Mededeling

Collapse
No announcement yet.

Trojan Downloader Agent

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Trojan Downloader Agent

    Ik krijg steeds een Trojan Downloader Agent,

    Heb op alles gescant,
    Adawere-Spybot-trojanhunter-spyware docter etc,
    Online...bitdefender en panda.

    Geen van alle vind hem. toch komt hij plots te voorschijn

    heb een AVG virusscanner, als ik hiermee scan vind hij niets....toch komt die verekte Trojan ineens tevoorschijn

    Net nog gescant met superAntiespyware vond ook niks

    Toch plot weer 2 nieuwe nu. Trojan Horse Generic9.BBRN

    Weer een ....... deze is niet te verwijderen.

    Daarna direkt met AVG gescand en deze vind hem niet.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:21, on 9-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\Program Files\SPYWAREfighter\spftray.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\SPYWAREfighter\spfprc.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199476721890
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

    --
    End of file - 9658 bytes

  • #2
    Hallo,

    Kan iemand mij alstublief helpen.
    heb mijn AVG virusscanner verwijderd, en heb NOD32 antivirus geinstaleerd.
    Krijg geen virusmeldingen meer nu,

    Echter mijn AVG anti-rootkit vind steeds een nieuwe in windows/system/drivers.

    Start ik daarna opnieuw op, vind hij weer 1 andere.....?

    Hier een nieuw log: bedankt alvast.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:17, on 13-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\SPYWAREfighter\spftray.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Program Files\SPYWAREfighter\spfprc.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Rootkit Free\avgarkt.exe
    C:\Program Files\Grisoft\AVG Anti-Rootkit Free\7C5Ei9E3CFP.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199476721890
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: CHUG - Unknown owner - C:\DOCUME~1\Jack\LOCALS~1\Temp\CHUG.exe (file missing)
    O23 - Service: EPNBNTD - Unknown owner - C:\DOCUME~1\Jack\LOCALS~1\Temp\EPNBNTD.exe (file missing)
    O23 - Service: G - Unknown owner - C:\DOCUME~1\Jack\LOCALS~1\Temp\G.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: QGGZC - Unknown owner - C:\DOCUME~1\Jack\LOCALS~1\Temp\QGGZC.exe (file missing)
    O23 - Service: QMWMJUZXTC - Unknown owner - C:\DOCUME~1\Jack\LOCALS~1\Temp\QMWMJUZXTC.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

    --
    End of file - 7411 bytes
    Bijgevoegde Bestanden
    Last edited by miejac; 13-03-08, 18:23. Reden: bijlage

    Comment


    • #3
      Volg de instructies zoals beschreven op de volgende pagina: hoe-dient-combofix-gebruikt-te-worden

      Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
      Is er iets niet duidelijk, dan vraag je het.
      Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
      Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

      Comment


      • #4
        Bedankt alvast, dat uw mij wil helpen.

        Hier de 2 logs.

        ---------------------------------------

        ComboFix 08-03-14.4 - Jack 2008-03-15 12:44:43.1 - NTFSx86
        Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.627 [GMT 1:00]
        Gestart vanuit: C:\Documents and Settings\Jack\Bureaublad\ComboFix.exe
        .

        (((((((((((((((((((( Bestanden Gemaakt van 2008-02-15 to 2008-03-15 ))))))))))))))))))))))))))))))
        .

