - 9835 bytes

        Norton Antivirus 2007 was afgelopen.
        Norton Antivirus 2008 erover heen gezet(ik hoop dat dat goed gaat).

        Met dank voor de reactie,
        Henk/Huini041
        Bijgevoegde Bestanden
        Last edited by Heutinck; 13-01-08, 19:36. Reden: toevoeging bijlage

        Comment


        • #5
          Download: RVAXO.exe
          • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
          • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
            Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
          • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
          • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
            Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
          • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
          • Post de inhoud van de logfile in je volgende bericht.


          Download Combofix (mirror) naar je Bureaublad.
          Dubbelklik op Combofix.exe
          Kies voor "Continue" door 1 te typen gevolgd door ENTER.
          Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
          Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
          Plaats deze log in je volgende post.

          NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

          Comment


          • #6
            Rvaxo results log:
            ---RVAXO.exe Updated: 2008-01-13---first run---
            Files found:
            C:\WINDOWS\lnk_dados_2.dll
            C:\Documents and Settings\Eigenaar\user.dat
            C:\Documents and Settings\Eigenaar\Emails.dat
            C:\WINDOWS\Media\LTaskup_OLD.jmp

            Uninstallers Rogue scanners:


            Folders Found:


            Hosts-file was reset, If you use a custom hosts file please replace it...

            --------------RVAXO.exe last run---------------

            Files found:

            Folders Found:

            --------------RVAXO.exe finished----------------

            Combofix.txt

            ComboFix 08-01-14.4 - Eigenaar 2008-01-14 19:26:10.1 - NTFSx86
            Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.514 [GMT 1:00]
            Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
            * Nieuw herstelpunt werd aangemaakt

            WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
            .

            (((((((((((((((((((( Bestanden Gemaakt van 2007-12-14 to 2008-01-14 ))))))))))))))))))))))))))))))
            .

            2008-01-14 19:26 . 2008-01-14 19:26 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
            2008-01-14 19:25 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
            2008-01-14 19:21 . 2008-01-14 19:21 <DIR> d-------- C:\RVAXO
            2008-01-14 19:21 . 2007-07-04 20:32 16,384 --a------ C:\WINDOWS\system32\Restart.exe
            2008-01-14 19:16 . 2008-01-13 21:25 604,211 --a------ C:\WINDOWS\system32\RVAXO.bat
            2008-01-14 19:06 . 2008-01-14 19:06 <DIR> dr-h----- C:\Documents and Settings\Eigenaar\Onlangs geopend
            2008-01-14 11:29 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
            2008-01-13 18:24 . 2008-01-13 18:34 <DIR> d-------- C:\Program Files\Norton AntiVirus
            2008-01-13 18:23 . 2008-01-13 18:30 <DIR> d-------- C:\Program Files\Symantec
            2008-01-13 18:23 . 2008-01-13 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
            2008-01-13 18:23 . 2008-01-13 18:30 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
            2008-01-13 18:23 . 2008-01-13 18:30 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
            2008-01-13 18:14 . 2008-01-13 18:14 <DIR> d-------- C:\Program Files\Windows Sidebar
            2008-01-13 18:14 . 2008-01-13 18:30 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
            2008-01-13 18:14 . 2008-01-13 18:30 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
            2008-01-13 15:33 . 2008-01-13 15:33 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
            2008-01-13 15:33 . 2008-01-13 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
            2008-01-09 19:21 . 2008-01-09 19:21 <DIR> d-------- C:\Program Files\Trend Micro
            2008-01-09 19:16 . 2008-01-09 19:16 <DIR> d-------- C:\Program Files\CCleaner
            2008-01-09 19:05 . 2008-01-09 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
            2008-01-09 18:52 . 2008-01-09 18:53 <DIR> d-------- C:\Program Files\SpywareBlaster
            2008-01-09 18:52 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
            2008-01-06 18:28 . 2008-01-06 18:28 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\InstallShield
            2007-12-29 19:20 . 2007-12-29 19:20 <DIR> d-------- C:\Program Files\TomTom DesktopSuite
            2007-12-26 11:52 . 2007-12-26 11:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TomTom
            2007-12-26 11:51 . 2008-01-06 18:30 <DIR> d-------- C:\Program Files\TomTom HOME
            2007-12-24 13:50 . 2008-01-04 11:08 69 --a------ C:\WINDOWS\NeroDigital.ini
            2007-12-20 13:59 . 2007-12-20 13:59 <DIR> d-------- C:\Program Files\Common Files\Ankiro
            2007-12-20 13:58 . 2008-01-14 19:21 <DIR> d-------- C:\Program Files\SPAMfighter
            2007-12-19 14:01 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
            2007-12-17 10:32 . 2007-12-17 10:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
            2007-12-17 10:31 . 2007-12-17 10:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
            2007-12-16 12:10 . 2007-12-16 12:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
            2007-12-15 16:06 . 2007-12-15 16:06 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\AdwareAlert

