Download Combofix (mirror) naar je Bureaublad.
Dubbelklik op Combofix.exe
Kies voor "Continue" door 1 te typen gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

Trojan-Spy.Bzub

Ok. Gedaan. Hieronder de logfile:


ComboFix 08-02.05.3 - Gebruiker 2008-02-08 10:06:11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.533 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Gebruiker\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-01-08 to 2008-02-08 ))))))))))))))))))))))))))))))
.

2008-02-08 08:46 . 2008-02-08 08:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-08 08:45 . 2008-02-08 08:48 <DIR> d-------- C:\HJT
2008-02-08 07:46 . 2008-02-08 07:46 84 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-02-07 15:38 . 2008-02-08 09:02 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-07 15:38 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-07 15:38 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-07 15:38 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-07 15:38 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-07 15:38 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-07 15:38 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-07 15:38 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-07 15:38 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-07 14:51 . 2008-02-07 14:51 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-07 14:51 . 2008-02-07 15:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-07 12:54 . 2008-02-07 13:30 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-07 12:32 . 2008-02-07 12:32 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
2008-02-07 11:13 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-07 11:13 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-07 11:13 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-07 11:13 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-07 11:12 . 2008-02-07 11:24 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-07 11:12 . 2008-02-07 14:49 <DIR> d-------- C:\Program Files\Search & Destroy
2008-02-07 11:12 . 2008-02-07 11:12 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\PC Tools
2008-02-07 11:00 . 2005-02-09 14:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
2008-02-07 11:00 . 2005-02-09 15:20 <DIR> d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
2008-02-07 11:00 . 2005-02-09 15:20 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2008-02-07 11:00 . 2005-02-09 15:20 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten
2008-02-07 11:00 . 2005-02-09 15:20 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-02-07 11:00 . 2005-02-09 15:20 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten
2008-02-07 11:00 . 2005-02-09 15:20 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
2008-02-06 23:58 . 2008-02-06 23:58 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-02-06 21:58 . 2008-02-06 21:58 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\Chocolate Castle
2008-02-06 20:01 . 19,584 C:\WINDOWS\system32\drivers\ewdyqhub.dat
2008-02-06 19:48 . 2004-08-04 13:00 84,992 --a------ C:\WINDOWS\system32\batmete.dll
2008-02-06 10:58 . 2008-02-08 09:55 <DIR> dr-h----- C:\Documents and Settings\Gebruiker\Onlangs geopend
2008-02-04 21:13 . 2008-02-04 21:13 <DIR> d-------- C:\Program Files\Common Files\Jasc Software Inc
2008-02-04 21:13 . 2008-02-04 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-02-04 21:12 . 2008-02-04 21:14 <DIR> d-------- C:\Program Files\Jasc Software Inc
2008-02-04 21:12 . 2008-02-04 21:12 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\Jasc Software Inc
2008-02-03 17:25 . 2008-02-03 17:25 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\Symantec
2008-02-03 17:24 . 2008-02-03 17:24 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-02-03 17:23 . 2008-02-04 12:33 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-02-03 17:22 . 2008-02-04 12:24 <DIR> d-------- C:\Program Files\Symantec
2008-02-03 17:22 . 2008-02-08 08:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-03 17:22 . 2008-02-04 12:24 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-03 17:22 . 2008-02-04 12:24 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-03 17:22 . 2008-02-04 12:24 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-03 17:22 . 2008-02-04 12:24 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-03 17:21 . 2008-02-08 10:04 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-03 11:55 . 2008-02-03 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-02-03 11:54 . 2008-02-03 11:55 <DIR> d-------- C:\Program Files\Norton
2008-01-23 18:46 . 2008-01-23 18:46 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\FloodLightGames
2008-01-23 18:46 . 2008-01-23 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames
2008-01-22 23:49 . 2008-01-22 23:49 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\PlayFirst
2008-01-22 23:49 . 2008-01-22 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-01-12 20:16 . 2008-01-12 20:16 <DIR> d-------- C:\WINDOWS\Downloaded Installations

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 07:00 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-08 06:45 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\WTablet
2008-02-07 14:26 --------- d-----w C:\Program Files\Creative
2008-02-07 13:44 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
2008-02-07 13:16 --------- d-----w C:\Program Files\RegClean
2008-02-07 13:16 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\RegClean
2008-02-07 10:22 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\AdobeUM
2008-02-06 17:21 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\LimeWire
2008-02-04 21:02 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\AmuletAdventure
2008-02-04 20:13 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-04 20:11 --------- d-----w C:\Program Files\Paintshop
2008-02-03 16:18 --------- d-----w C:\Program Files\Panda Software
2008-02-03 16:18 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-02-03 01:29 --------- d-----w C:\Program Files\Java
2008-01-30 23:43 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-22 22:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-01-15 08:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 04:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 17:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-07 15:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
2008-01-06 14:05 --------- d-----w C:\Program Files\Candy Land - Dora the Explorer Edition
2008-01-06 14:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-01-06 13:56 --------- d-----w C:\Program Files\bfgclient
2008-01-06 13:46 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Home Sweet Home
2008-01-05 18:21 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Abra Academy2
2008-01-01 18:31 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Flood Light Games
2008-01-01 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flood Light Games
2007-12-31 14:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Awem
2007-12-31 14:07 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\ViquaSoft
2007-12-31 14:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Reflexive
2007-12-30 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\NeptunesAdve
2007-12-26 12:09 --------- d-----w C:\Program Files\ReflexiveArcade
2007-12-10 15:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-07 18:55 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-11-30 13:43 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-14 15:36 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-11-14 15:36 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-11-14 15:36 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-11-14 15:08 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2007-11-14 14:41 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-11-14 14:41 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-11-04 16:33 8,192 --sha-w C:\Program Files\Thumbs.db
2001-11-23 05:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 20:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-02-03 17:43 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92A6E3D7-A2A9-495F-B082-92D59318EFCB}]
2004-08-04 13:00 84992 --a------ C:\WINDOWS\system32\batmete.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 20:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 01:00 90112]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CTStartup"="C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.exe" [2001-06-04 01:00 28672]
"Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-04-20 14:52 28672]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 13:15 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 21:53 714608]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.exe" [2006-08-11 14:42 25600 C:\WINDOWS\MIDIDEF.EXE]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
F1U201.401.lnk - C:\Program Files\Belkin\F1U201.401\usbshare.exe [2007-09-10 15:30:20 135168]
Gigaset WLAN Adapter Monitor.lnk - C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe [2007-02-06 10:36:15 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=PAVWAIT.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office Snelzoeken.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office Snelzoeken.lnk
backup=C:\WINDOWS\pss\Microsoft Office Snelzoeken.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office Werkbalk.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office Werkbalk.lnk
backup=C:\WINDOWS\pss\Microsoft Office Werkbalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Office Opstarten.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Office Opstarten.lnk
backup=C:\WINDOWS\pss\Office Opstarten.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Gebruiker^Menu Start^Programma's^Opstarten^Registration .LNK]
path=C:\Documents and Settings\Gebruiker\Menu Start\Programma's\Opstarten\Registration .LNK
backup=C:\WINDOWS\pss\Registration .LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4000 Series (Kopie 1)]
--a------ 2006-02-21 05:00 131072 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
--------- 2001-04-20 14:52 28672 C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-06-02 15:03 1957888 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-10-04 17:14 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
-ra------ 2004-06-11 04:15 83968 C:\WINDOWS\system32\nvraidservice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-03-22 22:26 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean]
--a------ 2007-10-18 17:03 8770792 C:\Program Files\RegClean\RegClean.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]
C:\WINDOWS\system32\sprt_ads.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-06-03 02:52 36975 C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Taskbar]
--------- 2001-07-26 01:00 118784 C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskTray]
--------- 2001-06-29 01:00 163840 C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe

R0 ocgeuqwy;ocgeuqwy;C:\WINDOWS\system32\drivers\ewdyqhub.dat
R1 SSHDRV52;SSHDRV52;C:\WINDOWS\system32\drivers\SSHDRV52.sys [2007-06-26 19:21]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2008-01-31 13:15]
R3 AR5523;Gigaset USB Adapter 108;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2006-02-25 00:27]
R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 06:28]
R3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 10:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 09:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 15:11]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce88fd46-3b29-11db-81c0-00022da5425b}]
\Shell\AutoRun\command - F:\setupSNK.exe

*Newly Created Service* - COMHOST
.
Inhoud van de 'Gedeelde Taken' map
"2008-02-04 20:52:40 C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - Gebruiker.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-02-05 02:30:12 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.ex
- C:\Program Files\RegClea
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 10:10:25
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run????????????x??????s$????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&2???9~??9~????????\???\???|???$???U?9~??9~\???\? ??|?????_???????:~\???\??????s????\??????s\????&2?A??s?&2???:~???

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-02-08 10:12:01
.
2008-01-08 20:28:13 --- E O F ---

Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:


Driver::
ocgeuqwy

File::
C:\WINDOWS\system32\batmete.dll
C:\WINDOWS\system32\drivers\ewdyqhub.dat

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92A6E3D7-A2A9-495F-B082-92D59318EFCB}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]



Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

Trojan-Spy.Bzub

Ok. gedaan. Hier komen de logs:
1. Combofixlog
2. HijackThis log

1. Combofixlog:

ComboFix 08-02.05.3 - Gebruiker 2008-02-08 10:43:36.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.534 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Gebruiker\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gebruiker\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE
C:\WINDOWS\system32\batmete.dll
C:\WINDOWS\system32\drivers\ewdyqhub.dat
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\batmete.dll
C:\WINDOWS\system32\drivers\ewdyqhub.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_OCGEUQWY
-------\ocgeuqwy


(((((((((((((((((((( Bestanden Gemaakt van 2008-01-08 to 2008-02-08 ))))))))))))))))))))))))))))))
.

2008-02-08 08:46 . 2008-02-08 08:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-08 08:45 . 2008-02-08 08:48 <DIR> d-------- C:\HJT
2008-02-07 15:38 . 2008-02-08 09:02 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-07 15:38 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-07 15:38 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-07 15:38 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-07 15:38 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-07 15:38 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-07 15:38 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-07 15:38 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-07 15:38 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-07 14:51 . 2008-02-07 14:51 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-07 14:51 . 2008-02-07 15:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-07 12:54 . 2008-02-07 13:30 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-07 12:32 . 2008-02-07 12:32 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
2008-02-07 11:13 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-07 11:13 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-07 11:13 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-07 11:13 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-07 11:12 . 2008-02-07 11:24 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-07 11:12 . 2008-02-07 14:49 <DIR> d-------- C:\Program Files\Search & Destroy
2008-02-07 11:12 . 2008-02-07 11:12 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\PC Tools
2008-02-07 11:00 . 2005-02-09 14:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
2008-02-07 11:00 . 2005-02-09 15:20 <DIR> d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
2008-02-07 11:00 . 2005-02-09 15:20 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2008-02-07 11:00 . 2005-02-09 15:20 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten
2008-02-07 11:00 . 2005-02-09 15:20 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-02-07 11:00 . 2005-02-09 15:20 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten
2008-02-07 11:00 . 2005-02-09 15:20 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
2008-02-06 23:58 . 2008-02-06 23:58 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-02-06 21:58 . 2008-02-06 21:58 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\Chocolate Castle
2008-02-06 10:58 . 2008-02-08 10:41 <DIR> dr-h----- C:\Documents and Settings\Gebruiker\Onlangs geopend
2008-02-04 21:13 . 2008-02-04 21:13 <DIR> d-------- C:\Program Files\Common Files\Jasc Software Inc
2008-02-04 21:13 . 2008-02-04 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-02-04 21:12 . 2008-02-04 21:14 <DIR> d-------- C:\Program Files\Jasc Software Inc
2008-02-04 21:12 . 2008-02-04 21:12 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\Jasc Software Inc
2008-02-03 17:25 . 2008-02-03 17:25 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\Symantec
2008-02-03 17:24 . 2008-02-03 17:24 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-02-03 17:23 . 2008-02-04 12:33 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-02-03 17:22 . 2008-02-04 12:24 <DIR> d-------- C:\Program Files\Symantec
2008-02-03 17:22 . 2008-02-08 08:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-03 17:22 . 2008-02-04 12:24 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-03 17:22 . 2008-02-04 12:24 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-03 17:22 . 2008-02-04 12:24 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-03 17:22 . 2008-02-04 12:24 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-03 17:21 . 2008-02-08 10:33 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-03 11:55 . 2008-02-03 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-02-03 11:54 . 2008-02-03 11:55 <DIR> d-------- C:\Program Files\Norton
2008-01-23 18:46 . 2008-01-23 18:46 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\FloodLightGames
2008-01-23 18:46 . 2008-01-23 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames
2008-01-22 23:49 . 2008-01-22 23:49 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\PlayFirst
2008-01-22 23:49 . 2008-01-22 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-01-12 20:16 . 2008-01-12 20:16 <DIR> d-------- C:\WINDOWS\Downloaded Installations

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 09:52 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-08 09:50 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\WTablet
2008-02-07 14:26 --------- d-----w C:\Program Files\Creative
2008-02-07 13:44 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
2008-02-07 13:16 --------- d-----w C:\Program Files\RegClean
2008-02-07 13:16 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\RegClean
2008-02-07 10:22 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\AdobeUM
2008-02-06 17:21 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\LimeWire
2008-02-04 21:02 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\AmuletAdventure
2008-02-04 20:13 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-04 20:11 --------- d-----w C:\Program Files\Paintshop
2008-02-03 16:18 --------- d-----w C:\Program Files\Panda Software
2008-02-03 16:18 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-02-03 01:29 --------- d-----w C:\Program Files\Java
2008-01-30 23:43 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-22 22:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-01-15 08:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 04:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 17:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-07 15:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
2008-01-06 14:05 --------- d-----w C:\Program Files\Candy Land - Dora the Explorer Edition
2008-01-06 14:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-01-06 13:56 --------- d-----w C:\Program Files\bfgclient
2008-01-06 13:46 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Home Sweet Home
2008-01-05 18:21 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Abra Academy2
2008-01-01 18:31 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Flood Light Games
2008-01-01 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flood Light Games
2007-12-31 14:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Awem
2007-12-31 14:07 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\ViquaSoft
2007-12-31 14:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Reflexive
2007-12-30 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\NeptunesAdve
2007-12-26 12:09 --------- d-----w C:\Program Files\ReflexiveArcade
2007-12-10 15:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-07 18:55 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-11-30 13:43 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-14 15:36 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-11-14 15:36 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-11-14 15:36 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-11-14 15:08 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2007-11-14 14:41 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-11-14 14:41 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-11-04 16:33 8,192 --sha-w C:\Program Files\Thumbs.db
2001-11-23 05:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 20:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-02-03 17:43 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 20:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 01:00 90112]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CTStartup"="C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.exe" [2001-06-04 01:00 28672]
"Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-04-20 14:52 28672]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 13:15 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 21:53 714608]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.exe" [2006-08-11 14:42 25600 C:\WINDOWS\MIDIDEF.EXE]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
F1U201.401.lnk - C:\Program Files\Belkin\F1U201.401\usbshare.exe [2007-09-10 15:30:20 135168]
Gigaset WLAN Adapter Monitor.lnk - C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe [2007-02-06 10:36:15 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=PAVWAIT.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office Snelzoeken.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office Snelzoeken.lnk
backup=C:\WINDOWS\pss\Microsoft Office Snelzoeken.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office Werkbalk.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office Werkbalk.lnk
backup=C:\WINDOWS\pss\Microsoft Office Werkbalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Office Opstarten.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Office Opstarten.lnk
backup=C:\WINDOWS\pss\Office Opstarten.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Gebruiker^Menu Start^Programma's^Opstarten^Registration .LNK]
path=C:\Documents and Settings\Gebruiker\Menu Start\Programma's\Opstarten\Registration .LNK
backup=C:\WINDOWS\pss\Registration .LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4000 Series (Kopie 1)]
--a------ 2006-02-21 05:00 131072 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
--------- 2001-04-20 14:52 28672 C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-06-02 15:03 1957888 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-10-04 17:14 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
-ra------ 2004-06-11 04:15 83968 C:\WINDOWS\system32\nvraidservice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-03-22 22:26 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean]
--a------ 2007-10-18 17:03 8770792 C:\Program Files\RegClean\RegClean.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Taskbar]
--------- 2001-07-26 01:00 118784 C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskTray]
--------- 2001-06-29 01:00 163840 C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe

R1 SSHDRV52;SSHDRV52;C:\WINDOWS\system32\drivers\SSHDRV52.sys [2007-06-26 19:21]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2008-01-31 13:15]
R3 AR5523;Gigaset USB Adapter 108;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2006-02-25 00:27]
R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 06:28]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 10:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 09:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 15:11]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce88fd46-3b29-11db-81c0-00022da5425b}]
\Shell\AutoRun\command - F:\setupSNK.exe

*Newly Created Service* - COMHOST
.
Inhoud van de 'Gedeelde Taken' map
"2008-02-04 20:52:40 C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - Gebruiker.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-02-05 02:30:12 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.ex
- C:\Program Files\RegClea
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 10:51:20
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run????????????x??????s$????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????82???9~??9~????????\???\???????$???U?9~??9~\???\? ????????_???????:~\???\??????s????\??????s\???x82?A??sx82???:~???

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Voltooingstijd: 2008-02-08 10:55:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-08 09:55:42
ComboFix2.txt 2008-02-08 09:12:02
.
2008-01-08 20:28:13 --- E O F ---


2. Hijackthis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:07, on 8-2-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Belkin\F1U201.401\usbshare.exe
C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat Writer 6.0 Pro\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat Writer 6.0 Pro\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat Writer 6.0 Pro\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: F1U201.401.lnk = ?
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107956750187
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190756572281
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DAAAE21-0AB8-4226-80AD-2170DD38F480}: NameServer = 194.109.104.104,194.109.6.66
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 10152 bytes

Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

• Download Java Runtime Environment (JRE) 6u4 en bewaar het naar je Bureaublad.
• Sluit alle programma's die eventueel open zijn - Zeker je web browser!
• Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
• Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
• Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
• Herhaal dit tot alle oudere versies verdwenen zijn.
• Na het verwijderen van alle oudere versies, herstart je pc.
• Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Ga naar Start - Uitvoeren en geef hier het volgende in:
Combofix /U
Druk daarna op OK.
Let op: Er moet een spatie tussen Combofix en /U zitten.

Dit zal Combofix deïnstalleren.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Post als laatste nog een nieuw logje van Hijackthis ter controle

Trojan-Spy.Bzub

Alle instructies opgevolgd. Alvast bedankt

hierbij mijn laatste log van HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:47, on 8-2-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Belkin\F1U201.401\usbshare.exe
C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat Writer 6.0 Pro\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat Writer 6.0 Pro\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat Writer 6.0 Pro\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: F1U201.401.lnk = ?
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset USB Adapter 108\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107956750187
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190756572281
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DAAAE21-0AB8-4226-80AD-2170DD38F480}: NameServer = 194.109.104.104,194.109.6.66
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 10428 bytes

Logje ziet er in mijn ogen weer prima uit

Trojan-Spy.Bzub

Na jullie adviezen, heb ik opnieuw Spydoctor gedraaid. het verdomde trojaanse paard is verdwenen! Er zijn wel een 7-tal andere trojanen en spywares ontdekt, maar deze kon Spydoctor prima aan! Ik ben clean!

Superbedankt. Met name ook voor de snelheid. De donatie komt eraan!

groet

Graag gedaan hoor, fijn dat het allemaal gelukt is