Beste,
Ik heb gisteren een virus binnengekregen (antivirus soft). Deze heb ik nu kunnen uninstallen, maar werkt mijn internet niet meer.
Kunnen jullie naar deze HiJackThis file kijken?
Alvast bedankt

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:10:32, on 16-5-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
D:\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Acronis True Image\TrueImageMonitor.exe
D:\Acronis True Image\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
D:\Adobe Reader\Reader\Reader_sl.exe
D:\Java 6\bin\jusched.exe
D:\BitDefender\BitDefender 2010\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\RoboForm\RoboTaskBarIcon.exe
D:\Logitech MX900\SetPoint\kem.exe
D:\LOGITECH MX900\SETPOINT\KHALMNPR.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
D:\Java 6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\wuauclt.exe
D:\BitDefender\BitDefender 2010\seccenter.exe
D:\Back Up\HiJackTHis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kiereweed.weblinks.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: (no name) - {0B1BC730-EB54-432E-A740-EA9CCF9F5808} - c:\windows\system32\ocwykxu.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java 6\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java 6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Java 6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\RoboForm\roboform.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - D:\BitDefender\BitDefender 2010\IEToolbar.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Acronis True Image\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Acronis True Image\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Adobe Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Java 6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "D:\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "D:\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RoboForm] "D:\RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [LDM] D:\Logitech MX900\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Logitech MX900\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Formulieren opslaan - file://D:\RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Invul Formulieren - file://D:\RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Menu aanpassen - file://D:\RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RoboForm Werkbalk - file://D:\RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\RoboForm\RoboFormComFillForms.html
O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v911/Navigram.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Java 6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - D:\BitDefender\BitDefender 2010\vsserv.exe
--
End of file - 10032 bytes

Probeer via een USB stick volgende op deze PC te krijgen:

Download MalwareBytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij: Update MalwareBytes' Anti-Malware Start MalwareBytes' Anti-MalwareKlik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden. Zodra het programma gestart is, ga dan naar het tabblad "Instellingen". Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware". Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan". Druk vervolgens op "Scannen" om de scan te starten. Het scannen kan een tijdje duren, dus wees geduldig. Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien. Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde". Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Plaats dit logje samen met een nieuw logje van HijackThis.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org (http://www.malwarebytes.org)
Databaseversie: 4107
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
17-5-2010 0:19:28
mbam-log-2010-05-17 (00-19-28).txt
Scantype: Snelle scan
Objecten gescand: 124582
Verstreken tijd: 15 minuut/minuten, 12 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
C:\WINDOWS\system32\drivers\kkgpq.sys (Rootkit.Agent) -> Delete on reboot.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:24:14, on 17-5-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
D:\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Acronis True Image\TrueImageMonitor.exe
D:\Acronis True Image\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
D:\Adobe Reader\Reader\Reader_sl.exe
D:\Java 6\bin\jusched.exe
D:\BitDefender\BitDefender 2010\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\RoboForm\RoboTaskBarIcon.exe
D:\Logitech MX900\SetPoint\kem.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\LOGITECH MX900\SETPOINT\KHALMNPR.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
D:\Java 6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
D:\BitDefender\BitDefender 2010\seccenter.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Back Up\HiJackTHis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kiereweed.weblinks.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: (no name) - {0B1BC730-EB54-432E-A740-EA9CCF9F5808} - c:\windows\system32\ocwykxu.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java 6\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java 6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Java 6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\RoboForm\roboform.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - D:\BitDefender\BitDefender 2010\IEToolbar.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Acronis True Image\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Acronis True Image\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Adobe Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Java 6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "D:\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "D:\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RoboForm] "D:\RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [LDM] D:\Logitech MX900\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Logitech MX900\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Formulieren opslaan - file://D:\RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Invul Formulieren - file://D:\RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Menu aanpassen - file://D:\RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RoboForm Werkbalk - file://D:\RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\RoboForm\RoboFormComFillForms.html
O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v911/Navigram.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Java 6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - D:\BitDefender\BitDefender 2010\vsserv.exe
--
End of file - 10031 bytes

Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad en gebruik het volgens deze handleiding (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden).
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! Dubbelklik op Combofix.exe om het te starten. Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate. Klik op OK in het "NirCmd" venstertje. Klik na afloop terug op Ja om het scannen op malware te starten. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.Post dit logje in je volgende antwoord

