Mededeling

**smeenk** · 19-12-07, 17:24

Download: RVAXO.exe

Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
Post de inhoud van de logfile in je volgende bericht tesamen met een nieuw logje van HijackThis.

**svanmoorsel** · 19-12-07, 20:25

Dit is van RVAXO.
----------------RVAXO.exe first run-------------

Files found:

C:\WINDOWS\tasks\A0C5427F90B6F29B.job
C:\Program Files\Setup.exe
C:\WINDOWS\lnk_dados_2.dll
C:\Documents and Settings\Eigenaar\user.dat
C:\Documents and Settings\Eigenaar\Emails.dat
C:\WINDOWS\Media\LTaskup.exe

Uninstallers Rogue scanners:

Folders Found:

C:\Program Files\RXToolBar

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------

Files found:

Folders Found:

--------------RVAXO.exe finished----------------

En dit van Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 21:24:49, on 19-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\LVComS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis_199[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MISAggregator] C:\PROGRA~1\McAfee\MCAFEE~1\MisAgg.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0C1C6B51-E65D-4D5A-993B-773326D3CCE8} - http://apps2.vol.at/tools/weather/install/install_mayrhofen/setup.cab
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://www.midasplayer.com/midasa.cab
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.pagedive.com/pagedive5811/PageDive5.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game17.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

Ik hoor graag wat nu toe doen!
Alvast bedankt!

Sandra

**smeenk** · 19-12-07, 21:51

Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
Dit zal alles van RVAXO doen verwijderen.

Download Combofix naar je Bureaublad.
Dubbelklik op Combofix.exe
Kies voor "Continue" door 1 te typen gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

**svanmoorsel** · 20-12-07, 08:26

Dit is mijn log van Combofix.

ComboFix 07-12-20.4 - Eigenaar 2007-12-20 8:53:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.188 [GMT 1:00]Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\tmlpcert2005
F:\Autorun.inf

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-11-20 to 2007-12-20 ))))))))))))))))))))))))))))))
.

2007-12-19 14:51 . 2007-12-19 20:21 <DIR> d-------- C:\Documents and Settings\Eigenaar\.housecall6.6
2007-12-19 12:11 . 2007-12-19 14:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-11 11:27 . 2007-12-11 11:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hema Album Software Advanced

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 08:57 47,437 ----a-w C:\Documents and Settings\Eigenaar\Application Data\mdb.bin
2008-08-27 07:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-08-26 11:34 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-08-26 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-20 07:43 --------- d-----w C:\Program Files\SPAMfighter
2007-12-19 12:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-18 15:58 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\AVG7
2007-12-15 09:42 --------- d-----w C:\Program Files\Zylom Games
2007-12-15 09:42 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Zylom
2007-12-11 10:28 --------- d-----w C:\Program Files\Hema Album Software Advanced
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-09 18:42 --------- d-----w C:\Program Files\Enlight
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 12:16 --------- d-----w C:\Program Files\Belastingdienst
2007-10-29 09:49 --------- d-----w C:\Program Files\Common Files\Ankiro
2007-10-29 09:48 --------- d-----w C:\Program Files\Common Files\Application
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 17:58 --------- d-----w C:\Program Files\Java
2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2002-11-06 09:27 217,088 ------w C:\Program Files\Image.exe
2002-09-03 21:44 124,512 ------w C:\Program Files\Norton.exe
2001-10-25 12:11 3,578,328 ------w C:\Program Files\Setup.1.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 20:45]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 15:44]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 07:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 07:59]
"Mirabilis ICQ"="C:\Program Files\ICQ\NDetect.exe"

"MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [2004-07-25 17:01]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-12-16 21:39]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 09:03 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2001-12-31 17:04 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 09:03 C:\WINDOWS\system32\rundll32.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-05-04 16:21]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-06-15 20:02]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"MISAggregator"="C:\PROGRA~1\McAfee\MCAFEE~1\MisAgg.exe"

"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-08-26 12:34]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-08-26 12:34]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-02-10 14:52:39]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-08-13 13:28:30]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-06 20:45:56]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [2003-08-23 13:36:16]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 18:05:56]
Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-03-10 22:36:45]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\Eigenaar\Menu Start\Programma's\Opstarten\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 23:12 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Access]
rundll32.exe p2esocks_1014.dll,InstantAccess