            .
            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2008-01-14 12:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
            2008-01-13 17:35 --------- d-----w C:\Program Files\Common Files\Symantec Shared
            2008-01-09 17:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
            2008-01-09 16:16 651,521 ----a-w C:\WINDOWS\Media\Temp\LTaskup.exe
            2008-01-06 17:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
            2007-12-23 16:12 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Canon
            2007-12-20 15:01 --------- d-----w C:\Program Files\Rabotwin
            2007-12-20 12:55 1,406,096 ----a-w C:\spamfighter_web.exe
            2007-12-16 11:20 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
            2007-12-16 11:20 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
            2007-12-05 19:20 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
            2007-12-03 14:29 --------- d-----w C:\Program Files\Ahead
            2007-12-03 14:25 --------- d-----w C:\Program Files\Common Files\Ahead
            2007-12-03 13:46 --------- d-----w C:\Program Files\Common Files\LightScribe
            2007-12-03 13:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
            2007-12-03 13:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
            2007-12-01 10:59 1,836,592 ----a-w C:\GoogleDesktopSetup.exe
            2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
            2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
            2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
            2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
            2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
            2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
            2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
            2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
            2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
            2007-11-18 20:42 --------- d-----w C:\Program Files\PhotoRazor
            2007-11-13 14:57 11,410 ----a-w C:\menu9108.zip
            2007-11-10 18:55 21,216,112 ----a-w C:\aaw2007.exe
            2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
            2007-11-03 12:27 4,486,472 ----a-w C:\speedupmypc3snpf.exe
            2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
            2007-10-28 10:54 164 ----a-w C:\install.dat
            2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
            2007-10-21 11:54 15,597,096 ----a-w C:\sdsetup.exe
            2007-10-15 19:09 8,202,762 ----a-w C:\Photoshop_albumSE_nl_nl_320.zip
            .

            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            REGEDIT4
            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

            [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
            2008-01-13 18:26 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
            "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
            "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-26 09:29 68856]
            "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 17:55 451872]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 05:17 94208]
            "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 05:13 77824]
            "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 05:17 118784]
            "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
            "RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
            "RTHDCPL"="RTHDCPL.EXE" [2006-08-01 12:10 16049664 C:\WINDOWS\RTHDCPL.exe]
            "VTTimer"="VTTimer.exe" [2005-03-08 04:33 53248 C:\WINDOWS\system32\VTTimer.exe]
            "VTTrayp"="VTtrayp.exe" [2005-11-01 05:15 163840 C:\WINDOWS\system32\VTTrayp.exe]
            "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00 49152]
            "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15 366400]
            "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
            "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 14:09 63712]
            "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-13 15:58 1836544]
            "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
            "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]
            "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 16:52 3770024]
            "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 22:07 51048]
            "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 21:53 714608]

            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
            "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

            C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
            Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-13 15:57:58]
            Rabo Session Monitor.lnk - C:\Program Files\Rabo\Support\RaboSessionMon.exe [2005-07-12 11:03:32]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
            "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

            R0 nlem32nt;NLEM32NT;C:\WINDOWS\system32\drivers\nlem32nt.sys [2005-11-18 11:43]
            R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 04:38]
            R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 04:39]
            R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 22:07]
            R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-12-14 09:57]
            R2 Srv_RaboComm;Rabo Comm Server;"C:\WINDOWS\system32\RaboCommSrv.exe" [2007-07-17 08:41]
            R3 GISscd;GISscd;C:\WINDOWS\system32\Drivers\GISscd.sys [2006-02-21 13:35]
            R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
            S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
            S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]

            [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9265e3c5-b3a0-11dc-a234-001a92e26a3b}]
            \Shell\AutoRun\command - J:\InstallTomTomHOME.exe

            *Newly Created Service* - PROCEXP90

            [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
            "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
            .
            Inhoud van de 'Gedeelde Taken' map
            "2007-12-16 11:36:13 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
            - C:\Program Files\AdwareAlert\AdwareAlert.ex
            - C:\Program Files\AdwareAlert
            "2008-01-13 17:27:54 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - Eigenaar.job"
            - C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
            "2007-11-05 09:02:54 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
            - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
            "2007-11-03 12:28:15 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
            - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
            .
            **************************************************************************

            catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2008-01-14 19:26:58
            Windows 5.1.2600 Service Pack 2 NTFS

            scannen van verborgen processen ...

            scannen van verborgen autostart items ...

            scannen van verborgen bestanden ...