        2008-03-15 12:02 . 2008-03-15 12:43 <DIR> dr-h-c--- C:\Documents and Settings\Jack\Onlangs geopend
        2008-03-15 01:51 . 2008-03-15 01:59 <DIR> d----c--- C:\Program Files\RegCleaner
        2008-03-14 22:19 . 2008-03-14 22:19 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
        2008-03-14 21:51 . 2008-03-14 22:36 <DIR> dr-h-c--- C:\Documents and Settings\Administrator\Onlangs geopend
        2008-03-14 21:50 . 2008-03-14 21:50 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Uniblue
        2008-03-14 19:23 . 2008-03-14 19:23 <DIR> d----c--- C:\fsaua.data
        2008-03-14 15:31 . 2008-03-14 15:36 <DIR> d----c--- C:\Program Files\SpyEraser
        2008-03-14 15:31 . 2008-03-14 15:31 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Uniblue
        2008-03-14 15:22 . 2008-03-14 15:22 <DIR> d----c--- C:\Program Files\SpeedUpMyPC 3
        2008-03-14 14:34 . 2008-03-14 14:34 <DIR> d----c--- C:\Program Files\RegistryBooster 2
        2008-03-14 14:29 . 2008-03-14 14:29 <DIR> d----c--- C:\Program Files\ProcessScanner
        2008-03-14 14:17 . 2008-03-14 14:17 <DIR> d----c--- C:\Program Files\privacy terug met xp-AntiSpy
        2008-03-14 03:30 . 2008-03-14 03:30 <DIR> d----c--- C:\Program Files\Advanced IP Scanner
        2008-03-14 02:02 . 2008-03-14 02:02 <DIR> d----c--- C:\Program Files\Lavasoft
        2008-03-13 03:38 . 2008-03-13 03:38 <DIR> d----c--- C:\Program Files\Common Files\NSV
        2008-03-13 02:24 . 2008-03-13 12:22 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
        2008-03-13 02:24 . 2008-03-13 02:24 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\OrbNetworks
        2008-03-13 02:23 . 2008-03-13 02:24 <DIR> d----c--- C:\Program Files\Winamp Remote
        2008-03-13 02:22 . 2008-03-13 02:24 <DIR> d----c--- C:\Program Files\Winamp
        2008-03-13 02:22 . 2008-03-13 02:28 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\Winamp
        2008-03-13 01:30 . 2008-02-22 02:33 69,632 --a--c--- C:\WINDOWS\system32\javacpl.cpl
        2008-03-13 01:26 . 2008-03-13 01:30 <DIR> d----c--- C:\Program Files\Java
        2008-03-13 01:25 . 2008-03-13 01:25 <DIR> d----c--- C:\Program Files\Common Files\Java
        2008-03-12 14:50 . 2008-03-12 14:50 1,421,312 --a--c--- C:\WINDOWS\system32\FBH
        2008-03-12 05:33 . 2008-03-14 03:47 <DIR> d----c--- C:\Documents and Settings\LocalService\Bureaublad
        2008-03-12 03:25 . 2008-03-12 03:25 <DIR> dr-h-c--- C:\Documents and Settings\LocalService\Onlangs geopend
        2008-03-11 15:09 . 2008-03-11 15:09 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
        2008-03-11 14:13 . 2008-03-11 14:13 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Avg7
        2008-03-11 00:38 . 2007-01-22 16:18 24,072 --a--c--- C:\WINDOWS\system32\uxtuneup.dll
        2008-03-11 00:37 . 2008-03-15 02:55 <DIR> d----c--- C:\Program Files\TuneUp Utilities 2007
        2008-03-11 00:37 . 2008-03-11 00:37 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\TuneUp Software
        2008-03-11 00:37 . 2008-03-11 00:37 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\TuneUp Software
        2008-03-10 23:23 . 1999-12-21 07:58 21,312 --a--c--- C:\WINDOWS\choice.exe
        2008-03-10 21:46 . 2008-03-12 14:12 <DIR> d----c--- C:\Program Files\Conduit
        2008-03-10 20:03 . 2008-03-10 20:03 <DIR> d----c--- C:\Program Files\Malwarebytes' Anti-Malware
        2008-03-10 20:03 . 2008-03-10 20:03 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\Malwarebytes
        2008-03-10 20:03 . 2008-03-10 20:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
        2008-03-10 18:50 . 2008-03-13 03:49 <DIR> d----c--- C:\Program Files\XoftSpySE
        2008-03-10 14:23 . 2008-03-10 23:28 <DIR> d----c--- C:\Program Files\Eset
        2008-03-10 14:23 . 2008-03-10 14:22 512,096 --a--c--- C:\WINDOWS\system32\drivers\amon.sys
        2008-03-10 14:23 . 2008-03-10 14:22 298,104 --a--c--- C:\WINDOWS\system32\imon.dll
        2008-03-10 14:23 . 2008-03-10 14:22 15,424 --a--c--- C:\WINDOWS\system32\drivers\nod32drv.sys
        2008-03-09 22:21 . 2008-03-09 22:21 <DIR> d----c--- C:\Program Files\Trend Micro
        2008-03-09 15:24 . 2008-03-09 15:24 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\TrojanHunter
        2008-03-09 14:43 . 2008-03-09 14:43 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Grisoft
        2008-03-09 13:53 . 2007-01-18 13:00 3,968 --a--c--- C:\WINDOWS\system32\drivers\AvgArCln.sys
        2008-03-09 13:18 . 2008-03-09 13:18 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
        2008-03-08 23:48 . 2008-03-08 23:50 <DIR> d----c--- C:\Program Files\EsetOnlineScanner
        2008-03-08 23:21 . 2008-03-08 23:21 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\Grisoft
        2008-03-08 23:20 . 2007-05-30 13:10 10,872 --a--c--- C:\WINDOWS\system32\drivers\AvgAsCln.sys
        2008-03-08 21:25 . 2008-03-13 03:56 <DIR> d----c--- C:\Program Files\SUPERAntiSpyware
        2008-03-08 21:25 . 2008-03-08 21:25 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\SUPERAntiSpyware.com
        2008-03-08 21:25 . 2008-03-08 21:25 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
        2008-03-06 23:35 . 2008-03-06 23:35 <DIR> d----c--- C:\Program Files\converter
        2008-03-06 23:34 . 2008-03-06 23:34 <DIR> d----c--- C:\Program Files\NCH Software
        2008-03-06 22:58 . 2008-03-06 23:00 <DIR> d----c--- C:\Program Files\TrojanHunter 5.0
        2008-03-06 17:03 . 2008-03-06 17:03 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\TrojanHunter
        2008-03-06 00:28 . 2008-03-14 15:31 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\Uniblue
        2008-03-05 21:01 . 2008-03-08 20:13 540 --a------ C:\WINDOWS\system32\PDBootState
        2008-03-05 15:01 . 2008-03-05 21:58 30,590 --a--c--- C:\WINDOWS\system32\pavas.ico
        2008-03-05 15:01 . 2008-03-05 21:58 2,550 --a--c--- C:\WINDOWS\system32\Uninstall.ico
        2008-03-05 15:01 . 2008-03-05 21:58 1,406 --a--c--- C:\WINDOWS\system32\Help.ico
        2008-03-05 15:00 . 2008-03-05 21:59 <DIR> d----c--- C:\WINDOWS\system32\ActiveScan
        2008-03-04 03:17 . 2008-03-04 03:17 <DIR> d----c--- C:\Program Files\Common Files\Ankiro
        2008-03-04 03:16 . 2008-03-15 11:59 <DIR> d----c--- C:\Program Files\SPAMfighter
        2008-03-03 21:59 . 2008-03-03 21:59 <DIR> d----c--- C:\WINDOWS\system32\Kaspersky Lab
        2008-03-03 21:59 . 2008-03-03 21:59 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
        2008-03-03 20:20 . 2008-03-03 20:15 2,833,303 --a--c--- C:\WINDOWS\system32\xwawvreh.xml
        2008-03-03 20:18 . 2008-03-03 20:15 2,833,303 --a--c--- C:\WINDOWS\system32\iafdyndk.xml
        2008-03-03 19:06 . 2008-01-04 18:59 <DIR> d--h-c--- C:\Documents and Settings\Administrator\Sjablonen
        2008-03-03 19:06 . 2008-01-04 19:14 <DIR> d--h-c--- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
        2008-03-03 19:06 . 2008-03-14 21:52 <DIR> d----c--- C:\Documents and Settings\Administrator\Mijn documenten
        2008-03-03 19:06 . 2008-01-04 19:14 <DIR> dr---c--- C:\Documents and Settings\Administrator\Menu Start
        2008-03-03 19:06 . 2008-01-04 19:14 <DIR> d----c--- C:\Documents and Settings\Administrator\Favorieten
        2008-03-03 19:06 . 2008-03-14 21:52 <DIR> d----c--- C:\Documents and Settings\Administrator\Bureaublad
        2008-03-03 17:38 . 2008-03-03 17:38 2,833,303 --a--c--- C:\WINDOWS\system32\tuvcehmo.xml
        2008-03-03 17:36 . 2008-03-03 17:36 92 --a--c--- C:\WINDOWS\wininit.ini
        2008-03-03 16:38 . 2008-03-13 12:47 <DIR> d----c--- C:\Program Files\SpywareGuard
        2008-03-03 16:03 . 2008-03-03 16:05 <DIR> d----c--- C:\Program Files\SPYWAREfighter
        2008-03-03 15:04 . 2008-03-03 22:25 2,833,439 --a--c--- C:\WINDOWS\system32\ekmvphtw.xml
        2008-03-03 01:35 . 2008-03-09 18:49 <DIR> d----c--- C:\WINDOWS\BDOSCAN8
        2008-03-02 15:01 . 2008-03-02 15:01 <DIR> dr---c--- C:\Documents and Settings\LocalService\Favorieten
        2008-03-02 14:36 . 2008-03-09 18:53 <DIR> d----c--- C:\Downloads
        2008-03-02 14:36 . 2008-03-02 14:37 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\GetRightToGo
        2008-02-21 15:38 . 2008-02-21 15:38 946,832 --a--c--- C:\WINDOWS\system32\_ISource30.dll
        2008-02-20 21:09 . 2008-02-20 21:09 <DIR> d----c--- C:\Program Files\Common Files\Adobe

