Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
O2 - BHO: Lefty - {275296E0-75EC-4380-BB5F-900636889A8D} - C:\WINDOWS\system32\nsj1B.dll
O2 - BHO: CIEIntegrator Object - {7A7F202E-AF91-4889-9DD5-2FE241085CC1} - C:\Program Files\VeiligheidsAgent\Tools\pg.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {F5407E8C-E91D-41F7-8443-FF02AB9379D2} - C:\WINDOWS\system32\dbmsads.dll
O2 - BHO: IEFW Object - {FAAD2038-C371-473D-86F1-5B11D39C3775} - C:\Program Files\VeiligheidsAgent\Tools\aviebho.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe" dm=http://systemerrorfixer.com; ad=http://systemerrorfixer.com
O4 - HKLM\..\Run: [gcw] "C:\PROGRA~1\COMMON~1\VEILIG~1\gcw.exe" -start
O20 - AppInit_DLLs: pushow99.dll
Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

Download Combofix (mirror) naar je Bureaublad.
Dubbelklik op Combofix.exe
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen(je kan hem ook hier vinden: C:\Combofix.txt)
Plaats deze log in je volgende post.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

heey,
Ik heb gedaan wat je zij en dit is het resultaat:
wat moet ik nu doen?
dankje wel dat je me helpt!

gr. René

ComboFix 08-03-04.5 - René 2008-03-05 9:15:16.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.180 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\René\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\salesmonitor
C:\Documents and Settings\erik\ResErrors.log
C:\Documents and Settings\peter\ResErrors.log
C:\Documents and Settings\René\ResErrors.log
C:\WINDOWS\system32\drivers\fmtr.sys
C:\WINDOWS\system32\fo-remove.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FMTR
-------\fmtr
-------\nm


(((((((((((((((((((( Bestanden Gemaakt van 2008-02-05 to 2008-03-05 ))))))))))))))))))))))))))))))
.

2008-03-04 16:38 . 2008-03-04 16:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-04 15:56 . 2008-03-04 16:12 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-03-03 17:13 . 2008-03-03 17:14 <DIR> d-------- C:\Program Files\SPYWAREfighter
2008-03-03 17:13 . 2008-03-03 17:13 <DIR> d-------- C:\Program Files\Common Files\Application
2008-02-26 23:46 . 2008-02-26 23:46 <DIR> d-------- C:\Documents and Settings\peter\Application Data\Recordpad
2008-02-26 13:09 . 2008-02-26 13:09 <DIR> d-------- C:\Program Files\NCH Software
2008-02-26 13:09 . 2008-02-26 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-02-26 13:08 . 2008-02-26 13:09 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-02-25 17:12 . 2008-02-25 17:13 <DIR> d-------- C:\Program Files\LimeWire Plus
2008-02-21 15:38 . 2008-02-21 15:38 946,832 --a------ C:\WINDOWS\system32\_ISource30.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-03-04 14:20 --------- d-----w C:\Program Files\VeiligheidsAgent
2008-03-04 14:05 --------- d-----w C:\Program Files\Common Files\VeiligheidsAgent
2008-03-04 07:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-26 22:46 --------- d-----w C:\Documents and Settings\peter\Application Data\NCH Swift Sound
2008-01-29 01:18 --------- d-----w C:\Documents and Settings\erik\Application Data\AVG7
2008-01-12 11:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-12 11:30 --------- d-----w C:\Program Files\Maxis
2008-01-05 22:05 --------- d-----w C:\Documents and Settings\peter\Application Data\AVG7
2008-01-05 21:53 --------- d-----w C:\Program Files\Common Files\SystemErrorFixer
2008-01-05 21:09 --------- d-----w C:\Program Files\USB ADSL Router
2008-01-05 21:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-05 21:09 --------- d-----w C:\Program Files\Google
2008-01-05 21:06 --------- d-----w C:\Documents and Settings\peter\Application Data\Webshots
2008-01-05 21:00 --------- d-----w C:\Program Files\Gamenext
2008-01-05 20:59 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-01-05 20:59 --------- d-----w C:\Program Files\Astonsoft
2008-01-05 20:58 --------- d-----w C:\Program Files\DV Series
2008-01-05 20:57 --------- d-----w C:\Program Files\IrfanView
2008-01-05 20:57 --------- d-----w C:\Program Files\IncrediMail
2008-01-05 20:54 --------- d-----w C:\Program Files\MSN Games
2008-01-05 20:54 --------- d-----w C:\Program Files\Hitman Pro
2008-01-05 20:52 --------- d-----w C:\Program Files\Mount&Blade
2008-01-05 20:48 --------- d-----w C:\Program Files\PopCap Games
2008-01-05 20:46 --------- d-----w C:\Documents and Settings\peter\Application Data\SurfAccuracy
2008-01-05 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 20:42 --------- d-----w C:\Program Files\Ulead Systems
2008-01-05 20:41 --------- d-----w C:\Program Files\VideoLAN
2008-01-05 20:33 262,144 ----a-w C:\ntuser.dat
2008-01-05 20:14 12,386,041 ------w C:\AVG7QT.DAT
2007-12-31 15:40 187,920 ----a-w C:\Documents and Settings\erik\Application Data\install_nl[1].exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5407E8C-E91D-41F7-8443-FF02AB9379D2}]
2003-04-08 12:00 95488 --a------ C:\WINDOWS\system32\dbmsads.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"=""
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-28 20:10 335872]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe" [2003-08-19 16:23 32873]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"CleanRegPath"="C:\Program Files\ADSLModemUtility(AnnexA)\CleanReg.exe" [2003-06-17 13:18 24576]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 00:01 110592]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 09:03 110592 C:\WINDOWS\system32\bthprops.cpl]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-16 23:35 180269]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-05 22:24 579072]
"RegistryMechanic"=""
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-06-14 17:39 77824]
"Recordpad"="C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" [2008-02-26 13:09 577540]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2008-01-05 22:24 219136]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-05 23:37:10 323646]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-24 01:06:47 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=pushow99.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
C:\WINDOWS\system32\adspipe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-06-14 17:39 77824 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-02-26 15:53 65024 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\KaM - The Peasants Rebellion\\KM_TPR.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Program Files\\LimeWire Plus\\LimeWire.exe"=