            Scan succesvol afgerond
            verborgen bestanden: 0

            **************************************************************************
            .
            Voltooingstijd: 2008-01-14 19:27:16
            .
            2008-01-09 20:07:29 --- E O F ---


            HijackThis log:
            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 19:30:04, on 14-1-2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.6000.16574)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
            C:\WINDOWS\RTHDCPL.EXE
            C:\WINDOWS\system32\VTTimer.exe
            C:\WINDOWS\system32\VTtrayp.exe
            C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
            C:\Program Files\Picasa2\PicasaMediaDetector.exe
            C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
            C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
            C:\Program Files\SPAMfighter\SFAgent.exe
            C:\Program Files\TomTom HOME\TomTomHOME.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Messenger\msmsgs.exe
            C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Google\Google Updater\GoogleUpdater.exe
            C:\Program Files\Rabo\Support\RaboSessionMon.exe
            C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
            C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
            C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            C:\Program Files\Common Files\LightScribe\LSSrvc.exe
            C:\Program Files\SPAMfighter\sfus.exe
            C:\WINDOWS\system32\RaboCommSrv.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\notepad.exe
            C:\Program Files\Internet Explorer\IEXPLORE.EXE
            C:\WINDOWS\explorer.exe
            C:\WINDOWS\system32\notepad.exe
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
            O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
            O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
            O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
            O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
            O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
            O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
            O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
            O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
            O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
            O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
            O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
            O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
            O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
            O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
            O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
            O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
            O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
            O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
            O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
            O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
            O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
            O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
            O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
            O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
            O4 - Global Startup: Rabo Session Monitor.lnk = C:\Program Files\Rabo\Support\RaboSessionMon.exe
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
            O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
            O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
            O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
            O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
            O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
            O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172315836342
            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196881252718
            O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
            O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
            O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
            O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
            O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
            O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
            O23 - Service: Rabo Comm Server (Srv_RaboComm) - Rabobank Nederland - C:\WINDOWS\system32\RaboCommSrv.exe
            O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

            --
            End of file - 9610 bytes

            Comment


            • #7
              Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
              Dit zal alles van RVAXO doen verwijderen.

              Kan je dit bestand zelf vinden en verwijderen?:
              C:\WINDOWS\Media\Temp\LTaskup.exe

              Probeer dit eens uit te voeren:
              De herstelconsole installeren.

              Post daarna een nieuw logje van Combofix

              Comment


              • #8
                Alles kunnen uitvoeren.

                Logje Combofix;

                ComboFix 08-01-14.4 - Eigenaar 2008-01-14 20:42:35.2 - NTFSx86
                Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.565 [GMT 1:00]
                Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
                .

                (((((((((((((((((((( Bestanden Gemaakt van 2007-12-14 to 2008-01-14 ))))))))))))))))))))))))))))))
                .