        .
        ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2008-03-15 11:32 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
        2008-03-15 00:37 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
        2008-03-15 00:35 --------- dc----w C:\Program Files\SpywareBlaster
        2008-03-14 19:06 --------- dc----w C:\Documents and Settings\Jack\Application Data\OpenOffice.org2
        2008-03-14 14:24 --------- dc----w C:\Program Files\Spyware Doctor
        2008-03-14 13:57 --------- dc----w C:\Documents and Settings\Jack\Application Data\Azureus
        2008-03-14 02:08 --------- dc----w C:\Program Files\Windows Media Connect 2
        2008-03-14 02:08 --------- dc----w C:\Program Files\DivX
        2008-03-14 01:01 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard
        2008-03-11 23:15 --------- dc----w C:\Program Files\Azureus
        2008-03-11 13:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\Grisoft
        2008-03-08 22:58 --------- dc----w C:\Documents and Settings\Jack\Application Data\.BitTornado
        2008-03-05 23:42 --------- dc----w C:\Program Files\eMule
        2008-03-03 18:54 --------- dc----w C:\Program Files\Logitech
        2008-03-03 18:54 --------- dc----w C:\Program Files\Common Files\Logitech
        2008-03-02 13:10 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
        2008-02-11 08:39 253,952 -c--a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
        2008-02-11 08:39 237,568 -c--a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
        2008-02-08 12:53 110,592 -c--a-w C:\WINDOWS\system32\OnlineScannerLang.dll
        2008-02-06 19:10 --------- dc----w C:\Program Files\Common Files\Raxco
        2008-02-06 19:08 --------- dc----w C:\Program Files\RAXCO
        2008-02-06 19:08 --------- dc----w C:\Documents and Settings\All Users\Application Data\Raxco
        2008-02-06 16:04 --------- dc----w C:\Program Files\Spybot - Search & Destroy
        2008-02-06 15:29 691,545 -c--a-w C:\WINDOWS\unins000.exe
        2008-02-05 07:48 77,824 -c--a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
        2008-01-25 23:52 --------- dc----w C:\Program Files\Microsoft Games
        2008-01-25 23:51 --------- dc----w C:\Program Files\DAEMON Tools Lite
        2008-01-25 23:34 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
        2008-01-22 14:11 127,034 -c----r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
        2008-01-22 14:11 --------- dc-h--w C:\Program Files\InstallShield Installation Information
        2008-01-22 13:20 --------- dc----w C:\Program Files\logitech Driver
        2008-01-22 11:37 0 -c-ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
        2008-01-20 00:23 22,328 -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
        2008-01-20 00:22 103,736 -c--a-w C:\WINDOWS\system32\PnkBstrB.exe
        2008-01-17 21:56 --------- dc----w C:\Program Files\Windows Live
        2008-01-17 20:49 --------- dc----w C:\Documents and Settings\All Users\Application Data\Lavasoft
        2008-01-17 20:40 --------- dc----w C:\Documents and Settings\Jack\Application Data\Lavasoft
        2008-01-15 14:30 --------- dc----w C:\Program Files\Common Files\LogiShared
        2008-01-15 14:30 --------- dc----w C:\Documents and Settings\Jack\Application Data\Logitech
        2008-01-15 14:30 --------- dc----w C:\Documents and Settings\Jack\Application Data\Leadertech
        2008-01-15 14:30 --------- dc----w C:\Documents and Settings\All Users\Application Data\Logitech
        2008-01-15 14:29 0 -c-ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
        2008-01-15 14:29 0 -c-ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
        2008-01-15 14:26 --------- dc----w C:\Documents and Settings\Jack\Application Data\InstallShield
        2008-01-15 14:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\LogiShrd
        2008-01-12 01:03 66,872 -c--a-w C:\WINDOWS\system32\PnkBstrA.exe
        2008-01-11 21:25 107,888 -c--a-w C:\WINDOWS\system32\CmdLineExt.dll
        2008-01-09 14:01 53,248 -c--a-w C:\WINDOWS\bdoscandel.exe
        2008-01-04 18:43 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
        2008-01-04 18:43 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
        .

        ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        REGEDIT4
        *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
        "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 18:34 1289000]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-10 14:22 949376]
        "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-02-26 11:10 317072]
        "MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-04 13:00 160256]
        "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
        "DisableLockWorkstation"= 0 (0x0)
        "DisableChangePassword"= 0 (0x0)

        [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
        "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
        C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk]
        backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
        backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech SetPoint.lnk]
        backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
        --a--c--- 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
        --a--c--- 2005-03-08 21:05 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
        --a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
        --a------ 2006-11-13 18:34 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
        C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
        --a--c--- 2004-08-04 13:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
        --a--c--- 2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
        --a--c--- 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
        --a--c--- 2008-01-07 21:02 495616 C:\Program Files\Winamp Remote\bin\OrbTray.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
        --a--c--- 2004-08-04 13:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
        --a--c--- 2004-08-04 13:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
        --a--c--- 2008-02-26 11:10 317072 C:\Program Files\SPAMfighter\SFAgent.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
        -rahsc--- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywarefighterguard]
        --a--c--- 2008-02-21 15:37 115344 C:\Program Files\SPYWAREfighter\spftray.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
        --a--c--- 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
        --a--c--- 2008-03-06 23:00 1046688 C:\Program Files\TrojanHunter 5.0\THGuard.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
        --a--c--- 2007-12-05 16:06 1885464 C:\Program Files\RegistryBooster 2\RegistryBooster.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
        --a--c--- 2007-12-07 09:42 9479448 C:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
        --a--c--- 2008-01-08 09:14 1260296 C:\Program Files\SpyEraser\SpyEraser.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
        --a--c--- 2008-01-15 23:54 37376 C:\Program Files\Winamp\winampa.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
        "PDEngine"=3 (0x3)
        "PDAgent"=2 (0x2)
        "gusvc"=3 (0x3)
        "aawservice"=3 (0x3)

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\system32\\sessmgr.exe"=
        "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
        "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
        "D:\\Program Files\\Shareaza\\Shareaza.exe"=
        "C:\\Program Files\\eMule\\emule.exe"=
        "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
        "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
        "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
        "C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
        "C:\\Program Files\\Azureus\\Azureus.exe"=
        "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
        "C:\\WINDOWS\\system32\\dpnsvr.exe"=
        "C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
        "D:\\Games\\live for speed\\LFS.exe"=
        "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
        "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
        "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
        "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
        "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

