Mededeling

**smeenk** · 23-12-07, 08:10

Start HijackThis nog een keer, kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
O2 - BHO: (no name) - {3156E68C-65C7-45E9-8D0F-A5809B044081} - C:\Program Files\Windows Media Player\meqocaf4444.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: 0 - {DCFD162A-E6B1-4F2F-C6A6-F509685C490D} - C:\Program Files\MSN Gaming Zone\qucavogab.dll
O2 - BHO: (no name) - {FC1C8B9D-F7B2-4BFC-94B0-2C945C0BC031} - C:\Program Files\Windows Media Player\meqocaf83122.dll
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000140.exe 61A847B5BBF72813329B385776F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O20 - Winlogon Notify: fccbabb - C:\WINDOWS\SYSTEM32\fccbabb.dll
Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

Download: RVAXO.exe

Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
Post de inhoud van de logfile in je volgende bericht.

Download Combofix naar je Bureaublad.
Dubbelklik op Combofix.exe
Kies voor "Continue" door 1 te typen gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

**Toine123** · 23-12-07, 15:32

hoi Smeek daar ben ik weer, ik denk dat het een gevaarlijk virus was want combofix heeft zofeel verwijdert, maar hier de log:

RVAXO:
----------------RVAXO.exe first run-------------

Files found:

C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000011_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll
C:\WINDOWS\system32\_000013_.tmp.dll
C:\WINDOWS\system32\mlnmp.ini2
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\b122.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\Setup.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu1000140.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\mrofinu1188.exe.tmp
----------------RVAXO.exe first run-------------

Files found:

C:\WINDOWS\system32\mlnmp.ini2
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu1000140.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\mrofinu1188.exe.tmp
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\winlogo.exe
C:\install.exe
C:\n.bat
C:\winlogon.exe
C:\WINDOWS\system32\7995.bat
C:\z.dat
C:\x.dat

Uninstallers Rogue scanners:

Folders Found:

C:\Program Files\outlook
C:\Program Files\Outerinfo
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\Program Files\Inetget2
C:\Temp\1cb

Hosts-file was reset, If you use a custom hosts file please replace it...

Combofix:
ComboFix 07-12-23.2 - Toine's computer 2007-12-23 16:05:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.703 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Toine's computer\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\NetMon
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\NetMon\log.txt
C:\Program Files\Common Files\fnts~1
C:\Program Files\Common Files\fnts~1\?serinit.exe
C:\Program Files\Common Files\Yazzle1560OinAdmin.exe
C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
C:\Program Files\Windows Media Player\meqocaf4444.dll
C:\Program Files\Windows Media Player\meqocaf83122.dll
C:\WINDOWS\b128.exe
C:\WINDOWS\b151.exe
C:\WINDOWS\crosof~1
C:\WINDOWS\crosof~1\??crosoft\
C:\WINDOWS\crosof~1\javaw .exe
C:\WINDOWS\crosof~1\javaw.exe
C:\WINDOWS\system32\fccbabb.dll
C:\WINDOWS\system32\iifebxy.dll
C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\mlnmp.ini2
C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\qflnoa.dll
C:\WINDOWS\system32\wnsintisv.exe
C:\WINDOWS\system32\wvutuvw.dll
C:\WINDOWS\TTC-4444.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\Fonts\'

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR

(((((((((((((((((((( Bestanden Gemaakt van 2007-11-23 to 2007-12-23 ))))))))))))))))))))))))))))))
.

