PDA

View Full Version : Spam vanuit me Hotmail-adres


anoniem21888
18 November 2007, 11:21
Hoi

Ik heb een probleem sinds donderdag. Sindsdien wordt vanuit mijn hotmail adres spam verstuurd. Ik heb gelijk mijn wachtwoord veranderd en gelijk alles gescand op virusen. Wachtwoord is volgens hotmail erg sterk madat ik heb heb veranderd.
Ik heb met AVG gescand (staat op me comp) en met de online scanner van Kaspersky waar hij geen virusen vond.

Toen heb ik ook met AVG anti-spyware gescand en heeft hij dingen gevonden. Nu dacht ik dat hij deze verwijderd had, niet dus. Dus even Ad-Aware gedownd en gescand. 177 dingen gevonden en verwijderd.
Toen heb ik Spybot-search & Destroy geinstaleerd en die heeft ook nog eens 4 dingen gevonden. Ik heb op repareer problemen geklikt maar helaas. De 4 zijn :
-B-Fast
-DoubleClick
-Tradedoubler
-Web Trend Live
Vanochtend kwam ik er weer achter dat het helemaal niets heeft geholpen.

Wat kan ik hieraan doen ? Een nieuwe Acount nemen met het risico dat het weer mis gaat ? Of iets anders?

Wat kan ik nog anders doen ?

anoniem15208
18 November 2007, 11:28
Een Hijack This logje misschien? http://www.wurksjops.nl/wurksjops/hijackthis/

anoniem21888
18 November 2007, 11:34
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:20, on 18-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SPAMfighter\SFAgent.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\ATKKBService.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191942822859
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

--
End of file - 9839 bytes

anoniem15208
18 November 2007, 11:57
Je log is schoon,maar dat wil nog niets zeggen
Plaats het log van ComboFix

Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad.
Dubbelklik op Combofix.exe
Kies voor "Continue" door 1 te typen gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats de inhoud van combofix.txt in dit Forum

anoniem21888
18 November 2007, 12:07
Je link combofix is niet helemaal juist. Maar als ik heb download en combofix komt op me buroblad, en ik dubbelklik erop start hij het prog.
Dan komt hij met een venster :

Stopgezet - 07-11-08.1 (tekst in blauwe balk )

In grijs:
Huidige datum is zo 18-11-2007. Deze versie van comboFix is verouderd.
Verwijder deze versie eertst vooraleer je de laatste versie downloadt.

----

Ik kan me niet herineren dat ik dit ooit eerder heb gedaan ?

anoniem15208
18 November 2007, 12:27
ComboFix verwijderen
Start>Uitvoeren type/kop´eer daar in: ComboFix /u OK

De Link klopte inderdaad niet ComboFix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

anoniem21888
18 November 2007, 12:36
CombiFix is verwijderd.
Zelfde probleem dat hij wordt stop gezet. omdat hij verouderd is. Vaag

Nu goede link.

Waarom heb ik dit nu weer ?


Edit :
Omdat ComboFix het niet deed heb ik even gegoogeld en kwam op deze site uit :
http://users.telenet.be/marcvn/spyware/1513333.htm

Op deze site heb ik VundoFix gebruikt en gescand.
Alles gescand en niets gevonden zie dit :


VundoFix V6.6.2

Checking Java version...

Scan started at 13:00:12 18-11-2007
Listing files found while scanning....
No infected files were found.

Beginning removal...

anoniem15208
18 November 2007, 15:47
Download DSS (http://deckard.geekstogo.com/dss.exe) naar je Bureaublad
Dubbelklik dss.exe
Kop´eer de inhoud van C:/main.txt in je volgende bericht

anoniem21888
18 November 2007, 16:20
Deckard's System Scanner v20071014.68
Run by Gebruiker on 2007-11-18 16:18:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Gebruiker.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:23, on 18-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SPAMfighter\SFAgent.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\ATKKBService.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gebruiker\Bureaublad\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\GEBRUI~1.EXE

anoniem21888
18 November 2007, 16:21
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191942822859
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

--
End of file - 9883 bytes

anoniem21888
18 November 2007, 16:21
-- Files created between 2007-10-18 and 2007-11-18 -----------------------------

2007-11-18 13:00:12 0 d-------- C:\VundoFix Backups
2007-11-18 11:32:53 0 d-------- C:\Program Files\Trend Micro
2007-11-17 18:45:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Hema Album Software Advanced
2007-11-17 16:48:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-17 16:13:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-17 16:13:10 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-15 20:00:08 0 d-------- C:\Documents and Settings\Gebruiker\Application Data\Grisoft
2007-11-14 20:08:17 0 d-------- C:\Documents and Settings\Gebruiker\Application Data\Syntrillium
2007-11-07 20:19:11 0 d-------- C:\Documents and Settings\Gebruiker\Application Data\Nokia Multimedia Player
2007-11-05 17:50:52 0 d-------- C:\Documents and Settings\Gebruiker\Application Data\Datalayer
2007-11-05 17:50:51 0 d-------- C:\Documents and Settings\Gebruiker\Phone Browser
2007-11-05 17:50:24 0 d-------- C:\Documents and Settings\Gebruiker\Application Data\Nokia
2007-11-05 17:44:52 0 d-------- C:\Program Files\DIFX
2007-11-05 17:44:35 0 d-------- C:\Program Files\Common Files\Nokia
2007-11-05 17:44:26 0 d-------- C:\Documents and Settings\Gebruiker\Application Data\PC Suite
2007-11-05 17:44:26 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-11-05 17:44:24 0 d-------- C:\Program Files\Common Files\PCSuite
2007-11-05 17:44:19 0 d-------- C:\Program Files\Nokia
2007-11-05 17:44:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-10-29 16:47:23 0 d-------- C:\Program Files\Common Files\Ankiro
2007-10-29 16:47:20 0 d-------- C:\Program Files\Common Files\Application
2007-10-29 16:47:17 0 d-------- C:\Program Files\SPAMfighter
2007-10-28 22:30:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Games
2007-10-23 18:54:55 0 d-------- C:\Documents and Settings\Gebruiker\Application Data\Canon
2007-10-23 18:34:19 0 d-------- C:\Documents and Settings\Gebruiker\Application Data\ZoomBrowser EX
2007-10-23 18:28:30 0 d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-10-23 18:28:19 0 d-------- C:\Program Files\Canon
2007-10-23 18:26:10 0 d-------- C:\Program Files\Common Files\Canon
2007-10-21 10:41:32 0 d-------- C:\Program Files\Windows Defender
2007-10-21 10:12:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-21 10:12:24 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-20 12:39:56 0 d-------- C:\Documents and Settings\Gebruiker\.lincity


-- Find3M Report ---------------------------------------------------------------

2007-11-17 18:55:54 0 d-------- C:\Program Files\Kruidvat - Fotoservice
2007-11-17 18:45:18 0 d-------- C:\Program Files\Hema Album Software Advanced
2007-11-17 13:37:40 0 d-------- C:\Documents and Settings\Gebruiker\Application Data\LimeWire
2007-11-10 15:33:25 2515 --a------ C:\Documents and Settings\Gebruiker\Application Data\NMM-MetaData.db
2007-11-05 17:44:35 0 d-------- C:\Program Files\Common Files
2007-10-28 22:30:08 0 d-------- C:\Documents and Settings\Gebruiker\Application Data\Microsoft Games
2007-10-28 22:21:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-28 09:31:30 364644 --a------ C:\WINDOWS\system32\perfh013.dat
2007-10-28 09:31:30 53652 --a------ C:\WINDOWS\system32\perfc013.dat
2007-10-23 18:34:34 0 d-------- C:\Documents and Settings\Gebruiker\Application Data\AVG7
2007-10-17 17:45:44 0 d-------- C:\Program Files\Google
2007-10-17 13:18:16 0 d-------- C:\Program Files\Microsoft Games
2007-10-13 15:18:46 0 d-------- C:\Program Files\Apple Software Update
2007-10-10 15:54:45 0 d-------- C:\Program Files\Java
2007-10-05 23:15:53 0 d-------- C:\Documents and Settings\Gebruiker\Application Data\Jasc Software Inc
2007-09-27 16:38:17 0 d-------- C:\Program Files\Deen
2007-09-09 20:26:36 10 --a------ C:\WINDOWS\popcinfo.dat
2007-08-25 11:29:31 12342521 -----n--- C:\avg7qt.dat
2007-08-24 18:45:19 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-08-24 18:45:19 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2007-08-20 19:02:25 2516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-20 19:01:27 8 -r-hs---- C:\WINDOWS\system32\86F09676B6.sys