        R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-02-26 11:10]
        R2 UxTuneUp;TuneUp Designer-uitbreiding;C:\WINDOWS\System32\svchost.exe [2008-03-02 14:10]
        R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
        R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
        S0 Eeo77;Eeo77;C:\WINDOWS\system32\Drivers\Eeo77.sys
        S0 Tet46;Tet46;C:\WINDOWS\system32\Drivers\Tet46.sys
        S1 tvtool;tvtool;C:\Program Files\TVTool 6.8\tvtool.sys
        S3 CHUG;CHUG;C:\DOCUME~1\Jack\LOCALS~1\Temp\CHUG.exe
        S3 EPNBNTD;EPNBNTD;C:\DOCUME~1\Jack\LOCALS~1\Temp\EPNBNTD.exe
        S3 G;G;C:\DOCUME~1\Jack\LOCALS~1\Temp\G.exe
        S3 GLEZRJAVOHTDNM;GLEZRJAVOHTDNM;C:\DOCUME~1\Jack\LOCALS~1\Temp\GLEZRJAVOHTDNM.exe
        S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 03:12]
        S3 OIMYBNIHLYDJ;OIMYBNIHLYDJ;C:\DOCUME~1\Jack\LOCALS~1\Temp\OIMYBNIHLYDJ.exe
        S3 QGGZC;QGGZC;C:\DOCUME~1\Jack\LOCALS~1\Temp\QGGZC.exe
        S3 QMWMJUZXTC;QMWMJUZXTC;C:\DOCUME~1\Jack\LOCALS~1\Temp\QMWMJUZXTC.exe
        S3 ROMZB;ROMZB;C:\DOCUME~1\Jack\LOCALS~1\Temp\ROMZB.exe
        S3 SQSBSRKB;SQSBSRKB;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SQSBSRKB.exe
        S3 SWUSBFLT;Microsoft SideWinder VIA Filterstuurprogramma;C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 22:02]

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
        UxTuneUp

        .
        Inhoud van de 'Gedeelde Taken' map
        "2008-03-14 16:25:15 C:\WINDOWS\Tasks\Easy Onderhoud.job"
        - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
        "2008-03-14 14:32:21 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
        - C:\Program Files\SpyEraser\SpyEraser.exe
        "2008-03-15 10:57:07 C:\WINDOWS\Tasks\XoftSpySE 2.job"
        - C:\Program Files\XoftSpySE\XoftSpy.exe
        "2008-03-15 02:00:00 C:\WINDOWS\Tasks\XoftSpySE.job"
        - C:\Program Files\XoftSpySE\XoftSpy.exe
        .
        **************************************************************************

        catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-03-15 12:46:22
        Windows 5.1.2600 Service Pack 2 NTFS

        scannen van verborgen processen ...

        scannen van verborgen autostart items ...

        scannen van verborgen bestanden ...

        Scan succesvol afgerond
        verborgen bestanden: 0

        **************************************************************************
        .
        --------------------- DLLs Geladen Onder Lopende Processen ---------------------

        PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
        -> C:\Program Files\Eset\pr_imon.dll
        .
        Voltooingstijd: 2008-03-15 12:47:07
        .
        2008-03-11 22:50:14 --- E O F ---




        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 12:48, on 15-3-2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16608)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
        C:\Program Files\Eset\nod32krn.exe
        C:\Program Files\SPAMfighter\sfus.exe
        C:\Program Files\SPAMfighter\SFAgent.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Microsoft ActiveSync\wcescomm.exe
        C:\PROGRA~1\MICROS~3\rapimgr.exe
        C:\Program Files\SPYWAREfighter\spfprc.exe
        C:\WINDOWS\explorer.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
        O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
        O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
        O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
        O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
        O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
        O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
        O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
        O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
        O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
        O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199476721890
        O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
        O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
        O23 - Service: CHUG - Unknown owner - C:\DOCUME~1\Jack\LOCALS~1\Temp\CHUG.exe (file missing)
        O23 - Service: EPNBNTD - Unknown owner - C:\DOCUME~1\Jack\LOCALS~1\Temp\EPNBNTD.exe (file missing)
        O23 - Service: G - Unknown owner - C:\DOCUME~1\Jack\LOCALS~1\Temp\G.exe (file missing)
        O23 - Service: GLEZRJAVOHTDNM - Unknown owner - C:\DOCUME~1\Jack\LOCALS~1\Temp\GLEZRJAVOHTDNM.exe (file missing)
        O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
        O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
        O23 - Service: OIMYBNIHLYDJ - Unknown owner - C:\DOCUME~1\Jack\LOCALS~1\Temp\OIMYBNIHLYDJ.exe (file missing)
        O23 - Service: QGGZC - Unknown owner - C:\DOCUME~1\Jack\LOCALS~1\Temp\QGGZC.exe (file missing)
        O23 - Service: QMWMJUZXTC - Unknown owner - C:\DOCUME~1\Jack\LOCALS~1\Temp\QMWMJUZXTC.exe (file missing)
        O23 - Service: ROMZB - Unknown owner - C:\DOCUME~1\Jack\LOCALS~1\Temp\ROMZB.exe (file missing)
        O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
        O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
        O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
        O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
        O23 - Service: SQSBSRKB - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SQSBSRKB.exe (file missing)

        --
        End of file - 6944 bytes

        Comment


        • #5
          Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

          • File::
            C:\WINDOWS\system32\xwawvreh.xml
            C:\WINDOWS\system32\iafdyndk.xml
            C:\WINDOWS\system32\tuvcehmo.xml
            C:\WINDOWS\system32\ekmvphtw.xml
            C:\WINDOWS\system32\Drivers\Eeo77.sys
            C:\WINDOWS\system32\Drivers\Tet46.sys

            Driver::
            Eeo77
            Tet46
            G
            GLEZRJAVOHTDNM
            OIMYBNIHLYDJ
            QGGZC
            QMWMJUZXTC
            ROMZB
            SQSBSRKB
            CHUG
            EPNBNTD

          Sla dit op op je Bureaublad als CFScript.txt.

          Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



          Dit zal ComboFix doen herstarten.

          Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

          Comment


          • #6
            hier mijn logje


            ComboFix 08-03-14.4 - Jack 2008-03-15 17:12:31.2 - NTFSx86
            Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.637 [GMT 1:00]
            Gestart vanuit: C:\Documents and Settings\Jack\Bureaublad\ComboFix.exe
            Command switches used :: C:\Documents and Settings\Jack\Bureaublad\CFScript.txt..txt
            * Nieuw herstelpunt werd aangemaakt

            FILE ::
            C:\WINDOWS\system32\Drivers\Eeo77.sys
            C:\WINDOWS\system32\Drivers\Tet46.sys
            C:\WINDOWS\system32\ekmvphtw.xml
            C:\WINDOWS\system32\iafdyndk.xml
            C:\WINDOWS\system32\tuvcehmo.xml
            C:\WINDOWS\system32\xwawvreh.xml
            .