ComboFix 10-05-16.02 - Kiereweed 17-05-2010 21:31:25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1006.676 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\driVERs\kkgpq.sys
c:\windows\system32\drivers\qptrjink.sys
c:\windows\system32\drivers\yzhrokoa.sys
c:\windows\system32\ffaxxzu.dll
c:\windows\system32\ocwykxu.dll
c:\windows\system32\Vb40032.dll
Besmet exemplaar van c:\windows\system32\drivers\serial.sys werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AOXTJPQL
-------\Legacy_YZHROKOA
-------\Service_aoxtjpql
-------\Service_yzhrokoa
-------\Legacy_kkgpq
-------\Service_kkgpq

(((((((((((((((((((( Bestanden Gemaakt van 2010-04-17 to 2010-05-17 ))))))))))))))))))))))))))))))
.
2010-05-16 21:54 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-16 21:54 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-15 22:10 . 2010-05-15 22:10 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-05-15 22:10 . 2010-05-15 22:10 16 ----a-w- c:\windows\system32\asdict.dat
2010-05-15 21:09 . 2010-05-15 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-05-15 21:09 . 2010-05-15 21:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitDefender
2010-05-15 20:37 . 2010-05-15 21:10 -------- d-----w- c:\program files\Common Files\BitDefender
2010-05-15 20:34 . 2010-05-15 20:34 389120 ---ha-w- C:\SZKGFS.dat
2010-05-15 19:27 . 2010-05-15 19:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-15 19:27 . 2010-05-15 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-15 18:01 . 2010-05-15 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-05-15 18:00 . 2010-05-15 18:00 -------- d-----w- c:\program files\Common Files\iS3
2010-05-15 18:00 . 2010-05-16 10:32 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-05-15 07:46 . 2010-05-15 07:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\FEF5627B56F3E491CB4D1D9BA962C97B
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-05-16 10:34 . 2009-06-15 18:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-05-16 10:31 . 2010-05-16 10:28 1264 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-05-15 22:04 . 2010-01-04 17:41 111312 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2010-05-15 21:32 . 2009-06-18 07:05 -------- d-----w- c:\program files\Common Files\Met
2010-05-12 01:01 . 2009-06-15 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-02 10:47 . 2010-03-31 15:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Belastingdienst
2010-04-19 17:20 . 2009-06-15 13:42 68920 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-14 18:10 . 2010-02-13 18:44 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-29 07:42 . 2001-09-07 12:00 87302 ----a-w- c:\windows\system32\perfc013.dat
2010-03-29 07:42 . 2001-09-07 12:00 502182 ----a-w- c:\windows\system32\perfh013.dat
2010-03-10 06:17 . 2008-04-14 20:32 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:20 . 2008-04-14 20:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-13 22:47 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 12:58 . 2010-02-22 12:58 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-30 1182088]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-30 09:40 1182088 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-30 1182088]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-30 1182088]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"RoboForm"="d:\roboform\RoboTaskBarIcon.exe" [2009-08-05 160592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"TrueImageMonitor.exe"="d:\acronis true image\TrueImageMonitor.exe" [2008-04-09 2595792]
"AcronisTimounterMonitor"="d:\acronis true image\TimounterMonitor.exe" [2008-04-09 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-09 136472]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2003-09-19 25088]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"Adobe Reader Speed Launcher"="d:\adobe reader\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="d:\java 6\bin\jusched.exe" [2010-02-13 136600]
"BDAgent"="d:\bitdefender\BitDefender 2010\bdagent.exe" [2010-03-18 1123360]
"BitDefender Antiphishing Helper"="d:\bitdefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Logitech Desktop Messenger.lnk - d:\logitech mx900\Desktop Messenger\8876480\Program\LDMConf.exe [2009-7-6 169472]
Logitech SetPoint.lnk - d:\logitech mx900\SetPoint\kem.exe [2009-7-6 454656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTServ]
2003-10-08 23:02 1064960 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTServ.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"=
"d:\\UTorrent\\uTorrent.exe"=
"d:\\Back Up\\UTorrent 1.8.3\\utorrent.exe"=
R2 BDVEDISK;BDVEDISK;d:\bitdefender\BitDefender 2010\bdvedisk.sys [19-1-2010 19:32 85128]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [3-2-2010 13:57 153448]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [4-1-2010 19:41 111312]
R3 LHidPPKE;Logitech SetPoint HID Function Driver;c:\windows\system32\drivers\LHidPPKE.Sys [15-6-2009 23:12 22536]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [19-10-2009 17:06 183880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Inhoud van de 'Gedeelde Taken' map
2010-05-17 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
2010-05-17 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-09-30 09:40]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://kiereweed.weblinks.nl/
uInternet Settings,ProxyOverride = <local>
IE: E&xporteren naar Microsoft Excel - d:\micros~1\Office12\EXCEL.EXE/3000
IE: Formulieren opslaan - file://d:\roboform\RoboFormComSavePass.html
IE: Invul Formulieren - file://d:\roboform\RoboFormComFillForms.html
IE: Menu aanpassen - file://d:\roboform\RoboFormComCustomizeIEMenu.html
IE: RoboForm Werkbalk - file://d:\roboform\RoboFormComShowToolbar.html
IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v911/Navigram.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yqxm0tjo.default\
FF - prefs.js: browser.startup.homepage - hxxp://kiereweed.weblinks.nl/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS VERWIJDERD - - - -
ShellIconOverlayIdentifiers-{0B1BC730-EB54-432E-A740-EA9CCF9F5808} - (no file)
HKCU-Run-LDM - d:\logitech mx900\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-17 21:40
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-117609710-776561741-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,97,09,22 ,78,64,84,ec,43,a1,8b,f6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,97,09,22 ,78,64,84,ec,43,a1,8b,f6,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(1388)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Logitech\Bluetooth\lbtserv.dll
c:\program files\Common Files\Logitech\Bluetooth\lbtintw.dll
c:\windows\system32\BtCoreIf.dll
- - - - - - - > 'lsass.exe'(1444)
c:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(3812)
d:\logitech mx900\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
d:\java 6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\Windows Media Player\WMPNetwk.exe
d:\logitech mx900\SETPOINT\KHALMNPR.EXE
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Voltooingstijd: 2010-05-17 21:45:47 - machine werd herstart
ComboFix-quarantined-files.txt 2010-05-17 19:45
Pre-Run: 13.544.521.728 bytes beschikbaar
Post-Run: 18.948.222.976 bytes beschikbaar
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 673868BF0CB93F16A64ABE346697FFAB

