Download: RVAXO.exe

• Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
• Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
  Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
• Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
  
• Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
  Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
• Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
• Post de inhoud van de logfile in je volgende bericht.

Download Combofix naar je Bureaublad.
Dubbelklik op Combofix.exe
Kies voor "Continue" door 1 te typen gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

----------------RVAXO.exe first run-------------

Files found:

C:\WINDOWS\tasks\A4271F669184936E.job
C:\Documents and Settings\Eigenaar.EIGENAAR\err.log
C:\WINDOWS\system32\mcrh.tmp

Uninstallers Rogue scanners:


Folders Found:

C:\WINDOWS\system32\COMPONENTS
C:\Documents and Settings\Eigenaar.EIGENAAR\Application Data\DriveCleaner 2006 Free
C:\Program Files\Common Files\{304E7453-0BB0-2067-0113-06011006002c}
C:\Program Files\Common Files\{404E7453-0BB0-2067-0113-06011006002c}

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------

Files found:

C:\Documents and Settings\Eigenaar.EIGENAAR\Mijn documenten\Mijn ontvangen bestanden\SVkg.zip
Folders Found:

--------------RVAXO.exe finished----------------

ComboFix 07-12-29.3 - Eigenaar 2007-12-29 0:49:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.502 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Eigenaar.EIGENAAR\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\{304E7~1
C:\Program Files\Common Files\{304E7~1\UnInstall.exe
C:\Program Files\Common Files\{404E7~1
C:\WINDOWS\Downloaded Program Files\UDC6M_0001_D19M0709NetInstaller.exe
C:\WINDOWS\system32\qhdbjvsx.ini
C:\WINDOWS\system32\xsvjbdhq.dll

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-29 ))))))))))))))))))))))))))))))
.

2007-12-29 00:46 . 2007-12-29 00:47 <DIR> d-------- C:\RVAXO
2007-12-29 00:45 . 2007-12-29 00:34 579,934 --a------ C:\WINDOWS\system32\RVAXO.bat
2007-12-29 00:45 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2007-12-28 20:24 . 2007-12-29 00:49 <DIR> dr-h----- C:\Documents and Settings\Eigenaar.EIGENAAR\Onlangs geopend
2007-12-25 21:43 . 2007-12-25 21:43 59 --a------ C:\WINDOWS\pp.enc
2007-12-25 21:41 . 2007-12-25 21:41 <DIR> d-------- C:\Microgaming
2007-12-25 21:41 . 2007-12-27 17:03 <DIR> d-------- C:\Documents and Settings\Eigenaar.EIGENAAR\Application Data\Microgaming
2007-12-20 14:22 . 2007-12-20 14:22 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SupportSoft
2007-12-20 14:20 . 2007-12-20 14:20 <DIR> d-------- C:\Program Files\SupportSoft
2007-12-20 14:20 . 2007-12-20 14:20 <DIR> d-------- C:\Program Files\Belgacom
2007-12-20 13:49 . 2007-12-20 13:49 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2007-12-17 06:55 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-17 06:55 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-17 06:55 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-16 20:07 . 2007-12-16 20:07 <DIR> d-------- C:\Documents and Settings\Eigenaar.EIGENAAR\Application Data\Windows Live Writer
2007-12-16 20:02 . 2007-12-28 21:24 <DIR> d-------- C:\Program Files\Windows Live
2007-12-16 20:02 . 2007-12-16 20:06 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-16 20:02 . 2007-12-28 21:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2007-12-11 06:44 . 2007-12-29 00:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-11 06:44 . 2007-12-11 06:44 1,409 --a------ C:\WINDOWS\QTFont.for

