Mededeling

Collapse
No announcement yet.

spyware ellende, maar herkenbare ellende

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    spyware ellende, maar herkenbare ellende

    Sinds gisteren wordt de computer geteisterd door een "aanval" van waarschuwingen en zogenaamde oplossingen. McAfee gaf geen krimp! Via VirusAlert (dat alleen via Google een verwijzing gaf) kwam ik herkenbare ellende tegen:
    "Pc geeft aan dat ik geinfecteerd ben met worm.win32.netsky
    daarnaast krijg ik pop-ups in de vorm van ' windows has detected an internet attack attempt....'
    verder krijg ik onder de google toolbar een geel balkje met de tekst:
    warning: possible spyware or adware infection click here to scan your computer for spyware and adware.
    en.... naast diverse popups heb ik een leuke *ahum* nieuwe startpagina van http://ucleaner.com/main.php?wmid=60...o4OQ==&lndid=2 (einde citaat)
    Daarnaast nog te melden dat er spontaan een werkbalk is bijgekomen: The emlkdvo.

    Vervolgens zo goed mogelijk jullie aanwijzingen opgevolgd: (Ad-aware en Spybot hun werk laten doen en nu dus een Hijackthis log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:45:58, on 24-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bieslog.vpro.nl/programma/bieslog/index.jsp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
    O2 - BHO: BDEX System - {C2DE4340-CB68-450F-90CD-9BE1A26739D7} - C:\WINDOWS\domnftwmnf.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: The emlkdvo - {47906C8A-7A72-45A8-AA59-0CEC20BD3B36} - C:\WINDOWS\emlkdvo.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
    O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,95/mcinsctl.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9C461A34-E521-4DB1-8A6F-1DED0BCA2B4A}: NameServer = 195.121.1.34 195.121.1.66
    O18 - Protocol: bw+0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O21 - SSODL: bvtqfvx - {964DAC66-82B7-4355-AF4B-4B39D0FFA737} - C:\WINDOWS\bvtqfvx.dll (file missing)
    O21 - SSODL: alxvdvm - {999DD114-E551-4576-91E3-FE28D5BDC124} - C:\WINDOWS\alxvdvm.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
    O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

    --
    End of file - 24073 bytes
    Labels: Geen
    • Citaat
  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht tesamen met een nieuw logje van HijackThis.
    • Citaat

    Comment

    • #3
      Bedankt voor de zeer snelle reactie!
      Ik heb uitgevoerd zoals je suggereerde. Hierbij het logfile van RVAXO:

      ----------------RVAXO.exe first run-------------

      Files found:

      C:\WINDOWS\domnftwmnf.dll
      C:\WINDOWS\alxvdvm.dll
      C:\WINDOWS\fvkwdrt.exe
      C:\WINDOWS\dat.txt
      C:\WINDOWS\rs.txt
      C:\WINDOWS\search_res.txt
      C:\Documents and Settings\Aniela Olearnik\FAVORI~1\Error Cleaner.url
      C:\Documents and Settings\Aniela Olearnik\FAVORI~1\Privacy Protector.url
      C:\Documents and Settings\Aniela Olearnik\FAVORI~1\Spyware&Malware Protection.url

      Uninstallers Rogue scanners:


      Folders Found:


      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      C:\Documents and Settings\Aniela Olearnik\Mijn documenten\Mijn ontvangen bestanden\BO2-Alternate_Outro.zip
      C:\Documents and Settings\Aniela Olearnik\Mijn documenten\Mijn ontvangen bestanden\Icon_orbit.zip
      C:\Documents and Settings\Aniela Olearnik\Mijn documenten\Mijn ontvangen bestanden\Matrix.zip
      C:\Documents and Settings\Aniela Olearnik\Mijn documenten\Mijn ontvangen bestanden\rm2k105e.zip
      C:\Documents and Settings\Aniela Olearnik\Mijn documenten\Mijn ontvangen bestanden\supaplex.zip
      Folders Found:

      --------------RVAXO.exe finished----------------

      en het logfile van HijackThis:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 0:16:41, on 25-12-2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      c:\program files\common files\mcafee\mna\mcnasvc.exe
      c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      C:\Program Files\McAfee\MPF\MPFSrv.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\SiteAdvisor\6253\SAService.exe
      C:\WINDOWS\system32\svchost.exe
      c:\PROGRA~1\mcafee.com\agent\mcagent.exe
      C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\Dell\Media Experience\PCMService.exe
      C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
      C:\WINDOWS\system32\dla\tfswctrl.exe
      C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\Logitech\Video\LogiTray.exe
      C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
      C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
      C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Logitech\Video\FxSvr2.exe
      C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      C:\Program Files\Outlook Express\msimn.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bieslog.vpro.nl/programma/bieslog/index.jsp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
      O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
      O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
      O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
      O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
      O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
      O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
      O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
      O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
      O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
      O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,95/mcinsctl.cab
      O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
      O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{9C461A34-E521-4DB1-8A6F-1DED0BCA2B4A}: NameServer = 195.121.1.34 195.121.1.66
      O18 - Protocol: bw+0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw+0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: offline-8876480 - {54F63611-98E4-47AB-A066-F082C6F83E72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
      O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
      O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
      O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
      O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

      --
      End of file - 23690 bytes
      • Citaat

      Comment

      • #4
        Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
        Dit zal alles van RVAXO verwijderen.

        Download Combofix naar je Bureaublad.
        Dubbelklik op Combofix.exe
        Kies voor "Continue" door 1 te typen gevolgd door ENTER.
        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
        Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
        Plaats deze log in je volgende post.

        NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

        P.s Het zal waarschijnlijk een dag duren voordat ik weer reageer i.v.m. kerstmis
        • Citaat

        Comment

        • #5
          Bedankt... (en prettige kerstdagen, overigens... Deze hulp wordt bijzonder op prijs gesteld. In plaats van een gestresste kerst met een overspannen computer, worden de problemen opgelost doordat er mensen zijn die totaal onbekenden met hun kennis willen helpen!)

          Moest de computer overigens even opnieuw opstarten omdat ik na de run van ComboFix niet kon internetten. Maar nu dan het ComboFix-log:

          ComboFix 07-12-25.4 - A O 2007-12-25 12:47:12.1 - NTFSx86
          Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.501 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\A O\Bureaublad\ComboFix.exe
          * Nieuw herstelpunt werd aangemaakt
          .

          (((((((((((((((((((( Bestanden Gemaakt van 2007-11-25 to 2007-12-25 ))))))))))))))))))))))))))))))
          .

          2007-12-24 20:45 . 2007-12-24 20:45 <DIR> d-------- C:\Program Files\Trend Micro
          2007-12-24 20:31 . 2007-12-24 20:31 <DIR> d-------- C:\Program Files\Lavasoft
          2007-12-24 20:31 . 2007-12-24 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
          2007-12-24 20:30 . 2007-12-24 20:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
          2007-12-24 19:17 . 2007-12-24 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2007-12-21 10:29 . 2007-12-22 16:07 399 --a------ C:\WINDOWS\EB6.INI
          2007-12-21 10:27 . 2007-12-21 10:31 <DIR> d-------- C:\EB6
          2007-12-04 10:19 . 2007-12-12 14:51 <DIR> d-------- C:\Program Files\HotPotatoes6
          2007-12-03 13:25 . 2007-12-03 16:39 <DIR> d-------- C:\Program Files\Windows Live Safety Center
          2007-12-02 15:18 . 2007-12-04 13:33 <DIR> d-------- C:\Documents and Settings\A O\Application Data\SiteAdvisor