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2004-10-15 14:19 16384 --a------ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2003-12-16 21:37 188416 --a------ C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Guardian]
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFTray]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe /checktask

R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 15:29]
R3 BT4501D;SpeedTouch 120g Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\BT4501D.sys [2004-05-20 10:01]
S3 s3legacy;s3legacy;C:\WINDOWS\system32\DRIVERS\s3legacy.sys [2001-08-17 20:57]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Inhoud van de 'Gedeelde Taken' map
"2007-12-18 17:29:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 09:00:41
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

**************************************************************************
.
Voltooingstijd: 2007-12-20 9:02:18
.
2007-12-12 17:43:40 --- E O F ---

Hartelijk dank voor uw volgende instructies!

**smeenk** · 20-12-07, 12:38

Download de bijlage: CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.

Bijgevoegde Bestanden

cfscript.txt (711 Bytes, 202 keer bekeken)

**svanmoorsel** · 20-12-07, 15:37

ComboFix 07-12-20.4 - Eigenaar 2007-12-20 16:30:00.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.127 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Eigenaar\Bureaublad\cfscript.txt
* Nieuw herstelpunt werd aangemaakt

FILE
C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup
C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup
C:\WINDOWS\system32\p2esocks_1014.dll
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup
C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-11-20 to 2007-12-20 ))))))))))))))))))))))))))))))
.

2007-12-19 14:51 . 2007-12-19 20:21 <DIR> d-------- C:\Documents and Settings\Eigenaar\.housecall6.6
2007-12-19 12:11 . 2007-12-19 14:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-11 11:27 . 2007-12-11 11:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hema Album Software Advanced

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 08:57 47,437 ----a-w C:\Documents and Settings\Eigenaar\Application Data\mdb.bin
2008-08-27 07:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-08-26 11:34 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-08-26 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-20 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-20 07:43 --------- d-----w C:\Program Files\SPAMfighter
2007-12-18 15:58 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\AVG7
2007-12-15 09:42 --------- d-----w C:\Program Files\Zylom Games
2007-12-15 09:42 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Zylom
2007-12-11 10:28 --------- d-----w C:\Program Files\Hema Album Software Advanced
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-09 18:42 --------- d-----w C:\Program Files\Enlight
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 12:16 --------- d-----w C:\Program Files\Belastingdienst
2007-10-29 09:49 --------- d-----w C:\Program Files\Common Files\Ankiro
2007-10-29 09:48 --------- d-----w C:\Program Files\Common Files\Application
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 17:58 --------- d-----w C:\Program Files\Java
2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2002-11-06 09:27 217,088 ------w C:\Program Files\Image.exe
2002-09-03 21:44 124,512 ------w C:\Program Files\Norton.exe
2001-10-25 12:11 3,578,328 ------w C:\Program Files\Setup.1.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 20:45]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 15:44]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 07:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 07:59]
"Mirabilis ICQ"="C:\Program Files\ICQ\NDetect.exe"

"MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [2004-07-25 17:01]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-12-16 21:39]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 09:03 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2001-12-31 17:04 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 09:03 C:\WINDOWS\system32\rundll32.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-05-04 16:21]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-06-15 20:02]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"MISAggregator"="C:\PROGRA~1\McAfee\MCAFEE~1\MisAgg.exe"

"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-08-26 12:34]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-08-26 12:34]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-02-10 14:52:39]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-08-13 13:28:30]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-06 20:45:56]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [2003-08-23 13:36:16]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 18:05:56]
Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-03-10 22:36:45]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 23:12 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2004-10-15 14:19 16384 --a------ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2003-12-16 21:37 188416 --a------ C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Guardian]
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFTray]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe /checktask

R3 BT4501D;SpeedTouch 120g Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\BT4501D.sys [2004-05-20 10:01]
S3 s3legacy;s3legacy;C:\WINDOWS\system32\DRIVERS\s3legacy.sys [2001-08-17 20:57]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Inhoud van de 'Gedeelde Taken' map
"2007-12-18 17:29:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 16:34:26
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2007-12-20 16:35:44
C:\ComboFix2.txt ... 2007-12-20 09:33
C:\ComboFix3.txt ... 2007-12-20 09:02
.
2007-12-12 17:43:40 --- E O F ---