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-28 22:02 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-28 22:02 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-28 21:06 --------- d-----w C:\Documents and Settings\Eigenaar.EIGENAAR\Application Data\Xfire
2007-12-28 20:03 --------- d-----w C:\Program Files\Spyware Terminator
2007-12-28 20:03 --------- d-----w C:\Documents and Settings\Eigenaar.EIGENAAR\Application Data\Spyware Terminator
2007-12-28 20:01 --------- d-----w C:\Documents and Settings\Eigenaar.EIGENAAR\Application Data\AVG7
2007-12-28 19:24 --------- d-----w C:\Documents and Settings\Eigenaar.EIGENAAR\Application Data\LimeWire
2007-12-28 19:14 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spyware Terminator
2007-12-20 12:53 --------- d-----w C:\Program Files\Microsoft Works Suite 2006
2007-12-20 09:31 --------- d-s---w C:\Program Files\Xfire
2007-11-28 15:45 --------- d-----w C:\Program Files\EA GAMES
2007-11-25 13:57 --------- d-----w C:\Program Files\DOSBox-0.61
2007-11-21 20:35 --------- d-----w C:\Program Files\TechSmith
2007-11-21 20:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\TechSmith
2007-11-21 20:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 20:43 --------- d-----w C:\Program Files\PKR
2007-11-11 16:10 --------- d-----w C:\Program Files\iTunes
2007-11-11 16:10 --------- d-----w C:\Program Files\iPod
2007-11-11 16:09 --------- d-----w C:\Program Files\QuickTime
2007-11-11 16:04 --------- d-----w C:\Program Files\Safari
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 09:28 --------- d-----w C:\Program Files\Java
2007-10-28 16:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-01-16 16:13 2,114 ----a-w C:\Documents and Settings\Eigenaar.EIGENAAR\Application Data\SAS7_000.DAT
2006-12-06 13:14 12,300 ----a-w C:\Documents and Settings\Eigenaar\Application Data\wklnhst.dat
2006-12-10 10:21 5,224 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-09-12 06:08 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-09-12 06:08 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
2007-09-12 06:08 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 12:29]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2006-11-08 02:22]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 15:25]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 05:57]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-23 17:48]
"CmUCRRun"="C:\WINDOWS\system32\CmUCReye.exe" [2006-07-12 09:26]
"MedionVFD"="C:\Program Files\Medion Info Display\MdionLCM.exe" [2006-01-27 12:00]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-06-28 23:43 C:\WINDOWS\system32\nwiz.exe]
"RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2006-02-09 19:02]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 15:09]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14:20 C:\WINDOWS\RTHDCPL.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 11:08]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2007-09-12 12:42]
"CHotkey"="mHotkey.exe" [2004-12-08 16:57 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2005-11-10 13:41 C:\WINDOWS\CNYHKey.exe]
"Showwnd"="showwnd.exe" [2003-09-18 19:09 C:\WINDOWS\ShowWnd.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe" [2006-06-22 09:34]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 06:17]

C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2005-10-26 23:03:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwil32]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Ralink Wireless Utility.lnk]
backup=C:\WINDOWS\pss\Ralink Wireless Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-09-12 12:42]
R3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;C:\WINDOWS\system32\DRIVERS\cmiucr.SYS [2007-01-05 16:21]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 21:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35f34c7f-6125-11dc-9f93-0040f4e9f9e8}]
\Shell\AutoRun\command - M:\autorun.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Inhoud van de 'Gedeelde Taken' map
"2007-10-03 06:44:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-28 23:46:47 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-04-25 15:45:16 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-29 00:54:28
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2007-12-29 0:54:57
.
2007-12-18 07:48:58 --- E O F ---


Zo

Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
Dit zal alles van RVAXO doen verwijderen.

Download dit bestand: Deljob.exe (mirror)
Plaats het op je bureaublad.
Indien je virusscanner de download van deljob.exe blokkeert,
schakel dan tijdelijk je virusscanner uit of download de zip-versie
deljob.zip en pak deze uit naar je Bureaublad.
Dubbelklik Deljob.exe.
Een logje(logit.txt) zal openen, het bestandje kan je ook terugvinden op je bureaublad.
Post de inhoud van logit.txt in je volgende bericht.

--------------------------------------------------------
No LOP jobs found
--------------------------------------------------------
Files remaining after cleaning

AppleSoftwareUpdate.job
XoftSpySE 2.job
XoftSpySE.job
--------------------------------------------------------
App data folders