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2007-12-25 11:42 --------- d-----w C:\Documents and Settings\A O\Application Data\Skype
          2007-12-24 18:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
          2007-12-24 09:51 --------- d-----w C:\Program Files\Panasonic
          2007-12-24 08:16 --------- d-----w C:\Program Files\Common Files\Panasonic
          2007-12-23 15:05 --------- d-----w C:\Documents and Settings\A O\Application Data\CoreFTP
          2007-12-23 00:10 --------- d-----w C:\Program Files\Soulseek
          2007-12-18 22:01 --------- d-----w C:\Program Files\SiteAdvisor
          2007-12-07 23:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
          2007-12-03 15:34 --------- d-----w C:\Program Files\McAfee
          2007-12-02 14:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
          2007-12-02 14:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
          2007-11-15 08:20 44,440 ----a-w C:\WINDOWS\SYSTEM32\MtpAccess.dll
          2007-11-15 08:20 102,400 ----a-w C:\WINDOWS\SYSTEM32\ProgHelp.dll
          2007-11-15 07:09 --------- d-----w C:\Program Files\MyFree Codec
          2007-11-15 07:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2007-11-15 07:08 --------- d-----w C:\Documents and Settings\A O\Application Data\InstallShield
          2007-11-15 07:08 --------- d-----w C:\Documents and Settings\A O\Application Data\DataCast
          2007-11-15 07:00 65,024 ----a-w C:\WINDOWS\IFinst26.exe
          2007-11-15 07:00 --------- d-----w C:\Program Files\XviD
          2007-11-15 07:00 --------- d-----w C:\Program Files\Lame MP3 Codec
          2007-11-15 06:58 --------- d-----w C:\Program Files\Samsung
          2007-11-15 06:58 --------- d-----w C:\Program Files\MarkAny
          2007-11-14 07:29 450,560 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
          2007-11-13 14:40 --------- d-----w C:\Program Files\Common Files\McAfee
          2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
          2007-11-11 13:20 --------- d-----w C:\Program Files\Google
          2007-10-30 12:08 --------- d-----w C:\Program Files\Common Files\Adobe
          2007-10-30 10:14 3,086,848 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
          2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
          2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
          2007-10-29 09:10 81,920 ----a-w C:\Documents and Settings\A O\Application Data\ezpinst.exe
          2007-10-29 09:10 47,360 ----a-w C:\Documents and Settings\A O\Application Data\pcouffin.sys
          2007-10-29 09:10 --------- d-----w C:\Documents and Settings\A O\Application Data\Vso
          2007-10-28 09:56 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
          2007-10-28 09:37 --------- d-----w C:\Program Files\dvdSanta
          2007-10-28 00:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX
          2007-10-27 23:36 --------- d-----w C:\Documents and Settings\A O\Application Data\MAGIX
          2007-10-27 18:46 --------- d-----w C:\Program Files\Common Files\MAGIX Shared
          2007-10-27 00:41 --------- d-----w C:\Documents and Settings\A O\Application Data\DivX
          2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
          2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
          2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
          2007-10-11 06:10 96,768 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
          2007-10-11 06:10 669,184 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
          2007-10-11 06:10 619,520 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
          2007-10-11 06:10 55,808 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
          2007-10-11 06:10 532,480 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
          2007-10-11 06:10 474,624 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll
          2007-10-11 06:10 449,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
          2007-10-11 06:10 39,424 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
          2007-10-11 06:10 357,888 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
          2007-10-11 06:10 251,904 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
          2007-10-11 06:10 205,824 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
          2007-10-11 06:10 16,384 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
          2007-10-11 06:10 151,552 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
          2007-10-11 06:10 146,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
          2007-10-11 06:10 1,498,112 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
          2007-10-11 06:10 1,057,280 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
          2007-10-11 06:10 1,024,000 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
          2007-10-10 10:48 18,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
          2007-09-28 16:08 156,992 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
          2007-09-28 16:07 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe
          2007-09-28 16:07 3,596,288 ----a-w C:\WINDOWS\SYSTEM32\qt-dx331.dll
          2007-09-28 16:07 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
          2007-09-28 16:07 129,784 ------w C:\WINDOWS\SYSTEM32\pxafs.dll
          2007-09-28 16:07 120,056 ------w C:\WINDOWS\SYSTEM32\pxcpyi64.exe
          2007-09-28 16:07 118,520 ------w C:\WINDOWS\SYSTEM32\pxinsi64.exe
          2007-09-28 16:07 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
          2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0c.dll
          2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx07.dll
          2007-09-28 16:05 81,920 ----a-w C:\WINDOWS\SYSTEM32\dpl100.dll
          2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\SYSTEM32\divx_xx11.dll
          2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\SYSTEM32\DivX.dll
          2007-09-28 16:05 593,920 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI11.dll
          2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\SYSTEM32\dpv11.dll
          2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI10.dll
          2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\SYSTEM32\dpus11.dll
          2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu11.dll
          2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu10.dll
          2007-09-28 16:05 196,608 ----a-w C:\WINDOWS\SYSTEM32\dtu100.dll
          2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
          2006-01-19 17:56 24,192 ----a-w C:\Documents and Settings\A O\usbsermptxp.sys
          2006-01-19 17:56 22,768 ----a-w C:\Documents and Settings\A O\usbsermpt.sys
          2003-03-21 12:45 250,544 ----a-w C:\Program Files\Common Files\keyhelp.ocx
          2006-11-12 23:57 80 --sh--r C:\WINDOWS\SYSTEM32\DE7B4EA40E.dll
          2007-06-17 09:49 56 --sh--r C:\WINDOWS\SYSTEM32\DE7B4EA40E.sys
          2007-06-17 09:49 848 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
          "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 12:06]
          "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 17:20]
          "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 21:23]
          "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-03 13:21]
          "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\SYSTEM32\RUNDLL32.EXE]
          "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 16:42]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
          "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15]
          "@"=""
          "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 17:54]
          "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 02:05]
          "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01]
          "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]
          "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-06-19 14:52]
          "PE2CKFNT SE"="C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 12:51]
          "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52]
          "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 12:31]
          "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 12:24]
          "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 15:09]
          "InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe" [1998-07-07 15:04]
          "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-07-07 15:20]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
          "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 08:14]
          "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
          "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33]
          "SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 08:23]
          "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 22:57]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
          "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-07-07 15:20]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 18:05:56]
          Photo Express Calendar Checker SE.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe [2005-11-07 14:33:28]

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
          @=""

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
          @=""

          R3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;C:\WINDOWS\system32\drivers\usbscan.sys [2004-08-03 22:58]
          S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
          S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 16:00]

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
          \Shell\AutoRun\command - E:\SETUP.EXE

          *Newly Created Service* - CATCHME
          *Newly Created Service* - PROCEXP90
          .
          Inhoud van de 'Gedeelde Taken' map
          "2007-12-15 11:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
          - c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
          "2007-07-31 23:00:06 C:\WINDOWS\Tasks\McQcTask.job"
          - c:\program files\mcafee\mqc\QcConsol.exe
          .
          **************************************************************************

          catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2007-12-25 12:52:13
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          Voltooingstijd: 2007-12-25 12:52:42
          .
          2007-12-21 13:01:31 --- E O F ---
          • Citaat

          Comment

          • #6
            Download ATF cleaner (mirror)(gemaakt door Atribune)

            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Ga naar Start - Uitvoeren en geef hier het volgende in:
            Combofix /U
            Druk daarna op OK.
            Let op: Er moet een spatie tussen Combofix en /U zitten.

            Dit zal Combofix deïnstalleren.

            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
            Kijk hier hoe je je systeemherstel moet uitschakelen.
            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

            Zijn alle problemen dan voorbij?
            • Citaat

            Comment

            • #7
              Alles is hier weer rustig! Nogmaals bedankt. Groet van Olear003.
              • Citaat

              Comment

              • #8
                Graag gedaan hoor
                • Citaat

                Comment

                Vorige template Volgende
                Sorry, you are not authorized to view this page
                Working...
                X