2007-12-23 16:23 . 2007-12-23 16:23 323,072 --------- C:\WINDOWS\system32\pmnlm.dll
2007-12-23 15:49 . 2007-12-23 15:49 106,189 --a------ C:\RVAXO.reg
2007-12-23 15:47 . 2007-12-23 15:52 <DIR> d-------- C:\RVAXO
2007-12-23 10:38 . 2007-12-23 10:21 560,714 --a------ C:\WINDOWS\system32\RVAXO.bat
2007-12-23 10:38 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2007-12-23 10:38 . 2007-12-13 16:46 7,048 --a------ C:\WINDOWS\system32\fixp.bat
2007-12-23 10:33 . 2007-12-23 15:53 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-22 19:22 . 2007-12-22 19:22 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-22 19:22 . 2007-12-22 19:22 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2007-12-22 19:21 . 2007-12-22 19:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-22 19:13 . 2007-12-23 16:23 326,656 --a------ C:\WINDOWS\system32\pmnlm.exe
2007-12-22 19:09 . 2007-12-23 10:32 <DIR> d--hs---- C:\WINDOWS\VG9pbmUgTGVpZGVsbWVpamVy
2007-12-22 19:09 . 2007-12-22 19:09 <DIR> d-------- C:\WINDOWS\system32\wdr
2007-12-22 19:09 . 2007-12-22 19:49 <DIR> d-------- C:\WINDOWS\system32\rf1
2007-12-22 19:09 . 2007-12-22 19:09 <DIR> d-------- C:\WINDOWS\system32\ey2
2007-12-22 19:09 . 2007-12-22 19:09 <DIR> d-------- C:\WINDOWS\system32\ardCo07
2007-12-22 19:09 . 2007-12-22 19:09 <DIR> d-------- C:\temp\cEeer12
2007-12-22 18:52 . 2007-12-22 18:52 <DIR> d-------- C:\Documents and Settings\Toine's computer\Incomplete
2007-12-22 18:52 . 2007-12-22 19:10 <DIR> d-------- C:\Documents and Settings\Toine's computer\Application Data\LimeWirePlus
2007-12-21 19:30 . 2007-12-22 10:01 24 --a------ C:\WINDOWS\LogonStudio.ini
2007-12-21 19:29 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2007-12-20 19:01 . 2007-12-20 19:01 <DIR> d-------- C:\Program Files\Windows Live
2007-12-20 19:01 . 2003-11-10 20:20 266,240 --a------ C:\WINDOWS\system32\hpdj3600
2007-12-17 19:06 . 2007-12-17 19:06 <DIR> d-------- C:\Program Files\HP
2007-12-17 19:06 . 2007-12-21 17:03 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-12-17 19:06 . 2007-12-17 19:06 <DIR> d-------- C:\Program Files\3600
2007-12-17 18:53 . 2007-12-17 18:58 48,134 --a------ C:\WINDOWS\hpdj3600.hi2
2007-12-17 18:53 . 2007-12-17 18:58 4,629 --a------ C:\WINDOWS\hpdj3600.bu2
2007-12-17 14:03 . 2007-12-17 14:03 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-17 13:57 . 1998-10-09 15:36 327,168 --a------ C:\WINDOWS\IsUn0413.exe
2007-12-16 15:37 . 2007-12-16 15:37 <DIR> dr------- C:\Documents and Settings\Toine's computer\Menu Start
2007-12-16 11:41 . 2003-09-24 09:43 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2007-12-16 11:41 . 2003-09-24 09:43 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2007-12-16 11:41 . 2003-09-24 09:43 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2007-12-16 11:41 . 2003-09-24 09:44 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll
2007-12-16 11:41 . 2003-09-24 09:44 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2007-12-16 11:36 . 2007-12-21 16:58 212,637 --a------ C:\WINDOWS\hpdj3600.hi1
2007-12-16 11:36 . 2007-12-21 16:58 9,402 --a------ C:\WINDOWS\hpdj3600.bu1
2007-12-16 11:35 . 2003-11-10 20:20 266,240 --a------ C:\WINDOWS\system32\hpdj
2007-12-16 11:25 . 2007-12-16 11:25 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-12-16 11:19 . 2007-12-21 17:04 195,074 --a------ C:\WINDOWS\hpdj3600.his
2007-12-16 11:19 . 2007-12-21 17:04 10,541 --a------ C:\WINDOWS\hpdj3600.ini
2007-12-15 10:04 . 2007-12-15 10:04 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2007-12-14 17:09 . 2007-12-23 15:55 <DIR> d---s---- C:\Documents and Settings\Toine's computer\Onlangs geopend
2007-12-14 16:44 . 2007-12-14 16:44 <DIR> d-------- C:\Documents and Settings\Toine's computer\Application Data\Styler
2007-12-14 16:40 . 2007-12-15 10:05 <DIR> d-------- C:\WINDOWS\system32\VITrans
2007-12-14 16:40 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2007-12-14 16:40 . 2007-12-14 16:40 78,942 --a------ C:\WINDOWS\Icon_1.ico
2007-12-14 16:40 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe
2007-12-14 16:40 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2007-12-13 17:37 . 2007-12-14 16:46 <DIR> d-------- C:\Documents and Settings\Toine's computer\Application Data\ViStart
2007-12-13 16:17 . 2007-12-13 17:41 <DIR> d-------- C:\VAIO
2007-12-10 15:20 . 2007-12-10 15:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SwiftSwitch
2007-12-10 15:19 . 2007-12-22 18:52 <DIR> d-------- C:\Games
2007-12-08 17:03 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-08 17:03 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-08 17:03 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-08 12:45 . 2007-12-14 17:13 292 --a------ C:\WINDOWS\system\cmicnfg.ini
2007-12-07 21:38 . 2007-12-16 15:37 <DIR> d-------- C:\Documents and Settings\Toine's computer\Contacts
2007-12-07 21:27 . 2007-12-07 21:27 <DIR> d-------- C:\Documents and Settings\Toine's computer\Application Data\Lavasoft
2007-12-07 21:18 . 2007-12-07 21:21 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-07 21:18 . 2007-12-07 21:18 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2007-12-07 21:15 . 2007-12-07 21:15 232 --ah----- C:\sqmdata19.sqm
2007-12-07 21:15 . 2007-12-07 21:15 232 --ah----- C:\sqmdata18.sqm
2007-12-07 21:15 . 2007-12-07 21:15 232 --ah----- C:\sqmdata17.sqm
2007-12-07 21:15 . 2007-12-07 21:15 232 --ah----- C:\sqmdata16.sqm
2007-12-07 21:15 . 2007-12-07 21:15 232 --ah----- C:\sqmdata15.sqm
2007-12-07 21:15 . 2007-12-07 21:15 232 --ah----- C:\sqmdata14.sqm
2007-12-07 21:15 . 2007-12-07 21:15 232 --ah----- C:\sqmdata13.sqm
2007-12-07 21:06 . 2007-12-07 21:06 244 --ah----- C:\sqmnoopt15.sqm
2007-12-07 21:06 . 2007-12-07 21:06 232 --ah----- C:\sqmdata03.sqm
2007-12-07 20:45 . 2004-08-04 10:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-07 20:44 . 2007-12-07 21:38 268 --ah----- C:\sqmdata01.sqm
2007-12-07 20:44 . 2007-12-07 20:44 244 --ah----- C:\sqmnoopt14.sqm
2007-12-07 20:44 . 2007-12-07 21:38 244 --ah----- C:\sqmnoopt13.sqm
2007-12-07 20:44 . 2007-12-07 20:44 232 --ah----- C:\sqmdata02.sqm
2007-12-07 20:43 . 2006-08-21 10:14 128,896 --a--c--- C:\WINDOWS\system32\dllcache\SETD7.tmp
2007-12-07 20:43 . 2006-08-21 10:14 23,040 --a------ C:\WINDOWS\system32\SETD5.tmp
2007-12-07 20:43 . 2006-08-21 10:14 23,040 --a--c--- C:\WINDOWS\system32\dllcache\SETD8.tmp
2007-12-07 20:43 . 2006-08-21 13:28 16,896 --a------ C:\WINDOWS\system32\SETD6.tmp
2007-12-07 20:43 . 2006-08-21 13:28 16,896 --a--c--- C:\WINDOWS\system32\dllcache\SETD9.tmp
2007-12-07 20:42 . 2007-12-07 21:16 244 --ah----- C:\sqmnoopt12.sqm
2007-12-07 20:42 . 2007-12-07 21:16 232 --ah----- C:\sqmdata00.sqm
2007-12-07 20:19 . 2007-12-07 20:19 <DIR> d-------- C:\Program Files\Java
2007-12-07 20:19 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-07 20:14 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-12-07 20:14 . 2001-08-17 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-12-07 20:13 . 2004-08-04 02:03 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-12-07 20:13 . 2004-08-04 02:03 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2007-12-07 20:13 . 2004-08-04 01:54 701,440 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-07 20:13 . 2004-08-04 02:03 516,768 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-12-07 20:13 . 2004-08-04 02:03 229,376 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-12-07 20:13 . 2004-08-04 02:03 201,728 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-12-07 20:13 . 2004-08-04 01:54 57,856 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-12-07 20:12 . 2004-08-04 02:03 76,288 --a------ C:\WINDOWS\system32\usbui.dll
2007-12-07 20:12 . 2004-08-04 00:07 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS
2007-12-07 20:12 . 2001-08-17 21:13 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2007-12-07 20:12 . 2004-08-04 00:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-12-07 20:09 . 2007-12-07 19:20 <DIR> d--h----- C:\Documents and Settings\Default User.WINDOWS\Sjablonen
2007-12-07 20:09 . 2007-12-07 20:09 <DIR> d--h----- C:\Documents and Settings\Default User.WINDOWS\Onlangs geopend