Open een kladblokbestand.
Kopieer het ondestaande vetgedrukte, en plak dit in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt

File::
c:\windows\system32\drivers\kgpcpy.cfg


Folder::
c:\program files\Ask.com



Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.

ComboFix 10-05-16.02 - Kiereweed 17-05-2010 22:42:32.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1006.579 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FILE ::
"c:\windows\system32\drivers\kgpcpy.cfg"
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\system32\drivers\kgpcpy.cfg
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-04-17 to 2010-05-17 ))))))))))))))))))))))))))))))
.
2010-05-17 20:37 . 2010-05-17 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-05-16 21:54 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-16 21:54 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-15 22:10 . 2010-05-15 22:10 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-05-15 22:10 . 2010-05-15 22:10 16 ----a-w- c:\windows\system32\asdict.dat
2010-05-15 21:09 . 2010-05-15 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-05-15 21:09 . 2010-05-15 21:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitDefender
2010-05-15 20:37 . 2010-05-15 21:10 -------- d-----w- c:\program files\Common Files\BitDefender
2010-05-15 20:34 . 2010-05-15 20:34 389120 ---ha-w- C:\SZKGFS.dat
2010-05-15 19:27 . 2010-05-15 19:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-15 19:27 . 2010-05-15 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-15 18:01 . 2010-05-15 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-05-15 18:00 . 2010-05-15 18:00 -------- d-----w- c:\program files\Common Files\iS3
2010-05-15 18:00 . 2010-05-16 10:32 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-05-15 07:46 . 2010-05-15 07:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\FEF5627B56F3E491CB4D1D9BA962C97B
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-05-16 10:34 . 2009-06-15 18:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-05-15 22:04 . 2010-01-04 17:41 111312 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2010-05-15 21:32 . 2009-06-18 07:05 -------- d-----w- c:\program files\Common Files\Met
2010-05-12 01:01 . 2009-06-15 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-02 10:47 . 2010-03-31 15:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Belastingdienst
2010-04-19 17:20 . 2009-06-15 13:42 68920 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-14 18:10 . 2010-02-13 18:44 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-29 07:42 . 2001-09-07 12:00 87302 ----a-w- c:\windows\system32\perfc013.dat
2010-03-29 07:42 . 2001-09-07 12:00 502182 ----a-w- c:\windows\system32\perfh013.dat
2010-03-10 06:17 . 2008-04-14 20:32 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:20 . 2008-04-14 20:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-13 22:47 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 12:58 . 2010-02-22 12:58 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"RoboForm"="d:\roboform\RoboTaskBarIcon.exe" [2009-08-05 160592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"TrueImageMonitor.exe"="d:\acronis true image\TrueImageMonitor.exe" [2008-04-09 2595792]
"AcronisTimounterMonitor"="d:\acronis true image\TimounterMonitor.exe" [2008-04-09 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-09 136472]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2003-09-19 25088]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"Adobe Reader Speed Launcher"="d:\adobe reader\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="d:\java 6\bin\jusched.exe" [2010-02-13 136600]
"BDAgent"="d:\bitdefender\BitDefender 2010\bdagent.exe" [2010-03-18 1123360]
"BitDefender Antiphishing Helper"="d:\bitdefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Logitech Desktop Messenger.lnk - d:\logitech mx900\Desktop Messenger\8876480\Program\LDMConf.exe [2009-7-6 169472]
Logitech SetPoint.lnk - d:\logitech mx900\SetPoint\kem.exe [2009-7-6 454656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTServ]
2003-10-08 23:02 1064960 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTServ.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"=
"d:\\UTorrent\\uTorrent.exe"=
"d:\\Back Up\\UTorrent 1.8.3\\utorrent.exe"=
R2 BDVEDISK;BDVEDISK;d:\bitdefender\BitDefender 2010\bdvedisk.sys [19-1-2010 19:32 85128]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [3-2-2010 13:57 153448]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [4-1-2010 19:41 111312]
R3 LHidPPKE;Logitech SetPoint HID Function Driver;c:\windows\system32\drivers\LHidPPKE.Sys [15-6-2009 23:12 22536]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [19-10-2009 17:06 183880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Inhoud van de 'Gedeelde Taken' map
2010-05-17 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://kiereweed.weblinks.nl/
uInternet Settings,ProxyOverride = <local>
IE: E&xporteren naar Microsoft Excel - d:\micros~1\Office12\EXCEL.EXE/3000
IE: Formulieren opslaan - file://d:\roboform\RoboFormComSavePass.html
IE: Invul Formulieren - file://d:\roboform\RoboFormComFillForms.html
IE: Menu aanpassen - file://d:\roboform\RoboFormComCustomizeIEMenu.html
IE: RoboForm Werkbalk - file://d:\roboform\RoboFormComShowToolbar.html
IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v911/Navigram.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yqxm0tjo.default\
FF - prefs.js: browser.startup.homepage - hxxp://kiereweed.weblinks.nl/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS VERWIJDERD - - - -
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-17 22:46
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-117609710-776561741-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,97,09,22 ,78,64,84,ec,43,a1,8b,f6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,97,09,22 ,78,64,84,ec,43,a1,8b,f6,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(1388)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Logitech\Bluetooth\lbtserv.dll
c:\program files\Common Files\Logitech\Bluetooth\lbtintw.dll
c:\windows\system32\BtCoreIf.dll
- - - - - - - > 'lsass.exe'(1444)
c:\windows\system32\relog_ap.dll
.
Voltooingstijd: 2010-05-17 22:47:47
ComboFix-quarantined-files.txt 2010-05-17 20:47
ComboFix2.txt 2010-05-17 19:45
Pre-Run: 18.951.577.600 bytes beschikbaar
Post-Run: 18.941.071.360 bytes beschikbaar
- - End Of File - - F122102D1B7DEC971B382363C5F0612F

Nog problemen nu?

Echt helemaal goed..........

Enorm bedankt..... !!!!

Trouwens.... ik probeer op de afbeelding "Malware Complaints" te klikken, maar er gebeurd niets? :-(

Echt helemaal goed..........

Enorm bedankt..... !!!!

Trouwens.... ik probeer op de afbeelding "Malware Complaints" te klikken, maar er gebeurd niets? :-(

Goed om horen!! Het klopt wat de afbeeldiing betreft, de link is verwijder!!

Ga naar Start - Uitvoeren
en Geef hier het volgende in: Combofix /Uninstall
Druk daarna op OK.
Als het goed is krijg je dan een melding dat Combofix verwijderd werd.

Voorbeeld:

http://home.kpn.nl/stefsmeenk/CFUninstall.PNG

Uitvoeren kan ook gestart worden door de toetsencombinatie http://home.kpn.nl/stefsmeenk/W+R.jpg