R0 idkhdlah;idkhdlah;C:\WINDOWS\system32\drivers\sbocjqvx.dat
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 08:48]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 15:07]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 10:17]
R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
S3 USBSH_HS;SHARP GSM GPRS USB Driver2 1.0.0;C:\WINDOWS\system32\DRIVERS\usbsh_hs.sys [2004-03-19 00:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d8c4582-c434-11dc-9d7c-000c76ff9986}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Inhoud van de 'Gedeelde Taken' map
"2008-03-02 12:51:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1094901079.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2004-09-17 20:50:18 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2004-09-24 21:50:04 C:\WINDOWS\Tasks\Herinnering voor registratie 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 09:23:07
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\idkhdlah]
"ImagePath"="system32\drivers\sbocjqvx.dat"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
.
**************************************************************************
.
Voltooingstijd: 2008-03-05 9:28:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-05 08:28:28
.
2008-02-13 12:57:37 --- E O F ---

Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:


File::
C:\WINDOWS\system32\drivers\sbocjqvx.dat
C:\WINDOWS\system32\pushow99.dll
C:\Documents and Settings\erik\Application Data\install_nl[1].exe
C:\WINDOWS\system32\dbmsads.dll

Driver::
idkhdlah

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5407E8C-E91D-41F7-8443-FF02AB9379D2}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""



Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.

heey, ik heb gedaan wat je zij, klopt het dat de CFScript.exe nog naast het icoon van combofix staat? ik had hem erin gesleept maar hij ging daarna weer naar zijn oude plek.
dit is het resultaat:

ComboFix 08-03-04.5 - René 2008-03-05 9:50:37.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.165 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\René\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\RenÚ\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-05 to 2008-03-05 ))))))))))))))))))))))))))))))
.