                2008-01-14 20:38 . 2006-03-02 13:00 261,936 -r-hs---- C:\cmldr
                2008-01-14 20:38 . 2007-06-22 18:18 211 -rahs---- C:\BOOT.BAK
                2008-01-14 19:25 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
                2008-01-14 19:06 . 2008-01-14 19:06 <DIR> dr-h----- C:\Documents and Settings\Eigenaar\Onlangs geopend
                2008-01-13 18:24 . 2008-01-13 18:34 <DIR> d-------- C:\Program Files\Norton AntiVirus
                2008-01-13 18:23 . 2008-01-13 18:30 <DIR> d-------- C:\Program Files\Symantec
                2008-01-13 18:23 . 2008-01-13 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
                2008-01-13 18:23 . 2008-01-13 18:30 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
                2008-01-13 18:23 . 2008-01-13 18:30 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
                2008-01-13 18:14 . 2008-01-13 18:14 <DIR> d-------- C:\Program Files\Windows Sidebar
                2008-01-13 18:14 . 2008-01-13 18:30 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
                2008-01-13 18:14 . 2008-01-13 18:30 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
                2008-01-13 15:33 . 2008-01-13 15:33 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
                2008-01-13 15:33 . 2008-01-13 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
                2008-01-09 19:21 . 2008-01-09 19:21 <DIR> d-------- C:\Program Files\Trend Micro
                2008-01-09 19:16 . 2008-01-09 19:16 <DIR> d-------- C:\Program Files\CCleaner
                2008-01-09 19:05 . 2008-01-09 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                2008-01-09 18:52 . 2008-01-09 18:53 <DIR> d-------- C:\Program Files\SpywareBlaster
                2008-01-09 18:52 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
                2008-01-06 18:28 . 2008-01-06 18:28 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\InstallShield
                2007-12-29 19:20 . 2007-12-29 19:20 <DIR> d-------- C:\Program Files\TomTom DesktopSuite
                2007-12-26 11:52 . 2007-12-26 11:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TomTom
                2007-12-26 11:51 . 2008-01-06 18:30 <DIR> d-------- C:\Program Files\TomTom HOME
                2007-12-24 13:50 . 2008-01-04 11:08 69 --a------ C:\WINDOWS\NeroDigital.ini
                2007-12-20 13:59 . 2007-12-20 13:59 <DIR> d-------- C:\Program Files\Common Files\Ankiro
                2007-12-20 13:58 . 2008-01-14 20:42 <DIR> d-------- C:\Program Files\SPAMfighter
                2007-12-19 14:01 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
                2007-12-17 10:32 . 2007-12-17 10:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
                2007-12-17 10:31 . 2007-12-17 10:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
                2007-12-16 12:10 . 2007-12-16 12:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
                2007-12-15 16:06 . 2007-12-15 16:06 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\AdwareAlert

                .
                ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                2008-01-14 12:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
                2008-01-13 17:35 --------- d-----w C:\Program Files\Common Files\Symantec Shared
                2008-01-09 17:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
                2008-01-06 17:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
                2007-12-23 16:12 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Canon
                2007-12-20 15:01 --------- d-----w C:\Program Files\Rabotwin
                2007-12-20 12:55 1,406,096 ----a-w C:\spamfighter_web.exe
                2007-12-16 11:20 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
                2007-12-16 11:20 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
                2007-12-05 19:20 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
                2007-12-03 14:29 --------- d-----w C:\Program Files\Ahead
                2007-12-03 14:25 --------- d-----w C:\Program Files\Common Files\Ahead
                2007-12-03 13:46 --------- d-----w C:\Program Files\Common Files\LightScribe
                2007-12-03 13:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
                2007-12-03 13:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
                2007-12-01 10:59 1,836,592 ----a-w C:\GoogleDesktopSetup.exe
                2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
                2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
                2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
                2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
                2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
                2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
                2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
                2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
                2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
                2007-11-18 20:42 --------- d-----w C:\Program Files\PhotoRazor
                2007-11-13 14:57 11,410 ----a-w C:\menu9108.zip
                2007-11-10 18:55 21,216,112 ----a-w C:\aaw2007.exe
                2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
                2007-11-03 12:27 4,486,472 ----a-w C:\speedupmypc3snpf.exe
                2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
                2007-10-28 10:54 164 ----a-w C:\install.dat
                2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
                2007-10-21 11:54 15,597,096 ----a-w C:\sdsetup.exe
                2007-10-15 19:09 8,202,762 ----a-w C:\Photoshop_albumSE_nl_nl_320.zip
                .

                ((((((((((((((((((((((((((((( [email protected]_19.27.02,35 )))))))))))))))))))))))))))))))))))))))))
                .
                + 2001-07-14 16:32:24 69,632 ----a-w C:\WINDOWS\setupupd\temp\wsdueng.dll
                .
                ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                .
                REGEDIT4
                *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
                2008-01-13 18:26 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

                [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
                "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
                "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-26 09:29 68856]
                "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 17:55 451872]

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 05:17 94208]
                "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 05:13 77824]
                "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 05:17 118784]
                "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
                "RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
                "RTHDCPL"="RTHDCPL.EXE" [2006-08-01 12:10 16049664 C:\WINDOWS\RTHDCPL.exe]
                "VTTimer"="VTTimer.exe" [2005-03-08 04:33 53248 C:\WINDOWS\system32\VTTimer.exe]
                "VTTrayp"="VTtrayp.exe" [2005-11-01 05:15 163840 C:\WINDOWS\system32\VTTrayp.exe]
                "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00 49152]
                "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15 366400]
                "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
                "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 14:09 63712]
                "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-13 15:58 1836544]
                "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
                "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]
                "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 16:52 3770024]
                "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 22:07 51048]
                "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 21:53 714608]

                [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

                C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-13 15:57:58]
                Rabo Session Monitor.lnk - C:\Program Files\Rabo\Support\RaboSessionMon.exe [2005-07-12 11:03:32]