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-23 09:33 278,541 ----a-w C:\WINDOWS\Fonts\svchost .exe
2007-12-22 09:02 8,502,272 ----a-w C:\WINDOWS\system32\logonuiX.exe
2007-12-16 12:48 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-05 15:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-15 19:46 --------- d-----w C:\Program Files\totalcmd
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 19:55 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-10-31 15:42 --------- d-----w C:\Program Files\Common Files\GraphBoard 2.50
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 14:58 --------- d-----w C:\Program Files\Common Files\Java
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2005-07-29 15:24 472 --sha-r C:\WINDOWS\VG9pbmUgTGVpZGVsbWVpamVy\p36DvAo0n3pDt3pPvqpDuApV.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76CD0D8C-9F12-4931-AEFD-B2FF9486EB5B}]
2007-12-23 16:23 323072 --------- C:\WINDOWS\system32\pmnlm.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-12-23 16:06]
"Tunc"="C:\WINDOWS\CROSOF~1\javaw.exe"

"Ryfmko"="C:\Program Files\Common Files\F?nts\?serinit.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="RunDll32 cmicnfg.cpl"

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-12-23 15:52]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2007-12-23 15:52]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2007-12-23 15:52]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2007-12-23 15:52]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\pmnlm.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\pmnlm

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-23 16:23:56
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

C:\WINDOWS\system32\mlnmp.ini 6516 bytes

Scan succesvol afgerond
verborgen bestanden: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\pmnlm.dll
.
Voltooingstijd: 2007-12-23 16:25:51 - machine was rebooted
.
2007-12-17 13:03:58 --- E O F ---

Hijackthis (doe ik even want ik denk at je dat wel handig vind):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:30:57, on 23-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr .exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd .exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09 .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Toine's computer\Mijn documenten\Hijack THis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F3 - REG:win.ini: load=C:\WINDOWS\system32\pmnlm.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tunc] "C:\WINDOWS\CROSOF~1\javaw.exe" -vt yazb
O4 - HKCU\..\Run: [Ryfmko] "C:\Program Files\Common Files\F?nts\?serinit.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 4613 bytes

tanx Geen pop ups meer en
PC is veel sneller!!

mischien zie je nog fouten

**Toine123** · 23-12-07, 15:39

SMeek nog even een vraagje, ik heb sinds ik ad-aware heb geïstalleerd allemaal vaage bestandjes als ik op C schijf klik, ze zijn ook doorschijnend:

zie hier:

**smeenk** · 23-12-07, 17:35

Download de bijlage: CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.

Bijgevoegde Bestanden

cfscript.txt (710 Bytes, 129 keer bekeken)

**Toine123** · 23-12-07, 17:45

hier het logje, combofix was snel klaar!

ComboFix 07-12-23.2 - Toine's computer 2007-12-23 18:39:01.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.669 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Toine's computer\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Toine's computer\Bureaublad\cfscript.txt
* Nieuw herstelpunt werd aangemaakt

FILE
C:\WINDOWS\Fonts\svchost .exe
C:\WINDOWS\system32\fixp.bat
C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\modifype.exe
C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\pmnlm.exe
C:\WINDOWS\system32\reico.exe
C:\WINDOWS\system32\Uharc.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\rvaxo
C:\rvaxo\install.exe
C:\rvaxo\n.bat
C:\rvaxo\pac.txt
C:\rvaxo\ssodl.reg
C:\rvaxo\sts.reg
C:\rvaxo\winlogo.exe
C:\rvaxo\winlogon.dat
C:\rvaxo\x.dat
C:\rvaxo\z.dat
C:\temp\cEeer12
C:\temp\cEeer12\skAt.log
C:\WINDOWS\Fonts\svchost .exe
C:\WINDOWS\system32\ardCo07
C:\WINDOWS\system32\ardCo07\ardCo071084.exe
C:\WINDOWS\system32\ey2
C:\WINDOWS\system32\ey2\parreo83122.exe
C:\WINDOWS\system32\fixp.bat
C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\mlnmp.ini2
C:\WINDOWS\system32\modifype.exe
C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\pmnlm.exe
C:\WINDOWS\system32\reico.exe
C:\WINDOWS\system32\rf1
C:\WINDOWS\system32\Uharc.exe
C:\WINDOWS\system32\wdr
C:\WINDOWS\system32\wdr\brop22drvr.exe
C:\WINDOWS\VG9pbmUgTGVpZGVsbWVpamVy
C:\WINDOWS\VG9pbmUgTGVpZGVsbWVpamVy\p36DvAo0n3pDt3pPvqpDuApV.vbs

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-11-23 to 2007-12-23 ))))))))))))))))))))))))))))))
.

