Mededeling

Collapse
No announcement yet.

Pop-up's à voloté !

Collapse
X
Collapse
  •  
  • Page of 1
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Pop-up's à voloté !

    Bon,

    Eigen schuld, dikke bult. Maar ik heb het zitten. Pop-up's naar hartelust.

    Ik dacht dat ik er vanaf was, maar nee hoor ...

    Wat ik zeker weet, het heeft iets te maken had met vtstu.dll. Deze stond in de lijst van invoegtoepassingen van Internet Explorer, en door deze uit te schakelen, was ik van de Pop-up's van af. Nu stonden daar nog een aantal andere bij (browser helperobject) waarvan de uitgever niet gekend was, dus ook maar uitgeschakeld. Dit was keer op keer voldoende voor de tijd dat de PC aan staat, maar na elke restart stonden er weer andere ...

    Dus gaan 'googlen' met zoekterm vtstu.dll. Via het forum van Ad-Aware een tooltje gevonden, genaamd VundoFix. Deze kon héél wat verwijderen, en andere wat ie vond en niet kon verwijderen, in safe mode kunnen verwijderen (ondermeer : ukpoavkm.exe)
    In tegenstelling tot alle andere van het type *.dll, dacht ik met deze *.exe de nagel op de kop getikt te hebben. Dit tot het tooltje na ettelijke keren re-booten, niks meer vond.

    Kreeg wel-is-waar bij het aanmelden een foutmelding dat een bepaalde (bewust verwijderde) dll niet geladen kan worden, maar kon ik voorlopig mee leven...

    Begint het nu wel niet weer helemaal opnieuw ? Work-around van invoegtoepassingen uitschakelen nog steeds geldig, maar hoe diep moet ik nog graven om dat beestje kwijt te geraken ?

    Heden dus een on-line virusscan uitgevoerd met House-call, en nog wat rommel de rommel opgekuist. Spybot laten runnen, alsook Ad-Aware (volgens de huisregels). Dus hier is m'n HijackThis logje. Wil een kei hier even een blik op werpen ? Just to be sure ....

    -----------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:54:20, on 18/12/2007
    Platform: Windows 2003 SP2 (WinNT 5.02.3790)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O1 - Hosts: 84.243.235.245 www.hijackthis.nl
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7120] command /c del "C:\Documents and Settings\Jos De Ruyck\Local

    Settings\Temp\gos6A.tmp_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2761] cmd /c del "C:\Documents and Settings\Jos De Ruyck\Local

    Settings\Temp\gos6A.tmp_old"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB9282] command /c del "C:\Documents and Settings\Jos De Ruyck\Local

    Settings\Temp\gos6A.tmp_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1677] cmd /c del "C:\Documents and Settings\Jos De Ruyck\Local

    Settings\Temp\gos6A.tmp_old"
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O4 - Startup: DAEMON Tools.lnk = C:\Program Files\DAEMON Tools\daemon.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O15 - ESC Trusted Zone: http://runonce.msn.com
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

    http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196535279328
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -

    http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

    http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware

    2007\aawservice.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program

    Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

    Updater\GoogleUpdaterService.exe

    --
    End of file - 6002 bytes
    Labels: Geen
      • Citaat
    • #2
      Download VirtumundoBegone (mirror)
      Sla dit op op je bureaublad.

      Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
      Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
      Als de fix klaar is, start je de pc opnieuw op.
      Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.


      Download: RVAXO.exe
      • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
      • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
        Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
      • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
      • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
        Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
      • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
      • Post de inhoud van de logfile in je volgende bericht.


      Download Combofix naar je Bureaublad.
      Dubbelklik op Combofix.exe
      Kies voor "Continue" door 1 te typen gevolgd door ENTER.
      Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
      Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
      Plaats deze log in je volgende post.

      NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
        • Citaat

        Comment

        • #3
          Om te beginnen, de VirtumundoBeGone-log :