De volumenaam van station C is BOOT
Het volumenummer is 404E-7453

Map van C:\Documents and Settings\Eigenaar.EIGENAAR\Application Data

29/12/2007 00:45 <DIR> .
29/12/2007 00:45 <DIR> ..
16/08/2007 13:08 <DIR> BITTOR~1 .BitTornado
27/08/2007 11:07 <DIR> Adobe
27/12/2006 15:18 <DIR> AdobeUM
21/12/2006 14:27 <DIR> Ahead
20/06/2007 12:56 <DIR> APPLEC~1 Apple Computer
29/12/2007 09:47 <DIR> AVG7
16/09/2007 11:57 <DIR> COMMAN~1 Command & Conquer 3 Tiberium Wars Demo
02/01/2007 12:21 <DIR> CYBERL~1 CyberLink
18/07/2007 12:49 <DIR> Google
16/12/2006 10:05 <DIR> Help
10/12/2006 11:05 <DIR> IDENTI~1 Identities
22/12/2006 15:08 <DIR> IGN_DLM
11/05/2007 17:51 <DIR> KETNET~1 KetnetKick
18/04/2007 17:32 <DIR> Lavasoft
05/01/2007 20:10 <DIR> LEADER~1 Leadertech
28/12/2007 20:24 <DIR> LimeWire
14/01/2007 20:39 <DIR> MACROM~1 Macromedia
27/12/2007 17:03 <DIR> MICROG~1 Microgaming
28/12/2007 21:03 <DIR> MICROS~1 Microsoft
13/01/2007 09:14 <DIR> MICROS~2 Microsoft Games
25/07/2007 19:58 <DIR> Moyea
21/03/2007 14:53 <DIR> Mozilla
16/01/2007 06:41 <DIR> Nuance
10/10/2007 12:19 <DIR> Orbit
10/12/2006 12:07 <DIR> PCTOOL~1 PC Tools
10/10/2007 14:18 <DIR> PUBLIS~1 Publish Providers
19/09/2007 13:15 <DIR> SECOND~1 SecondLife
31/05/2007 19:30 <DIR> Skype
15/01/2007 20:23 <DIR> SmartFTP
10/10/2007 14:17 <DIR> Sony
29/04/2007 18:34 <DIR> SPORTS~1 Sports Interactive
29/12/2007 11:00 <DIR> SPYWAR~1 Spyware Terminator
15/12/2006 13:41 <DIR> Sun
10/12/2006 12:08 <DIR> TEAMSP~1 teamspeak2
04/04/2007 12:10 <DIR> TVUNET~1 TVU Networks
03/05/2007 17:43 <DIR> U3
16/12/2007 20:07 <DIR> WINDOW~1 Windows Live Writer
28/12/2007 22:06 <DIR> Xfire
0 bestand(en) 0 bytes
40 map(pen) 22.578.999.296 bytes beschikbaar
De volumenaam van station C is BOOT
Het volumenummer is 404E-7453

Map van C:\Documents and Settings\All Users.WINDOWS\Application Data

20/12/2007 14:22 <DIR> .
20/12/2007 14:22 <DIR> ..
25/08/2007 09:19 <DIR> Adobe
26/07/2007 14:30 <DIR> Apple
10/12/2006 12:16 <DIR> APPLEC~1 Apple Computer
09/02/2007 15:54 <DIR> avg7
02/01/2007 12:21 <DIR> CYBERL~1 CyberLink
24/08/2007 19:36 <DIR> GamesBar
10/12/2006 11:34 <DIR> Google
24/08/2007 12:34 <DIR> Grisoft
16/01/2007 06:42 <DIR> INSTAL~1 InstallShield
02/05/2007 09:04 <DIR> Ipswitch
20/12/2007 13:56 <DIR> MICROS~1 Microsoft
16/01/2007 06:38 <DIR> Nuance
02/03/2007 19:02 <DIR> OKAYGL~1 OKAY GLUE DRAW INTRA
12/09/2007 07:08 <DIR> Skype
10/10/2007 14:05 <DIR> Sony
21/05/2007 16:20 <DIR> SPYBOT~1 Spybot - Search & Destroy
28/12/2007 20:14 <DIR> SPYWAR~1 Spyware Terminator
20/12/2007 14:22 <DIR> SUPPOR~1 SupportSoft
21/11/2007 21:35 <DIR> TECHSM~1 TechSmith
24/08/2007 20:04 <DIR> TEMP
02/09/2007 11:51 <DIR> Trymedia
15/12/2006 18:42 <DIR> WINDOW~1 Windows Genuine Advantage
28/12/2007 21:21 <DIR> WLINST~1 WLInstaller
10/12/2006 11:40 <DIR> X10SET~1 X10 Settings
07/05/2007 18:54 <DIR> Zylom
0 bestand(en) 0 bytes
27 map(pen) 22.578.995.200 bytes beschikbaar
--------------------------------------------------------

Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd

Download de bijlage: CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.
Post ook een nieuw logje van Hijackthis en vertel of je nog problemen ondervindt

ComboFix 07-12-29.3 - Eigenaar 2007-12-29 11:28:57.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.545 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Eigenaar.EIGENAAR\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Eigenaar.EIGENAAR\Bureaublad\cfscript.txt
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.WINDOWS\Application Data\OKAY GLUE DRAW INTRA
C:\Documents and Settings\All Users.WINDOWS\Application Data\OKAY GLUE DRAW INTRA\flap about funk

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-29 ))))))))))))))))))))))))))))))
.