**smeenk** · 20-12-07, 16:19

Download dit bestand: Deljob.exe (mirror)
Plaats het op je bureaublad.
Indien je virusscanner de download van deljob.exe blokkeert,
schakel dan tijdelijk je virusscanner uit of download de zip-versie
deljob.zip en pak deze uit naar je Bureaublad.
Dubbelklik Deljob.exe.
Een logje(logit.txt) zal openen, het bestandje kan je ook terugvinden op je bureaublad.
Post de inhoud van logit.txt in je volgende bericht.

**svanmoorsel** · 20-12-07, 18:59

--------------------------------------------------------
No LOP jobs found
--------------------------------------------------------
Files remaining after cleaning

AppleSoftwareUpdate.job
--------------------------------------------------------
App data folders

Het volume in station C heeft geen naam.
Het volumenummer is 5895-45C0

Map van C:\Documents and Settings\Eigenaar\Application Data

26-08-2008 12:35 <DIR> .
26-08-2008 12:35 <DIR> ..
17-03-2004 19:26 <DIR> ACDSYS~1 ACD Systems
10-02-2005 14:55 <DIR> Adobe
15-06-2005 20:02 <DIR> APPLEC~1 Apple Computer
18-12-2007 16:58 <DIR> AVG7
28-11-2006 14:34 <DIR> AVG7(2)
30-11-2006 23:13 <DIR> AVG7(4)
14-04-2004 22:21 <DIR> CYBERL~1 CyberLink
01-07-2007 08:21 <DIR> EYEBLA~1 Eyeblaster
15-07-2007 12:03 <DIR> GAIJIN~1 Gaijin Ent
06-01-2006 17:38 <DIR> Google
17-03-2004 19:08 <DIR> Help
28-11-2005 17:34 <DIR> HP
15-12-2007 10:42 <DIR> IDENTI~1 Identities
10-03-2004 22:43 <DIR> INTERT~1 InterTrust
04-12-2006 09:05 <DIR> iWin
17-08-2004 21:34 <DIR> MACROM~1 Macromedia
29-11-2004 22:36 <DIR> McAfee
27-09-2005 17:18 <DIR> MCAFEE~1.COM McAfee.com Personal Firewall
18-01-2006 20:57 <DIR> MICROG~1 Microgaming
22-04-2007 10:02 <DIR> MICROS~1 Microsoft
18-09-2003 20:54 <DIR> MICROS~2 Microsoft Web Folders
04-07-2007 17:19 <DIR> Mozilla
30-06-2004 16:45 <DIR> MSN6
28-07-2007 13:13 <DIR> MYGAME~1 My Games
25-02-2007 13:09 <DIR> PLAYFI~1 PlayFirst
29-11-2004 19:57 <DIR> Skype
16-04-2007 17:39 <DIR> SPAMFI~1 SPAMfighter
30-11-2006 23:08 <DIR> STORED~1 StoreDvdSign
01-06-2006 08:55 <DIR> Sun
27-08-2003 18:23 <DIR> Template
13-10-2005 21:06 <DIR> Wildfire
15-12-2007 10:42 <DIR> Zylom
0 bestand(en) 0 bytes
34 map(pen) 13.625.446.400 bytes beschikbaar
Het volume in station C heeft geen naam.
Het volumenummer is 5895-45C0

Map van C:\Documents and Settings\All Users\Application Data

19-12-2007 12:11 <DIR> .
19-12-2007 12:11 <DIR> ..
17-03-2004 19:14 <DIR> ACDSYS~1 ACD Systems
10-02-2005 14:58 <DIR> Adobe
30-11-2006 23:14 <DIR> APPLEC~1 Apple Computer
27-08-2008 08:42 <DIR> Avg7
30-11-2006 23:14 <DIR> Avg7(2)
30-11-2006 23:13 <DIR> avg7(4)
30-11-2006 23:08 <DIR> BIASBA~1 BIASBASHTESTCORN
13-08-2003 13:24 <DIR> BVRPSO~1 BVRP Software
06-06-2007 20:42 <DIR> Google
20-12-2007 16:27 <DIR> GOOGLE~1 Google Updater
26-08-2008 12:34 <DIR> Grisoft
30-11-2006 23:14 <DIR> GRISOF~1 Grisoft(2)
30-11-2006 23:13 <DIR> GRISOF~3 Grisoft(4)
11-12-2007 11:28 <DIR> HEMAAL~1 Hema Album Software Advanced
23-11-2005 21:33 <DIR> HP
04-12-2006 09:05 <DIR> iWin
19-09-2007 08:31 <DIR> JOLLYB~1 JollyBear
29-11-2004 17:51 <DIR> JUMPTH~1 Jumptheflapproc
08-11-2005 22:00 <DIR> McAfee
16-05-2006 17:52 <DIR> McAfee.com
03-08-2007 11:35 <DIR> MICROS~1 Microsoft
09-08-2007 08:42 <DIR> MICROS~2 Microsoft Help
13-08-2003 15:21 <DIR> MSN6
29-09-2007 08:36 <DIR> MUMBOJ~1 MumboJumbo
10-10-2007 21:10 <DIR> NANNYM~1 NannyMania
25-12-2006 12:24 <DIR> PLAYFI~1 PlayFirst
15-06-2005 20:01 <DIR> QUICKT~1 QuickTime
03-06-2007 10:00 <DIR> SANDLO~1 Sandlot Games
07-10-2004 16:34 <DIR> Skype
23-11-2005 21:32 <DIR> Sonic
19-12-2007 14:07 <DIR> SPYBOT~1 Spybot - Search & Destroy
11-10-2004 14:48 <DIR> Symantec
19-09-2007 12:08 <DIR> TERMIN~1 TERMINAL Studio
24-12-2004 18:01 <DIR> Trymedia
04-08-2006 09:17 <DIR> WINDOW~1 Windows Genuine Advantage
01-07-2007 08:15 <DIR> Zylom
0 bestand(en) 0 bytes
38 map(pen) 13.625.442.304 bytes beschikbaar
--------------------------------------------------------

**smeenk** · 20-12-07, 20:38

Open het bestandje CFscript.txt en verwijder alle text die daar in staat.
Zet de volgende vetgedrukte tekst daar weer in:

Folder::
C:\Documents and Settings\Eigenaar\Application Data\StoreDvdSign
C:\Documents and Settings\All Users\Application Data\BIASBASHTESTCORN
C:\Documents and Settings\All Users\Application Data\Jumptheflapproc
C:\Program Files\StoreDvdSign

Sla de wijzigingen op en sleep CFscript.txt over Combofix.exe zoals je dat eerder deed.
Post het nieuwe logje van Combofix in je volgende bericht

**svanmoorsel** · 21-12-07, 09:18

Hierbij ComboFix! Kom het nog ooit goed....:-(

ComboFix 07-12-20.4 - Eigenaar 2007-12-21 10:08:16.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.173 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Eigenaar\Bureaublad\cfscript.txt
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\BIASBASHTESTCORN
C:\Documents and Settings\All Users\Application Data\BIASBASHTESTCORN\city body online
C:\Documents and Settings\All Users\Application Data\Jumptheflapproc
C:\Documents and Settings\All Users\Application Data\Jumptheflapproc\mags dale cdrom
C:\Documents and Settings\Eigenaar\Application Data\StoreDvdSign
C:\Documents and Settings\Eigenaar\Application Data\StoreDvdSign\2D9EE111
C:\Documents and Settings\Eigenaar\Application Data\StoreDvdSign\D4E88347
C:\Program Files\StoreDvdSign

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-11-21 to 2007-12-21 ))))))))))))))))))))))))))))))
.

2007-12-19 14:51 . 2007-12-19 20:21 <DIR> d-------- C:\Documents and Settings\Eigenaar\.housecall6.6
2007-12-19 12:11 . 2007-12-19 14:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-11 11:27 . 2007-12-11 11:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hema Album Software Advanced

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 08:57 47,437 ----a-w C:\Documents and Settings\Eigenaar\Application Data\mdb.bin
2008-08-27 07:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-08-26 11:34 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-08-26 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-21 08:46 --------- d-----w C:\Program Files\SPAMfighter
2007-12-20 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-18 15:58 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\AVG7
2007-12-15 09:42 --------- d-----w C:\Program Files\Zylom Games
2007-12-15 09:42 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Zylom
2007-12-11 10:28 --------- d-----w C:\Program Files\Hema Album Software Advanced
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-09 18:42 --------- d-----w C:\Program Files\Enlight
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 12:16 --------- d-----w C:\Program Files\Belastingdienst
2007-10-29 09:49 --------- d-----w C:\Program Files\Common Files\Ankiro
2007-10-29 09:48 --------- d-----w C:\Program Files\Common Files\Application
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 17:58 --------- d-----w C:\Program Files\Java
2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2002-11-06 09:27 217,088 ------w C:\Program Files\Image.exe
2002-09-03 21:44 124,512 ------w C:\Program Files\Norton.exe
2001-10-25 12:11 3,578,328 ------w C:\Program Files\Setup.1.exe
.

((((((((((((((((((((((((((((( snapshot@2007-12-20_ 9.00.46,90 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-20 07:46:25 56,448 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-21 08:49:20 56,448 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-20 07:46:26 74,370 ----a-w C:\WINDOWS\system32\perfc013.dat
+ 2007-12-21 08:49:20 74,370 ----a-w C:\WINDOWS\system32\perfc013.dat
- 2007-12-20 07:46:26 387,282 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-21 08:49:20 387,282 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-12-20 07:46:26 451,054 ----a-w C:\WINDOWS\system32\perfh013.dat
+ 2007-12-21 08:49:20 451,054 ----a-w C:\WINDOWS\system32\perfh013.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 20:45]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 15:44]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 07:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 07:59]
"Mirabilis ICQ"="C:\Program Files\ICQ\NDetect.exe"

"MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [2004-07-25 17:01]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-12-16 21:39]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 09:03 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2001-12-31 17:04 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 09:03 C:\WINDOWS\system32\rundll32.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-05-04 16:21]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-06-15 20:02]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"MISAggregator"="C:\PROGRA~1\McAfee\MCAFEE~1\MisAgg.exe"

"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-08-26 12:34]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-08-26 12:34]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-02-10 14:52:39]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-08-13 13:28:30]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-06 20:45:56]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [2003-08-23 13:36:16]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 18:05:56]
Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-03-10 22:36:45]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 23:12 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2004-10-15 14:19 16384 --a------ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2003-12-16 21:37 188416 --a------ C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Guardian]
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFTray]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe /checktask

R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 15:29]
R3 BT4501D;SpeedTouch 120g Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\BT4501D.sys [2004-05-20 10:01]
S3 s3legacy;s3legacy;C:\WINDOWS\system32\DRIVERS\s3legacy.sys [2001-08-17 20:57]

.
Inhoud van de 'Gedeelde Taken' map
"2007-12-18 17:29:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-21 10:13:51
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2007-12-21 10:14:58
C:\ComboFix2.txt ... 2007-12-20 16:35
C:\ComboFix3.txt ... 2007-12-20 09:33
.
2007-12-12 17:43:40 --- E O F ---

**smeenk** · 21-12-07, 09:43

Volgens mij is nu alles bijna goed

Doe deze stappen nog:

Verwijder de volgende map:
C:\Qoobox

Maak dan je prullenbak leeg.

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Ga naar Start - Uitvoeren en geef hier het volgende in:
Combofix /U
Druk daarna op OK.
Let op: Er moet een spatie tussen Combofix en /U zitten.

Dit zal Combofix deïnstalleren.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Als je dan geen problemen meer ondervindt denk ik dat we helemaal klaar zijn

P.s. Alle gedownloade programma's en bijbehorende logjes mag je verwijderen.

**svanmoorsel** · 21-12-07, 10:26

Beste Smeenk,

Hartelijk dank voor alle hulp!

Alvast hele fijne kerstdagen gewenst!

Groetjes,
Sandra

**smeenk** · 21-12-07, 10:51

Graag gedaan hoor Sandra

Mededeling

essa voce precisa VER

essa voce precisa VER

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment