Mededeling

Collapse
No announcement yet.

Trojan Horse Virus

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Trojan Horse Virus

    heey,

    ik heb het trojan horse virus op bezoek en wou daar graag weer vanaf.
    hoe doe ik dit?

    ik heb deze:
    C:\WINDOWS\system32\dbmsads.dll
    Trojan horse PSW.Delf.2.AQ

    ik heb al een lijst met HijackThis-log , dat zag ik in de andere mailtjes staan..... zouden jullie mij verder kunnen helpen?

    alvast bedankt, René


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:39:03, on 4-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\COMMON~1\VEILIG~1\gcw.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe
    C:\Program Files\SPYWAREfighter\spftray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\SPYWAREfighter\spfprc.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nl.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Lefty - {275296E0-75EC-4380-BB5F-900636889A8D} - C:\WINDOWS\system32\nsj1B.dll
    O2 - BHO: CIEIntegrator Object - {7A7F202E-AF91-4889-9DD5-2FE241085CC1} - C:\Program Files\VeiligheidsAgent\Tools\pg.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {F5407E8C-E91D-41F7-8443-FF02AB9379D2} - C:\WINDOWS\system32\dbmsads.dll
    O2 - BHO: IEFW Object - {FAAD2038-C371-473D-86F1-5B11D39C3775} - C:\Program Files\VeiligheidsAgent\Tools\aviebho.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [CleanRegPath] C:\Program Files\ADSLModemUtility(AnnexA)\CleanReg.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe" dm=http://systemerrorfixer.com; ad=http://systemerrorfixer.com
    O4 - HKLM\..\Run: [gcw] "C:\PROGRA~1\COMMON~1\VEILIG~1\gcw.exe" -start
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon
    O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
    O4 - HKLM\..\RunOnce: [RVAXO] RVAXO.bat
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: pushow99.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

    --
    End of file - 8032 bytes
    Last edited by 123456789987654; 04-03-08, 17:08.

  • #2
    Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
    O2 - BHO: Lefty - {275296E0-75EC-4380-BB5F-900636889A8D} - C:\WINDOWS\system32\nsj1B.dll
    O2 - BHO: CIEIntegrator Object - {7A7F202E-AF91-4889-9DD5-2FE241085CC1} - C:\Program Files\VeiligheidsAgent\Tools\pg.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {F5407E8C-E91D-41F7-8443-FF02AB9379D2} - C:\WINDOWS\system32\dbmsads.dll
    O2 - BHO: IEFW Object - {FAAD2038-C371-473D-86F1-5B11D39C3775} - C:\Program Files\VeiligheidsAgent\Tools\aviebho.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe" dm=http://systemerrorfixer.com; ad=http://systemerrorfixer.com
    O4 - HKLM\..\Run: [gcw] "C:\PROGRA~1\COMMON~1\VEILIG~1\gcw.exe" -start
    O20 - AppInit_DLLs: pushow99.dll

    Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen(je kan hem ook hier vinden: C:\Combofix.txt)
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      heey,
      Ik heb gedaan wat je zij en dit is het resultaat:
      wat moet ik nu doen?
      dankje wel dat je me helpt!

      gr. René

      ComboFix 08-03-04.5 - René 2008-03-05 9:15:16.1 - NTFSx86
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.180 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\René\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\All Users\Application Data\salesmonitor
      C:\Documents and Settings\erik\ResErrors.log
      C:\Documents and Settings\peter\ResErrors.log
      C:\Documents and Settings\René\ResErrors.log
      C:\WINDOWS\system32\drivers\fmtr.sys
      C:\WINDOWS\system32\fo-remove.exe
      C:\WINDOWS\system32\msnav32.ax
      C:\WINDOWS\system32\winpfz32.sys
      C:\WINDOWS\system32\zxdnt3d.cfg

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

      .
      -------\LEGACY_FMTR
      -------\fmtr
      -------\nm


      (((((((((((((((((((( Bestanden Gemaakt van 2008-02-05 to 2008-03-05 ))))))))))))))))))))))))))))))
      .

      2008-03-04 16:38 . 2008-03-04 16:38 <DIR> d-------- C:\Program Files\Trend Micro
      2008-03-04 15:56 . 2008-03-04 16:12 <DIR> d-------- C:\Program Files\NoAdware5.0
      2008-03-03 17:13 . 2008-03-03 17:14 <DIR> d-------- C:\Program Files\SPYWAREfighter
      2008-03-03 17:13 . 2008-03-03 17:13 <DIR> d-------- C:\Program Files\Common Files\Application
      2008-02-26 23:46 . 2008-02-26 23:46 <DIR> d-------- C:\Documents and Settings\peter\Application Data\Recordpad
      2008-02-26 13:09 . 2008-02-26 13:09 <DIR> d-------- C:\Program Files\NCH Software
      2008-02-26 13:09 . 2008-02-26 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
      2008-02-26 13:08 . 2008-02-26 13:09 <DIR> d-------- C:\Program Files\NCH Swift Sound
      2008-02-25 17:12 . 2008-02-25 17:13 <DIR> d-------- C:\Program Files\LimeWire Plus
      2008-02-21 15:38 . 2008-02-21 15:38 946,832 --a------ C:\WINDOWS\system32\_ISource30.dll

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-03-04 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
      2008-03-04 14:20 --------- d-----w C:\Program Files\VeiligheidsAgent
      2008-03-04 14:05 --------- d-----w C:\Program Files\Common Files\VeiligheidsAgent
      2008-03-04 07:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
      2008-02-26 22:46 --------- d-----w C:\Documents and Settings\peter\Application Data\NCH Swift Sound
      2008-01-29 01:18 --------- d-----w C:\Documents and Settings\erik\Application Data\AVG7
      2008-01-12 11:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-01-12 11:30 --------- d-----w C:\Program Files\Maxis
      2008-01-05 22:05 --------- d-----w C:\Documents and Settings\peter\Application Data\AVG7
      2008-01-05 21:53 --------- d-----w C:\Program Files\Common Files\SystemErrorFixer
      2008-01-05 21:09 --------- d-----w C:\Program Files\USB ADSL Router
      2008-01-05 21:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
      2008-01-05 21:09 --------- d-----w C:\Program Files\Google
      2008-01-05 21:06 --------- d-----w C:\Documents and Settings\peter\Application Data\Webshots
      2008-01-05 21:00 --------- d-----w C:\Program Files\Gamenext
      2008-01-05 20:59 --------- d-----w C:\Program Files\MessengerPlus! 3
      2008-01-05 20:59 --------- d-----w C:\Program Files\Astonsoft
      2008-01-05 20:58 --------- d-----w C:\Program Files\DV Series
      2008-01-05 20:57 --------- d-----w C:\Program Files\IrfanView
      2008-01-05 20:57 --------- d-----w C:\Program Files\IncrediMail
      2008-01-05 20:54 --------- d-----w C:\Program Files\MSN Games
      2008-01-05 20:54 --------- d-----w C:\Program Files\Hitman Pro
      2008-01-05 20:52 --------- d-----w C:\Program Files\Mount&Blade
      2008-01-05 20:48 --------- d-----w C:\Program Files\PopCap Games
      2008-01-05 20:46 --------- d-----w C:\Documents and Settings\peter\Application Data\SurfAccuracy
      2008-01-05 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-01-05 20:42 --------- d-----w C:\Program Files\Ulead Systems
      2008-01-05 20:41 --------- d-----w C:\Program Files\VideoLAN
      2008-01-05 20:33 262,144 ----a-w C:\ntuser.dat
      2008-01-05 20:14 12,386,041 ------w C:\AVG7QT.DAT
      2007-12-31 15:40 187,920 ----a-w C:\Documents and Settings\erik\Application Data\install_nl[1].exe
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5407E8C-E91D-41F7-8443-FF02AB9379D2}]
      2003-04-08 12:00 95488 --a------ C:\WINDOWS\system32\dbmsads.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sonic RecordNow!"=""
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
      "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-28 20:10 335872]
      "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe" [2003-08-19 16:23 32873]
      "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
      "CleanRegPath"="C:\Program Files\ADSLModemUtility(AnnexA)\CleanReg.exe" [2003-06-17 13:18 24576]
      "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 00:01 110592]
      "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32 221184]
      "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752]
      "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088]
      "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 09:03 110592 C:\WINDOWS\system32\bthprops.cpl]
      "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-16 23:35 180269]
      "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-05 22:24 579072]
      "RegistryMechanic"=""
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-06-14 17:39 77824]
      "Recordpad"="C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" [2008-02-26 13:09 577540]
      "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
      "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2008-01-05 22:24 219136]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-05 23:37:10 323646]
      hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]
      Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-24 01:06:47 67128]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=pushow99.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
      C:\WINDOWS\system32\adspipe.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      --a------ 2004-06-14 17:39 77824 C:\Program Files\QuickTime\qttask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
      --a------ 2004-02-26 15:53 65024 C:\WINDOWS\SOUNDMAN.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusDisableNotify"=dword:00000001
      "AntiVirusOverride"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\WINDOWS\\system32\\dplaysvr.exe"=
      "C:\\Program Files\\Azureus\\Azureus.exe"=
      "C:\\Program Files\\KaM - The Peasants Rebellion\\KM_TPR.exe"=
      "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=
      "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
      "C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
      "C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
      "C:\\Program Files\\LimeWire Plus\\LimeWire.exe"=

      R0 idkhdlah;idkhdlah;C:\WINDOWS\system32\drivers\sbocjqvx.dat
      R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 08:48]
      R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 15:07]
      R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 10:17]
      R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
      R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
      S3 USBSH_HS;SHARP GSM GPRS USB Driver2 1.0.0;C:\WINDOWS\system32\DRIVERS\usbsh_hs.sys [2004-03-19 00:10]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d8c4582-c434-11dc-9d7c-000c76ff9986}]
      \Shell\AutoRun\command - F:\LaunchU3.exe -a

      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-03-02 12:51:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1094901079.job"
      - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
      "2004-09-17 20:50:18 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job"
      - C:\WINDOWS\System32\OOBE\oobebaln.exe
      "2004-09-24 21:50:04 C:\WINDOWS\Tasks\Herinnering voor registratie 3.job"
      - C:\WINDOWS\System32\OOBE\oobebaln.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-03-05 09:23:07
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************

      [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\idkhdlah]
      "ImagePath"="system32\drivers\sbocjqvx.dat"
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Logitech\MouseWare\system\em_exec.exe
      C:\Program Files\Logitech\Video\FxSvr2.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      .
      **************************************************************************
      .
      Voltooingstijd: 2008-03-05 9:28:33 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-03-05 08:28:28
      .
      2008-02-13 12:57:37 --- E O F ---

      Comment


      • #4
        Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:


        File::
        C:\WINDOWS\system32\drivers\sbocjqvx.dat
        C:\WINDOWS\system32\pushow99.dll
        C:\Documents and Settings\erik\Application Data\install_nl[1].exe
        C:\WINDOWS\system32\dbmsads.dll

        Driver::
        idkhdlah

        Registry::
        [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5407E8C-E91D-41F7-8443-FF02AB9379D2}]
        [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
        "AppInit_DLLs"=""




        Sla dit op op je Bureaublad als CFScript.txt

        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



        Dit zal ComboFix doen herstarten.
        Start opnieuw op als daarom gevraagd wordt,
        en post de inhoud van de Combofix.txt in je volgende antwoord.
        Last edited by smeenk; 05-03-08, 09:44.

        Comment


        • #5
          heey, ik heb gedaan wat je zij, klopt het dat de CFScript.exe nog naast het icoon van combofix staat? ik had hem erin gesleept maar hij ging daarna weer naar zijn oude plek.
          dit is het resultaat:

          ComboFix 08-03-04.5 - René 2008-03-05 9:50:37.2 - NTFSx86
          Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.165 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\René\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\RenÚ\Bureaublad\CFScript.txt
          * Nieuw herstelpunt werd aangemaakt
          .

          (((((((((((((((((((( Bestanden Gemaakt van 2008-02-05 to 2008-03-05 ))))))))))))))))))))))))))))))
          .

          2008-03-04 16:38 . 2008-03-04 16:38 <DIR> d-------- C:\Program Files\Trend Micro
          2008-03-04 15:56 . 2008-03-04 16:12 <DIR> d-------- C:\Program Files\NoAdware5.0
          2008-03-03 17:13 . 2008-03-03 17:14 <DIR> d-------- C:\Program Files\SPYWAREfighter
          2008-03-03 17:13 . 2008-03-03 17:13 <DIR> d-------- C:\Program Files\Common Files\Application
          2008-02-26 23:46 . 2008-02-26 23:46 <DIR> d-------- C:\Documents and Settings\peter\Application Data\Recordpad
          2008-02-26 13:09 . 2008-02-26 13:09 <DIR> d-------- C:\Program Files\NCH Software
          2008-02-26 13:09 . 2008-02-26 13:09 <DIR> d-------- C:\Documents and Settings\René\Application Data\Recordpad
          2008-02-26 13:09 . 2008-02-26 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
          2008-02-26 13:08 . 2008-02-26 13:09 <DIR> d-------- C:\Program Files\NCH Swift Sound
          2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Store Purchased
          2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Store Purchased
          2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Shared
          2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Shared
          2008-02-25 17:13 . 2008-03-02 12:54 <DIR> d-------- C:\Documents and Settings\René\Application Data\LimeWirePlus
          2008-02-25 17:12 . 2008-02-25 17:13 <DIR> d-------- C:\Program Files\LimeWire Plus
          2008-02-21 15:38 . 2008-02-21 15:38 946,832 --a------ C:\WINDOWS\system32\_ISource30.dll

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-03-04 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
          2008-03-04 15:07 --------- d-----w C:\Documents and Settings\René\Application Data\AVG7
          2008-03-04 14:20 --------- d-----w C:\Program Files\VeiligheidsAgent
          2008-03-04 14:05 --------- d-----w C:\Program Files\Common Files\VeiligheidsAgent
          2008-03-04 07:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
          2008-02-26 22:46 --------- d-----w C:\Documents and Settings\peter\Application Data\NCH Swift Sound
          2008-02-26 12:09 --------- d-----w C:\Documents and Settings\René\Application Data\NCH Swift Sound
          2008-02-01 15:50 --------- d-----w C:\Documents and Settings\René\Application Data\CyberLink
          2008-01-31 21:29 --------- d-----w C:\Documents and Settings\René\Application Data\U3
          2008-01-31 15:13 --------- d-----w C:\Documents and Settings\René\Application Data\FotoFinish
          2008-01-31 15:12 --------- d-----w C:\Documents and Settings\René\Application Data\SmartDraw
          2008-01-29 01:18 --------- d-----w C:\Documents and Settings\erik\Application Data\AVG7
          2008-01-12 11:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2008-01-12 11:30 --------- d-----w C:\Program Files\Maxis
          2008-01-05 22:05 --------- d-----w C:\Documents and Settings\peter\Application Data\AVG7
          2008-01-05 21:53 --------- d-----w C:\Program Files\Common Files\SystemErrorFixer
          2008-01-05 21:09 --------- d-----w C:\Program Files\USB ADSL Router
          2008-01-05 21:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
          2008-01-05 21:09 --------- d-----w C:\Program Files\Google
          2008-01-05 21:06 --------- d-----w C:\Documents and Settings\peter\Application Data\Webshots
          2008-01-05 21:00 --------- d-----w C:\Program Files\Gamenext
          2008-01-05 20:59 --------- d-----w C:\Program Files\MessengerPlus! 3
          2008-01-05 20:59 --------- d-----w C:\Program Files\Astonsoft
          2008-01-05 20:58 --------- d-----w C:\Program Files\DV Series
          2008-01-05 20:57 --------- d-----w C:\Program Files\IrfanView
          2008-01-05 20:57 --------- d-----w C:\Program Files\IncrediMail
          2008-01-05 20:54 --------- d-----w C:\Program Files\MSN Games
          2008-01-05 20:54 --------- d-----w C:\Program Files\Hitman Pro
          2008-01-05 20:52 --------- d-----w C:\Program Files\Mount&Blade
          2008-01-05 20:48 --------- d-----w C:\Program Files\PopCap Games
          2008-01-05 20:46 --------- d-----w C:\Documents and Settings\peter\Application Data\SurfAccuracy
          2008-01-05 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2008-01-05 20:42 --------- d-----w C:\Program Files\Ulead Systems
          2008-01-05 20:41 --------- d-----w C:\Program Files\VideoLAN
          2008-01-05 20:33 262,144 ----a-w C:\ntuser.dat
          2008-01-05 20:14 12,386,041 ------w C:\AVG7QT.DAT
          2007-12-31 15:40 187,920 ----a-w C:\Documents and Settings\erik\Application Data\install_nl[1].exe
          2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
          2007-12-07 14:38 3,080,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
          2007-12-06 13:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
          2007-11-15 22:04 195,616 ----a-w C:\Documents and Settings\René\Application Data\setup_en[1].exe
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5407E8C-E91D-41F7-8443-FF02AB9379D2}]
          2003-04-08 12:00 95488 --a------ C:\WINDOWS\system32\dbmsads.dll

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "Sonic RecordNow!"=""
          "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
          "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-28 20:10 335872]
          "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe" [2003-08-19 16:23 32873]
          "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
          "CleanRegPath"="C:\Program Files\ADSLModemUtility(AnnexA)\CleanReg.exe" [2003-06-17 13:18 24576]
          "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 00:01 110592]
          "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32 221184]
          "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752]
          "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088]
          "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 09:03 110592 C:\WINDOWS\system32\bthprops.cpl]
          "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-16 23:35 180269]
          "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
          "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-05 22:24 579072]
          "RegistryMechanic"=""
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-06-14 17:39 77824]
          "Recordpad"="C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" [2008-02-26 13:09 577540]
          "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
          "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2008-01-05 22:24 219136]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-05 23:37:10 323646]
          hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]
          Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-24 01:06:47 67128]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
          "AppInit_DLLs"=pushow99.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
          C:\WINDOWS\system32\adspipe.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
          --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
          --a------ 2004-06-14 17:39 77824 C:\Program Files\QuickTime\qttask.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
          --a------ 2004-02-26 15:53 65024 C:\WINDOWS\SOUNDMAN.EXE

          [HKEY_LOCAL_MACHINE\software\microsoft\security center]
          "AntiVirusDisableNotify"=dword:00000001
          "AntiVirusOverride"=dword:00000001

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
          "%windir%\\system32\\sessmgr.exe"=
          "C:\\Program Files\\Messenger\\msmsgs.exe"=
          "C:\\WINDOWS\\system32\\dplaysvr.exe"=
          "C:\\Program Files\\Azureus\\Azureus.exe"=
          "C:\\Program Files\\KaM - The Peasants Rebellion\\KM_TPR.exe"=
          "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
          "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
          "C:\\Program Files\\MSN Messenger\\livecall.exe"=
          "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
          "C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
          "C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
          "C:\\Program Files\\LimeWire Plus\\LimeWire.exe"=

          R0 idkhdlah;idkhdlah;C:\WINDOWS\system32\drivers\sbocjqvx.dat
          R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 08:48]
          R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 15:07]
          R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
          S3 USBSH_HS;SHARP GSM GPRS USB Driver2 1.0.0;C:\WINDOWS\system32\DRIVERS\usbsh_hs.sys [2004-03-19 00:10]

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d8c4582-c434-11dc-9d7c-000c76ff9986}]
          \Shell\AutoRun\command - F:\LaunchU3.exe -a

          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-03-02 12:51:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1094901079.job"
          - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
          "2004-09-17 20:50:18 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job"
          - C:\WINDOWS\System32\OOBE\oobebaln.exe
          "2004-09-24 21:50:04 C:\WINDOWS\Tasks\Herinnering voor registratie 3.job"
          - C:\WINDOWS\System32\OOBE\oobebaln.exe
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-03-05 09:54:03
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************

          [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\idkhdlah]
          "ImagePath"="system32\drivers\sbocjqvx.dat"
          .
          Voltooingstijd: 2008-03-05 9:55:35
          ComboFix-quarantined-files.txt 2008-03-05 08:55:07
          ComboFix2.txt 2008-03-05 08:28:34
          .
          2008-02-13 12:57:37 --- E O F ---

          Comment


          • #6
            Gewoon overnieuw proberen, er is nu nog niets verwijderd.

            Comment


            • #7
              toen ik het icoon naar ComboFix sleepte toen vroeg hij mij of ik deze actie wou uitvoeren of annuleren toen heb ik uitvoeren gekozen en toen deed ie weer hetzelfde is hij zo wel goed?

              ComboFix 08-03-04.5 - René 2008-03-05 10:59:01.3 - NTFSx86
              Gestart vanuit: C:\Documents and Settings\René\Bureaublad\ComboFix.exe
              Command switches used :: C:\Documents and Settings\RenÚ\Bureaublad\CFScript.txt
              * Nieuw herstelpunt werd aangemaakt
              .

              (((((((((((((((((((( Bestanden Gemaakt van 2008-02-05 to 2008-03-05 ))))))))))))))))))))))))))))))
              .

              2008-03-04 16:38 . 2008-03-04 16:38 <DIR> d-------- C:\Program Files\Trend Micro
              2008-03-04 15:56 . 2008-03-04 16:12 <DIR> d-------- C:\Program Files\NoAdware5.0
              2008-03-03 17:13 . 2008-03-03 17:14 <DIR> d-------- C:\Program Files\SPYWAREfighter
              2008-03-03 17:13 . 2008-03-03 17:13 <DIR> d-------- C:\Program Files\Common Files\Application
              2008-02-26 23:46 . 2008-02-26 23:46 <DIR> d-------- C:\Documents and Settings\peter\Application Data\Recordpad
              2008-02-26 13:09 . 2008-02-26 13:09 <DIR> d-------- C:\Program Files\NCH Software
              2008-02-26 13:09 . 2008-02-26 13:09 <DIR> d-------- C:\Documents and Settings\René\Application Data\Recordpad
              2008-02-26 13:09 . 2008-02-26 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
              2008-02-26 13:08 . 2008-02-26 13:09 <DIR> d-------- C:\Program Files\NCH Swift Sound
              2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Store Purchased
              2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Store Purchased
              2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Shared
              2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Shared
              2008-02-25 17:13 . 2008-03-02 12:54 <DIR> d-------- C:\Documents and Settings\René\Application Data\LimeWirePlus
              2008-02-25 17:12 . 2008-02-25 17:13 <DIR> d-------- C:\Program Files\LimeWire Plus
              2008-02-21 15:38 . 2008-02-21 15:38 946,832 --a------ C:\WINDOWS\system32\_ISource30.dll

              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2008-03-04 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
              2008-03-04 15:07 --------- d-----w C:\Documents and Settings\René\Application Data\AVG7
              2008-03-04 14:20 --------- d-----w C:\Program Files\VeiligheidsAgent
              2008-03-04 14:05 --------- d-----w C:\Program Files\Common Files\VeiligheidsAgent
              2008-03-04 07:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
              2008-02-26 22:46 --------- d-----w C:\Documents and Settings\peter\Application Data\NCH Swift Sound
              2008-02-26 12:09 --------- d-----w C:\Documents and Settings\René\Application Data\NCH Swift Sound
              2008-02-01 15:50 --------- d-----w C:\Documents and Settings\René\Application Data\CyberLink
              2008-01-31 21:29 --------- d-----w C:\Documents and Settings\René\Application Data\U3
              2008-01-31 15:13 --------- d-----w C:\Documents and Settings\René\Application Data\FotoFinish
              2008-01-31 15:12 --------- d-----w C:\Documents and Settings\René\Application Data\SmartDraw
              2008-01-29 01:18 --------- d-----w C:\Documents and Settings\erik\Application Data\AVG7
              2008-01-12 11:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
              2008-01-12 11:30 --------- d-----w C:\Program Files\Maxis
              2008-01-05 22:05 --------- d-----w C:\Documents and Settings\peter\Application Data\AVG7
              2008-01-05 21:53 --------- d-----w C:\Program Files\Common Files\SystemErrorFixer
              2008-01-05 21:09 --------- d-----w C:\Program Files\USB ADSL Router
              2008-01-05 21:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
              2008-01-05 21:09 --------- d-----w C:\Program Files\Google
              2008-01-05 21:06 --------- d-----w C:\Documents and Settings\peter\Application Data\Webshots
              2008-01-05 21:00 --------- d-----w C:\Program Files\Gamenext
              2008-01-05 20:59 --------- d-----w C:\Program Files\MessengerPlus! 3
              2008-01-05 20:59 --------- d-----w C:\Program Files\Astonsoft
              2008-01-05 20:58 --------- d-----w C:\Program Files\DV Series
              2008-01-05 20:57 --------- d-----w C:\Program Files\IrfanView
              2008-01-05 20:57 --------- d-----w C:\Program Files\IncrediMail
              2008-01-05 20:54 --------- d-----w C:\Program Files\MSN Games
              2008-01-05 20:54 --------- d-----w C:\Program Files\Hitman Pro
              2008-01-05 20:52 --------- d-----w C:\Program Files\Mount&Blade
              2008-01-05 20:48 --------- d-----w C:\Program Files\PopCap Games
              2008-01-05 20:46 --------- d-----w C:\Documents and Settings\peter\Application Data\SurfAccuracy
              2008-01-05 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
              2008-01-05 20:42 --------- d-----w C:\Program Files\Ulead Systems
              2008-01-05 20:41 --------- d-----w C:\Program Files\VideoLAN
              2008-01-05 20:33 262,144 ----a-w C:\ntuser.dat
              2008-01-05 20:14 12,386,041 ------w C:\AVG7QT.DAT
              2007-12-31 15:40 187,920 ----a-w C:\Documents and Settings\erik\Application Data\install_nl[1].exe
              2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
              2007-12-07 14:38 3,080,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
              2007-12-06 13:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
              2007-11-15 22:04 195,616 ----a-w C:\Documents and Settings\René\Application Data\setup_en[1].exe
              .

              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              REGEDIT4
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

              [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5407E8C-E91D-41F7-8443-FF02AB9379D2}]
              2003-04-08 12:00 95488 --a------ C:\WINDOWS\system32\dbmsads.dll

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "Sonic RecordNow!"=""
              "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
              "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-28 20:10 335872]
              "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe" [2003-08-19 16:23 32873]
              "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
              "CleanRegPath"="C:\Program Files\ADSLModemUtility(AnnexA)\CleanReg.exe" [2003-06-17 13:18 24576]
              "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 00:01 110592]
              "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32 221184]
              "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752]
              "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088]
              "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 09:03 110592 C:\WINDOWS\system32\bthprops.cpl]
              "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-16 23:35 180269]
              "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
              "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-05 22:24 579072]
              "RegistryMechanic"=""
              "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-06-14 17:39 77824]
              "Recordpad"="C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" [2008-02-26 13:09 577540]
              "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]

              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
              "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2008-01-05 22:24 219136]

              C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
              hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-05 23:37:10 323646]
              hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]
              Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-24 01:06:47 67128]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
              "AppInit_DLLs"=pushow99.dll

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
              C:\WINDOWS\system32\adspipe.dll

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
              --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
              --a------ 2004-06-14 17:39 77824 C:\Program Files\QuickTime\qttask.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
              --a------ 2004-02-26 15:53 65024 C:\WINDOWS\SOUNDMAN.EXE

              [HKEY_LOCAL_MACHINE\software\microsoft\security center]
              "AntiVirusDisableNotify"=dword:00000001
              "AntiVirusOverride"=dword:00000001

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
              "%windir%\\system32\\sessmgr.exe"=
              "C:\\Program Files\\Messenger\\msmsgs.exe"=
              "C:\\WINDOWS\\system32\\dplaysvr.exe"=
              "C:\\Program Files\\Azureus\\Azureus.exe"=
              "C:\\Program Files\\KaM - The Peasants Rebellion\\KM_TPR.exe"=
              "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
              "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
              "C:\\Program Files\\MSN Messenger\\livecall.exe"=
              "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
              "C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
              "C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
              "C:\\Program Files\\LimeWire Plus\\LimeWire.exe"=

              R0 idkhdlah;idkhdlah;C:\WINDOWS\system32\drivers\sbocjqvx.dat
              R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 08:48]
              R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 15:07]
              R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 10:17]
              R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
              R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
              S3 USBSH_HS;SHARP GSM GPRS USB Driver2 1.0.0;C:\WINDOWS\system32\DRIVERS\usbsh_hs.sys [2004-03-19 00:10]

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d8c4582-c434-11dc-9d7c-000c76ff9986}]
              \Shell\AutoRun\command - F:\LaunchU3.exe -a

              .
              Inhoud van de 'Gedeelde Taken' map
              "2008-03-02 12:51:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1094901079.job"
              - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
              "2004-09-17 20:50:18 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job"
              - C:\WINDOWS\System32\OOBE\oobebaln.exe
              "2004-09-24 21:50:04 C:\WINDOWS\Tasks\Herinnering voor registratie 3.job"
              - C:\WINDOWS\System32\OOBE\oobebaln.exe
              .
              **************************************************************************

              catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2008-03-05 11:02:01
              Windows 5.1.2600 Service Pack 2 NTFS

              scannen van verborgen processen ...

              scannen van verborgen autostart items ...

              scannen van verborgen bestanden ...

              Scan succesvol afgerond
              verborgen bestanden: 0

              **************************************************************************

              [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\idkhdlah]
              "ImagePath"="system32\drivers\sbocjqvx.dat"
              .
              Voltooingstijd: 2008-03-05 11:04:06
              ComboFix-quarantined-files.txt 2008-03-05 10:03:43
              ComboFix2.txt 2008-03-05 08:55:36
              ComboFix3.txt 2008-03-05 08:28:34
              .
              2008-02-13 12:57:37 --- E O F ---
              Last edited by 123456789987654; 05-03-08, 11:17.

              Comment


              • #8
                Start de computer in veilige modus.

                Zoek de volgende bestanden op en probeer ze te verwijderen:
                C:\WINDOWS\system32\drivers\sbocjqvx.dat
                C:\WINDOWS\system32\pushow99.dll
                C:\Documents and Settings\erik\Application Data\install_nl[1].exe
                C:\WINDOWS\system32\dbmsads.dll

                Lukt verwijderen niet probeer ze dan een andere naam te geven: Rechtsklikken op het bestand en kiezen voor "Naam Wijzigen".

                Ga naar Start - Uitvoeren en geef daar het volgende in:
                sc delete idkhdlah
                Druk op OK.

                Herstart de computer naar normale modus en post een nieuw logje van Combofix

                Comment


                • #9
                  heey, ik heb gedaan wat je zij alleen lukt niet alles.
                  er stonden 2 bestanden van C:\WINDWS\System32\drivers\sbocjqvx.dat één ervan was een systeembestand die heb ik verwijderd een andere stond onder een pictogram van een klembord, die kon ik niet verwijderen en daar kon ik de naam niet van veranderen.
                  Ik kon C:\WINDWS\System32\pushow99.dll niet vinden in het systeem.
                  C:\Documents and Settings\erik\Application Data\install_nl[1].exe heb ik wel gevonden en verwijderd.
                  C:\WINDOWS\system32\dbmsads.dll kon ik ook niet verwijderen of de naam van wijzigen op het pictogram stonden 2 tandwielen 1 groen en de ander was oranje hier kon ik ook niks mee.

                  ik kreeg de melding:
                  kan sbocjqvx niet verwijderen. De toegang is gewijgerd.
                  Controleer of de schijf vol of tegen schrijven is beveiligd of dat het bestand momenteel in gebruik is.

                  deze melding kreeg ik ook bij de andere bestanden die ik niet kon verwijderen of waar ik de naam niet van kon verwijderen.

                  op het eind heb ik wel sc delete idkhdlah ingetypt dat ging wel met succes volgens mij.

                  dit is het logje van Combofix:


                  ComboFix 08-03-04.5 - René 2008-03-05 15:01:08.4 - NTFSx86
                  Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.102 [GMT 1:00]
                  Gestart vanuit: C:\Documents and Settings\René\Bureaublad\ComboFix.exe
                  .

                  (((((((((((((((((((( Bestanden Gemaakt van 2008-02-05 to 2008-03-05 ))))))))))))))))))))))))))))))
                  .

                  2008-03-04 16:38 . 2008-03-04 16:38 <DIR> d-------- C:\Program Files\Trend Micro
                  2008-03-04 15:56 . 2008-03-04 16:12 <DIR> d-------- C:\Program Files\NoAdware5.0
                  2008-03-03 17:13 . 2008-03-03 17:14 <DIR> d-------- C:\Program Files\SPYWAREfighter
                  2008-03-03 17:13 . 2008-03-03 17:13 <DIR> d-------- C:\Program Files\Common Files\Application
                  2008-02-26 23:46 . 2008-02-26 23:46 <DIR> d-------- C:\Documents and Settings\peter\Application Data\Recordpad
                  2008-02-26 13:09 . 2008-02-26 13:09 <DIR> d-------- C:\Program Files\NCH Software
                  2008-02-26 13:09 . 2008-02-26 13:09 <DIR> d-------- C:\Documents and Settings\René\Application Data\Recordpad
                  2008-02-26 13:09 . 2008-02-26 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
                  2008-02-26 13:08 . 2008-02-26 13:09 <DIR> d-------- C:\Program Files\NCH Swift Sound
                  2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Store Purchased
                  2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Store Purchased
                  2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Shared
                  2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Shared
                  2008-02-25 17:13 . 2008-03-02 12:54 <DIR> d-------- C:\Documents and Settings\René\Application Data\LimeWirePlus
                  2008-02-25 17:12 . 2008-02-25 17:13 <DIR> d-------- C:\Program Files\LimeWire Plus
                  2008-02-21 15:38 . 2008-02-21 15:38 946,832 --a------ C:\WINDOWS\system32\_ISource30.dll

                  .
                  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  2008-03-04 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
                  2008-03-04 15:07 --------- d-----w C:\Documents and Settings\René\Application Data\AVG7
                  2008-03-04 14:20 --------- d-----w C:\Program Files\VeiligheidsAgent
                  2008-03-04 14:05 --------- d-----w C:\Program Files\Common Files\VeiligheidsAgent
                  2008-03-04 07:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
                  2008-02-26 22:46 --------- d-----w C:\Documents and Settings\peter\Application Data\NCH Swift Sound
                  2008-02-26 12:09 --------- d-----w C:\Documents and Settings\René\Application Data\NCH Swift Sound
                  2008-02-01 15:50 --------- d-----w C:\Documents and Settings\René\Application Data\CyberLink
                  2008-01-31 21:29 --------- d-----w C:\Documents and Settings\René\Application Data\U3
                  2008-01-31 15:13 --------- d-----w C:\Documents and Settings\René\Application Data\FotoFinish
                  2008-01-31 15:12 --------- d-----w C:\Documents and Settings\René\Application Data\SmartDraw
                  2008-01-29 01:18 --------- d-----w C:\Documents and Settings\erik\Application Data\AVG7
                  2008-01-12 11:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
                  2008-01-12 11:30 --------- d-----w C:\Program Files\Maxis
                  2008-01-05 22:05 --------- d-----w C:\Documents and Settings\peter\Application Data\AVG7
                  2008-01-05 21:53 --------- d-----w C:\Program Files\Common Files\SystemErrorFixer
                  2008-01-05 21:09 --------- d-----w C:\Program Files\USB ADSL Router
                  2008-01-05 21:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
                  2008-01-05 21:09 --------- d-----w C:\Program Files\Google
                  2008-01-05 21:06 --------- d-----w C:\Documents and Settings\peter\Application Data\Webshots
                  2008-01-05 21:00 --------- d-----w C:\Program Files\Gamenext
                  2008-01-05 20:59 --------- d-----w C:\Program Files\MessengerPlus! 3
                  2008-01-05 20:59 --------- d-----w C:\Program Files\Astonsoft
                  2008-01-05 20:58 --------- d-----w C:\Program Files\DV Series
                  2008-01-05 20:57 --------- d-----w C:\Program Files\IrfanView
                  2008-01-05 20:57 --------- d-----w C:\Program Files\IncrediMail
                  2008-01-05 20:54 --------- d-----w C:\Program Files\MSN Games
                  2008-01-05 20:54 --------- d-----w C:\Program Files\Hitman Pro
                  2008-01-05 20:52 --------- d-----w C:\Program Files\Mount&Blade
                  2008-01-05 20:48 --------- d-----w C:\Program Files\PopCap Games
                  2008-01-05 20:46 --------- d-----w C:\Documents and Settings\peter\Application Data\SurfAccuracy
                  2008-01-05 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                  2008-01-05 20:42 --------- d-----w C:\Program Files\Ulead Systems
                  2008-01-05 20:41 --------- d-----w C:\Program Files\VideoLAN
                  2008-01-05 20:33 262,144 ----a-w C:\ntuser.dat
                  2008-01-05 20:14 12,386,041 ------w C:\AVG7QT.DAT
                  2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
                  2007-12-07 14:38 3,080,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
                  2007-12-06 13:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
                  2007-11-15 22:04 195,616 ----a-w C:\Documents and Settings\René\Application Data\setup_en[1].exe
                  .

                  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  REGEDIT4
                  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5407E8C-E91D-41F7-8443-FF02AB9379D2}]
                  2003-04-08 12:00 95488 --a------ C:\WINDOWS\system32\dbmsads.dll

                  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "Sonic RecordNow!"=""
                  "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
                  "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-28 20:10 335872]
                  "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe" [2003-08-19 16:23 32873]
                  "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
                  "CleanRegPath"="C:\Program Files\ADSLModemUtility(AnnexA)\CleanReg.exe" [2003-06-17 13:18 24576]
                  "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 00:01 110592]
                  "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32 221184]
                  "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752]
                  "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088]
                  "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 09:03 110592 C:\WINDOWS\system32\bthprops.cpl]
                  "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-16 23:35 180269]
                  "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
                  "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-05 22:24 579072]
                  "RegistryMechanic"=""
                  "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-06-14 17:39 77824]
                  "Recordpad"="C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" [2008-02-26 13:09 577540]
                  "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]

                  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                  "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
                  "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2008-01-05 22:24 219136]

                  C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                  hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-05 23:37:10 323646]
                  hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]
                  Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-24 01:06:47 67128]

                  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
                  "AppInit_DLLs"=pushow99.dll

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
                  C:\WINDOWS\system32\adspipe.dll

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
                  --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
                  --a------ 2004-06-14 17:39 77824 C:\Program Files\QuickTime\qttask.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
                  --a------ 2004-02-26 15:53 65024 C:\WINDOWS\SOUNDMAN.EXE

                  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
                  "AntiVirusDisableNotify"=dword:00000001
                  "AntiVirusOverride"=dword:00000001

                  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                  "%windir%\\system32\\sessmgr.exe"=
                  "C:\\Program Files\\Messenger\\msmsgs.exe"=
                  "C:\\WINDOWS\\system32\\dplaysvr.exe"=
                  "C:\\Program Files\\Azureus\\Azureus.exe"=
                  "C:\\Program Files\\KaM - The Peasants Rebellion\\KM_TPR.exe"=
                  "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
                  "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
                  "C:\\Program Files\\MSN Messenger\\livecall.exe"=
                  "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
                  "C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
                  "C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
                  "C:\\Program Files\\LimeWire Plus\\LimeWire.exe"=

                  R0 idkhdlah;idkhdlah;C:\WINDOWS\system32\drivers\sbocjqvx.dat
                  R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 08:48]
                  R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 15:07]
                  R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 10:17]
                  R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
                  R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
                  S3 USBSH_HS;SHARP GSM GPRS USB Driver2 1.0.0;C:\WINDOWS\system32\DRIVERS\usbsh_hs.sys [2004-03-19 00:10]

                  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d8c4582-c434-11dc-9d7c-000c76ff9986}]
                  \Shell\AutoRun\command - F:\LaunchU3.exe -a

                  .
                  Inhoud van de 'Gedeelde Taken' map
                  "2008-03-05 12:51:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1094901079.job"
                  - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
                  "2004-09-17 20:50:18 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job"
                  - C:\WINDOWS\System32\OOBE\oobebaln.exe
                  "2004-09-24 21:50:04 C:\WINDOWS\Tasks\Herinnering voor registratie 3.job"
                  - C:\WINDOWS\System32\OOBE\oobebaln.exe
                  .
                  **************************************************************************

                  catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                  Rootkit scan 2008-03-05 15:05:02
                  Windows 5.1.2600 Service Pack 2 NTFS

                  scannen van verborgen processen ...

                  scannen van verborgen autostart items ...

                  scannen van verborgen bestanden ...

                  **************************************************************************

                  [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\idkhdlah]
                  "ImagePath"="system32\drivers\sbocjqvx.dat"
                  .
                  Voltooingstijd: 2008-03-05 15:08:11
                  ComboFix-quarantined-files.txt 2008-03-05 14:07:15
                  ComboFix2.txt 2008-03-05 10:04:07
                  ComboFix3.txt 2008-03-05 08:55:36
                  ComboFix4.txt 2008-03-05 08:28:34
                  .
                  2008-02-13 12:57:37 --- E O F ---
                  Last edited by 123456789987654; 05-03-08, 15:24.

                  Comment


                  • #10
                    Download IceSword en unzip het naar je bureaublad in een map.
                    - Open die map, dubbelklik op het "Sword icon" om IceSword te starten.
                    - Links klik je op file.
                    - Kies nu deze computer in icesword en navigeer naar dit bestand:

                    C:\WINDOWS\system32\drivers\sbocjqvx.dat

                    - Rechtsklik er op en kies voor delete.

                    - Doe dit ook voor:

                    C:\WINDOWS\system32\dbmsads.dll

                    Herstart je PC en post een nieuw logje van Combofix

                    Comment


                    • #11
                      heey het is gelukt ik heb die bestanden verwijderd, dit is het nieuwe logje:

                      ComboFix 08-03-04.5 - René 2008-03-05 17:53:45.5 - NTFSx86
                      Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.116 [GMT 1:00]
                      Gestart vanuit: C:\Documents and Settings\René\Bureaublad\ComboFix.exe
                      .

                      (((((((((((((((((((( Bestanden Gemaakt van 2008-02-05 to 2008-03-05 ))))))))))))))))))))))))))))))
                      .

                      2008-03-04 16:38 . 2008-03-04 16:38 <DIR> d-------- C:\Program Files\Trend Micro
                      2008-03-04 15:56 . 2008-03-04 16:12 <DIR> d-------- C:\Program Files\NoAdware5.0
                      2008-03-03 17:13 . 2008-03-03 17:14 <DIR> d-------- C:\Program Files\SPYWAREfighter
                      2008-03-03 17:13 . 2008-03-03 17:13 <DIR> d-------- C:\Program Files\Common Files\Application
                      2008-02-26 23:46 . 2008-02-26 23:46 <DIR> d-------- C:\Documents and Settings\peter\Application Data\Recordpad
                      2008-02-26 13:09 . 2008-02-26 13:09 <DIR> d-------- C:\Program Files\NCH Software
                      2008-02-26 13:09 . 2008-02-26 13:09 <DIR> d-------- C:\Documents and Settings\René\Application Data\Recordpad
                      2008-02-26 13:09 . 2008-02-26 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
                      2008-02-26 13:08 . 2008-02-26 13:09 <DIR> d-------- C:\Program Files\NCH Swift Sound
                      2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Store Purchased
                      2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Store Purchased
                      2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Shared
                      2008-02-25 17:14 . 2008-02-25 17:14 <DIR> d-------- C:\Documents and Settings\René\LimeWire Shared
                      2008-02-25 17:13 . 2008-03-02 12:54 <DIR> d-------- C:\Documents and Settings\René\Application Data\LimeWirePlus
                      2008-02-25 17:12 . 2008-02-25 17:13 <DIR> d-------- C:\Program Files\LimeWire Plus
                      2008-02-21 15:38 . 2008-02-21 15:38 946,832 --a------ C:\WINDOWS\system32\_ISource30.dll

                      .
                      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      2008-03-04 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
                      2008-03-04 15:07 --------- d-----w C:\Documents and Settings\René\Application Data\AVG7
                      2008-03-04 14:20 --------- d-----w C:\Program Files\VeiligheidsAgent
                      2008-03-04 14:05 --------- d-----w C:\Program Files\Common Files\VeiligheidsAgent
                      2008-03-04 07:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
                      2008-02-26 22:46 --------- d-----w C:\Documents and Settings\peter\Application Data\NCH Swift Sound
                      2008-02-26 12:09 --------- d-----w C:\Documents and Settings\René\Application Data\NCH Swift Sound
                      2008-02-01 15:50 --------- d-----w C:\Documents and Settings\René\Application Data\CyberLink
                      2008-01-31 21:29 --------- d-----w C:\Documents and Settings\René\Application Data\U3
                      2008-01-31 15:13 --------- d-----w C:\Documents and Settings\René\Application Data\FotoFinish
                      2008-01-31 15:12 --------- d-----w C:\Documents and Settings\René\Application Data\SmartDraw
                      2008-01-29 01:18 --------- d-----w C:\Documents and Settings\erik\Application Data\AVG7
                      2008-01-12 11:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
                      2008-01-12 11:30 --------- d-----w C:\Program Files\Maxis
                      2008-01-05 22:05 --------- d-----w C:\Documents and Settings\peter\Application Data\AVG7
                      2008-01-05 21:53 --------- d-----w C:\Program Files\Common Files\SystemErrorFixer
                      2008-01-05 21:09 --------- d-----w C:\Program Files\USB ADSL Router
                      2008-01-05 21:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
                      2008-01-05 21:09 --------- d-----w C:\Program Files\Google
                      2008-01-05 21:06 --------- d-----w C:\Documents and Settings\peter\Application Data\Webshots
                      2008-01-05 21:00 --------- d-----w C:\Program Files\Gamenext
                      2008-01-05 20:59 --------- d-----w C:\Program Files\MessengerPlus! 3
                      2008-01-05 20:59 --------- d-----w C:\Program Files\Astonsoft
                      2008-01-05 20:58 --------- d-----w C:\Program Files\DV Series
                      2008-01-05 20:57 --------- d-----w C:\Program Files\IrfanView
                      2008-01-05 20:57 --------- d-----w C:\Program Files\IncrediMail
                      2008-01-05 20:54 --------- d-----w C:\Program Files\MSN Games
                      2008-01-05 20:54 --------- d-----w C:\Program Files\Hitman Pro
                      2008-01-05 20:52 --------- d-----w C:\Program Files\Mount&Blade
                      2008-01-05 20:48 --------- d-----w C:\Program Files\PopCap Games
                      2008-01-05 20:46 --------- d-----w C:\Documents and Settings\peter\Application Data\SurfAccuracy
                      2008-01-05 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                      2008-01-05 20:42 --------- d-----w C:\Program Files\Ulead Systems
                      2008-01-05 20:41 --------- d-----w C:\Program Files\VideoLAN
                      2008-01-05 20:33 262,144 ----a-w C:\ntuser.dat
                      2008-01-05 20:14 12,386,041 ------w C:\AVG7QT.DAT
                      2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
                      2007-12-07 14:38 3,080,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
                      2007-12-06 13:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
                      2007-11-15 22:04 195,616 ----a-w C:\Documents and Settings\René\Application Data\setup_en[1].exe
                      .

                      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      REGEDIT4
                      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5407E8C-E91D-41F7-8443-FF02AB9379D2}]
                      C:\WINDOWS\system32\dbmsads.dll

                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "Sonic RecordNow!"=""
                      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
                      "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-28 20:10 335872]
                      "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe" [2003-08-19 16:23 32873]
                      "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
                      "CleanRegPath"="C:\Program Files\ADSLModemUtility(AnnexA)\CleanReg.exe" [2003-06-17 13:18 24576]
                      "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 00:01 110592]
                      "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32 221184]
                      "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752]
                      "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088]
                      "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 09:03 110592 C:\WINDOWS\system32\bthprops.cpl]
                      "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-16 23:35 180269]
                      "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
                      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-05 22:24 579072]
                      "RegistryMechanic"=""
                      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-06-14 17:39 77824]
                      "Recordpad"="C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" [2008-02-26 13:09 577540]
                      "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]

                      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
                      "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2008-01-05 22:24 219136]

                      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                      hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-05 23:37:10 323646]
                      hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]
                      Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-24 01:06:47 67128]

                      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
                      "AppInit_DLLs"=pushow99.dll

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
                      C:\WINDOWS\system32\adspipe.dll

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
                      --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
                      --a------ 2004-06-14 17:39 77824 C:\Program Files\QuickTime\qttask.exe

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
                      --a------ 2004-02-26 15:53 65024 C:\WINDOWS\SOUNDMAN.EXE

                      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
                      "AntiVirusDisableNotify"=dword:00000001
                      "AntiVirusOverride"=dword:00000001

                      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                      "%windir%\\system32\\sessmgr.exe"=
                      "C:\\Program Files\\Messenger\\msmsgs.exe"=
                      "C:\\WINDOWS\\system32\\dplaysvr.exe"=
                      "C:\\Program Files\\Azureus\\Azureus.exe"=
                      "C:\\Program Files\\KaM - The Peasants Rebellion\\KM_TPR.exe"=
                      "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
                      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
                      "C:\\Program Files\\MSN Messenger\\livecall.exe"=
                      "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
                      "C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
                      "C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
                      "C:\\Program Files\\LimeWire Plus\\LimeWire.exe"=

                      R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 08:48]
                      R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 15:07]
                      R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
                      S0 idkhdlah;idkhdlah;C:\WINDOWS\system32\drivers\sbocjqvx.dat
                      S3 USBSH_HS;SHARP GSM GPRS USB Driver2 1.0.0;C:\WINDOWS\system32\DRIVERS\usbsh_hs.sys [2004-03-19 00:10]

                      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d8c4582-c434-11dc-9d7c-000c76ff9986}]
                      \Shell\AutoRun\command - F:\LaunchU3.exe -a

                      .
                      Inhoud van de 'Gedeelde Taken' map
                      "2008-03-05 12:51:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1094901079.job"
                      - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
                      "2004-09-17 20:50:18 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job"
                      - C:\WINDOWS\System32\OOBE\oobebaln.exe
                      "2004-09-24 21:50:04 C:\WINDOWS\Tasks\Herinnering voor registratie 3.job"
                      - C:\WINDOWS\System32\OOBE\oobebaln.exe
                      .
                      **************************************************************************

                      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                      Rootkit scan 2008-03-05 17:57:40
                      Windows 5.1.2600 Service Pack 2 NTFS

                      scannen van verborgen processen ...

                      scannen van verborgen autostart items ...

                      scannen van verborgen bestanden ...

                      Scan succesvol afgerond
                      verborgen bestanden: 0

                      **************************************************************************

                      [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\idkhdlah]
                      "ImagePath"="system32\drivers\sbocjqvx.dat"
                      .
                      Voltooingstijd: 2008-03-05 17:59:20
                      ComboFix-quarantined-files.txt 2008-03-05 16:58:52
                      ComboFix2.txt 2008-03-05 14:08:12
                      ComboFix3.txt 2008-03-05 10:04:07
                      ComboFix4.txt 2008-03-05 08:55:36
                      ComboFix5.txt 2008-03-05 08:28:34
                      .
                      2008-02-13 12:57:37 --- E O F ---

                      Comment


                      • #12
                        Gebruik het volgende tooltje eens:

                        Rogue-uninstaller.exe

                        Het tooltje downloaden en op je bureaublad plaatsen, daarna dubbelklikken.
                        Het zal een map op je bureaublad plaatsen met de naam Rogue-uninstaller
                        Het tooltje zal je systeem checken op Rogue scanners.
                        Daarnaast zoekt het naar mappen en bestanden die bij deze rogue programma's horen.
                        Het scannen kan behoorlijk lang duren, wacht rustig af.
                        Als er een uninstaller gevonden wordt, zal deze worden gestart, probeer deze uninstaller zijn werk te laten doen.
                        Als de scan voltooid is zal er een logje openen: Rogue-delete-results.log
                        Post dit logje

                        Comment


                        • #13
                          heey ik heb de scan gedaan en hij vroeg op het einde of ik veilighidsagent en bijbehorende programma's wou verwijderen... ik heb nee gedrukt omdat ik dat proramma net gekocht heb, wat moet ik doen? moet ik hem toch verwijderen of is er een andere manier? mijn AVG geen niet meer aan dat het trojan horse in de comp. zit dus volgens mij is hij weg...

                          ik heb hier een kopie:

                          **********Uninstallers**********
                          C:\Program Files\VeiligheidsAgent\unins000.exe
                          *************Folders************
                          C:\Documents and Settings\All Users\Application Data\systemerrorfixer
                          C:\Program Files\Common Files\SystemErrorFixer
                          C:\Documents and Settings\All Users\Menu Start\Programma's\VeiligheidsAgent
                          C:\Documents and Settings\erik\Application Data\VeiligheidsAgent
                          C:\Documents and Settings\peter\Application Data\VeiligheidsAgent
                          C:\Documents and Settings\René\Application Data\VeiligheidsAgent
                          C:\Program Files\VeiligheidsAgent
                          C:\Program Files\Common Files\VeiligheidsAgent
                          C:\Documents and Settings\All Users\Menu Start\Programma's\VeiligheidsAgent
                          C:\Documents and Settings\erik\Application Data\VeiligheidsAgent
                          C:\Documents and Settings\peter\Application Data\VeiligheidsAgent
                          C:\Documents and Settings\René\Application Data\VeiligheidsAgent
                          C:\Program Files\VeiligheidsAgent
                          C:\Program Files\Common Files\VeiligheidsAgent
                          **************Files*************
                          C:\Documents and Settings\All Users\Bureaublad\VeiligheidsAgent.lnk
                          C:\Documents and Settings\All Users\Menu Start\Programma's\VeiligheidsAgent\VeiligheidsAgent handleiding.lnk
                          C:\Documents and Settings\All Users\Menu Start\Programma's\VeiligheidsAgent\VeiligheidsAgent kennisgegevensbestand.lnk
                          C:\Documents and Settings\All Users\Menu Start\Programma's\VeiligheidsAgent\VeiligheidsAgent.lnk
                          C:\Documents and Settings\erik\Application Data\Microsoft\Internet Explorer\Quick Launch\VeiligheidsAgent.lnk
                          ********************************

                          Comment


                          • #14
                            Ik ben bang dat je genept bent, VeiligheidsAgent is een nederlandstalige variant van deze:


                            O2 - BHO: CIEIntegrator Object - {7A7F202E-AF91-4889-9DD5-2FE241085CC1} - C:\Program Files\VeiligheidsAgent\Tools\pg.dll

                            Comment


                            • #15
                              heey, dus die moet ik verwijderen, kan ik hun niet aanklagen ofzo?

                              ik zal hem verwijderen,

                              als het virus dan helemaal weg is zal ik hem op opgelost zetten en nog 1 berichtje sturen,

                              is AVG free een goede beveiliging verder? of raad je een andere aan? en zo ja welke?
                              alvast bedankt,

                              Groet René Janneman
                              Last edited by 123456789987654; 06-03-08, 10:45.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X