2008-03-04 16:38 . 2008-03-04 16:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-04 15:56 . 2008-03-04 16:12 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-03-03 17:13 . 2008-03-03 17:14 <DIR> d-------- C:\Program Files\SPYWAREfighter
2008-03-03 17:13 . 2008-03-03 17:13 <DIR> d-------- C:\Program Files\Common Files\Application
2008-02-26 23:46 . 2008-02-26 23:46 <DIR> d-------- C:\Documents and Settings\peter\Application Data\Recordpad
2008-02-26 13:09 . 2008-02-26 13:09 <DIR> d-------- C:\Program Files\NCH Software
2008-02-26 13:09 . 2008-02-26 13:09 <DIR> d-------- C:\Documents and Settings\René\Application Data\Recordpad
2008-02-26 13:09 . 2008-02-26 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-02-26 13:08 . 2008-02-26 13:09 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Store Purchased
2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Store Purchased
2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Shared
2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Shared
2008-02-25 17:13 . 2008-03-02 12:54 <DIR> d-------- C:\Documents and Settings\René\Application Data\LimeWirePlus
2008-02-25 17:12 . 2008-02-25 17:13 <DIR> d-------- C:\Program Files\LimeWire Plus
2008-02-21 15:38 . 2008-02-21 15:38 946,832 --a------ C:\WINDOWS\system32\_ISource30.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-03-04 15:07 --------- d-----w C:\Documents and Settings\René\Application Data\AVG7
2008-03-04 14:20 --------- d-----w C:\Program Files\VeiligheidsAgent
2008-03-04 14:05 --------- d-----w C:\Program Files\Common Files\VeiligheidsAgent
2008-03-04 07:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-26 22:46 --------- d-----w C:\Documents and Settings\peter\Application Data\NCH Swift Sound
2008-02-26 12:09 --------- d-----w C:\Documents and Settings\René\Application Data\NCH Swift Sound
2008-02-01 15:50 --------- d-----w C:\Documents and Settings\René\Application Data\CyberLink
2008-01-31 21:29 --------- d-----w C:\Documents and Settings\René\Application Data\U3
2008-01-31 15:13 --------- d-----w C:\Documents and Settings\René\Application Data\FotoFinish
2008-01-31 15:12 --------- d-----w C:\Documents and Settings\René\Application Data\SmartDraw
2008-01-29 01:18 --------- d-----w C:\Documents and Settings\erik\Application Data\AVG7
2008-01-12 11:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-12 11:30 --------- d-----w C:\Program Files\Maxis
2008-01-05 22:05 --------- d-----w C:\Documents and Settings\peter\Application Data\AVG7
2008-01-05 21:53 --------- d-----w C:\Program Files\Common Files\SystemErrorFixer
2008-01-05 21:09 --------- d-----w C:\Program Files\USB ADSL Router
2008-01-05 21:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-05 21:09 --------- d-----w C:\Program Files\Google
2008-01-05 21:06 --------- d-----w C:\Documents and Settings\peter\Application Data\Webshots
2008-01-05 21:00 --------- d-----w C:\Program Files\Gamenext
2008-01-05 20:59 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-01-05 20:59 --------- d-----w C:\Program Files\Astonsoft
2008-01-05 20:58 --------- d-----w C:\Program Files\DV Series
2008-01-05 20:57 --------- d-----w C:\Program Files\IrfanView
2008-01-05 20:57 --------- d-----w C:\Program Files\IncrediMail
2008-01-05 20:54 --------- d-----w C:\Program Files\MSN Games
2008-01-05 20:54 --------- d-----w C:\Program Files\Hitman Pro
2008-01-05 20:52 --------- d-----w C:\Program Files\Mount&Blade
2008-01-05 20:48 --------- d-----w C:\Program Files\PopCap Games
2008-01-05 20:46 --------- d-----w C:\Documents and Settings\peter\Application Data\SurfAccuracy
2008-01-05 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 20:42 --------- d-----w C:\Program Files\Ulead Systems
2008-01-05 20:41 --------- d-----w C:\Program Files\VideoLAN
2008-01-05 20:33 262,144 ----a-w C:\ntuser.dat
2008-01-05 20:14 12,386,041 ------w C:\AVG7QT.DAT
2007-12-31 15:40 187,920 ----a-w C:\Documents and Settings\erik\Application Data\install_nl[1].exe
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-07 14:38 3,080,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 13:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2007-11-15 22:04 195,616 ----a-w C:\Documents and Settings\René\Application Data\setup_en[1].exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5407E8C-E91D-41F7-8443-FF02AB9379D2}]
2003-04-08 12:00 95488 --a------ C:\WINDOWS\system32\dbmsads.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"=""
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-28 20:10 335872]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe" [2003-08-19 16:23 32873]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"CleanRegPath"="C:\Program Files\ADSLModemUtility(AnnexA)\CleanReg.exe" [2003-06-17 13:18 24576]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 00:01 110592]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 09:03 110592 C:\WINDOWS\system32\bthprops.cpl]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-16 23:35 180269]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-05 22:24 579072]
"RegistryMechanic"=""
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-06-14 17:39 77824]
"Recordpad"="C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" [2008-02-26 13:09 577540]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2008-01-05 22:24 219136]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-05 23:37:10 323646]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-24 01:06:47 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=pushow99.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
C:\WINDOWS\system32\adspipe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-06-14 17:39 77824 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-02-26 15:53 65024 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\KaM - The Peasants Rebellion\\KM_TPR.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Program Files\\LimeWire Plus\\LimeWire.exe"=

R0 idkhdlah;idkhdlah;C:\WINDOWS\system32\drivers\sbocjqvx.dat
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 08:48]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 15:07]
R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
S3 USBSH_HS;SHARP GSM GPRS USB Driver2 1.0.0;C:\WINDOWS\system32\DRIVERS\usbsh_hs.sys [2004-03-19 00:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d8c4582-c434-11dc-9d7c-000c76ff9986}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Inhoud van de 'Gedeelde Taken' map
"2008-03-02 12:51:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1094901079.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2004-09-17 20:50:18 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2004-09-24 21:50:04 C:\WINDOWS\Tasks\Herinnering voor registratie 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 09:54:03
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\idkhdlah]
"ImagePath"="system32\drivers\sbocjqvx.dat"
.
Voltooingstijd: 2008-03-05 9:55:35
ComboFix-quarantined-files.txt 2008-03-05 08:55:07
ComboFix2.txt 2008-03-05 08:28:34
.
2008-02-13 12:57:37 --- E O F ---

Gewoon overnieuw proberen, er is nu nog niets verwijderd.

toen ik het icoon naar ComboFix sleepte toen vroeg hij mij of ik deze actie wou uitvoeren of annuleren toen heb ik uitvoeren gekozen en toen deed ie weer hetzelfde is hij zo wel goed?

ComboFix 08-03-04.5 - René 2008-03-05 10:59:01.3 - NTFSx86
Gestart vanuit: C:\Documents and Settings\René\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\RenÚ\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-05 to 2008-03-05 ))))))))))))))))))))))))))))))
.