                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
                "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

                R0 nlem32nt;NLEM32NT;C:\WINDOWS\system32\drivers\nlem32nt.sys [2005-11-18 11:43]
                R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 04:38]
                R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 04:39]
                R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 22:07]
                R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-12-14 09:57]
                R2 Srv_RaboComm;Rabo Comm Server;"C:\WINDOWS\system32\RaboCommSrv.exe" [2007-07-17 08:41]
                R3 GISscd;GISscd;C:\WINDOWS\system32\Drivers\GISscd.sys [2006-02-21 13:35]
                R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
                S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
                S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]

                [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9265e3c5-b3a0-11dc-a234-001a92e26a3b}]
                \Shell\AutoRun\command - J:\InstallTomTomHOME.exe


                [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
                "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
                .
                Inhoud van de 'Gedeelde Taken' map
                "2007-12-16 11:36:13 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
                - C:\Program Files\AdwareAlert\AdwareAlert.ex
                - C:\Program Files\AdwareAlert
                "2008-01-14 19:28:23 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - Eigenaar.job"
                - C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
                "2007-11-05 09:02:54 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
                - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
                "2007-11-03 12:28:15 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
                - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
                .
                **************************************************************************

                catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                Rootkit scan 2008-01-14 20:44:02
                Windows 5.1.2600 Service Pack 2 NTFS

                scannen van verborgen processen ...

                scannen van verborgen autostart items ...

                scannen van verborgen bestanden ...

                Scan succesvol afgerond
                verborgen bestanden: 0

                **************************************************************************
                .
                Voltooingstijd: 2008-01-14 20:44:23
                ComboFix2.txt 2008-01-14 18:27:16
                .
                2008-01-09 20:07:29 --- E O F ---

                Verder zijn er geen problemen meer.

                Comment


                • #9
                  Het ziet er ook goed uit

                  Download ATF cleaner (mirror)(gemaakt door Atribune)

                  Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                  Dubbelklik op ATF cleaner om het programma te starten.
                  Op het tabblad "Main", plaats je een vinkje bij Select All.
                  Klik op de knop Empty Selected.

                  Het volgende doen als je ook FireFox als browser hebt:
                  Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                  Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                  (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                  Klik op de knop Empty Selected.

                  Het volgende doen als je ook Opera als browser hebt:
                  Klik op tabblad "Opera", plaats een vinkje bij Select All.
                  Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                  Klik op de knop Empty Selected.
                  Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                  Ga naar Start - Uitvoeren en geef hier het volgende in:
                  Combofix /U
                  Druk daarna op OK.
                  Let op: Er moet een spatie tussen Combofix en /U zitten.

                  Dit zal Combofix deïnstalleren.

                  Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                  Kijk hier hoe je je systeemherstel moet uitschakelen.
                  Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                  Dan denk ik dat we klaar zijn

                  Comment


                  • #10
                    Volgende probleempje;(nog niet eerder gehad)

                    Tijdens opstarten krijg ik een keuzemenu selecteer besturingssysteem Windows XP Home Pro of WindowsXP Herstelconsole. Na 30 seconden gaat het opstarten gewoon verder en kom je in het Welkomsscherm enz.

                    Comment


                    • #11
                      Heeft met die handeling met de herstelconsole te maken neem ik aan.

                      ga naar Start - Uitvoeren en geef hier het volgende in:
                      start notepad C:\WINDOWS\boot.ini
                      Druk op OK.

                      Er opent een bestandje met tekst, post deze tekst in je volgende bericht

                      Comment


                      • #12
                        Krijg een foutmelding:

                        Windows kan bestand niet vinden etc

                        Aanvulling:
                        Last edited by Heutinck; 14-01-08, 22:19. Reden: juiste foutmelding

                        Comment


                        • #13
                          Zorg ervoor dat alle verborgen bestanden en mappen weergegeven worden. Hoe verborgen bestanden en mappen weergeven.
                          Haal ook het vinkje weg bij: "Bestandsextensies verbergen voor bekende bestandstypes". Dit bevestigen met "OK".

                          Zoek nu het bestand boot.ini op en open het met kladblok.
                          Post de inhoud.

                          Comment


                          • #14
                            Dit heb ik gevonden:
                            [boot loader]
                            timeout=30
                            default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
                            [operating systems]
                            multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
                            C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows XP Herstelconsole" /cmdcons

                            Comment


                            • #15
                              Maak er maar dit van:


                              [boot loader]
                              timeout=30
                              default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
                              [operating systems]
                              multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X