            (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            C:\WINDOWS\system32\ekmvphtw.xml
            C:\WINDOWS\system32\iafdyndk.xml
            C:\WINDOWS\system32\tuvcehmo.xml
            C:\WINDOWS\system32\xwawvreh.xml

            .
            ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            -------\LEGACY_CHUG
            -------\LEGACY_EPNBNTD
            -------\LEGACY_G
            -------\LEGACY_GLEZRJAVOHTDNM
            -------\LEGACY_OIMYBNIHLYDJ
            -------\LEGACY_QGGZC
            -------\LEGACY_QMWMJUZXTC
            -------\LEGACY_ROMZB
            -------\LEGACY_SQSBSRKB
            -------\CHUG
            -------\Eeo77
            -------\EPNBNTD
            -------\G
            -------\GLEZRJAVOHTDNM
            -------\OIMYBNIHLYDJ
            -------\QGGZC
            -------\QMWMJUZXTC
            -------\ROMZB
            -------\SQSBSRKB
            -------\Tet46


            (((((((((((((((((((( Bestanden Gemaakt van 2008-02-15 to 2008-03-15 ))))))))))))))))))))))))))))))
            .

            2008-03-15 12:02 . 2008-03-15 17:10 <DIR> dr-h-c--- C:\Documents and Settings\Jack\Onlangs geopend
            2008-03-15 01:51 . 2008-03-15 01:59 <DIR> d----c--- C:\Program Files\RegCleaner
            2008-03-14 22:19 . 2008-03-14 22:19 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
            2008-03-14 21:51 . 2008-03-14 22:36 <DIR> dr-h-c--- C:\Documents and Settings\Administrator\Onlangs geopend
            2008-03-14 21:50 . 2008-03-14 21:50 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Uniblue
            2008-03-14 19:23 . 2008-03-14 19:23 <DIR> d----c--- C:\fsaua.data
            2008-03-14 15:31 . 2008-03-14 15:36 <DIR> d----c--- C:\Program Files\SpyEraser
            2008-03-14 15:31 . 2008-03-14 15:31 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Uniblue
            2008-03-14 15:22 . 2008-03-14 15:22 <DIR> d----c--- C:\Program Files\SpeedUpMyPC 3
            2008-03-14 14:34 . 2008-03-14 14:34 <DIR> d----c--- C:\Program Files\RegistryBooster 2
            2008-03-14 14:29 . 2008-03-14 14:29 <DIR> d----c--- C:\Program Files\ProcessScanner
            2008-03-14 14:17 . 2008-03-14 14:17 <DIR> d----c--- C:\Program Files\privacy terug met xp-AntiSpy
            2008-03-14 03:30 . 2008-03-14 03:30 <DIR> d----c--- C:\Program Files\Advanced IP Scanner
            2008-03-14 02:02 . 2008-03-14 02:02 <DIR> d----c--- C:\Program Files\Lavasoft
            2008-03-13 03:38 . 2008-03-13 03:38 <DIR> d----c--- C:\Program Files\Common Files\NSV
            2008-03-13 02:24 . 2008-03-13 12:22 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
            2008-03-13 02:24 . 2008-03-13 02:24 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\OrbNetworks
            2008-03-13 02:23 . 2008-03-13 02:24 <DIR> d----c--- C:\Program Files\Winamp Remote
            2008-03-13 02:22 . 2008-03-13 02:24 <DIR> d----c--- C:\Program Files\Winamp
            2008-03-13 02:22 . 2008-03-13 02:28 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\Winamp
            2008-03-13 01:30 . 2008-02-22 02:33 69,632 --a--c--- C:\WINDOWS\system32\javacpl.cpl
            2008-03-13 01:26 . 2008-03-13 01:30 <DIR> d----c--- C:\Program Files\Java
            2008-03-13 01:25 . 2008-03-13 01:25 <DIR> d----c--- C:\Program Files\Common Files\Java
            2008-03-12 14:50 . 2008-03-12 14:50 1,421,312 --a--c--- C:\WINDOWS\system32\FBH
            2008-03-12 05:33 . 2008-03-14 03:47 <DIR> d----c--- C:\Documents and Settings\LocalService\Bureaublad
            2008-03-12 03:25 . 2008-03-12 03:25 <DIR> dr-h-c--- C:\Documents and Settings\LocalService\Onlangs geopend
            2008-03-11 15:09 . 2008-03-11 15:09 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
            2008-03-11 14:13 . 2008-03-11 14:13 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Avg7
            2008-03-11 00:38 . 2007-01-22 16:18 24,072 --a--c--- C:\WINDOWS\system32\uxtuneup.dll
            2008-03-11 00:37 . 2008-03-15 02:55 <DIR> d----c--- C:\Program Files\TuneUp Utilities 2007
            2008-03-11 00:37 . 2008-03-11 00:37 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\TuneUp Software
            2008-03-11 00:37 . 2008-03-11 00:37 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\TuneUp Software
            2008-03-10 23:23 . 1999-12-21 07:58 21,312 --a--c--- C:\WINDOWS\choice.exe
            2008-03-10 21:46 . 2008-03-12 14:12 <DIR> d----c--- C:\Program Files\Conduit
            2008-03-10 20:03 . 2008-03-10 20:03 <DIR> d----c--- C:\Program Files\Malwarebytes' Anti-Malware
            2008-03-10 20:03 . 2008-03-10 20:03 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\Malwarebytes
            2008-03-10 20:03 . 2008-03-10 20:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
            2008-03-10 18:50 . 2008-03-13 03:49 <DIR> d----c--- C:\Program Files\XoftSpySE
            2008-03-10 14:23 . 2008-03-10 23:28 <DIR> d----c--- C:\Program Files\Eset
            2008-03-10 14:23 . 2008-03-10 14:22 512,096 --a--c--- C:\WINDOWS\system32\drivers\amon.sys
            2008-03-10 14:23 . 2008-03-10 14:22 298,104 --a--c--- C:\WINDOWS\system32\imon.dll
            2008-03-10 14:23 . 2008-03-10 14:22 15,424 --a--c--- C:\WINDOWS\system32\drivers\nod32drv.sys
            2008-03-09 22:21 . 2008-03-09 22:21 <DIR> d----c--- C:\Program Files\Trend Micro
            2008-03-09 15:24 . 2008-03-09 15:24 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\TrojanHunter
            2008-03-09 14:43 . 2008-03-09 14:43 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Grisoft
            2008-03-09 13:53 . 2007-01-18 13:00 3,968 --a--c--- C:\WINDOWS\system32\drivers\AvgArCln.sys
            2008-03-09 13:18 . 2008-03-09 13:18 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
            2008-03-08 23:48 . 2008-03-08 23:50 <DIR> d----c--- C:\Program Files\EsetOnlineScanner
            2008-03-08 23:21 . 2008-03-08 23:21 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\Grisoft
            2008-03-08 23:20 . 2007-05-30 13:10 10,872 --a--c--- C:\WINDOWS\system32\drivers\AvgAsCln.sys
            2008-03-08 21:25 . 2008-03-13 03:56 <DIR> d----c--- C:\Program Files\SUPERAntiSpyware
            2008-03-08 21:25 . 2008-03-08 21:25 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\SUPERAntiSpyware.com
            2008-03-08 21:25 . 2008-03-08 21:25 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
            2008-03-06 23:35 . 2008-03-06 23:35 <DIR> d----c--- C:\Program Files\converter
            2008-03-06 23:34 . 2008-03-06 23:34 <DIR> d----c--- C:\Program Files\NCH Software
            2008-03-06 22:58 . 2008-03-06 23:00 <DIR> d----c--- C:\Program Files\TrojanHunter 5.0
            2008-03-06 17:03 . 2008-03-06 17:03 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\TrojanHunter
            2008-03-06 00:28 . 2008-03-14 15:31 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\Uniblue
            2008-03-05 21:01 . 2008-03-08 20:13 540 --a------ C:\WINDOWS\system32\PDBootState
            2008-03-05 15:01 . 2008-03-05 21:58 30,590 --a--c--- C:\WINDOWS\system32\pavas.ico
            2008-03-05 15:01 . 2008-03-05 21:58 2,550 --a--c--- C:\WINDOWS\system32\Uninstall.ico
            2008-03-05 15:01 . 2008-03-05 21:58 1,406 --a--c--- C:\WINDOWS\system32\Help.ico
            2008-03-05 15:00 . 2008-03-05 21:59 <DIR> d----c--- C:\WINDOWS\system32\ActiveScan
            2008-03-04 03:17 . 2008-03-04 03:17 <DIR> d----c--- C:\Program Files\Common Files\Ankiro
            2008-03-04 03:16 . 2008-03-15 17:04 <DIR> d----c--- C:\Program Files\SPAMfighter
            2008-03-03 21:59 . 2008-03-03 21:59 <DIR> d----c--- C:\WINDOWS\system32\Kaspersky Lab
            2008-03-03 21:59 . 2008-03-03 21:59 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
            2008-03-03 19:06 . 2008-01-04 18:59 <DIR> d--h-c--- C:\Documents and Settings\Administrator\Sjablonen
            2008-03-03 19:06 . 2008-01-04 19:14 <DIR> d--h-c--- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
            2008-03-03 19:06 . 2008-03-14 21:52 <DIR> d----c--- C:\Documents and Settings\Administrator\Mijn documenten
            2008-03-03 19:06 . 2008-01-04 19:14 <DIR> dr---c--- C:\Documents and Settings\Administrator\Menu Start
            2008-03-03 19:06 . 2008-01-04 19:14 <DIR> d----c--- C:\Documents and Settings\Administrator\Favorieten
            2008-03-03 19:06 . 2008-03-14 21:52 <DIR> d----c--- C:\Documents and Settings\Administrator\Bureaublad
            2008-03-03 17:36 . 2008-03-03 17:36 92 --a--c--- C:\WINDOWS\wininit.ini
            2008-03-03 16:38 . 2008-03-13 12:47 <DIR> d----c--- C:\Program Files\SpywareGuard
            2008-03-03 16:03 . 2008-03-03 16:05 <DIR> d----c--- C:\Program Files\SPYWAREfighter
            2008-03-03 01:35 . 2008-03-09 18:49 <DIR> d----c--- C:\WINDOWS\BDOSCAN8
            2008-03-02 15:01 . 2008-03-02 15:01 <DIR> dr---c--- C:\Documents and Settings\LocalService\Favorieten
            2008-03-02 14:36 . 2008-03-09 18:53 <DIR> d----c--- C:\Downloads
            2008-03-02 14:36 . 2008-03-02 14:37 <DIR> d----c--- C:\Documents and Settings\Jack\Application Data\GetRightToGo
            2008-02-21 15:38 . 2008-02-21 15:38 946,832 --a--c--- C:\WINDOWS\system32\_ISource30.dll
            2008-02-20 21:09 . 2008-02-20 21:09 <DIR> d----c--- C:\Program Files\Common Files\Adobe

            .
            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2008-03-15 11:32 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
            2008-03-15 00:37 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
            2008-03-15 00:35 --------- dc----w C:\Program Files\SpywareBlaster
            2008-03-14 19:06 --------- dc----w C:\Documents and Settings\Jack\Application Data\OpenOffice.org2
            2008-03-14 14:24 --------- dc----w C:\Program Files\Spyware Doctor
            2008-03-14 13:57 --------- dc----w C:\Documents and Settings\Jack\Application Data\Azureus
            2008-03-14 02:08 --------- dc----w C:\Program Files\Windows Media Connect 2
            2008-03-14 02:08 --------- dc----w C:\Program Files\DivX
            2008-03-14 01:01 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard
            2008-03-11 23:15 --------- dc----w C:\Program Files\Azureus
            2008-03-11 13:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\Grisoft
            2008-03-08 22:58 --------- dc----w C:\Documents and Settings\Jack\Application Data\.BitTornado
            2008-03-05 23:42 --------- dc----w C:\Program Files\eMule
            2008-03-03 18:54 --------- dc----w C:\Program Files\Logitech
            2008-03-03 18:54 --------- dc----w C:\Program Files\Common Files\Logitech
            2008-02-06 19:10 --------- dc----w C:\Program Files\Common Files\Raxco
            2008-02-06 19:08 --------- dc----w C:\Program Files\RAXCO
            2008-02-06 19:08 --------- dc----w C:\Documents and Settings\All Users\Application Data\Raxco
            2008-02-06 16:04 --------- dc----w C:\Program Files\Spybot - Search & Destroy
            2008-02-06 15:29 691,545 -c--a-w C:\WINDOWS\unins000.exe
            2008-01-25 23:52 --------- dc----w C:\Program Files\Microsoft Games
            2008-01-25 23:51 --------- dc----w C:\Program Files\DAEMON Tools Lite
            2008-01-25 23:34 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
            2008-01-22 14:11 127,034 -c----r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
            2008-01-22 14:11 --------- dc-h--w C:\Program Files\InstallShield Installation Information
            2008-01-22 13:20 --------- dc----w C:\Program Files\logitech Driver
            2008-01-22 11:37 0 -c-ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
            2008-01-20 00:23 22,328 -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
            2008-01-17 21:56 --------- dc----w C:\Program Files\Windows Live
            2008-01-17 20:49 --------- dc----w C:\Documents and Settings\All Users\Application Data\Lavasoft
            2008-01-17 20:40 --------- dc----w C:\Documents and Settings\Jack\Application Data\Lavasoft
            2008-01-15 14:30 --------- dc----w C:\Program Files\Common Files\LogiShared
            2008-01-15 14:30 --------- dc----w C:\Documents and Settings\Jack\Application Data\Logitech
            2008-01-15 14:30 --------- dc----w C:\Documents and Settings\Jack\Application Data\Leadertech
            2008-01-15 14:30 --------- dc----w C:\Documents and Settings\All Users\Application Data\Logitech
            2008-01-15 14:29 0 -c-ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
            2008-01-15 14:29 0 -c-ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
            2008-01-15 14:26 --------- dc----w C:\Documents and Settings\Jack\Application Data\InstallShield
            2008-01-15 14:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\LogiShrd
            2008-01-09 14:01 53,248 -c--a-w C:\WINDOWS\bdoscandel.exe
            .

            ((((((((((((((((((((((((((((( [email protected]_12.46.41,79 )))))))))))))))))))))))))))))))))))))))))
            .
            + 2000-08-31 07:00:00 163,328 -c--a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
            - 2008-03-15 11:02:12 60,114 ----a-w C:\WINDOWS\system32\perfc009.dat
            + 2008-03-15 16:07:22 60,114 ----a-w C:\WINDOWS\system32\perfc009.dat
            - 2008-03-15 11:02:12 79,094 ----a-w C:\WINDOWS\system32\perfc013.dat
            + 2008-03-15 16:07:22 79,094 ----a-w C:\WINDOWS\system32\perfc013.dat
            - 2008-03-15 11:02:12 397,894 ----a-w C:\WINDOWS\system32\perfh009.dat
            + 2008-03-15 16:07:22 397,894 ----a-w C:\WINDOWS\system32\perfh009.dat
            - 2008-03-15 11:02:12 462,386 ----a-w C:\WINDOWS\system32\perfh013.dat
            + 2008-03-15 16:07:23 462,386 ----a-w C:\WINDOWS\system32\perfh013.dat
            .
            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            REGEDIT4
            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
            "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 18:34 1289000]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-10 14:22 949376]
            "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-02-26 11:10 317072]
            "MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-04 13:00 160256]
            "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]

            [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
            "DisableLockWorkstation"= 0 (0x0)
            "DisableChangePassword"= 0 (0x0)

            [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
            "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
            C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk]
            backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
            backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech SetPoint.lnk]
            backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
            --a--c--- 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
            --a--c--- 2005-03-08 21:05 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
            --a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
            --a------ 2006-11-13 18:34 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
            C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
            --a--c--- 2004-08-04 13:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
            --a--c--- 2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
            --a--c--- 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
            --a--c--- 2008-01-07 21:02 495616 C:\Program Files\Winamp Remote\bin\OrbTray.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
            --a--c--- 2004-08-04 13:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
            --a--c--- 2004-08-04 13:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
            --a--c--- 2008-02-26 11:10 317072 C:\Program Files\SPAMfighter\SFAgent.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
            -rahsc--- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywarefighterguard]
            --a--c--- 2008-02-21 15:37 115344 C:\Program Files\SPYWAREfighter\spftray.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
            --a--c--- 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
            --a--c--- 2008-03-06 23:00 1046688 C:\Program Files\TrojanHunter 5.0\THGuard.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
            --a--c--- 2007-12-05 16:06 1885464 C:\Program Files\RegistryBooster 2\RegistryBooster.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
            --a--c--- 2007-12-07 09:42 9479448 C:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
            --a--c--- 2008-01-08 09:14 1260296 C:\Program Files\SpyEraser\SpyEraser.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
            --a--c--- 2008-01-15 23:54 37376 C:\Program Files\Winamp\winampa.exe

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
            "PDEngine"=3 (0x3)
            "PDAgent"=2 (0x2)
            "gusvc"=3 (0x3)
            "aawservice"=3 (0x3)

            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
            "%windir%\\system32\\sessmgr.exe"=
            "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
            "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
            "D:\\Program Files\\Shareaza\\Shareaza.exe"=
            "C:\\Program Files\\eMule\\emule.exe"=
            "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
            "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
            "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
            "C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
            "C:\\Program Files\\Azureus\\Azureus.exe"=
            "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
            "C:\\WINDOWS\\system32\\dpnsvr.exe"=
            "C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
            "D:\\Games\\live for speed\\LFS.exe"=
            "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
            "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
            "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
            "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
            "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

            R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-02-26 11:10]
            R2 UxTuneUp;TuneUp Designer-uitbreiding;C:\WINDOWS\System32\svchost.exe [2008-03-02 14:10]
            R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
            R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
            S1 tvtool;tvtool;C:\Program Files\TVTool 6.8\tvtool.sys
            S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 03:12]
            S3 SWUSBFLT;Microsoft SideWinder VIA Filterstuurprogramma;C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 22:02]

            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
            UxTuneUp

            .
            Inhoud van de 'Gedeelde Taken' map
            "2008-03-14 16:25:15 C:\WINDOWS\Tasks\Easy Onderhoud.job"
            - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
            "2008-03-14 14:32:21 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
            - C:\Program Files\SpyEraser\SpyEraser.exe
            "2008-03-15 16:16:07 C:\WINDOWS\Tasks\XoftSpySE 2.job"
            - C:\Program Files\XoftSpySE\XoftSpy.exe
            "2008-03-15 02:00:00 C:\WINDOWS\Tasks\XoftSpySE.job"
            - C:\Program Files\XoftSpySE\XoftSpy.exe
            .
            **************************************************************************

            catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2008-03-15 17:16:49
            Windows 5.1.2600 Service Pack 2 NTFS

            scannen van verborgen processen ...

            scannen van verborgen autostart items ...

            scannen van verborgen bestanden ...

            Scan succesvol afgerond
            verborgen bestanden: 0

            **************************************************************************
            .
            --------------------- DLLs Geladen Onder Lopende Processen ---------------------

            PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
            -> C:\Program Files\Eset\pr_imon.dll
            .
            ------------------------ Other Running Processes ------------------------
            .
            C:\WINDOWS\system32\Ati2evxx.exe
            C:\WINDOWS\system32\Ati2evxx.exe
            C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
            C:\Program Files\Eset\nod32krn.exe
            C:\WINDOWS\system32\msiexec.exe
            C:\PROGRA~1\MICROS~3\rapimgr.exe
            .
            **************************************************************************
            .
            Voltooingstijd: 2008-03-15 17:19:08 - machine was rebooted
            ComboFix-quarantined-files.txt 2008-03-15 16:19:04
            ComboFix2.txt 2008-03-15 11:47:08
            .
            2008-03-11 22:50:14 --- E O F ---

            Comment


            • #7
              Nu nog problemen?

              Comment


              • #8
                Hallo,

                Ik heb verschillende virus/spyware scanners laten draaien
                geen van allen vind iets

                Echter mijn AVG anti-rootkit vind steeds een nieuwe in windows/system/drivers.

                Start ik daarna opnieuw op, vind hij er weer 1
                maar nu weer een andere.....?

                Moet/mag ik deze verwijderen ? heb er inmiddels al 10 verwijderd


                B.V.D.



                Gr. Jack.
                Last edited by miejac; 15-03-08, 22:39. Reden: aanpassing !

                Comment


                • #9
                  Download F-Secure Blacklight:
                  • Plaats het op je Bureaublad.
                    Dubbelklik op blbeta.exe.
                    Klik op "I accept the agreement".
                    Klik op "Next".
                    Klik op "Scan" en als het programma klaar is klik je daarna op "Next".
                    Indien Blacklight iets vindt, zal het een lijst van bestanden weergeven.
                    Laat nog niks hernoemen.
                    Op je Bureaublad staat een bestand met de naam fsbl.xxxxxxx.log (de x-en staan voor getallen)
                    Dit is het logje dat Blacklight gemaakt heeft. Post het in je volgende antwoord a.u.b.

                  Comment


                  • #10
                    hier een nieuw logje maar weer


                    03/16/08 15:09:55 [Info]: BlackLight Engine 1.0.67 initialized
                    03/16/08 15:09:55 [Info]: OS: 5.1 build 2600 (Service Pack 2)
                    03/16/08 15:09:55 [Note]: 7019 4
                    03/16/08 15:09:55 [Note]: 7005 0
                    03/16/08 15:09:57 [Note]: 7006 0
                    03/16/08 15:09:57 [Note]: 7011 192
                    03/16/08 15:09:58 [Note]: 7026 0
                    03/16/08 15:09:58 [Note]: 7026 0
                    03/16/08 15:10:00 [Note]: FSRAW library version 1.7.1024
                    03/16/08 15:12:43 [Note]: 2000 1012
                    03/16/08 15:12:43 [Note]: 2000 1012
                    03/16/08 15:12:43 [Note]: 2000 1012
                    03/16/08 15:21:06 [Note]: 7007 0

                    Comment


                    • #11
                      Niets gevonden.

                      Download Malwarebytes' Anti-Malware op je bureaublad.
                      Dubbelklik mbam-setup.exe en kies voor "Next" om de tool te installeren.
                      Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
                      Druk daarna op "Finish".
                      Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
                      Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
                      Druk dan op de knop "Start Scan".
                      Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
                      Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
                      Als het programma je computer wil laten herstarten, sta je dit toe.
                      Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
                      Post deze log in je volgende bericht.

                      Comment


                      • #12
                        bedankt voor de snelle reacties,

                        deze heb ik al, en meerdere malen mee gescand.

                        Maar nu ineens een worm op d


                        Malwarebytes' Anti-Malware 1.08
                        Database versie: 495

                        Scan type: Volledige Scan (C:\|D:\|)
                        Objecten gescand: 121812
                        Verstreken tijd: 41 minute(s), 2 second(s)

                        Geheugenprocessen geïnfecteerd: 0
                        Geheugenmodulen geïnfecteerd: 0
                        Registersleutels geïnfecteerd: 0
                        Registerwaarden geïnfecteerd: 0
                        Registerdata bestanden geïnfecteerd: 0
                        Mappen geïnfecteerd: 0
                        Bestanden geïnfecteerd: 1

                        Geheugenprocessen geïnfecteerd:
                        (Geen kwaadaardige items gevonden)

                        Geheugenmodulen geïnfecteerd:
                        (Geen kwaadaardige items gevonden)

                        Registersleutels geïnfecteerd:
                        (Geen kwaadaardige items gevonden)

                        Registerwaarden geïnfecteerd:
                        (Geen kwaadaardige items gevonden)

                        Registerdata bestanden geïnfecteerd:
                        (Geen kwaadaardige items gevonden)

                        Mappen geïnfecteerd:
                        (Geen kwaadaardige items gevonden)

                        Bestanden geïnfecteerd:
                        D:\Software\RRT.exe (Worm.Sumom) -> Quarantined and deleted successfully.

                        Comment


                        • #13
                          Enig idee wat RRT.exe is?

                          Comment


                          • #14
                            Nou nee niet echt,
                            Ben gisteren wel bezig geweest met wat programmaatjes de downloaden
                            is iets van de laatste dagen in ieder geval

                            Heb RRT.exe bij google gezocht
                            kwam wel van alles tegen,

                            http://www.raymond.cc/blog/archives/2008/01/23/how-to-clean-and-remove-jambanmu-alman-or-almanahe-virus/nl/

                            http://windows.ittoolbox.com/groups/technical-functional/windows-xp-pro-l/c-regedit-1578245

                            http://www.runscanner.net/files/exe/rrt/rrt.exe.aspx



                            volgens mij heeft het hier mee te maken

                            WindowsXP-KB310994-SP2-Home-BootDisk-NLD,

                            die nu op mijn bureaublad staat.
                            sinds combofix zijn werk heeft gedaan
                            ik merk ook op dat er veel programma's zijn uitgeschakeld bij services






                            Gr. jack.
                            Last edited by miejac; 16-03-08, 22:56.

                            Comment


                            • #15
                              Het bestand: WindowsXP-KB310994-SP2-Home-BootDisk-NLD

                              dat komt doordat je tijdens het installeren van ComboFix ook de Herstel Console hebt geinstalleerd. Heeft dus niets te maken met RTT.exe.

                              Omdat het bestand RTT.exe op D:\Software staat, zou jij toch wel kunnen weten waar dit is gekomen.

                              Als AVG Rootkit steeds trojans blijft vinden, dan zijn er nog 2 opties:

                              1. De harddisk als slave in een andere PC plaatsen en dan scannen.

                              2. Alle belangrijke bestanden op een USB-disk copieren (inclusief de mail en favorieten) en dan Windows opnieuw installeren.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X