2008-03-04 16:38 . 2008-03-04 16:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-04 15:56 . 2008-03-04 16:12 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-03-03 17:13 . 2008-03-03 17:14 <DIR> d-------- C:\Program Files\SPYWAREfighter
2008-03-03 17:13 . 2008-03-03 17:13 <DIR> d-------- C:\Program Files\Common Files\Application
2008-02-26 23:46 . 2008-02-26 23:46 <DIR> d-------- C:\Documents and Settings\peter\Application Data\Recordpad
2008-02-26 13:09 . 2008-02-26 13:09 <DIR> d-------- C:\Program Files\NCH Software
2008-02-26 13:09 . 2008-02-26 13:09 <DIR> d-------- C:\Documents and Settings\René\Application Data\Recordpad
2008-02-26 13:09 . 2008-02-26 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-02-26 13:08 . 2008-02-26 13:09 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Store Purchased
2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Store Purchased
2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Shared
2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Shared
2008-02-25 17:13 . 2008-03-02 12:54 <DIR> d-------- C:\Documents and Settings\René\Application Data\LimeWirePlus
2008-02-25 17:12 . 2008-02-25 17:13 <DIR> d-------- C:\Program Files\LimeWire Plus
2008-02-21 15:38 . 2008-02-21 15:38 946,832 --a------ C:\WINDOWS\system32\_ISource30.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-03-04 15:07 --------- d-----w C:\Documents and Settings\René\Application Data\AVG7
2008-03-04 14:20 --------- d-----w C:\Program Files\VeiligheidsAgent
2008-03-04 14:05 --------- d-----w C:\Program Files\Common Files\VeiligheidsAgent
2008-03-04 07:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-26 22:46 --------- d-----w C:\Documents and Settings\peter\Application Data\NCH Swift Sound
2008-02-26 12:09 --------- d-----w C:\Documents and Settings\René\Application Data\NCH Swift Sound
2008-02-01 15:50 --------- d-----w C:\Documents and Settings\René\Application Data\CyberLink
2008-01-31 21:29 --------- d-----w C:\Documents and Settings\René\Application Data\U3
2008-01-31 15:13 --------- d-----w C:\Documents and Settings\René\Application Data\FotoFinish
2008-01-31 15:12 --------- d-----w C:\Documents and Settings\René\Application Data\SmartDraw
2008-01-29 01:18 --------- d-----w C:\Documents and Settings\erik\Application Data\AVG7
2008-01-12 11:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-12 11:30 --------- d-----w C:\Program Files\Maxis
2008-01-05 22:05 --------- d-----w C:\Documents and Settings\peter\Application Data\AVG7
2008-01-05 21:53 --------- d-----w C:\Program Files\Common Files\SystemErrorFixer
2008-01-05 21:09 --------- d-----w C:\Program Files\USB ADSL Router
2008-01-05 21:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-05 21:09 --------- d-----w C:\Program Files\Google
2008-01-05 21:06 --------- d-----w C:\Documents and Settings\peter\Application Data\Webshots
2008-01-05 21:00 --------- d-----w C:\Program Files\Gamenext
2008-01-05 20:59 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-01-05 20:59 --------- d-----w C:\Program Files\Astonsoft
2008-01-05 20:58 --------- d-----w C:\Program Files\DV Series
2008-01-05 20:57 --------- d-----w C:\Program Files\IrfanView
2008-01-05 20:57 --------- d-----w C:\Program Files\IncrediMail
2008-01-05 20:54 --------- d-----w C:\Program Files\MSN Games
2008-01-05 20:54 --------- d-----w C:\Program Files\Hitman Pro
2008-01-05 20:52 --------- d-----w C:\Program Files\Mount&Blade
2008-01-05 20:48 --------- d-----w C:\Program Files\PopCap Games
2008-01-05 20:46 --------- d-----w C:\Documents and Settings\peter\Application Data\SurfAccuracy
2008-01-05 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 20:42 --------- d-----w C:\Program Files\Ulead Systems
2008-01-05 20:41 --------- d-----w C:\Program Files\VideoLAN
2008-01-05 20:33 262,144 ----a-w C:\ntuser.dat
2008-01-05 20:14 12,386,041 ------w C:\AVG7QT.DAT
2007-12-31 15:40 187,920 ----a-w C:\Documents and Settings\erik\Application Data\install_nl[1].exe
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-07 14:38 3,080,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 13:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2007-11-15 22:04 195,616 ----a-w C:\Documents and Settings\René\Application Data\setup_en[1].exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5407E8C-E91D-41F7-8443-FF02AB9379D2}]
2003-04-08 12:00 95488 --a------ C:\WINDOWS\system32\dbmsads.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"=""
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-28 20:10 335872]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe" [2003-08-19 16:23 32873]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"CleanRegPath"="C:\Program Files\ADSLModemUtility(AnnexA)\CleanReg.exe" [2003-06-17 13:18 24576]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 00:01 110592]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 09:03 110592 C:\WINDOWS\system32\bthprops.cpl]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-16 23:35 180269]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-05 22:24 579072]
"RegistryMechanic"=""
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-06-14 17:39 77824]
"Recordpad"="C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" [2008-02-26 13:09 577540]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2008-01-05 22:24 219136]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-05 23:37:10 323646]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-24 01:06:47 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=pushow99.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
C:\WINDOWS\system32\adspipe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-06-14 17:39 77824 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-02-26 15:53 65024 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\KaM - The Peasants Rebellion\\KM_TPR.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Program Files\\LimeWire Plus\\LimeWire.exe"=