2007-12-28 20:24 . 2007-12-29 11:27 <DIR> dr-h----- C:\Documents and Settings\Eigenaar.EIGENAAR\Onlangs geopend
2007-12-25 21:43 . 2007-12-25 21:43 59 --a------ C:\WINDOWS\pp.enc
2007-12-25 21:41 . 2007-12-25 21:41 <DIR> d-------- C:\Microgaming
2007-12-25 21:41 . 2007-12-27 17:03 <DIR> d-------- C:\Documents and Settings\Eigenaar.EIGENAAR\Application Data\Microgaming
2007-12-20 14:22 . 2007-12-20 14:22 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SupportSoft
2007-12-20 14:20 . 2007-12-20 14:20 <DIR> d-------- C:\Program Files\SupportSoft
2007-12-20 14:20 . 2007-12-20 14:20 <DIR> d-------- C:\Program Files\Belgacom
2007-12-20 13:49 . 2007-12-20 13:49 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2007-12-17 06:55 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-17 06:55 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-17 06:55 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-16 20:07 . 2007-12-16 20:07 <DIR> d-------- C:\Documents and Settings\Eigenaar.EIGENAAR\Application Data\Windows Live Writer
2007-12-16 20:02 . 2007-12-28 21:24 <DIR> d-------- C:\Program Files\Windows Live
2007-12-16 20:02 . 2007-12-16 20:06 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-16 20:02 . 2007-12-28 21:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2007-12-11 06:44 . 2007-12-29 09:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-11 06:44 . 2007-12-11 06:44 1,409 --a------ C:\WINDOWS\QTFont.for

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 10:33 --------- d-----w C:\Documents and Settings\Eigenaar.EIGENAAR\Application Data\Xfire
2007-12-29 10:00 --------- d-----w C:\Documents and Settings\Eigenaar.EIGENAAR\Application Data\Spyware Terminator
2007-12-29 08:47 --------- d-----w C:\Documents and Settings\Eigenaar.EIGENAAR\Application Data\AVG7
2007-12-28 22:02 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-28 22:02 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-28 20:03 --------- d-----w C:\Program Files\Spyware Terminator
2007-12-28 19:24 --------- d-----w C:\Documents and Settings\Eigenaar.EIGENAAR\Application Data\LimeWire
2007-12-28 19:14 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spyware Terminator
2007-12-20 12:53 --------- d-----w C:\Program Files\Microsoft Works Suite 2006
2007-12-20 09:31 --------- d-s---w C:\Program Files\Xfire
2007-11-28 15:45 --------- d-----w C:\Program Files\EA GAMES
2007-11-25 13:57 --------- d-----w C:\Program Files\DOSBox-0.61
2007-11-21 20:35 --------- d-----w C:\Program Files\TechSmith
2007-11-21 20:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\TechSmith
2007-11-21 20:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 20:43 --------- d-----w C:\Program Files\PKR
2007-11-11 16:10 --------- d-----w C:\Program Files\iTunes
2007-11-11 16:10 --------- d-----w C:\Program Files\iPod
2007-11-11 16:09 --------- d-----w C:\Program Files\QuickTime
2007-11-11 16:04 --------- d-----w C:\Program Files\Safari
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 09:28 --------- d-----w C:\Program Files\Java
2007-10-28 16:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-01-16 16:13 2,114 ----a-w C:\Documents and Settings\Eigenaar.EIGENAAR\Application Data\SAS7_000.DAT
2006-12-06 13:14 12,300 ----a-w C:\Documents and Settings\Eigenaar\Application Data\wklnhst.dat
2006-12-10 10:21 5,224 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-09-12 06:08 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-09-12 06:08 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
2007-09-12 06:08 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((( [email protected]_ 0.54.32,51 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-14 14:49:26 59,576 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-29 10:32:06 59,576 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-14 14:49:26 77,832 ----a-w C:\WINDOWS\system32\perfc013.dat
+ 2007-12-29 10:32:06 77,832 ----a-w C:\WINDOWS\system32\perfc013.dat
- 2007-11-14 14:49:26 395,336 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-29 10:32:06 395,336 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-11-14 14:49:26 458,900 ----a-w C:\WINDOWS\system32\perfh013.dat
+ 2007-12-29 10:32:06 458,900 ----a-w C:\WINDOWS\system32\perfh013.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 12:29]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2006-11-08 02:22]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 15:25]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 05:57]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-23 17:48]
"CmUCRRun"="C:\WINDOWS\system32\CmUCReye.exe" [2006-07-12 09:26]
"MedionVFD"="C:\Program Files\Medion Info Display\MdionLCM.exe" [2006-01-27 12:00]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-06-28 23:43 C:\WINDOWS\system32\nwiz.exe]
"RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2006-02-09 19:02]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 15:09]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14:20 C:\WINDOWS\RTHDCPL.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 11:08]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2007-09-12 12:42]
"CHotkey"="mHotkey.exe" [2004-12-08 16:57 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2005-11-10 13:41 C:\WINDOWS\CNYHKey.exe]
"Showwnd"="showwnd.exe" [2003-09-18 19:09 C:\WINDOWS\ShowWnd.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe" [2006-06-22 09:34]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 06:17]