2007-12-23 15:49 . 2007-12-23 15:49 106,189 --a------ C:\RVAXO.reg
2007-12-23 10:38 . 2007-12-23 10:21 560,714 --a------ C:\WINDOWS\system32\RVAXO.bat
2007-12-23 10:38 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2007-12-23 10:33 . 2007-12-23 15:53 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-22 19:22 . 2007-12-22 19:22 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-22 19:22 . 2007-12-22 19:22 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2007-12-22 19:21 . 2007-12-22 19:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-22 18:52 . 2007-12-22 18:52 <DIR> d-------- C:\Documents and Settings\Toine's computer\Incomplete
2007-12-22 18:52 . 2007-12-23 17:39 <DIR> d-------- C:\Documents and Settings\Toine's computer\Application Data\LimeWirePlus
2007-12-21 19:30 . 2007-12-22 10:01 24 --a------ C:\WINDOWS\LogonStudio.ini
2007-12-21 19:29 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2007-12-20 19:01 . 2007-12-20 19:01 <DIR> d-------- C:\Program Files\Windows Live
2007-12-20 19:01 . 2003-11-10 20:20 266,240 --a------ C:\WINDOWS\system32\hpdj3600
2007-12-17 19:06 . 2007-12-17 19:06 <DIR> d-------- C:\Program Files\HP
2007-12-17 19:06 . 2007-12-21 17:03 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-12-17 19:06 . 2007-12-17 19:06 <DIR> d-------- C:\Program Files\3600
2007-12-17 18:53 . 2007-12-17 18:58 48,134 --a------ C:\WINDOWS\hpdj3600.hi2
2007-12-17 18:53 . 2007-12-17 18:58 4,629 --a------ C:\WINDOWS\hpdj3600.bu2
2007-12-17 14:03 . 2007-12-17 14:03 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-17 13:57 . 1998-10-09 15:36 327,168 --a------ C:\WINDOWS\IsUn0413.exe
2007-12-16 15:37 . 2007-12-16 15:37 <DIR> dr------- C:\Documents and Settings\Toine's computer\Menu Start
2007-12-16 11:41 . 2003-09-24 09:43 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2007-12-16 11:41 . 2003-09-24 09:43 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2007-12-16 11:41 . 2003-09-24 09:43 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2007-12-16 11:41 . 2003-09-24 09:44 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll
2007-12-16 11:41 . 2003-09-24 09:44 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2007-12-16 11:36 . 2007-12-21 16:58 212,637 --a------ C:\WINDOWS\hpdj3600.hi1
2007-12-16 11:36 . 2007-12-21 16:58 9,402 --a------ C:\WINDOWS\hpdj3600.bu1
2007-12-16 11:35 . 2003-11-10 20:20 266,240 --a------ C:\WINDOWS\system32\hpdj
2007-12-16 11:25 . 2007-12-16 11:25 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-12-16 11:19 . 2007-12-21 17:04 195,074 --a------ C:\WINDOWS\hpdj3600.his
2007-12-16 11:19 . 2007-12-21 17:04 10,541 --a------ C:\WINDOWS\hpdj3600.ini
2007-12-15 10:04 . 2007-12-15 10:04 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2007-12-14 17:09 . 2007-12-23 18:37 <DIR> d---s---- C:\Documents and Settings\Toine's computer\Onlangs geopend
2007-12-14 16:44 . 2007-12-14 16:44 <DIR> d-------- C:\Documents and Settings\Toine's computer\Application Data\Styler
2007-12-14 16:40 . 2007-12-15 10:05 <DIR> d-------- C:\WINDOWS\system32\VITrans
2007-12-14 16:40 . 2007-12-14 16:40 78,942 --a------ C:\WINDOWS\Icon_1.ico
2007-12-13 17:37 . 2007-12-14 16:46 <DIR> d-------- C:\Documents and Settings\Toine's computer\Application Data\ViStart
2007-12-13 16:17 . 2007-12-13 17:41 <DIR> d-------- C:\VAIO
2007-12-10 15:20 . 2007-12-10 15:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SwiftSwitch
2007-12-10 15:19 . 2007-12-22 18:52 <DIR> d-------- C:\Games
2007-12-08 17:03 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-08 17:03 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-08 17:03 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-08 12:45 . 2007-12-14 17:13 292 --a------ C:\WINDOWS\system\cmicnfg.ini
2007-12-07 21:38 . 2007-12-16 15:37 <DIR> d-------- C:\Documents and Settings\Toine's computer\Contacts
2007-12-07 21:27 . 2007-12-07 21:27 <DIR> d-------- C:\Documents and Settings\Toine's computer\Application Data\Lavasoft
2007-12-07 21:18 . 2007-12-07 21:21 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-07 21:18 . 2007-12-07 21:18 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2007-12-07 21:15 . 2007-12-07 21:15 232 --ah----- C:\sqmdata19.sqm
2007-12-07 21:15 . 2007-12-07 21:15 232 --ah----- C:\sqmdata18.sqm