R0 idkhdlah;idkhdlah;C:\WINDOWS\system32\drivers\sbocjqvx.dat
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 08:48]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 15:07]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 10:17]
R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
S3 USBSH_HS;SHARP GSM GPRS USB Driver2 1.0.0;C:\WINDOWS\system32\DRIVERS\usbsh_hs.sys [2004-03-19 00:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d8c4582-c434-11dc-9d7c-000c76ff9986}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Inhoud van de 'Gedeelde Taken' map
"2008-03-02 12:51:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1094901079.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2004-09-17 20:50:18 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2004-09-24 21:50:04 C:\WINDOWS\Tasks\Herinnering voor registratie 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 11:02:01
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\idkhdlah]
"ImagePath"="system32\drivers\sbocjqvx.dat"
.
Voltooingstijd: 2008-03-05 11:04:06
ComboFix-quarantined-files.txt 2008-03-05 10:03:43
ComboFix2.txt 2008-03-05 08:55:36
ComboFix3.txt 2008-03-05 08:28:34
.
2008-02-13 12:57:37 --- E O F ---

Start de computer in veilige modus.

Zoek de volgende bestanden op en probeer ze te verwijderen:
C:\WINDOWS\system32\drivers\sbocjqvx.dat
C:\WINDOWS\system32\pushow99.dll
C:\Documents and Settings\erik\Application Data\install_nl[1].exe
C:\WINDOWS\system32\dbmsads.dll

Lukt verwijderen niet probeer ze dan een andere naam te geven: Rechtsklikken op het bestand en kiezen voor "Naam Wijzigen".

Ga naar Start - Uitvoeren en geef daar het volgende in:
sc delete idkhdlah
Druk op OK.

Herstart de computer naar normale modus en post een nieuw logje van Combofix

heey, ik heb gedaan wat je zij alleen lukt niet alles.
er stonden 2 bestanden van C:\WINDWS\System32\drivers\sbocjqvx.dat één ervan was een systeembestand die heb ik verwijderd een andere stond onder een pictogram van een klembord, die kon ik niet verwijderen en daar kon ik de naam niet van veranderen.
Ik kon C:\WINDWS\System32\pushow99.dll niet vinden in het systeem.
C:\Documents and Settings\erik\Application Data\install_nl[1].exe heb ik wel gevonden en verwijderd.
C:\WINDOWS\system32\dbmsads.dll kon ik ook niet verwijderen of de naam van wijzigen op het pictogram stonden 2 tandwielen 1 groen en de ander was oranje hier kon ik ook niks mee.

ik kreeg de melding:
kan sbocjqvx niet verwijderen. De toegang is gewijgerd.
Controleer of de schijf vol of tegen schrijven is beveiligd of dat het bestand momenteel in gebruik is.

deze melding kreeg ik ook bij de andere bestanden die ik niet kon verwijderen of waar ik de naam niet van kon verwijderen.

op het eind heb ik wel sc delete idkhdlah ingetypt dat ging wel met succes volgens mij.

dit is het logje van Combofix:


ComboFix 08-03-04.5 - René 2008-03-05 15:01:08.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.102 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\René\Bureaublad\ComboFix.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-05 to 2008-03-05 ))))))))))))))))))))))))))))))
.

2008-03-04 16:38 . 2008-03-04 16:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-04 15:56 . 2008-03-04 16:12 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-03-03 17:13 . 2008-03-03 17:14 <DIR> d-------- C:\Program Files\SPYWAREfighter
2008-03-03 17:13 . 2008-03-03 17:13 <DIR> d-------- C:\Program Files\Common Files\Application
2008-02-26 23:46 . 2008-02-26 23:46 <DIR> d-------- C:\Documents and Settings\peter\Application Data\Recordpad
2008-02-26 13:09 . 2008-02-26 13:09 <DIR> d-------- C:\Program Files\NCH Software
2008-02-26 13:09 . 2008-02-26 13:09 <DIR> d-------- C:\Documents and Settings\René\Application Data\Recordpad
2008-02-26 13:09 . 2008-02-26 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-02-26 13:08 . 2008-02-26 13:09 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Store Purchased
2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Store Purchased
2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Shared
2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Shared
2008-02-25 17:13 . 2008-03-02 12:54 <DIR> d-------- C:\Documents and Settings\René\Application Data\LimeWirePlus
2008-02-25 17:12 . 2008-02-25 17:13 <DIR> d-------- C:\Program Files\LimeWire Plus
2008-02-21 15:38 . 2008-02-21 15:38 946,832 --a------ C:\WINDOWS\system32\_ISource30.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-03-04 15:07 --------- d-----w C:\Documents and Settings\René\Application Data\AVG7
2008-03-04 14:20 --------- d-----w C:\Program Files\VeiligheidsAgent
2008-03-04 14:05 --------- d-----w C:\Program Files\Common Files\VeiligheidsAgent
2008-03-04 07:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-26 22:46 --------- d-----w C:\Documents and Settings\peter\Application Data\NCH Swift Sound
2008-02-26 12:09 --------- d-----w C:\Documents and Settings\René\Application Data\NCH Swift Sound
2008-02-01 15:50 --------- d-----w C:\Documents and Settings\René\Application Data\CyberLink
2008-01-31 21:29 --------- d-----w C:\Documents and Settings\René\Application Data\U3
2008-01-31 15:13 --------- d-----w C:\Documents and Settings\René\Application Data\FotoFinish
2008-01-31 15:12 --------- d-----w C:\Documents and Settings\René\Application Data\SmartDraw
2008-01-29 01:18 --------- d-----w C:\Documents and Settings\erik\Application Data\AVG7
2008-01-12 11:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-12 11:30 --------- d-----w C:\Program Files\Maxis
2008-01-05 22:05 --------- d-----w C:\Documents and Settings\peter\Application Data\AVG7
2008-01-05 21:53 --------- d-----w C:\Program Files\Common Files\SystemErrorFixer
2008-01-05 21:09 --------- d-----w C:\Program Files\USB ADSL Router
2008-01-05 21:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-05 21:09 --------- d-----w C:\Program Files\Google
2008-01-05 21:06 --------- d-----w C:\Documents and Settings\peter\Application Data\Webshots
2008-01-05 21:00 --------- d-----w C:\Program Files\Gamenext
2008-01-05 20:59 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-01-05 20:59 --------- d-----w C:\Program Files\Astonsoft
2008-01-05 20:58 --------- d-----w C:\Program Files\DV Series
2008-01-05 20:57 --------- d-----w C:\Program Files\IrfanView
2008-01-05 20:57 --------- d-----w C:\Program Files\IncrediMail
2008-01-05 20:54 --------- d-----w C:\Program Files\MSN Games
2008-01-05 20:54 --------- d-----w C:\Program Files\Hitman Pro
2008-01-05 20:52 --------- d-----w C:\Program Files\Mount&Blade
2008-01-05 20:48 --------- d-----w C:\Program Files\PopCap Games
2008-01-05 20:46 --------- d-----w C:\Documents and Settings\peter\Application Data\SurfAccuracy
2008-01-05 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 20:42 --------- d-----w C:\Program Files\Ulead Systems
2008-01-05 20:41 --------- d-----w C:\Program Files\VideoLAN
2008-01-05 20:33 262,144 ----a-w C:\ntuser.dat
2008-01-05 20:14 12,386,041 ------w C:\AVG7QT.DAT
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-07 14:38 3,080,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 13:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2007-11-15 22:04 195,616 ----a-w C:\Documents and Settings\René\Application Data\setup_en[1].exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5407E8C-E91D-41F7-8443-FF02AB9379D2}]
2003-04-08 12:00 95488 --a------ C:\WINDOWS\system32\dbmsads.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"=""
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-28 20:10 335872]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe" [2003-08-19 16:23 32873]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"CleanRegPath"="C:\Program Files\ADSLModemUtility(AnnexA)\CleanReg.exe" [2003-06-17 13:18 24576]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 00:01 110592]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 09:03 110592 C:\WINDOWS\system32\bthprops.cpl]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-16 23:35 180269]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-05 22:24 579072]
"RegistryMechanic"=""
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-06-14 17:39 77824]
"Recordpad"="C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" [2008-02-26 13:09 577540]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2008-01-05 22:24 219136]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-05 23:37:10 323646]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-24 01:06:47 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=pushow99.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
C:\WINDOWS\system32\adspipe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-06-14 17:39 77824 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-02-26 15:53 65024 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\KaM - The Peasants Rebellion\\KM_TPR.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Program Files\\LimeWire Plus\\LimeWire.exe"=

R0 idkhdlah;idkhdlah;C:\WINDOWS\system32\drivers\sbocjqvx.dat
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 08:48]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 15:07]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 10:17]
R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
S3 USBSH_HS;SHARP GSM GPRS USB Driver2 1.0.0;C:\WINDOWS\system32\DRIVERS\usbsh_hs.sys [2004-03-19 00:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d8c4582-c434-11dc-9d7c-000c76ff9986}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Inhoud van de 'Gedeelde Taken' map
"2008-03-05 12:51:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1094901079.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
"2004-09-17 20:50:18 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2004-09-24 21:50:04 C:\WINDOWS\Tasks\Herinnering voor registratie 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 15:05:02
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\idkhdlah]
"ImagePath"="system32\drivers\sbocjqvx.dat"
.
Voltooingstijd: 2008-03-05 15:08:11
ComboFix-quarantined-files.txt 2008-03-05 14:07:15
ComboFix2.txt 2008-03-05 10:04:07
ComboFix3.txt 2008-03-05 08:55:36
ComboFix4.txt 2008-03-05 08:28:34
.
2008-02-13 12:57:37 --- E O F ---

Download IceSword en unzip het naar je bureaublad in een map.
- Open die map, dubbelklik op het "Sword icon" om IceSword te starten.
- Links klik je op file.
- Kies nu deze computer in icesword en navigeer naar dit bestand:

C:\WINDOWS\system32\drivers\sbocjqvx.dat

- Rechtsklik er op en kies voor delete.