C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2005-10-26 23:03:35]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Ralink Wireless Utility.lnk]
backup=C:\WINDOWS\pss\Ralink Wireless Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-09-12 12:42]
R3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;C:\WINDOWS\system32\DRIVERS\cmiucr.SYS [2007-01-05 16:21]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 21:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35f34c7f-6125-11dc-9f93-0040f4e9f9e8}]
\Shell\AutoRun\command - M:\autorun.exe

.
Inhoud van de 'Gedeelde Taken' map
"2007-10-03 06:44:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-29 08:45:59 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-04-25 15:45:16 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-29 11:33:53
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2007-12-29 11:34:22
C:\ComboFix2.txt ... 2007-12-29 00:54
.
2007-12-18 07:48:58 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:01, on 29/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\Program Files\Medion Info Display\MdionLCM.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Showwnd] showwnd.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [igndlm.exe] "C:\Program Files\IGN\Download Manager\DLM.exe" /windowsstart /startifwork
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.78\AMVConverter\grab.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.78\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165746872044
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://koyensander.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 12672 bytes


En...

Er lijken opt 1ste zich geen nieuwe fouten te komen
dus bedankt.

Graag gedaan hoor

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Ga naar Start - Uitvoeren en geef hier het volgende in:
Combofix /U
Druk daarna op OK.
Let op: Er moet een spatie tussen Combofix en /U zitten.

Dit zal Combofix deïnstalleren.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Dan denk ik dat alles weer OK is

Bedankt

maar men systeemherstel is wel zwaar verneukt blijkbaar:/
nu weet ik niet of dit door het virus komt of niet

als ik klik op 'een eerdere status herstellen..' dan krijg ik geen enkele datum te zien
zelfs als ik 5 sec. eerder een nieuw punt heb aangemaakt

Ik heb daar zo geen verklaring voor.

Kijk het de komende dagen nog even aan of dit probleem zich voor blijft doen, zo ja, meldt het dan maar weer even

Het probleem is er dus nog steeds:/

Probleem met systeemherstel dus

Je zou dit even kunnen proberen:
Download Dial-a-fix-2006 en pak beide bestanden in hun eigen map uit naar je Bureaublad.

• In de map Dial-a-fix-v0.60.0.24, dubbelklik op Dial-a-fix.exe
  In het venster dat opengaat, klik onderaan op het icoontje met het dubbele groene vinkje (check all).
  Klik daarna op "GO" en laat de tool alle instellingen terugzetten.
  Sluit dit venster na afloop door onderaan op "Exit" te klikken.

Meld of dat verbetering geeft.

Neeh, helaas
nog steeds hetzelfde probleem
maar ik zal morgen misschien nog eens laten weten of het dan werkt of niet

Je zou kunnen proberen systeemherstel opnieuw te installeren:

- Doe de CD van Windows XP in de drive.

- Ga naar Start --> Uitvoeren. Kopieer de volgende vetgedrukte regel en plak die in de balk:

rundll32.exe advpack.dll,LaunchINFSection C:\Windows\Inf\sr.inf

- Klik OK.

Volg de (eventuele) aanwijzingen. Systeemherstel wordt nu opnieuw geïnstalleerd, als het goed is.

Dank, ik zal het later uitproberen
even opschrijven

dan zal ik dit topic nu maar op opgelost zetten
het msnvirus is volledig verdwenen