          [12/19/2007, 18:14:56] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jos De Ruyck\Bureaublad\VirtumundoBeGone.exe" )
          [12/19/2007, 18:15:08] - Detected System Information:
          [12/19/2007, 18:15:08] - Windows Version: 5.2.3790, Service Pack 2
          [12/19/2007, 18:15:08] - Current Username: Jos De Ruyck (Admin)
          [12/19/2007, 18:15:08] - Windows is in NORMAL mode.
          [12/19/2007, 18:15:08] - Searching for Browser Helper Objects:
          [12/19/2007, 18:15:08] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
          [12/19/2007, 18:15:08] - BHO 2: {0769E9D2-CEE5-4775-92CB-6FFAFE302940} ()
          [12/19/2007, 18:15:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [12/19/2007, 18:15:08] - Checking for HKLM\...\Winlogon\Notify\ssqpo
          [12/19/2007, 18:15:08] - Key not found: HKLM\...\Winlogon\Notify\ssqpo, continuing.
          [12/19/2007, 18:15:08] - BHO 3: {0D64B73C-6490-41D4-A9C4-A3EBC9BD62D1} ()
          [12/19/2007, 18:15:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [12/19/2007, 18:15:08] - No filename found. Continuing.
          [12/19/2007, 18:15:08] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
          [12/19/2007, 18:15:08] - BHO 5: {5f2e3fbf-aac7-47a1-b352-db8a3511359e} ()
          [12/19/2007, 18:15:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [12/19/2007, 18:15:08] - Checking for HKLM\...\Winlogon\Notify\bnahqysp
          [12/19/2007, 18:15:08] - Key not found: HKLM\...\Winlogon\Notify\bnahqysp, continuing.
          [12/19/2007, 18:15:08] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
          [12/19/2007, 18:15:08] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
          [12/19/2007, 18:15:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [12/19/2007, 18:15:08] - No filename found. Continuing.
          [12/19/2007, 18:15:08] - BHO 8: {8AC2AE76-4D17-4CEB-A6B2-A19E321261D3} ()
          [12/19/2007, 18:15:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [12/19/2007, 18:15:08] - Checking for HKLM\...\Winlogon\Notify\vtstu
          [12/19/2007, 18:15:08] - Key not found: HKLM\...\Winlogon\Notify\vtstu, continuing.
          [12/19/2007, 18:15:08] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
          [12/19/2007, 18:15:08] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
          [12/19/2007, 18:15:08] - BHO 11: {B6AB25B6-E3DB-4F98-8137-9CFCCAFBCE5F} ()
          [12/19/2007, 18:15:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [12/19/2007, 18:15:08] - Checking for HKLM\...\Winlogon\Notify\jkhfd
          [12/19/2007, 18:15:08] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
          [12/19/2007, 18:15:08] - BHO 12: {DB0B918E-A0A8-482B-8D75-A682816B0C7B} ()
          [12/19/2007, 18:15:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [12/19/2007, 18:15:08] - Checking for HKLM\...\Winlogon\Notify\qomnnmk
          [12/19/2007, 18:15:08] - Found: HKLM\...\Winlogon\Notify\qomnnmk - This is probably Virtumundo.
          [12/19/2007, 18:15:08] - Assigning {DB0B918E-A0A8-482B-8D75-A682816B0C7B} MSEvents Object
          [12/19/2007, 18:15:08] - BHO list has been changed! Starting over...
          [12/19/2007, 18:15:08] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
          [12/19/2007, 18:15:08] - BHO 2: {0769E9D2-CEE5-4775-92CB-6FFAFE302940} ()
          [12/19/2007, 18:15:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [12/19/2007, 18:15:08] - Checking for HKLM\...\Winlogon\Notify\ssqpo
          [12/19/2007, 18:15:08] - Key not found: HKLM\...\Winlogon\Notify\ssqpo, continuing.
          [12/19/2007, 18:15:08] - BHO 3: {0D64B73C-6490-41D4-A9C4-A3EBC9BD62D1} ()
          [12/19/2007, 18:15:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [12/19/2007, 18:15:08] - No filename found. Continuing.
          [12/19/2007, 18:15:08] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
          [12/19/2007, 18:15:08] - BHO 5: {5f2e3fbf-aac7-47a1-b352-db8a3511359e} ()
          [12/19/2007, 18:15:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [12/19/2007, 18:15:08] - Checking for HKLM\...\Winlogon\Notify\bnahqysp
          [12/19/2007, 18:15:08] - Key not found: HKLM\...\Winlogon\Notify\bnahqysp, continuing.
          [12/19/2007, 18:15:08] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
          [12/19/2007, 18:15:08] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
          [12/19/2007, 18:15:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [12/19/2007, 18:15:08] - No filename found. Continuing.
          [12/19/2007, 18:15:08] - BHO 8: {8AC2AE76-4D17-4CEB-A6B2-A19E321261D3} ()
          [12/19/2007, 18:15:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [12/19/2007, 18:15:08] - Checking for HKLM\...\Winlogon\Notify\vtstu
          [12/19/2007, 18:15:08] - Key not found: HKLM\...\Winlogon\Notify\vtstu, continuing.
          [12/19/2007, 18:15:08] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
          [12/19/2007, 18:15:08] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
          [12/19/2007, 18:15:08] - BHO 11: {B6AB25B6-E3DB-4F98-8137-9CFCCAFBCE5F} ()
          [12/19/2007, 18:15:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [12/19/2007, 18:15:08] - Checking for HKLM\...\Winlogon\Notify\jkhfd
          [12/19/2007, 18:15:08] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
          [12/19/2007, 18:15:08] - BHO 12: {DB0B918E-A0A8-482B-8D75-A682816B0C7B} (MSEvents Object)
          [12/19/2007, 18:15:08] - ALERT: Found MSEvents Object!
          [12/19/2007, 18:15:08] - Finished Searching Browser Helper Objects
          [12/19/2007, 18:15:08] - *** Detected MSEvents Object
          [12/19/2007, 18:15:08] - Trying to remove MSEvents Object...
          [12/19/2007, 18:15:09] - Terminating Process: IEXPLORE.EXE
          [12/19/2007, 18:15:09] - Terminating Process: RUNDLL32.EXE
          [12/19/2007, 18:15:09] - Disabling Automatic Shell Restart
          [12/19/2007, 18:15:09] - Terminating Process: EXPLORER.EXE
          [12/19/2007, 18:15:10] - Suspending the NT Session Manager System Service
          [12/19/2007, 18:15:10] - Terminating Windows NT Logon/Logoff Manager
          [12/19/2007, 18:15:10] - Re-enabling Automatic Shell Restart
          [12/19/2007, 18:15:10] - File to disable: C:\WINDOWS\system32\qomnnmk.dll
          [12/19/2007, 18:15:10] - Renaming C:\WINDOWS\system32\qomnnmk.dll -> C:\WINDOWS\system32\qomnnmk.dll.vir
          [12/19/2007, 18:15:10] - File successfully renamed!
          [12/19/2007, 18:15:10] - Removing HKLM\...\Browser Helper Objects\{DB0B918E-A0A8-482B-8D75-A682816B0C7B}
          [12/19/2007, 18:15:10] - Removing HKCR\CLSID\{DB0B918E-A0A8-482B-8D75-A682816B0C7B}
          [12/19/2007, 18:15:10] - Adding Kill Bit for ActiveX for GUID: {DB0B918E-A0A8-482B-8D75-A682816B0C7B}
          [12/19/2007, 18:15:10] - Deleting ATLEvents/MSEvents Registry entries
          [12/19/2007, 18:15:10] - Removing HKLM\...\Winlogon\Notify\qomnnmk
          [12/19/2007, 18:15:10] - Searching for Browser Helper Objects:
          [12/19/2007, 18:15:10] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
          [12/19/2007, 18:15:10] - BHO 2: {0769E9D2-CEE5-4775-92CB-6FFAFE302940} ()
          [12/19/2007, 18:15:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [12/19/2007, 18:15:10] - Checking for HKLM\...\Winlogon\Notify\ssqpo
          [12/19/2007, 18:15:10] - Key not found: HKLM\...\Winlogon\Notify\ssqpo, continuing.
          [12/19/2007, 18:15:10] - BHO 3: {0D64B73C-6490-41D4-A9C4-A3EBC9BD62D1} ()
          [12/19/2007, 18:15:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [12/19/2007, 18:15:10] - No filename found. Continuing.
          [12/19/2007, 18:15:11] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
          [12/19/2007, 18:15:11] - BHO 5: {5f2e3fbf-aac7-47a1-b352-db8a3511359e} ()
          [12/19/2007, 18:15:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [12/19/2007, 18:15:11] - Checking for HKLM\...\Winlogon\Notify\bnahqysp
          [12/19/2007, 18:15:11] - Key not found: HKLM\...\Winlogon\Notify\bnahqysp, continuing.
          [12/19/2007, 18:15:11] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
          [12/19/2007, 18:15:11] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
          [12/19/2007, 18:15:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [12/19/2007, 18:15:11] - No filename found. Continuing.
          [12/19/2007, 18:15:11] - BHO 8: {8AC2AE76-4D17-4CEB-A6B2-A19E321261D3} ()
          [12/19/2007, 18:15:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [12/19/2007, 18:15:11] - Checking for HKLM\...\Winlogon\Notify\vtstu
          [12/19/2007, 18:15:11] - Key not found: HKLM\...\Winlogon\Notify\vtstu, continuing.
          [12/19/2007, 18:15:11] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
          [12/19/2007, 18:15:11] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
          [12/19/2007, 18:15:11] - BHO 11: {B6AB25B6-E3DB-4F98-8137-9CFCCAFBCE5F} ()
          [12/19/2007, 18:15:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [12/19/2007, 18:15:11] - Checking for HKLM\...\Winlogon\Notify\jkhfd
          [12/19/2007, 18:15:11] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
          [12/19/2007, 18:15:11] - Finished Searching Browser Helper Objects
          [12/19/2007, 18:15:11] - Finishing up...
          [12/19/2007, 18:15:11] - A restart is needed.
          [12/19/2007, 18:15:53] - Attempting to Restart via STOP error (Blue Screen!)

