Mededeling

**smeenk** · 23-12-07, 22:44

Download: RVAXO.exe

Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
Post de inhoud van de logfile in je volgende bericht tesamen met een nieuw logje van HijackThis.

**bilbotolk** · 24-12-07, 15:34

rvaxo uitgevoerd

----------------RVAXO.exe first run-------------

Files found:

C:\WINDOWS\ttvbonvgl.dll
C:\WINDOWS\dat.txt
C:\WINDOWS\binret.exe
C:\WINDOWS\xcvwer.dll

Uninstallers Rogue scanners:

Folders Found:

C:\Program Files\SmartVideoCodec

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------

Files found:

Folders Found:

--------------RVAXO.exe finished----------------

Hjack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38:37, on 24-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\vsnpstd.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Sitecom Wireless LAN\WLANUTL.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nl.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
O3 - Toolbar: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll (file missing)
O3 - Toolbar: &BurstClick bar - {D9FE2473-9F67-4104-AA10-19FBE54E0C1B} - C:\PROGRA~1\BURSTC~1\BURSTC~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Ram Booster] "C:\Program Files\SimonTools\XP-Tuner 2006\RamBooster.exe" -TRAY
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Sitecom Wireless LAN Utility.lnk = ?
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Open all - {F686D588-D23B-458C-B2F4-4AB3EA0B0F85} - C:\PROGRA~1\BURSTC~1\BURSTC~1.DLL (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10255 bytes

In ieder geval al heel erg bedankt voor je moeite

**smeenk** · 24-12-07, 17:36

Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
Dit zal alles van RVAXO doen verwijderen.

Start HijackThis nog een keer, kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
O3 - Toolbar: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

Download Combofix naar je Bureaublad.
Dubbelklik op Combofix.exe
Kies voor "Continue" door 1 te typen gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

**bilbotolk** · 25-12-07, 22:46

ComboFix 07-12-17.1 - René 2007-12-25 23:46:09.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.195 [GMT 1:00]
Gestart vanuit: D:\Documents and Settings\René\Bureaublad\ComboFix.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2007-11-25 to 2007-12-25 ))))))))))))))))))))))))))))))
.