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [27-10-2004 14:21 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [18-05-2005 09:00]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [26-07-2005 08:54]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10-05-2007 23:03]
"nwiz"="nwiz.exe" [10-05-2007 23:03 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10-05-2007 23:03]
"ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [01-06-2007 08:37]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [31-10-2005 09:51]
"P17Helper"="P17.dll" [03-05-2005 18:38 C:\WINDOWS\system32\P17.DLL]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [11-05-2000 00:00]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [09-01-2006 03:43]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12-01-2006 14:40]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [24-10-2007 08:37]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 00:11]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10-10-2007 19:51]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [29-06-2007 05:24]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03-11-2006 18:20]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [25-10-2007 15:29]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [15-06-2006 12:36]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11-06-2007 10:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02-03-2006 13:00]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [02-12-2004 17:23]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19-01-2007 11:54]
"Picasa Media Detector"="D:\Program Files\Picasa2\PicasaMediaDetector.exe" [28-09-2007 02:17]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [27-06-2006 16:21]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31-08-2007 16:46]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2007-11-18 16:18:40 ------------

anoniem14733
18 November 2007, 18:56
Misschien zoeken jullie te diep?
Neem gewoon eens zo'n emailtje wat verzonden is door jouw hotmail adres. Ga dan eens in de headers kijken of het inderdaad wel afkomstig is van jouw hotmail adres of dat dit gespoofed is, want dat kan namelijk ook het geval zijn.

anoniem21888
18 November 2007, 20:02
De mail komt wel dergelijk uit me hotmail adres. Er staat duidelijk in de mail dat ik de afzender ben met het hotmail adres.

En wat bedoel je met : gespoofed

Wat me nu ook opvalt is dat ik sinds vanavond een beveiligings melding krijg.
Dat ik een beveiligde internet verbinding ga verlaten als ik naar me postvak in ga van Hotmail.

anoniem21888
18 November 2007, 20:42
Mijn vriendin herinderde mij nog even fijn dat ze een virus had geopend in MSN. Misschien dat dat er nog iets te maken heeft ? Dat was ergens in de buurt van 23 Augustus dit jaar.
Het ging om de virus : C005_jpg.zip. die ze had geopend in MSN.

Ik heb met AVG hem eruit gehaald. Tenminste dat denk ik nu. Maar begin nu te twijvelen. Kan dat er nog mee te maken hebben ?

Edit : De verzonden spam mails is ook opgeslagen in verzonden bestanden.

anoniem15208
19 November 2007, 01:07
Controleer het volgende bestand eens bij VirusTotal (http://www.virustotal.com/en/indexf.html) of jotti (http://virusscan.jotti.org/)

C:\WINDOWS\system32\86F09676B6.sys

Stand alone DrWeb (http://online.drweb.com/)
Stand alone Kaspersky (http://www.kaspersky.com/scanforvirus/)

anoniem14733
19 November 2007, 01:26
Er staat duidelijk in de mail dat ik de afzender ben met het hotmail adres.
Dat begreep ik ook wel, maar dat wil dus niet perse iets zeggen, daarom schreef ik ook dat je eens naar de headers moet kijken van de mail.
Gespoofed betekent namelijk dat er inderdaad wel in het "van" veld jouw hotmail.com email adres staat, maar in de headers zie je dan veelal dat het helemaal niet van jouw ip adres afkomstig is.
Spammers maken hier veelal gebruik van. Voor mij is het ook een koud kunstje om iemand een email te sturen en te doen alsof een ander het geschreven heeft.

Ik lees nu echter dat hij ook bij "verzonden bestanden" opgeslagen is, hetgeen gebeurt indien het vanaf jouw systeem verzonden is. In dat geval is er van spoofing geen sprake en moet er toch nog een virus of trojan actief zijn op je pc.
Je mag mijn antwoorden dus verder vergeten want dat is hier niet van toepassing.

anoniem24424
20 November 2007, 12:48
heel merkwaardig want er is niet echt iets te vinden .


Download: RVAXO.exe (http://home.hetnet.nl/~stefsmeenk/RVAXO.exe)
Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.
Je kunt het programma laten uitpakken naar je bureaublad.
Open nu de map RVAXO op je bureaublad en dubbelklik RVAXO.cmd
Er zal een schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze zijn werk doen.
Daarna zal je PC herstarten, na de herstart opent het venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent.
Deze is eventueel ook hier te vinden: C:\RVAXO-results.log
Post de inhoud in je volgende bericht tesamen met een nieuw logje van HijackThis.

Herstarte je PC niet?

Laat RVAXO nog een keer lopen en post dan het nieuwe logje: C:\rvaxo-results.log

anoniem14733
20 November 2007, 16:25
Post eventueel toch eens de headers van die email, misschien is er toch op een of andere manier iets uit op te maken.

anoniem21888
22 November 2007, 20:38
RVAXO gedaan :

-------RVAXO.exe first run----
Files found:
C:\WINDOWS\exploeee.exe
Uninstallers Rogue scanners:
Folders Found:
Hosts-file was reset, If you use a custom hosts file please replace it...
--------------RVAXO.exe last run---------------
Files found:

Folders Found:

--------------RVAXO.exe finished----------------

En gelijk even hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:33, on 22-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SPAMfighter\SFAgent.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191942822859
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

--
End of file - 9504 bytes

Ik heb gekeken en gevraagd aan vrienden of ze nog spam kregen van me. En gelukkig is dat niet het geval. Maar ik blijf het vaag vinden dit.

anoniem21888
22 November 2007, 20:45
Dit is de tekst uit de mail die ik auto terug kreeg :

This is an automatically generated Delivery Status Notification. Unable to deliver message to the following recipients, due to being unable to connect successfully to the destination mail server. brupup@quicknet.com
--Doorgestuurd bericht in de bijlage--
From: Mij mailadres
To: Dan stond hier de mail adressen die hij doorstuurde.
Subject: Hi
Date: Thu, 15 Nov 2007 14:13:22 +0100






Dear Sir/Madam,
We are an electronic products wholesale .Our products are of high quality and low price. If you want to do business , we can offer you the most reasonable discount to make you get more profits. We are expecting for your business.
Please visit our website< stwoxy.com >
Looking forward to your contact and long cooperation with us!
MSN or E-mail: stwoxyi@hotmail.com
Our mainly products such the phones, PSP, display TV, notebook, video, computers, Mp4, GPS, xbox 360, digital cameras and so on.
Welcome to visit our website!

anoniem13724
22 November 2007, 21:12
dit is het bericht terug gestuurt door een smtp server die het bericht niet in een inbox kon krijgen

we zoeken juist de kop gegevens van een verstuurde email

anoniem21888
22 November 2007, 21:50
Ik zal morgen wel even een screen maken van de mail die in de mailbos is geplaatst.

anoniem14733
23 November 2007, 00:00
Nee niet de mail zelf, kijk even bij de eigenschappen van het bericht en dan bron kiezen.
Hoe dat moet in hotmail als je via de browser inlogt weet ik echter niet.

anoniem21888
24 November 2007, 15:05
Dat ik daadwerkelijk nu een virus hebt is me nu duidelijk geworen. Op verzoek heb ik nu via panda security online scan gedaan en het resultaat zie je hier onder :

http://img221.imageshack.us/img221/1619/pandascan1px1.jpg (http://imageshack.us)

en AVG geeft nu dit aan :
http://img221.imageshack.us/img221/8405/avgscanhq0.jpg (http://imageshack.us)


Oke en toen ?
AVG blijkt dit dus niet op te lossen. Wie kan me helpen ?
Blijkbaar 3 rootkits waarvan ik bijna zeker weet dat het voor me Hotmail dus is.

anoniem14733
24 November 2007, 18:03
Het is hacking tools OF rootkits. Rootkits doen nog veel meer, daarmee kunnen mensen zelfs je pc overnemen en da's veel erger.
Misschien heb je last van zo'n hidden rootkit die niet gemakkelijk door de normale anti-spyware zaken wordt opgemerkt.
Je zou eens kunnen proberen te scannen met The Cleaner. Deze is maar 30 dagen te gebruiken, wel eerst updaten en dan aanzetten dat hij alle bestanden scant, ook "packed files" of "packed executables".
Misschien dat anderen ook nog goede rootkit scanners weten die redelijk eenvoudig te bedienen zijn.

Ik zie dat ook je hosts file gewijzigd is, kun je eens kijken wat daar in staat vermeld momenteel?

anoniem21888
25 November 2007, 11:24
Ik heb de scan gedaan en er komt niets uit helaas.

http://img518.imageshack.us/img518/5013/thecleanerscanfo1.jpg (http://imageshack.us)
http://img518.imageshack.us/img518/5013/thecleanerscanfo1.dc8fcab6bb.jpg (http://g.imageshack.us/g.php?h=518&i=thecleanerscanfo1.jpg)

anoniem24526
25 November 2007, 13:11
Open je hosts file eens in /system32/drivers/etc met kladblok en laat hier eens eens screenshot daarvan zien.

anoniem15208
25 November 2007, 13:25
Scan je pc met de Online scanner van F-Secure hier zit ook een Rootkitscanner (http://support.f-secure.com/enu/home/ols.shtml) in
Om je Hostsfile weer goed te krijgen
Download HostsXpert 4 (http://www.funkytoad.com/download/HostsXpert.zip)
- Unzip het programma
- Dubbelklik het om het te runnen
- Klik op 'Restore Original Hosts'
- Klik op 'OK'
- Sluit het programma af.

anoniem21888
25 November 2007, 15:29
Ik heb gescand met F-Secure en hier de resultaten :

Scanning Report
Sunday, November 25, 2007 14:42:00 - 15:25:47

Computer name: GEBRUIKE-48DF68
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ R:\ S:\
Result: 16 malware found
Tracking Cookie (spyware)

* System (Disinfected)
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System

Statistics
Scanned:

* Files: 31122
* System: 4454
* Not scanned: 3

Actions:

* Disinfected: 1
* Renamed: 0
* Deleted: 0
* None: 15
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{29D32B C5-B24D-4746-8DE6-9400013A27A6}.BIN

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2007-11-23
* F-Secure AVP: 7.0.171, 2007-11-24
* F-Secure Orion: 1.2.37, 2007-11-23
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 2007-11-21
* F-Secure Pegasus: 1.19.0, 2007-10-22

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
* Use Advanced heuristics

---------
De log van hosts in : C:\WINDOWS\system32\drivers\etc
Het enige wat er in staat is :

127.0.0.1 localhost

anoniem24424
25 November 2007, 16:31
Probeer dit even aub.

( mocht je al eens combofix gedaan hebt doe dan onderstaande.
Verwijder ComboFix via Start > Uitvoeren, kopiŰer en plak Combofix /U, kies optie 2 en Enter. )

Download opnieuw Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad.
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis log.

anoniem21888
25 November 2007, 17:51
ComboFix 07-11-19.3 - Gebruiker 2007-11-25 17:44:39.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.1399 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Gebruiker\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2007-10-25 to 2007-11-25 ))))))))))))))))))))))))))))))
.

2007-11-25 14:41 <DIR> d-------- C:\WINDOWS\LastGood
2007-11-24 19:18 <DIR> d-------- C:\Program Files\The Cleaner Free
2007-11-24 19:18 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2007-11-24 19:13 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2007-11-24 19:12 286,720 --------- C:\WINDOWS\Setup1.exe
2007-11-24 19:12 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-11-24 14:05 0 --a------ C:\WINDOWS\system32\asfiles.txt
2007-11-18 20:19 <DIR> d-------- C:\Temp
2007-11-18 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-11-18 16:16 <DIR> d-------- C:\Deckard
2007-11-18 13:00 <DIR> d-------- C:\VundoFix Backups
2007-11-18 11:32 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-17 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hema Album Software Advanced
2007-11-17 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-17 16:13 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-17 16:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-15 20:00 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\Grisoft
2007-11-15 20:00 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-14 20:08 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\Syntrillium
2007-11-07 20:19 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\Nokia Multimedia Player
2007-11-05 17:50 <DIR> d-------- C:\Documents and Settings\Gebruiker\Phone Browser
2007-11-05 17:50 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\Nokia
2007-11-05 17:50 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\Datalayer
2007-11-05 17:44 <DIR> d-------- C:\Program Files\Nokia
2007-11-05 17:44 <DIR> d-------- C:\Program Files\DIFX
2007-11-05 17:44 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-11-05 17:44 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-11-05 17:44 <DIR> d-------- C:\Documents and Settings\Gebruiker\Application Data\PC Suite
2007-11-05 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-11-05 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-11-05 17:44 127,488 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-11-05 17:44 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-11-05 17:44 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-11-05 17:44 8,704 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-10-29 16:47 <DIR> d-------- C:\Program Files\SPAMfighter
2007-10-29 16:47 <DIR> d-------- C:\Program Files\Common Files\Application
2007-10-29 16:47 <DIR> d-------- C:\Program Files\Common Files\Ankiro
2007-10-28 22:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Games

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-11-25 14:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-11-25 12:16 --------- d-----w C:\Program Files\Hema Album Software Advanced
2007-11-25 12:13 --------- d-----w C:\Program Files\Kruidvat - Fotoservice
2007-11-25 12:13 --------- d-----w C:\Program Files\Google
2007-11-24 13:22 --------- d-----w C:\Program Files\SmartFTP Client
2007-11-24 13:21 --------- d-----w C:\Program Files\MSN Messenger
2007-11-24 13:21 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-11-24 13:18 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-11-24 11:08 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2007-11-23 22:17 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\LimeWire
2007-11-18 19:37 --------- d-----w C:\Program Files\EsetOnlineScanner
2007-11-15 19:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-28 21:30 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Microsoft Games
2007-10-28 21:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-25 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-10-23 17:54 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Canon
2007-10-23 17:34 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\ZoomBrowser EX
2007-10-23 17:34 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\AVG7
2007-10-23 17:29 --------- d-----w C:\Program Files\Canon
2007-10-23 17:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-10-23 17:26 --------- d-----w C:\Program Files\Common Files\Canon
2007-10-21 09:12 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-21 09:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-17 12:18 --------- d-----w C:\Program Files\Microsoft Games
2007-10-13 14:18 --------- d-----w C:\Program Files\Apple Software Update
2007-10-13 14:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-13 14:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-10 14:54 --------- d-----w C:\Program Files\Java
2007-10-05 22:15 --------- d-----w C:\Documents and Settings\Gebruiker\Application Data\Jasc Software Inc
2007-09-27 15:38 --------- d-----w C:\Program Files\Deen
2007-09-02 15:27 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-08-25 10:29 12,342,521 ------w C:\avg7qt.dat
2007-08-20 18:01 8 --sh--r C:\WINDOWS\system32\86F09676B6.sys
2007-08-20 18:02 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 14:21 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 09:00]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-07-26 08:54]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-05-10 23:03 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-06-01 08:37]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 09:51]
"P17Helper"="Rundll32 P17.dll" []
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-09 03:43]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-24 08:37]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 08:37]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 --a------ D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-09-28 02:17 443968 --a------ D:\Program Files\Picasa2\PicasaMediaDetector.exe

R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe"
R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys
R3 P17;SB Live! 24-bit;C:\WINDOWS\system32\drivers\P17.sys
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys
S3 MS1000;MS1000;C:\WINDOWS\system32\DRIVERS\MS1000.s ys

.
Inhoud van de 'Gedeelde Taken' map
"2007-10-13 14:18:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-24 18:41:06 C:\WINDOWS\Tasks\TC_elke dag.job"
- C:\Program Files\The Cleaner\cleaner.exe
.
****

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 17:45:28
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**
.
Voltooingstijd: 2007-11-25 17:45:48
.
- E O F -

anoniem24424
26 November 2007, 20:34
Ik zie niks mis volgens mij ? Hoe gaat het nu?

anoniem21888
27 November 2007, 19:04
Die troep staat nog steeds op me computer helaas. Nu ik het wachtwoord van me hotmail mail heb veranderd gaat het goed. Hij verstuurd geen spam meer, maar ik wil van die bende van me comp af.

anoniem21888
28 December 2007, 13:41
IK heb vandaag Spyware dokter gedownload en laten draaien op me systeem.
Helaas heeft hij 4 bedreigingen en 5 infecties gevonden. Zie screen :

http://img167.imageshack.us/img167/6140/spywaredokterut9.jpg (http://imageshack.us)

Ik heb al eerder met Ad-aware geprobeerd om deze dingen eruit te halen en ook met Spybot en zelfs AVG - Antispyware. Maar op een een of andere manier komen ze elke keer terug.

Nu wil ik ze verwijderen maar HOE ?
Bij Spyware dokter moet je betalen en dat is nu net wat ik niet wil.

PS: Ik heb een AVG voor antivirus.

anoniem15208
28 December 2007, 17:06
Dit vind Spyware Doctor bij mij "False Positive"oftewel ik vind iets wat er niet is :rolleyes:
SD probeert eigenlijk te zeggen,koop mij,koop mij
http://i186.photobucket.com/albums/x267/Argus_011/SpywareDoctor.jpg

anoniem13425
28 December 2007, 17:13
ze kunnen natuurlijk wel eens een steekje laten vallen, maar het programma wordt zelfs hier aanbevolen:
http://www.spywarewarrior.com/rogue_anti-spyware.htm :o

anoniem21888
28 December 2007, 17:57
Hoe moet ik nu weten wat ik wel en niet kan vertouwen ? Deze prog is dus niet te vertrouwen ? Wat moet ik dan wel doen ?
Ik zit nog steeds met die troep en zowel Ad-aware vind spyware en ook AVG antispy.
Als ik deze dus verwijder met die progs, staan ze er binnen no time er weer op. :S

anoniem13724
28 December 2007, 18:46
maak een hijackthis log
plaats deze in dit topic en geef een pm naar juisterr

is een zeer goede lezer wat dat betreft, ga er zelf niet in rotzooien. voor je het weet heb je een volledige vastloper en kan alleen herinstallatie nog iets redden

anoniem35523
9 December 2008, 20:45
Hey,
ik verstuur sinds een aantal maanden om de paar weken/maanden aparte emailtjes via Hotmail. Ik heb ze zelf niet geschreven, en heb ook geen idee waar dit vanaf komt.
Mocht je het nodig vinden, ik kan het emailtje wel hier posten (doe ik liever niet vanwege de link + klikken = foute boel)..

heb al gelezen dat HijackThis handig is, dus hierbij:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14:15, on 9-12-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Valve\Steam.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Users\Jorg\AppData\Local\Google\Update\GoogleUp date.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\USB_video_device\Utility\MS_Tool\IRControl.e xe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam.exe" -silent
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jorg\AppData\Local\Google\Update\GoogleUp date.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Startup: OneNote-inhoudsopgave.onetoc2
O4 - Global Startup: NewShortcut2.lnk = C:\Program Files\USB_video_device\Utility\MS_Tool\IRControl.e xe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (file missing)
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{5444F0F9-2E62-4238-81DF-01BF701296D2}: NameServer = 192.168.2.1

omdat de log te groot was, staat hieronder deel 2, deze moet hieronder geplakt worden;)

anoniem35523
9 December 2008, 20:46
deel 2

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASWLSVC - Unknown owner - C:\Windows\System32\ASWLSVC.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IntelDHSvcConf - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdise rv.exe
O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 12012 bytes


wie kan er iets in vinden??
Alvast bedankt,

Lollug92

nerdekut
27 March 2009, 18:28
Ik heb het zelfde probleem, dit is alleen geen virus. Want heb m'n computer opnieuw ge´nstalleerd en het is er nogsteeds. Heb wel een tijdelijke oplossing, maar het komt weer soms terug.

Ga naar http://www.hotmail.com , dan log je je in. Dan ga je rechts boven in naar opties, meer opties...
Dan zie je onder het kopje account beheren staan: Automatische antwoorden bij afwezigheid verzenden staan..
daar stond bij mij het bericht en dat dan ook die mail werd verstuurd.

Vandaag is het weer bij me gebeurt, alleen nu staat daar niets, dus ze hebben misschien alweer iets anders verzonnen.

Groet

anoniem24424
28 March 2009, 17:08
nerdekut

begin even een nieuw eigen topic aub en plaats een Hijackthis logje