          ------------------------

          De RVAXO-log :

          ----------------RVAXO.exe first run-------------

          Files found:

          C:\WINDOWS\system32\qomnnmk.dll.vir
          C:\WINDOWS\system32\opqss.ini
          C:\WINDOWS\system32\opqss.bak1
          C:\WINDOWS\system32\utstv.bak1
          C:\WINDOWS\system32\opqss.bak2
          C:\WINDOWS\system32\utstv.bak2
          C:\WINDOWS\system32\mcrh.tmp

          Uninstallers Rogue scanners:


          Folders Found:


          --------------RVAXO.exe last run---------------

          Files found:

          Folders Found:

          --------------RVAXO.exe finished----------------

          En tot slot, de CoboFix-log

          ComboFix 07-12-19.7 - Jos De Ruyck 2007-12-19 18:31:42.1 - NTFSx86
          Microsoft(R) Windows(R) Server 2003, Standard Edition 5.2.3790.2.1252.1.1043.18.1615 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Jos De Ruyck\Bureaublad\ComboFix.exe
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\WINDOWS\cookies.ini
          C:\WINDOWS\system32\bnahqysp.dll
          C:\WINDOWS\system32\fccyvuv.dll
          C:\WINDOWS\system32\opqss.ini
          C:\WINDOWS\system32\ssqpo.dll

          .
          ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

          .
          -------\LEGACY_DOMAINSERVICE


          (((((((((((((((((((( Bestanden Gemaakt van 2007-11-19 to 2007-12-19 ))))))))))))))))))))))))))))))
          .

          2007-12-19 18:25 . 2007-12-19 18:25 <DIR> d-------- C:\RVAXO
          2007-12-19 18:22 . 2007-12-19 19:20 552,738 --a------ C:\WINDOWS\system32\RVAXO.bat
          2007-12-19 18:22 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
          2007-12-18 22:42 . 2007-12-18 22:42 131 --a------ C:\WINDOWS\wininit.ini
          2007-12-18 22:19 . 2007-12-18 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2007-12-18 20:04 . 2007-12-18 20:04 <DIR> d-------- C:\Program Files\Trend Micro
          2007-12-18 20:02 . 2007-12-18 21:49 <DIR> d-------- C:\Documents and Settings\Jos De Ruyck\.housecall6.6
          2007-12-18 18:44 . 2007-12-18 21:46 985,703 ---hs---- C:\WINDOWS\system32\ssxjtxqr.ini
          2007-12-18 05:58 . 2007-12-18 05:58 <DIR> d-------- C:\Program Files\Java
          2007-12-18 05:58 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
          2007-12-18 05:57 . 2007-12-18 05:57 <DIR> d-------- C:\Program Files\Common Files\Java
          2007-12-17 21:01 . 2007-12-17 23:02 <DIR> d-------- C:\VundoFix Backups
          2007-12-16 20:03 . 2007-12-16 20:03 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
          2007-12-16 20:03 . 2007-12-16 20:03 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
          2007-12-16 20:03 . 2007-12-16 20:03 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
          2007-12-16 18:14 . 2007-12-17 20:36 971,249 ---hs---- C:\WINDOWS\system32\oltbcefy.ini
          2007-12-16 12:14 . 2007-12-16 12:14 <DIR> d-------- C:\Program Files\Lavasoft
          2007-12-16 12:14 . 2007-12-16 12:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
          2007-12-16 12:14 . 2007-12-16 12:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
          2007-12-16 11:38 . 2007-12-16 11:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
          2007-12-16 11:26 . 2007-12-16 11:26 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
          2007-12-16 11:07 . 2007-12-17 21:13 122,917 ---hs---- C:\WINDOWS\system32\utstv.ini
          2007-12-14 20:24 . 2007-12-16 10:43 <DIR> d-------- C:\Documents and Settings\Jos De Ruyck\Application Data\FileZilla
          2007-12-14 20:22 . 2007-12-14 20:22 <DIR> d-------- C:\Program Files\FileZilla Client
          2007-12-13 22:30 . 2007-12-13 22:30 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
          2007-12-12 19:18 . 2007-10-23 23:34 228,864 --a------ C:\WINDOWS\system32\wmasf.dll
          2007-12-12 19:18 . 2007-10-23 23:34 228,864 --a--c--- C:\WINDOWS\system32\dllcache\wmasf.dll
          2007-12-09 13:23 . 2007-12-09 13:23 <DIR> d-------- C:\Program Files\GPLGS
          2007-12-09 13:22 . 2007-12-09 13:22 <DIR> d-------- C:\Program Files\Acro Software
          2007-12-09 13:22 . 2007-07-12 22:33 87,552 --a------ C:\WINDOWS\system32\cpwmon2k.dll
          2007-12-08 20:50 . 2007-12-08 20:50 1,905 --a------ C:\WINDOWS\diagwrn.xml
          2007-12-08 20:50 . 2007-12-08 20:50 1,905 --a------ C:\WINDOWS\diagerr.xml
          2007-12-08 14:15 . 2007-12-08 14:15 <DIR> d-------- C:\Documents and Settings\Eva\Contacts
          2007-12-08 14:12 . 2007-11-29 21:21 <DIR> d--h----- C:\Documents and Settings\Eva\Sjablonen
          2007-12-08 14:12 . 2007-12-08 14:17 <DIR> dr-h----- C:\Documents and Settings\Eva\Onlangs geopend
          2007-12-08 14:12 . 2007-11-29 21:21 <DIR> d--h----- C:\Documents and Settings\Eva\Netwerkprinteromgeving
          2007-12-08 14:12 . 2007-12-15 12:34 <DIR> dr------- C:\Documents and Settings\Eva\Mijn documenten
          2007-12-08 14:12 . 2007-11-29 21:21 <DIR> dr------- C:\Documents and Settings\Eva\Menu Start
          2007-12-08 14:12 . 2007-12-08 14:12 <DIR> dr------- C:\Documents and Settings\Eva\Favorieten
          2007-12-08 14:12 . 2007-12-16 11:38 <DIR> d-------- C:\Documents and Settings\Eva\Bureaublad
          2007-12-02 14:56 . 2007-12-02 21:32 <DIR> d-------- C:\Documents and Settings\Jos De Ruyck\Contacts
          2007-12-02 14:55 . 2007-12-02 14:55 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
          2007-12-02 14:55 . 2007-12-02 14:55 <DIR> d-------- C:\Program Files\MSN Messenger
          2007-12-01 22:42 . 2007-12-01 22:42 <DIR> d-------- C:\WINDOWS\Sun
          2007-12-01 19:52 . 2007-12-01 09:44 <DIR> d-------- C:\Program Files\nLite
          2007-12-01 19:15 . 2007-12-01 19:15 <DIR> d-------- C:\WINDOWS\system32\Macromed
          2007-12-01 14:05 . 2007-12-01 14:05 <DIR> d-------- C:\Program Files\dpMagic Software
          2007-12-01 14:05 . 2003-10-08 15:29 352,256 --a------ C:\WINDOWS\system32\msvcr71.dll
          2007-12-01 13:00 . 2007-12-01 13:00 <DIR> d-------- C:\WINDOWS\Downloaded Installations
          2007-12-01 11:45 . 2007-12-02 12:19 <DIR> d-------- C:\Program Files\Google
          2007-12-01 11:07 . 2007-12-01 11:07 40 --a------ C:\WINDOWS\opt_1430.ini
          2007-12-01 11:05 . 2007-12-01 11:05 <DIR> d-------- C:\Program Files\MSXML 6.0
          2007-12-01 10:54 . 2007-12-18 19:50 452 --a------ C:\WINDOWS\BRWMARK.INI
          2007-12-01 10:54 . 2007-12-01 10:54 184 --a------ C:\WINDOWS\system32\brsvc01a.bsi
          2007-12-01 10:54 . 2007-12-01 10:54 30 --a------ C:\WINDOWS\system32\brss01a.ini
          2007-12-01 10:54 . 2007-12-18 19:50 26 --a------ C:\WINDOWS\BRPP2KA.INI
          2007-12-01 10:40 . 2007-11-29 21:21 <DIR> d--h----- C:\Documents and Settings\snoesje\Sjablonen
          2007-12-01 10:40 . 2007-12-01 14:41 <DIR> dr-h----- C:\Documents and Settings\snoesje\Onlangs geopend
          2007-12-01 10:40 . 2007-11-29 21:21 <DIR> d--h----- C:\Documents and Settings\snoesje\Netwerkprinteromgeving
          2007-12-01 10:40 . 2007-11-29 21:21 <DIR> dr------- C:\Documents and Settings\snoesje\Menu Start
          2007-12-01 10:40 . 2007-12-01 11:43 <DIR> dr------- C:\Documents and Settings\snoesje\Favorieten
          2007-12-01 10:40 . 2007-12-16 11:38 <DIR> d-------- C:\Documents and Settings\snoesje\Bureaublad
          2007-12-01 10:12 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
          2007-12-01 10:12 . 2007-12-14 16:22 395 --a------ C:\WINDOWS\ODBC.INI
          2007-12-01 10:11 . 2007-12-01 10:11 <DIR> d-------- C:\WINDOWS\SHELLNEW
          2007-12-01 10:11 . 2007-12-01 10:11 <DIR> d-------- C:\Program Files\Microsoft.NET
          2007-12-01 10:11 . 2007-12-01 10:29 <DIR> d-------- C:\Program Files\Microsoft Works
          2007-12-01 10:08 . 2007-12-01 10:08 <DIR> dr-h----- C:\MSOCache
          2007-12-01 10:07 . 2007-11-29 21:21 <DIR> d--h----- C:\Documents and Settings\Jos De Ruyck\Sjablonen
          2007-12-01 10:07 . 2007-12-19 18:26 <DIR> dr-h----- C:\Documents and Settings\Jos De Ruyck\Onlangs geopend
          2007-12-01 10:07 . 2007-11-29 21:21 <DIR> d--h----- C:\Documents and Settings\Jos De Ruyck\Netwerkprinteromgeving
          2007-12-01 10:07 . 2007-12-02 14:56 <DIR> dr------- C:\Documents and Settings\Jos De Ruyck\Mijn documenten
          2007-12-01 10:07 . 2007-12-01 19:00 <DIR> dr------- C:\Documents and Settings\Jos De Ruyck\Menu Start
          2007-12-01 10:07 . 2007-12-16 21:17 <DIR> dr------- C:\Documents and Settings\Jos De Ruyck\Favorieten
          2007-12-01 10:07 . 2007-12-19 18:39 <DIR> d-------- C:\Documents and Settings\Jos De Ruyck\Bureaublad
          2007-12-01 09:49 . 2007-12-01 09:50 <DIR> d-------- C:\I386
          2007-12-01 09:48 . 2007-12-01 09:48 <DIR> d-------- C:\Program Files\DAEMON Tools
          2007-12-01 09:46 . 2007-12-01 09:46 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
          2007-12-01 09:32 . 2007-12-01 09:32 <DIR> d-------- C:\Program Files\Common Files\Adobe
          2007-12-01 09:12 . 2003-04-15 13:00 208,896 --a------ C:\WINDOWS\system32\wmpns.dll
          2007-12-01 09:01 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
          2007-12-01 09:01 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
          2007-11-29 22:46 . 2007-12-01 11:06 <DIR> d-------- C:\WINDOWS\system32\nl-NL
          2007-11-29 22:45 . 2007-11-29 22:45 <DIR> d-------- C:\Program Files\MSBuild
          2007-11-29 22:43 . 2007-11-29 22:43 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
          2007-11-29 22:43 . 2007-11-29 22:43 <DIR> d-------- C:\Program Files\Reference Assemblies
          2007-11-29 22:42 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
          2007-11-29 22:37 . 2007-03-17 12:08 2,854,400 --a------ C:\WINDOWS\system32\msi.dll
          2007-11-29 22:37 . 2007-03-17 12:08 2,854,400 --a--c--- C:\WINDOWS\system32\dllcache\msi.dll
          2007-11-29 22:37 . 2007-08-16 22:13 694,784 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
          2007-11-29 22:37 . 2007-05-03 17:16 510,976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
          2007-11-29 22:26 . 2007-12-12 21:43 <DIR> d--h----- C:\WINDOWS\$hf_mig$
          2007-11-29 22:24 . 2007-11-29 22:24 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
          2007-11-29 22:24 . 2007-11-29 22:24 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
          2007-11-29 22:20 . 2007-11-29 22:20 <DIR> d-------- C:\Program Files\cmak
          2007-11-29 22:19 . 2007-11-29 22:20 <DIR> d-------- C:\WINDOWS\ServicePackFiles
          2007-11-29 22:17 . 2007-11-29 22:17 <DIR> d-a------ C:\WINDOWS\PolicyBackup
          2007-11-29 22:01 . 2007-03-21 06:24 301,568 --a------ C:\WINDOWS\system32\winsrv.dll
          2007-11-29 22:01 . 2007-03-21 06:24 301,568 --a--c--- C:\WINDOWS\system32\dllcache\winsrv.dll
          2007-11-28 21:03 . 2006-02-17 04:28 305,152 --a------ C:\WINDOWS\system32\drivers\nvnrm.sys

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2007-11-29 20:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2007-11-29 20:20 --------- d-----w C:\Program Files\Realtek
          2007-11-29 20:05 --------- d-----w C:\Program Files\Common Files\InstallShield
          2007-11-13 09:32 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64192DD9-D936-451D-8B43-026652BA01B1}]

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8AC2AE76-4D17-4CEB-A6B2-A19E321261D3}]
          C:\WINDOWS\system32\vtstu.dll

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6AB25B6-E3DB-4F98-8137-9CFCCAFBCE5F}]
          C:\WINDOWS\system32\jkhfd.dll

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-02-17 08:00]
          "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-02 19:58]
          "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "RTHDCPL"="RTHDCPL.EXE" [2006-12-19 04:12 C:\WINDOWS\RTHDCPL.exe]
          "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe]
          "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
          "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-01 11:48]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
          "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2003-04-15 13:00]

          C:\Documents and Settings\snoesje\Menu Start\Programma's\Opstarten\
          Microsoft Office Outlook.lnk - C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE [2007-05-31 13:42:14]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
          "disablecad"= 0 (0x0)

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
          "ShowSuperHidden"= 1 (0x1)

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
          dimsntfy.dll 2007-02-17 08:00 19456 C:\WINDOWS\system32\dimsntfy.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
          "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
          @="Service"

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
          @="Driver"

          R0 crcdisk;CRC-filterstuurprogramma voor schijf;C:\WINDOWS\system32\DRIVERS\crcdisk.sys [2007-02-17 08:00]
          R0 DfsDriver;DfsDriver;C:\WINDOWS\system32\drivers\Dfs.sys [2007-02-17 08:00]
          R2 AeLookupSvc;Application Experience Lookup Service;C:\WINDOWS\system32\svchost.exe -k netsvcs
          R3 mgau;mgau;C:\WINDOWS\system32\DRIVERS\mgaum.sys [2003-04-14 20:22]
          S3 Dfs;Distributed File System;C:\WINDOWS\system32\Dfssvc.exe [2007-02-17 08:00]
          S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-01 11:48]
          S3 NtFrs;File Replication;C:\WINDOWS\system32\ntfrs.exe [2007-02-17 08:51]
          S3 RSoPProv;Provider van de resulterende verzameling beleidsregels;C:\WINDOWS\system32\RSoPProv.exe [2007-02-17 08:54]
          S3 sacsvr;Helper voor speciale beheerconsole;C:\WINDOWS\System32\svchost.exe -k netsvcs
          S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery-service;C:\WINDOWS\system32\svchost.exe -k LocalService
          S3 WLBS;Netwerktaakverdeling;C:\WINDOWS\system32\DRIVERS\wlbs.sys [2007-02-17 08:49]
          S4 ClusDisk;Schijfstuurprogramma van cluster;C:\WINDOWS\system32\DRIVERS\ClusDisk.sys [2007-02-17 08:00]
          S4 IsmServ;Intersite Messaging;C:\WINDOWS\System32\ismserv.exe [2007-02-17 08:02]
          S4 kdc;Kerberos Key Distribution Center;C:\WINDOWS\System32\lsass.exe [2003-04-15 13:00]
          S4 TrkSvr;Distributed Link Tracking Server;C:\WINDOWS\system32\svchost.exe -k netsvcs
          S4 Tssdis;Terminal Services-sessiemap;C:\WINDOWS\System32\tssdis.exe [2007-02-17 08:47]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
          LocalService REG_MULTI_SZ Alerter WebClient LmHosts WinHttpAutoProxySvc W32Time
          NetworkService REG_MULTI_SZ 6to4 DHCP DnsCache
          WinErr REG_MULTI_SZ ERsvc
          tapisrv REG_MULTI_SZ Tapisrv
          regsvc REG_MULTI_SZ RemoteRegistry
          swprv REG_MULTI_SZ swprv
          DcomLaunch REG_MULTI_SZ DcomLaunch

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
          AppMgmt
          AudioSrv
          Browser
          CryptSvc
          DMServer
          HidServ
          LanmanServer
          LanmanWorkstation
          Messenger
          Nla
          NWCWorkstation
          Sacsvr
          Schedule
          Seclogon
          Themes
          TrkWks
          TrkSvr
          W32Time
          Wmi
          WmdmPmSp
          winmgmt
          wuauserv
          BITS
          ShellHWDetection
          uploadmgr
          xmlprov
          AeLookupSvc
          helpsvc


          [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36BBA8D2-CA5C-4847-81CC-4F807DD86C91}]
          %SystemRoot%\system32\regsvr32.exe /s /n /i:IEUpdateUser urlmon.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6D69F546-C1AF-4049-AE9E-28627B91D3F5}]
          %SystemRoot%\system32\regsvr32.exe /s /n /i:IEUpdateAdmin urlmon.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}]
          %SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenAdmin

          [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}]
          %SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenUser
          .
          Inhoud van de 'Gedeelde Taken' map
          "2007-12-19 17:33:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{CB02A61C-E349-428F-AE17-C835B22F1FAE}.job"
          - C:\WINDOWS\system32\msfeedssync.exe
          .
          **************************************************************************

          catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2007-12-19 18:39:23
          Windows 5.2.3790 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          Voltooingstijd: 2007-12-19 18:40:39 - machine was rebooted
          .
          2007-12-12 20:43:16 --- E O F ---



          En te zeggen dat die nog allemaal IETS gevonden hebben, van waar blijft die rommel komen ?

          Is het eigenlijk OK dat ik bij elke pop-up die Spybot mij vraagt een beslissing te nemen (tijdens het uitvoeren van deze tools) telkenmale 'OK' zeg, en 'onthoud deze belsissing' ?


          Mijn Browser-helperlijst is al héél wat opgeschoond, maar nog niet volledig 'clean' zoals ik aanneem dat ze d'er moet uitzien. Er staan nog steeds enkele entries van onbekende uitgever.

          Dus nog maar een HiJackThis-logje d'er bij :

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 18:53:27, on 19/12/2007
          Platform: Windows 2003 SP2 (WinNT 5.02.3790)
          MSIE: Internet Explorer v7.00 (7.00.6000.16574)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\WINDOWS\system32\brss01a.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\RTHDCPL.EXE
          C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
          C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
          C:\Program Files\DAEMON Tools\daemon.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
          C:\Program Files\internet explorer\iexplore.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O2 - BHO: (no name) - {8AC2AE76-4D17-4CEB-A6B2-A19E321261D3} - C:\WINDOWS\system32\vtstu.dll (file missing)
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
          O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
          O2 - BHO: (no name) - {B6AB25B6-E3DB-4F98-8137-9CFCCAFBCE5F} - C:\WINDOWS\system32\jkhfd.dll (file missing)
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
          O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
          O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
          O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
          O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
          O4 - Startup: DAEMON Tools.lnk = C:\Program Files\DAEMON Tools\daemon.exe
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O15 - ESC Trusted Zone: http://runonce.msn.com
          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196535279328
          O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
          O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
          O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
          O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

          --
          End of file - 6065 bytes

          Alvast bedankt voor uw tijd en energie.
            • Citaat

            Comment

            • #4
              Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
              Dit zal alles van RVAXO doen verwijderen.

              Download de bijlage: CFScript.txt

              Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



              Dit zal ComboFix doen herstarten.
              Start opnieuw op als daarom gevraagd wordt,
              en post de inhoud van de Combofix.txt in je volgende antwoord.

              Post ook een nieuw logje van Hijackthis en vertel ook of er nog problemen zijn.
              Bijgevoegde Bestanden
                • Citaat

                Comment

                • #5
                  Voorlopig heb ik niet echt nog problemen te melden. De (naar mijn mening 'verdachte') browser-helpers zijn uit de lijst verdwenen. Maar laat ik niet te vroeg victoria kraaien, na een paar keer herstarten durven dergelijke fenomenen soms opnieuw opduiken ...

                  Wat ik wel merkt :
                  - Spybot is uit de system-tray verdwenen ...
                  - Jullie site wordt als 'Phising-site' gerapporteerd !

                  Voorlopig hou ik het bij 'case-closed'. Wacht nog een paar dagen af hoe het zooitje evolueert, en geef je dan reply. Tenzij jij met je arendsoog nog iets opmerkt in deze logjes.

                  Alvast bedankt !


                  Jos


                  ComboFix - logje :

                  ComboFix 07-12-19.7 - Jos De Ruyck 2007-12-20 19:04:12.2 - NTFSx86
                  Microsoft(R) Windows(R) Server 2003, Standard Edition 5.2.3790.2.1252.1.1043.18.1670 [GMT 1:00]
                  Gestart vanuit: C:\Documents and Settings\Jos De Ruyck\Bureaublad\ComboFix.exe
                  Command switches used :: C:\Documents and Settings\Jos De Ruyck\Bureaublad\cfscript.txt

                  FILE
                  C:\WINDOWS\system32\oltbcefy.ini
                  C:\WINDOWS\system32\ssxjtxqr.ini
                  C:\WINDOWS\system32\utstv.ini
                  .

                  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                  .

                  C:\WINDOWS\system32\oltbcefy.ini
                  C:\WINDOWS\system32\ssxjtxqr.ini
                  C:\WINDOWS\system32\utstv.ini

                  .
                  (((((((((((((((((((( Bestanden Gemaakt van 2007-11-20 to 2007-12-20 ))))))))))))))))))))))))))))))
                  .

                  2007-12-18 22:42 . 2007-12-18 22:42 131 --a------ C:\WINDOWS\wininit.ini
                  2007-12-18 22:19 . 2007-12-18 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                  2007-12-18 20:04 . 2007-12-18 20:04 <DIR> d-------- C:\Program Files\Trend Micro
                  2007-12-18 20:02 . 2007-12-18 21:49 <DIR> d-------- C:\Documents and Settings\Jos De Ruyck\.housecall6.6
                  2007-12-18 05:58 . 2007-12-18 05:58 <DIR> d-------- C:\Program Files\Java
                  2007-12-18 05:58 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
                  2007-12-18 05:57 . 2007-12-18 05:57 <DIR> d-------- C:\Program Files\Common Files\Java
                  2007-12-17 21:01 . 2007-12-17 23:02 <DIR> d-------- C:\VundoFix Backups
                  2007-12-16 20:03 . 2007-12-16 20:03 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
                  2007-12-16 20:03 . 2007-12-16 20:03 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
                  2007-12-16 20:03 . 2007-12-16 20:03 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
                  2007-12-16 12:14 . 2007-12-16 12:14 <DIR> d-------- C:\Program Files\Lavasoft
                  2007-12-16 12:14 . 2007-12-16 12:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
                  2007-12-16 12:14 . 2007-12-16 12:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
                  2007-12-16 11:38 . 2007-12-16 11:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
                  2007-12-16 11:26 . 2007-12-16 11:26 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
                  2007-12-14 20:24 . 2007-12-19 19:50 <DIR> d-------- C:\Documents and Settings\Jos De Ruyck\Application Data\FileZilla
                  2007-12-14 20:22 . 2007-12-14 20:22 <DIR> d-------- C:\Program Files\FileZilla Client
                  2007-12-13 22:30 . 2007-12-13 22:30 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
                  2007-12-12 19:18 . 2007-10-23 23:34 228,864 --a------ C:\WINDOWS\system32\wmasf.dll
                  2007-12-12 19:18 . 2007-10-23 23:34 228,864 --a--c--- C:\WINDOWS\system32\dllcache\wmasf.dll
                  2007-12-09 13:23 . 2007-12-09 13:23 <DIR> d-------- C:\Program Files\GPLGS
                  2007-12-09 13:22 . 2007-12-09 13:22 <DIR> d-------- C:\Program Files\Acro Software
                  2007-12-09 13:22 . 2007-07-12 22:33 87,552 --a------ C:\WINDOWS\system32\cpwmon2k.dll
                  2007-12-08 20:50 . 2007-12-08 20:50 1,905 --a------ C:\WINDOWS\diagwrn.xml
                  2007-12-08 20:50 . 2007-12-08 20:50 1,905 --a------ C:\WINDOWS\diagerr.xml
                  2007-12-08 14:15 . 2007-12-08 14:15 <DIR> d-------- C:\Documents and Settings\Eva\Contacts
                  2007-12-08 14:12 . 2007-11-29 21:21 <DIR> d--h----- C:\Documents and Settings\Eva\Sjablonen
                  2007-12-08 14:12 . 2007-12-08 14:17 <DIR> dr-h----- C:\Documents and Settings\Eva\Onlangs geopend
                  2007-12-08 14:12 . 2007-11-29 21:21 <DIR> d--h----- C:\Documents and Settings\Eva\Netwerkprinteromgeving
                  2007-12-08 14:12 . 2007-12-15 12:34 <DIR> dr------- C:\Documents and Settings\Eva\Mijn documenten
                  2007-12-08 14:12 . 2007-11-29 21:21 <DIR> dr------- C:\Documents and Settings\Eva\Menu Start
                  2007-12-08 14:12 . 2007-12-08 14:12 <DIR> dr------- C:\Documents and Settings\Eva\Favorieten
                  2007-12-08 14:12 . 2007-12-16 11:38 <DIR> d-------- C:\Documents and Settings\Eva\Bureaublad
                  2007-12-02 14:56 . 2007-12-02 21:32 <DIR> d-------- C:\Documents and Settings\Jos De Ruyck\Contacts
                  2007-12-02 14:55 . 2007-12-02 14:55 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
                  2007-12-02 14:55 . 2007-12-02 14:55 <DIR> d-------- C:\Program Files\MSN Messenger
                  2007-12-01 22:42 . 2007-12-01 22:42 <DIR> d-------- C:\WINDOWS\Sun
                  2007-12-01 19:52 . 2007-12-01 09:44 <DIR> d-------- C:\Program Files\nLite
                  2007-12-01 19:15 . 2007-12-01 19:15 <DIR> d-------- C:\WINDOWS\system32\Macromed
                  2007-12-01 14:05 . 2007-12-01 14:05 <DIR> d-------- C:\Program Files\dpMagic Software
                  2007-12-01 14:05 . 2003-10-08 15:29 352,256 --a------ C:\WINDOWS\system32\msvcr71.dll
                  2007-12-01 13:00 . 2007-12-01 13:00 <DIR> d-------- C:\WINDOWS\Downloaded Installations
                  2007-12-01 11:45 . 2007-12-02 12:19 <DIR> d-------- C:\Program Files\Google
                  2007-12-01 11:07 . 2007-12-01 11:07 40 --a------ C:\WINDOWS\opt_1430.ini
                  2007-12-01 11:05 . 2007-12-01 11:05 <DIR> d-------- C:\Program Files\MSXML 6.0
                  2007-12-01 10:54 . 2007-12-18 19:50 452 --a------ C:\WINDOWS\BRWMARK.INI
                  2007-12-01 10:54 . 2007-12-01 10:54 184 --a------ C:\WINDOWS\system32\brsvc01a.bsi
                  2007-12-01 10:54 . 2007-12-01 10:54 30 --a------ C:\WINDOWS\system32\brss01a.ini
                  2007-12-01 10:54 . 2007-12-18 19:50 26 --a------ C:\WINDOWS\BRPP2KA.INI
                  2007-12-01 10:40 . 2007-11-29 21:21 <DIR> d--h----- C:\Documents and Settings\snoesje\Sjablonen
                  2007-12-01 10:40 . 2007-12-01 14:41 <DIR> dr-h----- C:\Documents and Settings\snoesje\Onlangs geopend
                  2007-12-01 10:40 . 2007-11-29 21:21 <DIR> d--h----- C:\Documents and Settings\snoesje\Netwerkprinteromgeving
                  2007-12-01 10:40 . 2007-11-29 21:21 <DIR> dr------- C:\Documents and Settings\snoesje\Menu Start
                  2007-12-01 10:40 . 2007-12-01 11:43 <DIR> dr------- C:\Documents and Settings\snoesje\Favorieten
                  2007-12-01 10:40 . 2007-12-16 11:38 <DIR> d-------- C:\Documents and Settings\snoesje\Bureaublad
                  2007-12-01 10:12 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
                  2007-12-01 10:12 . 2007-12-14 16:22 395 --a------ C:\WINDOWS\ODBC.INI
                  2007-12-01 10:11 . 2007-12-01 10:11 <DIR> d-------- C:\WINDOWS\SHELLNEW
                  2007-12-01 10:11 . 2007-12-01 10:11 <DIR> d-------- C:\Program Files\Microsoft.NET
                  2007-12-01 10:11 . 2007-12-01 10:29 <DIR> d-------- C:\Program Files\Microsoft Works
                  2007-12-01 10:08 . 2007-12-01 10:08 <DIR> dr-h----- C:\MSOCache
                  2007-12-01 10:07 . 2007-11-29 21:21 <DIR> d--h----- C:\Documents and Settings\Jos De Ruyck\Sjablonen
                  2007-12-01 10:07 . 2007-12-20 19:02 <DIR> dr-h----- C:\Documents and Settings\Jos De Ruyck\Onlangs geopend
                  2007-12-01 10:07 . 2007-11-29 21:21 <DIR> d--h----- C:\Documents and Settings\Jos De Ruyck\Netwerkprinteromgeving
                  2007-12-01 10:07 . 2007-12-02 14:56 <DIR> dr------- C:\Documents and Settings\Jos De Ruyck\Mijn documenten
                  2007-12-01 10:07 . 2007-12-01 19:00 <DIR> dr------- C:\Documents and Settings\Jos De Ruyck\Menu Start
                  2007-12-01 10:07 . 2007-12-19 19:43 <DIR> dr------- C:\Documents and Settings\Jos De Ruyck\Favorieten
                  2007-12-01 10:07 . 2007-12-20 19:04 <DIR> d-------- C:\Documents and Settings\Jos De Ruyck\Bureaublad
                  2007-12-01 09:49 . 2007-12-01 09:50 <DIR> d-------- C:\I386
                  2007-12-01 09:48 . 2007-12-01 09:48 <DIR> d-------- C:\Program Files\DAEMON Tools
                  2007-12-01 09:46 . 2007-12-01 09:46 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
                  2007-12-01 09:32 . 2007-12-01 09:32 <DIR> d-------- C:\Program Files\Common Files\Adobe
                  2007-12-01 09:12 . 2003-04-15 13:00 208,896 --a------ C:\WINDOWS\system32\wmpns.dll
                  2007-12-01 09:01 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
                  2007-12-01 09:01 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
                  2007-11-29 22:46 . 2007-12-01 11:06 <DIR> d-------- C:\WINDOWS\system32\nl-NL
                  2007-11-29 22:45 . 2007-11-29 22:45 <DIR> d-------- C:\Program Files\MSBuild
                  2007-11-29 22:43 . 2007-11-29 22:43 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
                  2007-11-29 22:43 . 2007-11-29 22:43 <DIR> d-------- C:\Program Files\Reference Assemblies
                  2007-11-29 22:42 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
                  2007-11-29 22:37 . 2007-03-17 12:08 2,854,400 --a------ C:\WINDOWS\system32\msi.dll
                  2007-11-29 22:37 . 2007-03-17 12:08 2,854,400 --a--c--- C:\WINDOWS\system32\dllcache\msi.dll
                  2007-11-29 22:37 . 2007-08-16 22:13 694,784 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
                  2007-11-29 22:37 . 2007-05-03 17:16 510,976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
                  2007-11-29 22:26 . 2007-12-12 21:43 <DIR> d--h----- C:\WINDOWS\$hf_mig$
                  2007-11-29 22:24 . 2007-11-29 22:24 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
                  2007-11-29 22:24 . 2007-11-29 22:24 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
                  2007-11-29 22:20 . 2007-11-29 22:20 <DIR> d-------- C:\Program Files\cmak
                  2007-11-29 22:19 . 2007-11-29 22:20 <DIR> d-------- C:\WINDOWS\ServicePackFiles
                  2007-11-29 22:17 . 2007-11-29 22:17 <DIR> d-a------ C:\WINDOWS\PolicyBackup
                  2007-11-29 22:01 . 2007-03-21 06:24 301,568 --a------ C:\WINDOWS\system32\winsrv.dll
                  2007-11-29 22:01 . 2007-03-21 06:24 301,568 --a--c--- C:\WINDOWS\system32\dllcache\winsrv.dll
                  2007-11-28 21:03 . 2006-02-17 04:28 305,152 --a------ C:\WINDOWS\system32\drivers\nvnrm.sys