2007-12-24 16:34 . 2007-12-24 16:34 <DIR> d-------- C:\RVAXO
2007-12-18 21:27 . 2007-12-18 21:27 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2007-12-17 21:14 . 2007-12-17 21:14 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-17 19:11 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-17 19:10 . 2007-12-17 19:10 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-17 18:48 . 2007-12-23 10:21 560,714 --a------ C:\WINDOWS\system32\RVAXO.bat
2007-12-17 18:48 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2007-12-17 18:48 . 2007-12-13 16:46 7,048 --a------ C:\WINDOWS\system32\fixp.bat
2007-12-16 15:54 . 2007-12-16 15:54 96 --a------ C:\WINDOWS\wininit.ini
2007-12-16 03:36 . 2007-12-15 16:46 253,952 --------- C:\WINDOWS\hjoqor.dll_tobedeleted
2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 02:33 . 2007-12-04 02:33 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 02:33 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2007-12-04 02:33 . 2007-12-04 02:33 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2007-12-02 10:34 . 2007-12-02 10:34 <DIR> d-------- C:\Program Files\Windows Mobile MDA Touch Handleiding
2007-11-29 23:30 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 23:30 . 2007-11-29 23:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-11-29 23:30 . 2007-11-29 23:30 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-11-29 23:30 . 2007-11-29 23:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-11-29 23:30 . 2007-11-29 23:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-11-29 23:28 . 2007-11-29 23:28 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-11-29 23:28 . 2007-11-29 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-11-29 23:28 . 2007-11-29 23:28 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2007-11-29 23:28 . 2007-11-29 23:28 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2007-11-28 22:55 . 2007-11-28 22:55 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 22:53 . 2007-11-28 22:53 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 22:53 . 2007-11-28 22:53 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2007-11-28 22:53 . 2007-11-28 22:53 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-11-28 22:53 . 2007-11-28 22:53 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-11-28 22:53 . 2007-11-28 22:53 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-11-28 22:53 . 2007-11-28 22:53 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-11-28 22:53 . 2007-11-28 22:53 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 22:52 . 2007-11-28 22:52 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-23 23:48 --------- d-----w C:\Program Files\FTDv3.8
2007-12-17 21:08 --------- d-----w C:\Program Files\Java
2007-12-16 15:22 --------- d-----w C:\Program Files\Hitman Pro
2007-12-16 15:05 --------- d-----w C:\Program Files\Spyware Doctor
2007-12-16 14:59 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-16 13:27 --------- d-----w C:\Program Files\SpywareBlaster
2007-12-10 23:07 --------- d-----w D:\Documents and Settings\René\Application Data\DivX
2007-12-08 00:11 --------- d-----w C:\Program Files\DivX
2007-12-02 09:35 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-17 13:48 --------- d-----w D:\Documents and Settings\René\Application Data\AdobeUM
2007-11-14 07:29 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 15:57 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-11-08 15:57 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-11-08 15:57 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-11-07 17:29 --------- d-----w D:\Documents and Settings\René\Application Data\vlc
2007-11-07 17:26 --------- d-----w C:\Program Files\VideoLAN
2007-11-07 15:34 --------- d-----w C:\Program Files\Diablo II
2007-11-07 12:11 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2007-11-06 17:18 --------- d-----w C:\Program Files\Alcohol Soft
2007-11-06 15:56 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-30 10:14 3,086,848 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-26 21:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-26 19:25 --------- d-----w C:\Program Files\Infogrames
2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-11 06:10 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 06:10 669,184 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 06:10 619,520 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 06:10 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 06:10 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 06:10 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:10 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 06:10 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 06:10 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 06:10 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 06:10 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 06:10 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 06:10 151,552 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:10 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 06:10 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:10 1,057,280 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:10 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 10:48 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-07-11 17:42 59,816 ----a-w D:\Documents and Settings\René\Application Data\GDIPFONTCACHEV1.DAT
2004-10-01 13:00 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot_2007-12-22_ 0.01.12,00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-06-26 14:47:22 851,968 ----a-w C:\WINDOWS\$hf_mig$\KB938127\SP2QFE\vgx.dll
+ 2005-10-12 23:20:05 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB938127\spmsg.dll
+ 2005-10-12 23:20:07 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB938127\spuninst.exe
+ 2005-10-12 23:20:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\spcustom.dll
+ 2005-10-12 23:20:10 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\update.exe
+ 2005-10-12 23:20:16 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\updspapi.dll
+ 2007-11-14 07:26:25 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB942840\SP2QFE\jscript.dll
+ 2007-03-06 01:58:22 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spmsg.dll
+ 2007-03-06 01:58:28 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spuninst.exe
+ 2007-03-06 01:58:21 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\spcustom.dll
+ 2007-03-06 01:58:46 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
+ 2007-03-06 01:59:37 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\updspapi.dll
- 2006-10-23 15:36:03 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-10-11 06:10:13 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
- 2006-10-23 15:36:03 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-10-11 06:10:13 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2006-10-23 15:36:03 1,057,280 ----a-w C:\WINDOWS\system32\danim.dll
+ 2007-10-11 06:10:15 1,057,280 ----a-w C:\WINDOWS\system32\danim.dll
- 2006-09-18 14:16:59 851,968 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-06-26 13:58:08 851,968 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2006-10-23 15:36:03 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-10-11 06:10:15 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2006-10-23 15:36:03 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-10-11 06:10:15 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2006-10-23 15:36:03 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-10-11 06:10:15 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2006-10-23 15:36:03 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-10-11 06:10:15 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2006-10-23 15:36:03 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-10-11 06:10:15 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:41:41 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-11-14 07:29:20 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2006-10-23 15:36:03 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-10-11 06:10:15 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2006-10-23 15:36:04 3,082,240 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-10-30 10:14:15 3,086,848 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2006-10-23 15:36:03 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-10-11 06:10:19 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2006-10-23 15:36:03 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-10-11 06:10:19 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2006-10-23 15:36:03 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-10-11 06:10:20 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2006-10-23 15:36:03 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-10-11 06:10:20 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2006-10-23 15:36:03 1,497,600 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-10-11 06:10:22 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-10-23 15:36:03 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-10-11 06:10:22 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2006-10-23 15:36:03 617,472 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-10-11 06:10:23 619,520 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2006-10-23 15:36:03 667,648 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-10-11 06:10:24 669,184 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D9FE2473-9F67-4104-AA10-19FBE54E0C1B}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}

[HKEY_CLASSES_ROOT\clsid\{d9fe2473-9f67-4104-aa10-19fbe54e0c1b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"Ram Booster"="C:\Program Files\SimonTools\XP-Tuner 2006\RamBooster.exe"

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-30 20:48]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 18:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 19:04 C:\WINDOWS\SOUNDMAN.EXE]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 10:43]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 16:39]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-04-03 17:12]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 19:24]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 15:25]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe" [2006-10-27 14:57]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]

D:\Documents and Settings\Ren‚\Menu Start\Programma's\Opstarten\
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2003-03-17 17:50:26]
Sitecom Wireless LAN Utility.lnk - C:\Program Files\Sitecom Wireless LAN\WLANUTL.exe [2005-10-15 08:39:22]

D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-11-17 19:21:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
"NoRecentDocsHistory"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

R0 NaiFsRec;NaiFsRec;C:\WINDOWS\system32\drivers\NaiFsRec.sys [2001-05-31 04:51]
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2004-07-06 22:45]
R2 AvSynMgr;AVSync Manager;"C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe" [2001-11-26 16:51]
R3 NaiFiltr;NaiFiltr;C:\Program Files\Common Files\Network Associates\McShield\NaiFiltr.sys [2001-11-26 16:51]
R3 TNET1130;Sitecom 802.11g Wireless Adapter;C:\WINDOWS\system32\DRIVERS\wlannds.sys [2003-08-25 08:55]
R3 uscbus;uscbus;C:\WINDOWS\system32\DRIVERS\uscbus.sys [2002-11-07 23:32]
R3 uscscsi;uscscsi;C:\WINDOWS\system32\DRIVERS\uscscsi.sys [2002-11-07 23:17]
S3 idrmkl;idrmkl;D:\DOCUME~1\REN~1\LOCALS~1\Temp\idrmkl.sys

S3 Via4in1;Via4in1;C:\DOCUME~1\Eigenaar\Via4in1.sys

.
Inhoud van de 'Gedeelde Taken' map
"2007-11-22 19:03:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-10-15 23:50:16 C:\WINDOWS\Tasks\Herinnering voor registratie 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2005-10-22 19:05:11 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-12-24 01:07:04 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-25 23:47:23
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Name of App = C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe??|??????????????????B?????magnee??e?e???????B?(??????|p??|????m??|???|???? ????????x?????C???????????????B?????????????????????070204015025156?5?0?2?5?1?5?6??????????????????? P???????????????????????(?????G

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2007-12-25 23:47:52
C:\ComboFix2.txt ... 2007-12-22 00:01
C:\ComboFix3.txt ... 2007-12-17 21:56
.
2007-12-22 03:28:49 --- E O F ---

combofix doet het overigens niet met een actieve anti4us in dit geval Mcaffee. Ik heb het idee dat de problemen zijn opgelost. In ieder geval tot zover al heel erg bedankt.

**smeenk** · 26-12-07, 08:19

Download de bijlage: CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.
Post ook een nieuw logje van Hijackthis

Bijgevoegde Bestanden

cfscript.txt (417 Bytes, 115 keer bekeken)

Mededeling

Allerlei meldingen voor spyware via MSE

Allerlei meldingen voor spyware via MSE

Comment

Comment

Comment

Comment

Comment