- Doe dit ook voor:

C:\WINDOWS\system32\dbmsads.dll

Herstart je PC en post een nieuw logje van Combofix

heey het is gelukt ik heb die bestanden verwijderd, dit is het nieuwe logje:

ComboFix 08-03-04.5 - René 2008-03-05 17:53:45.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.116 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\René\Bureaublad\ComboFix.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-05 to 2008-03-05 ))))))))))))))))))))))))))))))
.

2008-03-04 16:38 . 2008-03-04 16:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-04 15:56 . 2008-03-04 16:12 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-03-03 17:13 . 2008-03-03 17:14 <DIR> d-------- C:\Program Files\SPYWAREfighter
2008-03-03 17:13 . 2008-03-03 17:13 <DIR> d-------- C:\Program Files\Common Files\Application
2008-02-26 23:46 . 2008-02-26 23:46 <DIR> d-------- C:\Documents and Settings\peter\Application Data\Recordpad
2008-02-26 13:09 . 2008-02-26 13:09 <DIR> d-------- C:\Program Files\NCH Software
2008-02-26 13:09 . 2008-02-26 13:09 <DIR> d-------- C:\Documents and Settings\René\Application Data\Recordpad
2008-02-26 13:09 . 2008-02-26 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-02-26 13:08 . 2008-02-26 13:09 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Store Purchased
2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Store Purchased
2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Shared
2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Shared
2008-02-25 17:13 . 2008-03-02 12:54 <DIR> d-------- C:\Documents and Settings\René\Application Data\LimeWirePlus
2008-02-25 17:12 . 2008-02-25 17:13 <DIR> d-------- C:\Program Files\LimeWire Plus
2008-02-21 15:38 . 2008-02-21 15:38 946,832 --a------ C:\WINDOWS\system32\_ISource30.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-03-04 15:07 --------- d-----w C:\Documents and Settings\René\Application Data\AVG7
2008-03-04 14:20 --------- d-----w C:\Program Files\VeiligheidsAgent
2008-03-04 14:05 --------- d-----w C:\Program Files\Common Files\VeiligheidsAgent
2008-03-04 07:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-26 22:46 --------- d-----w C:\Documents and Settings\peter\Application Data\NCH Swift Sound
2008-02-26 12:09 --------- d-----w C:\Documents and Settings\René\Application Data\NCH Swift Sound
2008-02-01 15:50 --------- d-----w C:\Documents and Settings\René\Application Data\CyberLink
2008-01-31 21:29 --------- d-----w C:\Documents and Settings\René\Application Data\U3
2008-01-31 15:13 --------- d-----w C:\Documents and Settings\René\Application Data\FotoFinish
2008-01-31 15:12 --------- d-----w C:\Documents and Settings\René\Application Data\SmartDraw
2008-01-29 01:18 --------- d-----w C:\Documents and Settings\erik\Application Data\AVG7
2008-01-12 11:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-12 11:30 --------- d-----w C:\Program Files\Maxis
2008-01-05 22:05 --------- d-----w C:\Documents and Settings\peter\Application Data\AVG7
2008-01-05 21:53 --------- d-----w C:\Program Files\Common Files\SystemErrorFixer
2008-01-05 21:09 --------- d-----w C:\Program Files\USB ADSL Router
2008-01-05 21:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-05 21:09 --------- d-----w C:\Program Files\Google
2008-01-05 21:06 --------- d-----w C:\Documents and Settings\peter\Application Data\Webshots
2008-01-05 21:00 --------- d-----w C:\Program Files\Gamenext
2008-01-05 20:59 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-01-05 20:59 --------- d-----w C:\Program Files\Astonsoft
2008-01-05 20:58 --------- d-----w C:\Program Files\DV Series
2008-01-05 20:57 --------- d-----w C:\Program Files\IrfanView
2008-01-05 20:57 --------- d-----w C:\Program Files\IncrediMail
2008-01-05 20:54 --------- d-----w C:\Program Files\MSN Games
2008-01-05 20:54 --------- d-----w C:\Program Files\Hitman Pro
2008-01-05 20:52 --------- d-----w C:\Program Files\Mount&Blade
2008-01-05 20:48 --------- d-----w C:\Program Files\PopCap Games
2008-01-05 20:46 --------- d-----w C:\Documents and Settings\peter\Application Data\SurfAccuracy
2008-01-05 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 20:42 --------- d-----w C:\Program Files\Ulead Systems
2008-01-05 20:41 --------- d-----w C:\Program Files\VideoLAN
2008-01-05 20:33 262,144 ----a-w C:\ntuser.dat
2008-01-05 20:14 12,386,041 ------w C:\AVG7QT.DAT
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-07 14:38 3,080,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 13:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2007-11-15 22:04 195,616 ----a-w C:\Documents and Settings\René\Application Data\setup_en[1].exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5407E8C-E91D-41F7-8443-FF02AB9379D2}]
C:\WINDOWS\system32\dbmsads.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"=""
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-28 20:10 335872]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe" [2003-08-19 16:23 32873]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"CleanRegPath"="C:\Program Files\ADSLModemUtility(AnnexA)\CleanReg.exe" [2003-06-17 13:18 24576]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 00:01 110592]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 09:03 110592 C:\WINDOWS\system32\bthprops.cpl]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-16 23:35 180269]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-05 22:24 579072]
"RegistryMechanic"=""
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-06-14 17:39 77824]
"Recordpad"="C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" [2008-02-26 13:09 577540]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2008-01-05 22:24 219136]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-05 23:37:10 323646]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-24 01:06:47 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=pushow99.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
C:\WINDOWS\system32\adspipe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-06-14 17:39 77824 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-02-26 15:53 65024 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\KaM - The Peasants Rebellion\\KM_TPR.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Program Files\\LimeWire Plus\\LimeWire.exe"=

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 08:48]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 15:07]
R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
S0 idkhdlah;idkhdlah;C:\WINDOWS\system32\drivers\sbocjqvx.dat
S3 USBSH_HS;SHARP GSM GPRS USB Driver2 1.0.0;C:\WINDOWS\system32\DRIVERS\usbsh_hs.sys [2004-03-19 00:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d8c4582-c434-11dc-9d7c-000c76ff9986}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Inhoud van de 'Gedeelde Taken' map
"2008-03-05 12:51:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1094901079.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2004-09-17 20:50:18 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2004-09-24 21:50:04 C:\WINDOWS\Tasks\Herinnering voor registratie 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 17:57:40
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\idkhdlah]
"ImagePath"="system32\drivers\sbocjqvx.dat"
.
Voltooingstijd: 2008-03-05 17:59:20
ComboFix-quarantined-files.txt 2008-03-05 16:58:52
ComboFix2.txt 2008-03-05 14:08:12
ComboFix3.txt 2008-03-05 10:04:07
ComboFix4.txt 2008-03-05 08:55:36
ComboFix5.txt 2008-03-05 08:28:34
.
2008-02-13 12:57:37 --- E O F ---

Gebruik het volgende tooltje eens:

Rogue-uninstaller.exe

Het tooltje downloaden en op je bureaublad plaatsen, daarna dubbelklikken.
Het zal een map op je bureaublad plaatsen met de naam Rogue-uninstaller
Het tooltje zal je systeem checken op Rogue scanners.
Daarnaast zoekt het naar mappen en bestanden die bij deze rogue programma's horen.
Het scannen kan behoorlijk lang duren, wacht rustig af.
Als er een uninstaller gevonden wordt, zal deze worden gestart, probeer deze uninstaller zijn werk te laten doen.
Als de scan voltooid is zal er een logje openen: Rogue-delete-results.log
Post dit logje

heey ik heb de scan gedaan en hij vroeg op het einde of ik veilighidsagent en bijbehorende programma's wou verwijderen... ik heb nee gedrukt omdat ik dat proramma net gekocht heb, wat moet ik doen? moet ik hem toch verwijderen of is er een andere manier? mijn AVG geen niet meer aan dat het trojan horse in de comp. zit dus volgens mij is hij weg...

ik heb hier een kopie:

**********Uninstallers**********
C:\Program Files\VeiligheidsAgent\unins000.exe
*************Folders************
C:\Documents and Settings\All Users\Application Data\systemerrorfixer
C:\Program Files\Common Files\SystemErrorFixer
C:\Documents and Settings\All Users\Menu Start\Programma's\VeiligheidsAgent
C:\Documents and Settings\erik\Application Data\VeiligheidsAgent
C:\Documents and Settings\peter\Application Data\VeiligheidsAgent
C:\Documents and Settings\René\Application Data\VeiligheidsAgent
C:\Program Files\VeiligheidsAgent
C:\Program Files\Common Files\VeiligheidsAgent
C:\Documents and Settings\All Users\Menu Start\Programma's\VeiligheidsAgent
C:\Documents and Settings\erik\Application Data\VeiligheidsAgent
C:\Documents and Settings\peter\Application Data\VeiligheidsAgent
C:\Documents and Settings\René\Application Data\VeiligheidsAgent
C:\Program Files\VeiligheidsAgent
C:\Program Files\Common Files\VeiligheidsAgent
**************Files*************
C:\Documents and Settings\All Users\Bureaublad\VeiligheidsAgent.lnk
C:\Documents and Settings\All Users\Menu Start\Programma's\VeiligheidsAgent\VeiligheidsAgent handleiding.lnk
C:\Documents and Settings\All Users\Menu Start\Programma's\VeiligheidsAgent\VeiligheidsAgent kennisgegevensbestand.lnk
C:\Documents and Settings\All Users\Menu Start\Programma's\VeiligheidsAgent\VeiligheidsAgent.lnk
C:\Documents and Settings\erik\Application Data\Microsoft\Internet Explorer\Quick Launch\VeiligheidsAgent.lnk
********************************

Ik ben bang dat je genept bent, VeiligheidsAgent is een nederlandstalige variant van deze:


O2 - BHO: CIEIntegrator Object - {7A7F202E-AF91-4889-9DD5-2FE241085CC1} - C:\Program Files\VeiligheidsAgent\Tools\pg.dll

heey, dus die moet ik verwijderen, kan ik hun niet aanklagen ofzo?

ik zal hem verwijderen,

als het virus dan helemaal weg is zal ik hem op opgelost zetten en nog 1 berichtje sturen,

is AVG free een goede beveiliging verder? of raad je een andere aan? en zo ja welke?
alvast bedankt,

Groet René Janneman