                  .
                  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  2007-11-29 20:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
                  2007-11-29 20:20 --------- d-----w C:\Program Files\Realtek
                  2007-11-29 20:05 --------- d-----w C:\Program Files\Common Files\InstallShield
                  2007-11-13 09:32 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
                  2007-10-30 05:06 1,279,488 ----a-w C:\WINDOWS\system32\quartz.dll
                  .

                  ((((((((((((((((((((((((((((( snapshot@2007-12-19_18.39.53.79 )))))))))))))))))))))))))))))))))))))))))
                  .
                  - 2007-12-19 17:29:01 66,578 ----a-w C:\WINDOWS\system32\perfc009.dat
                  + 2007-12-20 17:59:03 66,578 ----a-w C:\WINDOWS\system32\perfc009.dat
                  - 2007-12-19 17:29:01 85,162 ----a-w C:\WINDOWS\system32\perfc013.dat
                  + 2007-12-20 17:59:03 85,162 ----a-w C:\WINDOWS\system32\perfc013.dat
                  - 2007-12-19 17:29:01 434,022 ----a-w C:\WINDOWS\system32\perfh009.dat
                  + 2007-12-20 17:59:03 434,022 ----a-w C:\WINDOWS\system32\perfh009.dat
                  - 2007-12-19 17:29:01 500,842 ----a-w C:\WINDOWS\system32\perfh013.dat
                  + 2007-12-20 17:59:03 500,842 ----a-w C:\WINDOWS\system32\perfh013.dat
                  .
                  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  REGEDIT4
                  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-02-17 08:00]
                  "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-02 19:58]
                  "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "RTHDCPL"="RTHDCPL.EXE" [2006-12-19 04:12 C:\WINDOWS\RTHDCPL.exe]
                  "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe]
                  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
                  "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-01 11:48]
                  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

                  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
                  "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2003-04-15 13:00]

                  C:\Documents and Settings\snoesje\Menu Start\Programma's\Opstarten\
                  Microsoft Office Outlook.lnk - C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE [2007-05-31 13:42:14]

                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                  "disablecad"= 0 (0x0)

                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
                  "ShowSuperHidden"= 1 (0x1)

                  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
                  dimsntfy.dll 2007-02-17 08:00 19456 C:\WINDOWS\system32\dimsntfy.dll

                  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
                  "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
                  @="Service"

                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
                  @="Driver"

                  R0 crcdisk;CRC-filterstuurprogramma voor schijf;C:\WINDOWS\system32\DRIVERS\crcdisk.sys [2007-02-17 08:00]
                  R0 DfsDriver;DfsDriver;C:\WINDOWS\system32\drivers\Dfs.sys [2007-02-17 08:00]
                  R2 AeLookupSvc;Application Experience Lookup Service;C:\WINDOWS\system32\svchost.exe -k netsvcs
                  R3 mgau;mgau;C:\WINDOWS\system32\DRIVERS\mgaum.sys [2003-04-14 20:22]
                  R3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery-service;C:\WINDOWS\system32\svchost.exe -k LocalService
                  S3 Dfs;Distributed File System;C:\WINDOWS\system32\Dfssvc.exe [2007-02-17 08:00]
                  S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-01 11:48]
                  S3 NtFrs;File Replication;C:\WINDOWS\system32\ntfrs.exe [2007-02-17 08:51]
                  S3 RSoPProv;Provider van de resulterende verzameling beleidsregels;C:\WINDOWS\system32\RSoPProv.exe [2007-02-17 08:54]
                  S3 sacsvr;Helper voor speciale beheerconsole;C:\WINDOWS\System32\svchost.exe -k netsvcs
                  S3 WLBS;Netwerktaakverdeling;C:\WINDOWS\system32\DRIVERS\wlbs.sys [2007-02-17 08:49]
                  S4 ClusDisk;Schijfstuurprogramma van cluster;C:\WINDOWS\system32\DRIVERS\ClusDisk.sys [2007-02-17 08:00]
                  S4 IsmServ;Intersite Messaging;C:\WINDOWS\System32\ismserv.exe [2007-02-17 08:02]
                  S4 kdc;Kerberos Key Distribution Center;C:\WINDOWS\System32\lsass.exe [2003-04-15 13:00]
                  S4 TrkSvr;Distributed Link Tracking Server;C:\WINDOWS\system32\svchost.exe -k netsvcs
                  S4 Tssdis;Terminal Services-sessiemap;C:\WINDOWS\System32\tssdis.exe [2007-02-17 08:47]

                  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
                  LocalService REG_MULTI_SZ Alerter WebClient LmHosts WinHttpAutoProxySvc W32Time
                  NetworkService REG_MULTI_SZ 6to4 DHCP DnsCache
                  WinErr REG_MULTI_SZ ERsvc
                  tapisrv REG_MULTI_SZ Tapisrv
                  regsvc REG_MULTI_SZ RemoteRegistry
                  swprv REG_MULTI_SZ swprv
                  DcomLaunch REG_MULTI_SZ DcomLaunch

                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
                  AppMgmt
                  AudioSrv
                  Browser
                  CryptSvc
                  DMServer
                  HidServ
                  LanmanServer
                  LanmanWorkstation
                  Messenger
                  Nla
                  NWCWorkstation
                  Sacsvr
                  Schedule
                  Seclogon
                  Themes
                  TrkWks
                  TrkSvr
                  W32Time
                  Wmi
                  WmdmPmSp
                  winmgmt
                  wuauserv
                  BITS
                  ShellHWDetection
                  uploadmgr
                  xmlprov
                  AeLookupSvc
                  helpsvc


                  [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36BBA8D2-CA5C-4847-81CC-4F807DD86C91}]
                  %SystemRoot%\system32\regsvr32.exe /s /n /i:IEUpdateUser urlmon.dll

                  [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6D69F546-C1AF-4049-AE9E-28627B91D3F5}]
                  %SystemRoot%\system32\regsvr32.exe /s /n /i:IEUpdateAdmin urlmon.dll

                  [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}]
                  %SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenAdmin

                  [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}]
                  %SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenUser
                  .
                  Inhoud van de 'Gedeelde Taken' map
                  "2007-12-20 08:35:23 C:\WINDOWS\Tasks\User_Feed_Synchronization-{CB02A61C-E349-428F-AE17-C835B22F1FAE}.job"
                  - C:\WINDOWS\system32\msfeedssync.exe
                  .
                  **************************************************************************

                  catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                  Rootkit scan 2007-12-20 19:05:11
                  Windows 5.2.3790 Service Pack 2 NTFS

                  scannen van verborgen processen ...

                  scannen van verborgen autostart items ...

                  scannen van verborgen bestanden ...

                  Scan succesvol afgerond
                  verborgen bestanden: 0

                  **************************************************************************
                  .
                  Voltooingstijd: 2007-12-20 19:05:53
                  .
                  2007-12-12 20:43:16 --- E O F ---


                  HiJackThis - log :

                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 19:09:50, on 20/12/2007
                  Platform: Windows 2003 SP2 (WinNT 5.02.3790)
                  MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  C:\WINDOWS\system32\brss01a.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\RTHDCPL.EXE
                  C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                  C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                  C:\Program Files\DAEMON Tools\daemon.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\WINDOWS\explorer.exe
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
                  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
                  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
                  O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
                  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                  O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                  O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Lokale service')
                  O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
                  O4 - Startup: DAEMON Tools.lnk = C:\Program Files\DAEMON Tools\daemon.exe
                  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
                  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O15 - ESC Trusted Zone: http://runonce.msn.com
                  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196535279328
                  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
                  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                  O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
                  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
                  O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
                  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

                  --
                  End of file - 5652 bytes
                    • Citaat

                    Comment

                    • #6
                      Ik zie geen verkeerde dingen meer

                      Verwijder de volgende map:
                      C:\Qoobox\

                      Maak dan je prullenbak leeg.

                      Download ATF cleaner (mirror)(gemaakt door Atribune)

                      Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                      Dubbelklik op ATF cleaner om het programma te starten.
                      Op het tabblad "Main", plaats je een vinkje bij Select All.
                      Klik op de knop Empty Selected.

                      Het volgende doen als je ook FireFox als browser hebt:
                      Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                      Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                      (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                      Klik op de knop Empty Selected.

                      Het volgende doen als je ook Opera als browser hebt:
                      Klik op tabblad "Opera", plaats een vinkje bij Select All.
                      Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                      Klik op de knop Empty Selected.
                      Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                      Ga naar Start - Uitvoeren en geef hier het volgende in:
                      Combofix /U
                      Druk daarna op OK.
                      Let op: Er moet een spatie tussen Combofix en /U zitten.

                      Dit zal Combofix deïnstalleren.

                      Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                      Kijk hier hoe je je systeemherstel moet uitschakelen.
                      Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                      Dan denk ik dat het weer OK is
                        • Citaat

                        Comment

                        • #7
                          Het de-installeren van Combofix is niet gelukt. Er staat nog een hele map genaamd 'Combofix' in de root, en ik kan die ook niet zonder slag of stoot verwijderen (files in gebruik).

                          Ook in de lijst van geïnstalleerde software (via control-panel) staat ComboFix er niet in, via die weg lukt het dus zeker niet



                          Safe-mode proberen ??
                            • Citaat

                            Comment

                            • #8
                              Eventueel in safe mode.
                              Download Combofix daarna gewoon nog een keer en laat het een keer draaien.
                              Daarna probeer je uninstall via Combofix /U gewoon nog een keer
                                • Citaat

                                Comment

                                Vorige template Volgende
                                Sorry, you are not authorized to view this page
                                Working...
                                X
                                😀
                                🥰
                                🤢
                                😎
                                😡
                                👍
                                👎