2007-12-07 21:15 . 2007-12-07 21:15 232 --ah----- C:\sqmdata17.sqm
2007-12-07 21:15 . 2007-12-07 21:15 232 --ah----- C:\sqmdata16.sqm
2007-12-07 21:15 . 2007-12-07 21:15 232 --ah----- C:\sqmdata15.sqm
2007-12-07 21:15 . 2007-12-07 21:15 232 --ah----- C:\sqmdata14.sqm
2007-12-07 21:15 . 2007-12-07 21:15 232 --ah----- C:\sqmdata13.sqm
2007-12-07 21:06 . 2007-12-07 21:06 244 --ah----- C:\sqmnoopt15.sqm
2007-12-07 21:06 . 2007-12-07 21:06 232 --ah----- C:\sqmdata03.sqm
2007-12-07 20:45 . 2004-08-04 10:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-07 20:44 . 2007-12-07 21:38 268 --ah----- C:\sqmdata01.sqm
2007-12-07 20:44 . 2007-12-07 20:44 244 --ah----- C:\sqmnoopt14.sqm
2007-12-07 20:44 . 2007-12-07 21:38 244 --ah----- C:\sqmnoopt13.sqm
2007-12-07 20:44 . 2007-12-07 20:44 232 --ah----- C:\sqmdata02.sqm
2007-12-07 20:43 . 2006-08-21 10:14 128,896 --a--c--- C:\WINDOWS\system32\dllcache\SETD7.tmp
2007-12-07 20:43 . 2006-08-21 10:14 23,040 --a------ C:\WINDOWS\system32\SETD5.tmp
2007-12-07 20:43 . 2006-08-21 10:14 23,040 --a--c--- C:\WINDOWS\system32\dllcache\SETD8.tmp
2007-12-07 20:43 . 2006-08-21 13:28 16,896 --a------ C:\WINDOWS\system32\SETD6.tmp
2007-12-07 20:43 . 2006-08-21 13:28 16,896 --a--c--- C:\WINDOWS\system32\dllcache\SETD9.tmp
2007-12-07 20:42 . 2007-12-07 21:16 244 --ah----- C:\sqmnoopt12.sqm
2007-12-07 20:42 . 2007-12-07 21:16 232 --ah----- C:\sqmdata00.sqm
2007-12-07 20:19 . 2007-12-07 20:19 <DIR> d-------- C:\Program Files\Java
2007-12-07 20:19 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-07 20:14 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-12-07 20:14 . 2001-08-17 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-12-07 20:13 . 2004-08-04 02:03 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-12-07 20:13 . 2004-08-04 02:03 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2007-12-07 20:13 . 2004-08-04 01:54 701,440 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-07 20:13 . 2004-08-04 02:03 516,768 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-12-07 20:13 . 2004-08-04 02:03 229,376 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-12-07 20:13 . 2004-08-04 02:03 201,728 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-12-07 20:13 . 2004-08-04 01:54 57,856 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-12-07 20:12 . 2004-08-04 02:03 76,288 --a------ C:\WINDOWS\system32\usbui.dll
2007-12-07 20:12 . 2004-08-04 00:07 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS
2007-12-07 20:12 . 2001-08-17 21:13 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2007-12-07 20:12 . 2004-08-04 00:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-12-07 20:09 . 2007-12-07 19:20 <DIR> d--h----- C:\Documents and Settings\Default User.WINDOWS\Sjablonen
2007-12-07 20:09 . 2007-12-07 20:09 <DIR> d--h----- C:\Documents and Settings\Default User.WINDOWS\Onlangs geopend
2007-12-07 20:09 . 2007-12-07 20:09 <DIR> d--h----- C:\Documents and Settings\Default User.WINDOWS\Netwerkprinteromgeving
2007-12-07 20:09 . 2007-12-07 20:09 <DIR> d-------- C:\Documents and Settings\Default User.WINDOWS\Mijn documenten
2007-12-07 20:09 . 2007-12-07 20:09 <DIR> dr------- C:\Documents and Settings\Default User.WINDOWS\Menu Start
2007-12-07 20:09 . 2007-12-07 20:09 <DIR> d-------- C:\Documents and Settings\Default User.WINDOWS\Favorieten
2007-12-07 20:09 . 2007-12-07 20:09 <DIR> d-------- C:\Documents and Settings\Default User.WINDOWS\Bureaublad
2007-12-07 20:09 . 2007-12-07 20:09 <DIR> d--h----- C:\Documents and Settings\All Users.WINDOWS\Sjablonen
2007-12-07 20:09 . 2007-12-14 16:55 <DIR> dr------- C:\Documents and Settings\All Users.WINDOWS\Menu Start
2007-12-07 20:09 . 2007-12-07 20:09 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Favorieten
2007-12-07 20:09 . 2007-12-07 19:22 <DIR> dr------- C:\Documents and Settings\All Users.WINDOWS\Documenten
2007-12-07 20:09 . 2007-12-23 16:40 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Bureaublad
2007-12-07 20:09 . 2004-08-04 00:51 1,896,400 --a--c--- C:\WINDOWS\system32\dllcache\NT5.CAT
2007-12-07 20:08 . 2007-12-07 19:29 623 --a------ C:\WINDOWS\system32\$winnt$.inf
2007-12-07 19:56 . 2007-10-25 17:44 8,507,392 --------- C:\WINDOWS\system32\SET22A.tmp

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-22 09:02 8,502,272 ----a-w C:\WINDOWS\system32\logonuiX.exe
2007-12-16 12:48 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-05 15:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-15 19:46 --------- d-----w C:\Program Files\totalcmd
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 19:55 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-10-31 15:42 --------- d-----w C:\Program Files\Common Files\GraphBoard 2.50
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 14:58 --------- d-----w C:\Program Files\Common Files\Java
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-23_16.24.40.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-23 15:23:28 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09 .exe
+ 2007-12-23 17:42:37 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09 .exe
- 2007-12-23 14:52:55 504,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
+ 2007-12-23 17:39:11 504,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-12-23 18:39]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="RunDll32 cmicnfg.cpl"

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-12-23 15:52]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2007-12-23 18:39]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2007-12-23 15:52]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2007-12-23 15:52]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\\WINDOWS\\system32\\pmnlm

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-23 18:42:51
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2007-12-23 18:43:38 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-23 16:25
.
2007-12-17 13:03:58 --- E O F ---

**smeenk** · 23-12-07, 17:56

Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
Dit zal alles van RVAXO doen verwijderen.

Verwijder de volgende map:
C:\Qoobox

Maak dan je prullenbak leeg.

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Ga naar Start - Uitvoeren en geef hier het volgende in:
Combofix /U
Druk daarna op OK.
Let op: Er moet een spatie tussen Combofix en /U zitten.

Dit zal Combofix deïnstalleren.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Post als laatste nog een nieuw logje van Hijackthis ter controle

**Toine123** · 23-12-07, 18:36

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:33:58, on 23-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr .exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09 .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd .exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Toine's computer\Mijn documenten\Hijack THis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F3 - REG:win.ini: load=C:\WINDOWS\system32\pmnlm.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 4340 bytes

tanx, er zijn geen problemen meer

ik had alvast dezeverwijderingen gedaan:

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

**smeenk** · 23-12-07, 23:11

Graag gedaan hoor

Installeer wel een virusscanner, zonder ben je zo weer besmet.
Update deze virusscanner meteen en laat hem een volledige systeemscan doen.
Laat alles verwijderen dat gevonden wordt

**Toine123** · 24-12-07, 08:45

oke zal ik doen

Mededeling

internet popups

internet popups

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment