Hallo,

Kan iemand mij alstublief helpen.
heb mijn AVG virusscanner verwijderd, en heb NOD32 antivirus geinstaleerd.
Krijg geen virusmeldingen meer nu,

Echter mijn AVG anti-rootkit vind steeds een nieuwe in windows/system/drivers.

Start ik daarna opnieuw op, vind hij weer 1 andere.....?

Hier een nieuw log: bedankt alvast.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17, on 13-3-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Rootkit Free\avgarkt.exe
C:\Program Files\Grisoft\AVG Anti-Rootkit Free\7C5Ei9E3CFP.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199476721890
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CHUG - Unknown owner - C:\DOCUME~1\Jack\LOCALS~1\Temp\CHUG.exe (file missing)
O23 - Service: EPNBNTD - Unknown owner - C:\DOCUME~1\Jack\LOCALS~1\Temp\EPNBNTD.exe (file missing)
O23 - Service: G - Unknown owner - C:\DOCUME~1\Jack\LOCALS~1\Temp\G.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: QGGZC - Unknown owner - C:\DOCUME~1\Jack\LOCALS~1\Temp\QGGZC.exe (file missing)
O23 - Service: QMWMJUZXTC - Unknown owner - C:\DOCUME~1\Jack\LOCALS~1\Temp\QMWMJUZXTC.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

--
End of file - 7411 bytes

Volg de instructies zoals beschreven op de volgende pagina: hoe-dient-combofix-gebruikt-te-worden

Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
Is er iets niet duidelijk, dan vraag je het.
Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

Bedankt alvast, dat uw mij wil helpen.

Hier de 2 logs.

---------------------------------------

ComboFix 08-03-14.4 - Jack 2008-03-15 12:44:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.627 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Jack\Bureaublad\ComboFix.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-15 to 2008-03-15 ))))))))))))))))))))))))))))))
.

2008-03-15 12:02 . 2008-03-15 12:43 <DIR> dr-h-c--- C:\Documents and Settings\Jack\Onlangs geopend
2008-03-15 01:51 . 2008-03-15 01:59 <DIR> d----c--- C:\Program Files\RegCleaner
2008-03-14 22:19 . 2008-03-14 22:19 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-03-14 21:51 . 2008-03-14 22:36 <DIR> dr-h-c--- C:\Documents and Settings\Administrator\Onlangs geopend
2008-03-14 21:50 . 2008-03-14 21:50 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-03-14 19:23 . 2008-03-14 19:23 <DIR> d----c--- C:\fsaua.data
2008-03-14 15:31 . 2008-03-14 15:36 <DIR> d----c--- C:\Program Files\SpyEraser
2008-03-14 15:31 . 2008-03-14 15:31 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-03-14 15:22 . 2008-03-14 15:22 <DIR> d----c--- C:\Program Files\SpeedUpMyPC 3
2008-03-14 14:34 . 2008-03-14 14:34 <DIR> d----c--- C:\Program Files\RegistryBooster 2
2008-03-14 14:29 . 2008-03-14 14:29 <DIR> d----c--- C:\Program Files\ProcessScanner
2008-03-14 14:17 . 2008-03-14 14:17 <DIR> d----c--- C:\Program Files\privacy terug met xp-AntiSpy
2008-03-14 03:30 . 2008-03-14 03:30 <DIR> d----c--- C:\Program Files\Advanced IP Scanner
2008-03-14 02:02 . 2008-03-14 02:02 <DIR> d----c--- C:\Program Files\Lavasoft
2008-03-13 03:38 . 2008-03-13 03:38 <DIR> d----c--- C:\Program Files\Common Files\NSV
2008-03-13 02:24 . 2008-03-13 12:22 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-03-13 02:24 . 2008-03-13 02:24 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-03-13 02:23 . 2008-03-13 02:24 <DIR> d----c--- C:\Program Files\Winamp Remote
2008-03-13 02:22 . 2008-03-13 02:24 <DIR> d----c--- C:\Program Files\Winamp
2008-03-13 02:22 . 2008-03-13 02:28 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\Winamp
2008-03-13 01:30 . 2008-02-22 02:33 69,632 --a--c--- C:\WINDOWS\system32\javacpl.cpl
2008-03-13 01:26 . 2008-03-13 01:30 <DIR> d----c--- C:\Program Files\Java
2008-03-13 01:25 . 2008-03-13 01:25 <DIR> d----c--- C:\Program Files\Common Files\Java
2008-03-12 14:50 . 2008-03-12 14:50 1,421,312 --a--c--- C:\WINDOWS\system32\FBH
2008-03-12 05:33 . 2008-03-14 03:47 <DIR> d----c--- C:\Documents and Settings\LocalService\Bureaublad
2008-03-12 03:25 . 2008-03-12 03:25 <DIR> dr-h-c--- C:\Documents and Settings\LocalService\Onlangs geopend
2008-03-11 15:09 . 2008-03-11 15:09 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2008-03-11 14:13 . 2008-03-11 14:13 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-11 00:38 . 2007-01-22 16:18 24,072 --a--c--- C:\WINDOWS\system32\uxtuneup.dll
2008-03-11 00:37 . 2008-03-15 02:55 <DIR> d----c--- C:\Program Files\TuneUp Utilities 2007
2008-03-11 00:37 . 2008-03-11 00:37 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\TuneUp Software
2008-03-11 00:37 . 2008-03-11 00:37 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-03-10 23:23 . 1999-12-21 07:58 21,312 --a--c--- C:\WINDOWS\choice.exe
2008-03-10 21:46 . 2008-03-12 14:12 <DIR> d----c--- C:\Program Files\Conduit
2008-03-10 20:03 . 2008-03-10 20:03 <DIR> d----c--- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-10 20:03 . 2008-03-10 20:03 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\Malwarebytes
2008-03-10 20:03 . 2008-03-10 20:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-10 18:50 . 2008-03-13 03:49 <DIR> d----c--- C:\Program Files\XoftSpySE
2008-03-10 14:23 . 2008-03-10 23:28 <DIR> d----c--- C:\Program Files\Eset
2008-03-10 14:23 . 2008-03-10 14:22 512,096 --a--c--- C:\WINDOWS\system32\drivers\amon.sys
2008-03-10 14:23 . 2008-03-10 14:22 298,104 --a--c--- C:\WINDOWS\system32\imon.dll
2008-03-10 14:23 . 2008-03-10 14:22 15,424 --a--c--- C:\WINDOWS\system32\drivers\nod32drv.sys
2008-03-09 22:21 . 2008-03-09 22:21 <DIR> d----c--- C:\Program Files\Trend Micro
2008-03-09 15:24 . 2008-03-09 15:24 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\TrojanHunter
2008-03-09 14:43 . 2008-03-09 14:43 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-03-09 13:53 . 2007-01-18 13:00 3,968 --a--c--- C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-03-09 13:18 . 2008-03-09 13:18 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-03-08 23:48 . 2008-03-08 23:50 <DIR> d----c--- C:\Program Files\EsetOnlineScanner
2008-03-08 23:21 . 2008-03-08 23:21 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\Grisoft
2008-03-08 23:20 . 2007-05-30 13:10 10,872 --a--c--- C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-08 21:25 . 2008-03-13 03:56 <DIR> d----c--- C:\Program Files\SUPERAntiSpyware
2008-03-08 21:25 . 2008-03-08 21:25 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\SUPERAntiSpyware.com
2008-03-08 21:25 . 2008-03-08 21:25 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-06 23:35 . 2008-03-06 23:35 <DIR> d----c--- C:\Program Files\converter
2008-03-06 23:34 . 2008-03-06 23:34 <DIR> d----c--- C:\Program Files\NCH Software
2008-03-06 22:58 . 2008-03-06 23:00 <DIR> d----c--- C:\Program Files\TrojanHunter 5.0
2008-03-06 17:03 . 2008-03-06 17:03 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\TrojanHunter
2008-03-06 00:28 . 2008-03-14 15:31 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\Uniblue
2008-03-05 21:01 . 2008-03-08 20:13 540 --a------ C:\WINDOWS\system32\PDBootState
2008-03-05 15:01 . 2008-03-05 21:58 30,590 --a--c--- C:\WINDOWS\system32\pavas.ico
2008-03-05 15:01 . 2008-03-05 21:58 2,550 --a--c--- C:\WINDOWS\system32\Uninstall.ico
2008-03-05 15:01 . 2008-03-05 21:58 1,406 --a--c--- C:\WINDOWS\system32\Help.ico
2008-03-05 15:00 . 2008-03-05 21:59 <DIR> d----c--- C:\WINDOWS\system32\ActiveScan
2008-03-04 03:17 . 2008-03-04 03:17 <DIR> d----c--- C:\Program Files\Common Files\Ankiro
2008-03-04 03:16 . 2008-03-15 11:59 <DIR> d----c--- C:\Program Files\SPAMfighter
2008-03-03 21:59 . 2008-03-03 21:59 <DIR> d----c--- C:\WINDOWS\system32\Kaspersky Lab
2008-03-03 21:59 . 2008-03-03 21:59 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-03 20:20 . 2008-03-03 20:15 2,833,303 --a--c--- C:\WINDOWS\system32\xwawvreh.xml
2008-03-03 20:18 . 2008-03-03 20:15 2,833,303 --a--c--- C:\WINDOWS\system32\iafdyndk.xml
2008-03-03 19:06 . 2008-01-04 18:59 <DIR> d--h-c--- C:\Documents and Settings\Administrator\Sjablonen
2008-03-03 19:06 . 2008-01-04 19:14 <DIR> d--h-c--- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2008-03-03 19:06 . 2008-03-14 21:52 <DIR> d----c--- C:\Documents and Settings\Administrator\Mijn documenten
2008-03-03 19:06 . 2008-01-04 19:14 <DIR> dr---c--- C:\Documents and Settings\Administrator\Menu Start
2008-03-03 19:06 . 2008-01-04 19:14 <DIR> d----c--- C:\Documents and Settings\Administrator\Favorieten
2008-03-03 19:06 . 2008-03-14 21:52 <DIR> d----c--- C:\Documents and Settings\Administrator\Bureaublad
2008-03-03 17:38 . 2008-03-03 17:38 2,833,303 --a--c--- C:\WINDOWS\system32\tuvcehmo.xml
2008-03-03 17:36 . 2008-03-03 17:36 92 --a--c--- C:\WINDOWS\wininit.ini
2008-03-03 16:38 . 2008-03-13 12:47 <DIR> d----c--- C:\Program Files\SpywareGuard
2008-03-03 16:03 . 2008-03-03 16:05 <DIR> d----c--- C:\Program Files\SPYWAREfighter
2008-03-03 15:04 . 2008-03-03 22:25 2,833,439 --a--c--- C:\WINDOWS\system32\ekmvphtw.xml
2008-03-03 01:35 . 2008-03-09 18:49 <DIR> d----c--- C:\WINDOWS\BDOSCAN8
2008-03-02 15:01 . 2008-03-02 15:01 <DIR> dr---c--- C:\Documents and Settings\LocalService\Favorieten
2008-03-02 14:36 . 2008-03-09 18:53 <DIR> d----c--- C:\Downloads
2008-03-02 14:36 . 2008-03-02 14:37 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\GetRightToGo
2008-02-21 15:38 . 2008-02-21 15:38 946,832 --a--c--- C:\WINDOWS\system32\_ISource30.dll
2008-02-20 21:09 . 2008-02-20 21:09 <DIR> d----c--- C:\Program Files\Common Files\Adobe

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 11:32 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-15 00:37 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-15 00:35 --------- dc----w C:\Program Files\SpywareBlaster
2008-03-14 19:06 --------- dc----w C:\Documents and Settings\Jack\Application Data\OpenOffice.org2
2008-03-14 14:24 --------- dc----w C:\Program Files\Spyware Doctor
2008-03-14 13:57 --------- dc----w C:\Documents and Settings\Jack\Application Data\Azureus
2008-03-14 02:08 --------- dc----w C:\Program Files\Windows Media Connect 2
2008-03-14 02:08 --------- dc----w C:\Program Files\DivX
2008-03-14 01:01 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-11 23:15 --------- dc----w C:\Program Files\Azureus
2008-03-11 13:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-08 22:58 --------- dc----w C:\Documents and Settings\Jack\Application Data\.BitTornado
2008-03-05 23:42 --------- dc----w C:\Program Files\eMule
2008-03-03 18:54 --------- dc----w C:\Program Files\Logitech
2008-03-03 18:54 --------- dc----w C:\Program Files\Common Files\Logitech
2008-03-02 13:10 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-02-11 08:39 253,952 -c--a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 08:39 237,568 -c--a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-08 12:53 110,592 -c--a-w C:\WINDOWS\system32\OnlineScannerLang.dll
2008-02-06 19:10 --------- dc----w C:\Program Files\Common Files\Raxco
2008-02-06 19:08 --------- dc----w C:\Program Files\RAXCO
2008-02-06 19:08 --------- dc----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-02-06 16:04 --------- dc----w C:\Program Files\Spybot - Search & Destroy
2008-02-06 15:29 691,545 -c--a-w C:\WINDOWS\unins000.exe
2008-02-05 07:48 77,824 -c--a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
2008-01-25 23:52 --------- dc----w C:\Program Files\Microsoft Games
2008-01-25 23:51 --------- dc----w C:\Program Files\DAEMON Tools Lite
2008-01-25 23:34 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-22 14:11 127,034 -c----r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-01-22 14:11 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-01-22 13:20 --------- dc----w C:\Program Files\logitech Driver
2008-01-22 11:37 0 -c-ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-01-20 00:23 22,328 -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-20 00:22 103,736 -c--a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-17 21:56 --------- dc----w C:\Program Files\Windows Live
2008-01-17 20:49 --------- dc----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-17 20:40 --------- dc----w C:\Documents and Settings\Jack\Application Data\Lavasoft
2008-01-15 14:30 --------- dc----w C:\Program Files\Common Files\LogiShared
2008-01-15 14:30 --------- dc----w C:\Documents and Settings\Jack\Application Data\Logitech
2008-01-15 14:30 --------- dc----w C:\Documents and Settings\Jack\Application Data\Leadertech
2008-01-15 14:30 --------- dc----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-15 14:29 0 -c-ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-01-15 14:29 0 -c-ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-01-15 14:26 --------- dc----w C:\Documents and Settings\Jack\Application Data\InstallShield
2008-01-15 14:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-01-12 01:03 66,872 -c--a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-01-11 21:25 107,888 -c--a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-09 14:01 53,248 -c--a-w C:\WINDOWS\bdoscandel.exe
2008-01-04 18:43 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-01-04 18:43 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 18:34 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-10 14:22 949376]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-02-26 11:10 317072]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-04 13:00 160256]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk]
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a--c--- 2005-03-08 21:05 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 18:34 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 13:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a--c--- 2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a--c--- 2008-01-07 21:02 495616 C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a--c--- 2004-08-04 13:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a--c--- 2004-08-04 13:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
--a--c--- 2008-02-26 11:10 317072 C:\Program Files\SPAMfighter\SFAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahsc--- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywarefighterguard]
--a--c--- 2008-02-21 15:37 115344 C:\Program Files\SPYWAREfighter\spftray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
--a--c--- 2008-03-06 23:00 1046688 C:\Program Files\TrojanHunter 5.0\THGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
--a--c--- 2007-12-05 16:06 1885464 C:\Program Files\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
--a--c--- 2007-12-07 09:42 9479448 C:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
--a--c--- 2008-01-08 09:14 1260296 C:\Program Files\SpyEraser\SpyEraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a--c--- 2008-01-15 23:54 37376 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PDEngine"=3 (0x3)
"PDAgent"=2 (0x2)
"gusvc"=3 (0x3)
"aawservice"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"D:\\Games\\live for speed\\LFS.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-02-26 11:10]
R2 UxTuneUp;TuneUp Designer-uitbreiding;C:\WINDOWS\System32\svchost.exe [2008-03-02 14:10]
R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
S0 Eeo77;Eeo77;C:\WINDOWS\system32\Drivers\Eeo77.sys
S0 Tet46;Tet46;C:\WINDOWS\system32\Drivers\Tet46.sys
S1 tvtool;tvtool;C:\Program Files\TVTool 6.8\tvtool.sys
S3 CHUG;CHUG;C:\DOCUME~1\Jack\LOCALS~1\Temp\CHUG.exe
S3 EPNBNTD;EPNBNTD;C:\DOCUME~1\Jack\LOCALS~1\Temp\EPNBNTD.exe
S3 G;G;C:\DOCUME~1\Jack\LOCALS~1\Temp\G.exe
S3 GLEZRJAVOHTDNM;GLEZRJAVOHTDNM;C:\DOCUME~1\Jack\LOCALS~1\Temp\GLEZRJAVOHTDNM.exe
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 03:12]
S3 OIMYBNIHLYDJ;OIMYBNIHLYDJ;C:\DOCUME~1\Jack\LOCALS~1\Temp\OIMYBNIHLYDJ.exe
S3 QGGZC;QGGZC;C:\DOCUME~1\Jack\LOCALS~1\Temp\QGGZC.exe
S3 QMWMJUZXTC;QMWMJUZXTC;C:\DOCUME~1\Jack\LOCALS~1\Temp\QMWMJUZXTC.exe
S3 ROMZB;ROMZB;C:\DOCUME~1\Jack\LOCALS~1\Temp\ROMZB.exe
S3 SQSBSRKB;SQSBSRKB;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SQSBSRKB.exe
S3 SWUSBFLT;Microsoft SideWinder VIA Filterstuurprogramma;C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 22:02]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Inhoud van de 'Gedeelde Taken' map
"2008-03-14 16:25:15 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-14 14:32:21 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\SpyEraser\SpyEraser.exe
"2008-03-15 10:57:07 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-03-15 02:00:00 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-15 12:46:22
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Eset\pr_imon.dll
.
Voltooingstijd: 2008-03-15 12:47:07
.
2008-03-11 22:50:14 --- E O F ---




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48, on 15-3-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199476721890
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CHUG - Unknown owner - C:\DOCUME~1\Jack\LOCALS~1\Temp\CHUG.exe (file missing)
O23 - Service: EPNBNTD - Unknown owner - C:\DOCUME~1\Jack\LOCALS~1\Temp\EPNBNTD.exe (file missing)
O23 - Service: G - Unknown owner - C:\DOCUME~1\Jack\LOCALS~1\Temp\G.exe (file missing)
O23 - Service: GLEZRJAVOHTDNM - Unknown owner - C:\DOCUME~1\Jack\LOCALS~1\Temp\GLEZRJAVOHTDNM.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: OIMYBNIHLYDJ - Unknown owner - C:\DOCUME~1\Jack\LOCALS~1\Temp\OIMYBNIHLYDJ.exe (file missing)
O23 - Service: QGGZC - Unknown owner - C:\DOCUME~1\Jack\LOCALS~1\Temp\QGGZC.exe (file missing)
O23 - Service: QMWMJUZXTC - Unknown owner - C:\DOCUME~1\Jack\LOCALS~1\Temp\QMWMJUZXTC.exe (file missing)
O23 - Service: ROMZB - Unknown owner - C:\DOCUME~1\Jack\LOCALS~1\Temp\ROMZB.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: SQSBSRKB - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SQSBSRKB.exe (file missing)

--
End of file - 6944 bytes

Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

• 
  File::
  C:\WINDOWS\system32\xwawvreh.xml
  C:\WINDOWS\system32\iafdyndk.xml
  C:\WINDOWS\system32\tuvcehmo.xml
  C:\WINDOWS\system32\ekmvphtw.xml
  C:\WINDOWS\system32\Drivers\Eeo77.sys
  C:\WINDOWS\system32\Drivers\Tet46.sys
  
  Driver::
  Eeo77
  Tet46
  G
  GLEZRJAVOHTDNM
  OIMYBNIHLYDJ
  QGGZC
  QMWMJUZXTC
  ROMZB
  SQSBSRKB
  CHUG
  EPNBNTD
  
  

Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

hier mijn logje


ComboFix 08-03-14.4 - Jack 2008-03-15 17:12:31.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.637 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Jack\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jack\Bureaublad\CFScript.txt..txt
* Nieuw herstelpunt werd aangemaakt

FILE ::
C:\WINDOWS\system32\Drivers\Eeo77.sys
C:\WINDOWS\system32\Drivers\Tet46.sys
C:\WINDOWS\system32\ekmvphtw.xml
C:\WINDOWS\system32\iafdyndk.xml
C:\WINDOWS\system32\tuvcehmo.xml
C:\WINDOWS\system32\xwawvreh.xml
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ekmvphtw.xml
C:\WINDOWS\system32\iafdyndk.xml
C:\WINDOWS\system32\tuvcehmo.xml
C:\WINDOWS\system32\xwawvreh.xml

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_CHUG
-------\LEGACY_EPNBNTD
-------\LEGACY_G
-------\LEGACY_GLEZRJAVOHTDNM
-------\LEGACY_OIMYBNIHLYDJ
-------\LEGACY_QGGZC
-------\LEGACY_QMWMJUZXTC
-------\LEGACY_ROMZB
-------\LEGACY_SQSBSRKB
-------\CHUG
-------\Eeo77
-------\EPNBNTD
-------\G
-------\GLEZRJAVOHTDNM
-------\OIMYBNIHLYDJ
-------\QGGZC
-------\QMWMJUZXTC
-------\ROMZB
-------\SQSBSRKB
-------\Tet46


(((((((((((((((((((( Bestanden Gemaakt van 2008-02-15 to 2008-03-15 ))))))))))))))))))))))))))))))
.

2008-03-15 12:02 . 2008-03-15 17:10 <DIR> dr-h-c--- C:\Documents and Settings\Jack\Onlangs geopend
2008-03-15 01:51 . 2008-03-15 01:59 <DIR> d----c--- C:\Program Files\RegCleaner
2008-03-14 22:19 . 2008-03-14 22:19 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-03-14 21:51 . 2008-03-14 22:36 <DIR> dr-h-c--- C:\Documents and Settings\Administrator\Onlangs geopend
2008-03-14 21:50 . 2008-03-14 21:50 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-03-14 19:23 . 2008-03-14 19:23 <DIR> d----c--- C:\fsaua.data
2008-03-14 15:31 . 2008-03-14 15:36 <DIR> d----c--- C:\Program Files\SpyEraser
2008-03-14 15:31 . 2008-03-14 15:31 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-03-14 15:22 . 2008-03-14 15:22 <DIR> d----c--- C:\Program Files\SpeedUpMyPC 3
2008-03-14 14:34 . 2008-03-14 14:34 <DIR> d----c--- C:\Program Files\RegistryBooster 2
2008-03-14 14:29 . 2008-03-14 14:29 <DIR> d----c--- C:\Program Files\ProcessScanner
2008-03-14 14:17 . 2008-03-14 14:17 <DIR> d----c--- C:\Program Files\privacy terug met xp-AntiSpy
2008-03-14 03:30 . 2008-03-14 03:30 <DIR> d----c--- C:\Program Files\Advanced IP Scanner
2008-03-14 02:02 . 2008-03-14 02:02 <DIR> d----c--- C:\Program Files\Lavasoft
2008-03-13 03:38 . 2008-03-13 03:38 <DIR> d----c--- C:\Program Files\Common Files\NSV
2008-03-13 02:24 . 2008-03-13 12:22 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-03-13 02:24 . 2008-03-13 02:24 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-03-13 02:23 . 2008-03-13 02:24 <DIR> d----c--- C:\Program Files\Winamp Remote
2008-03-13 02:22 . 2008-03-13 02:24 <DIR> d----c--- C:\Program Files\Winamp
2008-03-13 02:22 . 2008-03-13 02:28 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\Winamp
2008-03-13 01:30 . 2008-02-22 02:33 69,632 --a--c--- C:\WINDOWS\system32\javacpl.cpl
2008-03-13 01:26 . 2008-03-13 01:30 <DIR> d----c--- C:\Program Files\Java
2008-03-13 01:25 . 2008-03-13 01:25 <DIR> d----c--- C:\Program Files\Common Files\Java
2008-03-12 14:50 . 2008-03-12 14:50 1,421,312 --a--c--- C:\WINDOWS\system32\FBH
2008-03-12 05:33 . 2008-03-14 03:47 <DIR> d----c--- C:\Documents and Settings\LocalService\Bureaublad
2008-03-12 03:25 . 2008-03-12 03:25 <DIR> dr-h-c--- C:\Documents and Settings\LocalService\Onlangs geopend
2008-03-11 15:09 . 2008-03-11 15:09 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2008-03-11 14:13 . 2008-03-11 14:13 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-11 00:38 . 2007-01-22 16:18 24,072 --a--c--- C:\WINDOWS\system32\uxtuneup.dll
2008-03-11 00:37 . 2008-03-15 02:55 <DIR> d----c--- C:\Program Files\TuneUp Utilities 2007
2008-03-11 00:37 . 2008-03-11 00:37 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\TuneUp Software
2008-03-11 00:37 . 2008-03-11 00:37 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-03-10 23:23 . 1999-12-21 07:58 21,312 --a--c--- C:\WINDOWS\choice.exe
2008-03-10 21:46 . 2008-03-12 14:12 <DIR> d----c--- C:\Program Files\Conduit
2008-03-10 20:03 . 2008-03-10 20:03 <DIR> d----c--- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-10 20:03 . 2008-03-10 20:03 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\Malwarebytes
2008-03-10 20:03 . 2008-03-10 20:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-10 18:50 . 2008-03-13 03:49 <DIR> d----c--- C:\Program Files\XoftSpySE
2008-03-10 14:23 . 2008-03-10 23:28 <DIR> d----c--- C:\Program Files\Eset
2008-03-10 14:23 . 2008-03-10 14:22 512,096 --a--c--- C:\WINDOWS\system32\drivers\amon.sys
2008-03-10 14:23 . 2008-03-10 14:22 298,104 --a--c--- C:\WINDOWS\system32\imon.dll
2008-03-10 14:23 . 2008-03-10 14:22 15,424 --a--c--- C:\WINDOWS\system32\drivers\nod32drv.sys
2008-03-09 22:21 . 2008-03-09 22:21 <DIR> d----c--- C:\Program Files\Trend Micro
2008-03-09 15:24 . 2008-03-09 15:24 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\TrojanHunter
2008-03-09 14:43 . 2008-03-09 14:43 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-03-09 13:53 . 2007-01-18 13:00 3,968 --a--c--- C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-03-09 13:18 . 2008-03-09 13:18 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-03-08 23:48 . 2008-03-08 23:50 <DIR> d----c--- C:\Program Files\EsetOnlineScanner
2008-03-08 23:21 . 2008-03-08 23:21 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\Grisoft
2008-03-08 23:20 . 2007-05-30 13:10 10,872 --a--c--- C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-08 21:25 . 2008-03-13 03:56 <DIR> d----c--- C:\Program Files\SUPERAntiSpyware
2008-03-08 21:25 . 2008-03-08 21:25 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\SUPERAntiSpyware.com
2008-03-08 21:25 . 2008-03-08 21:25 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-06 23:35 . 2008-03-06 23:35 <DIR> d----c--- C:\Program Files\converter
2008-03-06 23:34 . 2008-03-06 23:34 <DIR> d----c--- C:\Program Files\NCH Software
2008-03-06 22:58 . 2008-03-06 23:00 <DIR> d----c--- C:\Program Files\TrojanHunter 5.0
2008-03-06 17:03 . 2008-03-06 17:03 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\TrojanHunter
2008-03-06 00:28 . 2008-03-14 15:31 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\Uniblue
2008-03-05 21:01 . 2008-03-08 20:13 540 --a------ C:\WINDOWS\system32\PDBootState
2008-03-05 15:01 . 2008-03-05 21:58 30,590 --a--c--- C:\WINDOWS\system32\pavas.ico
2008-03-05 15:01 . 2008-03-05 21:58 2,550 --a--c--- C:\WINDOWS\system32\Uninstall.ico
2008-03-05 15:01 . 2008-03-05 21:58 1,406 --a--c--- C:\WINDOWS\system32\Help.ico
2008-03-05 15:00 . 2008-03-05 21:59 <DIR> d----c--- C:\WINDOWS\system32\ActiveScan
2008-03-04 03:17 . 2008-03-04 03:17 <DIR> d----c--- C:\Program Files\Common Files\Ankiro
2008-03-04 03:16 . 2008-03-15 17:04 <DIR> d----c--- C:\Program Files\SPAMfighter
2008-03-03 21:59 . 2008-03-03 21:59 <DIR> d----c--- C:\WINDOWS\system32\Kaspersky Lab
2008-03-03 21:59 . 2008-03-03 21:59 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-03 19:06 . 2008-01-04 18:59 <DIR> d--h-c--- C:\Documents and Settings\Administrator\Sjablonen
2008-03-03 19:06 . 2008-01-04 19:14 <DIR> d--h-c--- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2008-03-03 19:06 . 2008-03-14 21:52 <DIR> d----c--- C:\Documents and Settings\Administrator\Mijn documenten
2008-03-03 19:06 . 2008-01-04 19:14 <DIR> dr---c--- C:\Documents and Settings\Administrator\Menu Start
2008-03-03 19:06 . 2008-01-04 19:14 <DIR> d----c--- C:\Documents and Settings\Administrator\Favorieten
2008-03-03 19:06 . 2008-03-14 21:52 <DIR> d----c--- C:\Documents and Settings\Administrator\Bureaublad
2008-03-03 17:36 . 2008-03-03 17:36 92 --a--c--- C:\WINDOWS\wininit.ini
2008-03-03 16:38 . 2008-03-13 12:47 <DIR> d----c--- C:\Program Files\SpywareGuard
2008-03-03 16:03 . 2008-03-03 16:05 <DIR> d----c--- C:\Program Files\SPYWAREfighter
2008-03-03 01:35 . 2008-03-09 18:49 <DIR> d----c--- C:\WINDOWS\BDOSCAN8
2008-03-02 15:01 . 2008-03-02 15:01 <DIR> dr---c--- C:\Documents and Settings\LocalService\Favorieten
2008-03-02 14:36 . 2008-03-09 18:53 <DIR> d----c--- C:\Downloads
2008-03-02 14:36 . 2008-03-02 14:37 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\GetRightToGo
2008-02-21 15:38 . 2008-02-21 15:38 946,832 --a--c--- C:\WINDOWS\system32\_ISource30.dll
2008-02-20 21:09 . 2008-02-20 21:09 <DIR> d----c--- C:\Program Files\Common Files\Adobe

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 11:32 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-15 00:37 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-15 00:35 --------- dc----w C:\Program Files\SpywareBlaster
2008-03-14 19:06 --------- dc----w C:\Documents and Settings\Jack\Application Data\OpenOffice.org2
2008-03-14 14:24 --------- dc----w C:\Program Files\Spyware Doctor
2008-03-14 13:57 --------- dc----w C:\Documents and Settings\Jack\Application Data\Azureus
2008-03-14 02:08 --------- dc----w C:\Program Files\Windows Media Connect 2
2008-03-14 02:08 --------- dc----w C:\Program Files\DivX
2008-03-14 01:01 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-11 23:15 --------- dc----w C:\Program Files\Azureus
2008-03-11 13:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-08 22:58 --------- dc----w C:\Documents and Settings\Jack\Application Data\.BitTornado
2008-03-05 23:42 --------- dc----w C:\Program Files\eMule
2008-03-03 18:54 --------- dc----w C:\Program Files\Logitech
2008-03-03 18:54 --------- dc----w C:\Program Files\Common Files\Logitech
2008-02-06 19:10 --------- dc----w C:\Program Files\Common Files\Raxco
2008-02-06 19:08 --------- dc----w C:\Program Files\RAXCO
2008-02-06 19:08 --------- dc----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-02-06 16:04 --------- dc----w C:\Program Files\Spybot - Search & Destroy
2008-02-06 15:29 691,545 -c--a-w C:\WINDOWS\unins000.exe
2008-01-25 23:52 --------- dc----w C:\Program Files\Microsoft Games
2008-01-25 23:51 --------- dc----w C:\Program Files\DAEMON Tools Lite
2008-01-25 23:34 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-22 14:11 127,034 -c----r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-01-22 14:11 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-01-22 13:20 --------- dc----w C:\Program Files\logitech Driver
2008-01-22 11:37 0 -c-ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-01-20 00:23 22,328 -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-17 21:56 --------- dc----w C:\Program Files\Windows Live
2008-01-17 20:49 --------- dc----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-17 20:40 --------- dc----w C:\Documents and Settings\Jack\Application Data\Lavasoft
2008-01-15 14:30 --------- dc----w C:\Program Files\Common Files\LogiShared
2008-01-15 14:30 --------- dc----w C:\Documents and Settings\Jack\Application Data\Logitech
2008-01-15 14:30 --------- dc----w C:\Documents and Settings\Jack\Application Data\Leadertech
2008-01-15 14:30 --------- dc----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-15 14:29 0 -c-ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-01-15 14:29 0 -c-ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-01-15 14:26 --------- dc----w C:\Documents and Settings\Jack\Application Data\InstallShield
2008-01-15 14:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-01-09 14:01 53,248 -c--a-w C:\WINDOWS\bdoscandel.exe
.

((((((((((((((((((((((((((((( [email protected]_12.46.41,79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-31 07:00:00 163,328 -c--a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2008-03-15 11:02:12 60,114 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-15 16:07:22 60,114 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-15 11:02:12 79,094 ----a-w C:\WINDOWS\system32\perfc013.dat
+ 2008-03-15 16:07:22 79,094 ----a-w C:\WINDOWS\system32\perfc013.dat
- 2008-03-15 11:02:12 397,894 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-15 16:07:22 397,894 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-03-15 11:02:12 462,386 ----a-w C:\WINDOWS\system32\perfh013.dat
+ 2008-03-15 16:07:23 462,386 ----a-w C:\WINDOWS\system32\perfh013.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 18:34 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-10 14:22 949376]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-02-26 11:10 317072]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-04 13:00 160256]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk]
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a--c--- 2005-03-08 21:05 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 18:34 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 13:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a--c--- 2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a--c--- 2008-01-07 21:02 495616 C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a--c--- 2004-08-04 13:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a--c--- 2004-08-04 13:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
--a--c--- 2008-02-26 11:10 317072 C:\Program Files\SPAMfighter\SFAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahsc--- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywarefighterguard]
--a--c--- 2008-02-21 15:37 115344 C:\Program Files\SPYWAREfighter\spftray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
--a--c--- 2008-03-06 23:00 1046688 C:\Program Files\TrojanHunter 5.0\THGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
--a--c--- 2007-12-05 16:06 1885464 C:\Program Files\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
--a--c--- 2007-12-07 09:42 9479448 C:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
--a--c--- 2008-01-08 09:14 1260296 C:\Program Files\SpyEraser\SpyEraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a--c--- 2008-01-15 23:54 37376 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PDEngine"=3 (0x3)
"PDAgent"=2 (0x2)
"gusvc"=3 (0x3)
"aawservice"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"D:\\Games\\live for speed\\LFS.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-02-26 11:10]
R2 UxTuneUp;TuneUp Designer-uitbreiding;C:\WINDOWS\System32\svchost.exe [2008-03-02 14:10]
R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
S1 tvtool;tvtool;C:\Program Files\TVTool 6.8\tvtool.sys
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 03:12]
S3 SWUSBFLT;Microsoft SideWinder VIA Filterstuurprogramma;C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 22:02]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Inhoud van de 'Gedeelde Taken' map
"2008-03-14 16:25:15 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-14 14:32:21 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\SpyEraser\SpyEraser.exe
"2008-03-15 16:16:07 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-03-15 02:00:00 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-15 17:16:49
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
.
**************************************************************************
.
Voltooingstijd: 2008-03-15 17:19:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-15 16:19:04
ComboFix2.txt 2008-03-15 11:47:08
.
2008-03-11 22:50:14 --- E O F ---

Nu nog problemen?

Hallo,

Ik heb verschillende virus/spyware scanners laten draaien
geen van allen vind iets

Echter mijn AVG anti-rootkit vind steeds een nieuwe in windows/system/drivers.

Start ik daarna opnieuw op, vind hij er weer 1
maar nu weer een andere.....?

Moet/mag ik deze verwijderen ? heb er inmiddels al 10 verwijderd


B.V.D.



Gr. Jack.

Download F-Secure Blacklight:

• Plaats het op je Bureaublad.
  Dubbelklik op blbeta.exe.
  Klik op "I accept the agreement".
  Klik op "Next".
  Klik op "Scan" en als het programma klaar is klik je daarna op "Next".
  Indien Blacklight iets vindt, zal het een lijst van bestanden weergeven.
  Laat nog niks hernoemen.
  Op je Bureaublad staat een bestand met de naam fsbl.xxxxxxx.log (de x-en staan voor getallen)
  Dit is het logje dat Blacklight gemaakt heeft. Post het in je volgende antwoord a.u.b.

hier een nieuw logje maar weer


03/16/08 15:09:55 [Info]: BlackLight Engine 1.0.67 initialized
03/16/08 15:09:55 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/16/08 15:09:55 [Note]: 7019 4
03/16/08 15:09:55 [Note]: 7005 0
03/16/08 15:09:57 [Note]: 7006 0
03/16/08 15:09:57 [Note]: 7011 192
03/16/08 15:09:58 [Note]: 7026 0
03/16/08 15:09:58 [Note]: 7026 0
03/16/08 15:10:00 [Note]: FSRAW library version 1.7.1024
03/16/08 15:12:43 [Note]: 2000 1012
03/16/08 15:12:43 [Note]: 2000 1012
03/16/08 15:12:43 [Note]: 2000 1012
03/16/08 15:21:06 [Note]: 7007 0

Niets gevonden.

Download Malwarebytes' Anti-Malware op je bureaublad.
Dubbelklik mbam-setup.exe en kies voor "Next" om de tool te installeren.
Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
Druk daarna op "Finish".
Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
Druk dan op de knop "Start Scan".
Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
Als het programma je computer wil laten herstarten, sta je dit toe.
Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
Post deze log in je volgende bericht.

bedankt voor de snelle reacties,

deze heb ik al, en meerdere malen mee gescand.

Maar nu ineens een worm op d


Malwarebytes' Anti-Malware 1.08
Database versie: 495

Scan type: Volledige Scan (C:\|D:\|)
Objecten gescand: 121812
Verstreken tijd: 41 minute(s), 2 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
D:\Software\RRT.exe (Worm.Sumom) -> Quarantined and deleted successfully.

Enig idee wat RRT.exe is?

Nou nee niet echt,
Ben gisteren wel bezig geweest met wat programmaatjes de downloaden
is iets van de laatste dagen in ieder geval

Heb RRT.exe bij google gezocht
kwam wel van alles tegen,

http://www.raymond.cc/blog/archives/2008/01/23/how-to-clean-and-remove-jambanmu-alman-or-almanahe-virus/nl/

http://windows.ittoolbox.com/groups/technical-functional/windows-xp-pro-l/c-regedit-1578245

http://www.runscanner.net/files/exe/rrt/rrt.exe.aspx



volgens mij heeft het hier mee te maken

WindowsXP-KB310994-SP2-Home-BootDisk-NLD,

die nu op mijn bureaublad staat.
sinds combofix zijn werk heeft gedaan
ik merk ook op dat er veel programma's zijn uitgeschakeld bij services






Gr. jack.

Het bestand: WindowsXP-KB310994-SP2-Home-BootDisk-NLD

dat komt doordat je tijdens het installeren van ComboFix ook de Herstel Console hebt geinstalleerd. Heeft dus niets te maken met RTT.exe.

Omdat het bestand RTT.exe op D:\Software staat, zou jij toch wel kunnen weten waar dit is gekomen.

Als AVG Rootkit steeds trojans blijft vinden, dan zijn er nog 2 opties:

1. De harddisk als slave in een andere PC plaatsen en dan scannen.

2. Alle belangrijke bestanden op een USB-disk copieren (inclusief de mail en favorieten) en dan Windows opnieuw installeren.