Download: RVAXO.exe

• Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
• Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
  Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
• Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
  
• Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
  Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
• Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
• Post de inhoud van de logfile in je volgende bericht tesamen met een nieuw logje van HijackThis.

ok, gedaan, hier de results van RVAXO:

----------------RVAXO.exe first run-------------

Files found:

C:\WINDOWS\windisk.dll
C:\WINDOWS\system32\winsn.exe
C:\WINDOWS\system32\winsos.exe
C:\WINDOWS\trayicons.exe
C:\WINDOWS\system32\shovth.exe
C:\WINDOWS\system32\winter.exe
C:\WINDOWS\system32\proper.exe
C:\WINDOWS\system32\wowfx.dll
C:\WINDOWS\wsystmp_*.exe
C:\Documents and Settings\mattijs1\Application Data\trant.exe
C:\Documents and Settings\mattijs1\Application Data\printer.exe
C:\Documents and Settings\mattijs1\Application Data\antivirus.exe
C:\WINDOWS\shell.exe
C:\WINDOWS\system32\suspend.exe
C:\WINDOWS\svchost.exe
C:\Documents and Settings\mattijs1\Menu Start\PROGRA~1\Opstarten\infos.exe
C:\Documents and Settings\All Users\Menu Start\PROGRA~1\Opstarten\autos.exe

Uninstallers Rogue scanners:


Folders Found:

C:\Program Files\Ultimate Defender
C:\Program Files\Video Add-on
C:\Program Files\Helper

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------

Files found:

C:\Documents and Settings\mattijs1\Application Data\antivirus.exe
Folders Found:

--------------RVAXO.exe finished----------------


en HJT wil niet meer opstarten, hij doet hetzelfde als limewire, hij krijgt een melding:

"In HijackThis.exe is een fout opgetreden en moet worden afgesloten. Onze excuses voor dit ongemak."

en dan kan ik het rapport naar microsoft verzenden. als ik druk op niet verzenden geeft ie deze melding:

---------------------------
Application Error
---------------------------
Exception EInOutError in module HijackThis.exe at 0000B3A8.

File not found.


---------------------------
OK
---------------------------




oja, en ik was nog vergeten te melden dat taakbeheer het niet doet

Download Combofix naar je Bureaublad.
Dubbelklik op Combofix.exe
Kies voor "Continue" door 1 te typen gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

hier is ie:

ComboFix 07-12-31.4 - mattijs1 2008-01-01 12:06:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.210 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\mattijs1\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\.exe
C:\Autorun.inf
C:\Documents and Settings\mattijs1\Application Data\antivirus.exe
C:\Documents and Settings\mattijs1\Application Data\ultra
C:\Documents and Settings\mattijs1\Application Data\ultra\uninstall.bat
C:\Documents and Settings\Olivier & Emma\Menu Start\Programma's\Opstarten\infos.exe
C:\Program Files\eliteprotector
C:\WINDOWS\inf\ultra.inf
C:\WINDOWS\medichi.exe
C:\WINDOWS\medichi2.exe
C:\WINDOWS\murka.dat
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\1043\1043.exe
C:\WINDOWS\system32\G108B.tmp.exe
C:\WINDOWS\system32\G119B.tmp.exe
C:\WINDOWS\system32\G14DE.tmp.exe
C:\WINDOWS\system32\G16AC.tmp.exe
C:\WINDOWS\system32\G1D7.tmp.exe
C:\WINDOWS\system32\G20DB.tmp.exe
C:\WINDOWS\system32\G20F1.tmp.exe
C:\WINDOWS\system32\G26A5.tmp.exe
C:\WINDOWS\system32\G297A.tmp.exe
C:\WINDOWS\system32\G2A87.tmp.exe
C:\WINDOWS\system32\G2D73.tmp.exe
C:\WINDOWS\system32\G3121.tmp.exe
C:\WINDOWS\system32\G312C.tmp.exe
C:\WINDOWS\system32\G332B.tmp.exe
C:\WINDOWS\system32\G342D.tmp.exe
C:\WINDOWS\system32\G36E6.tmp.exe
C:\WINDOWS\system32\G37CA.tmp.exe
C:\WINDOWS\system32\G3A41.tmp.exe
C:\WINDOWS\system32\G3E4.tmp.exe
C:\WINDOWS\system32\G3E93.tmp.exe
C:\WINDOWS\system32\G3F7C.tmp.exe
C:\WINDOWS\system32\G3FB3.tmp.exe
C:\WINDOWS\system32\G4276.tmp.exe
C:\WINDOWS\system32\G4479.tmp.exe
C:\WINDOWS\system32\G4626.tmp.exe
C:\WINDOWS\system32\G469A.tmp.exe
C:\WINDOWS\system32\G47A7.tmp.exe
C:\WINDOWS\system32\G4AAD.tmp.exe
C:\WINDOWS\system32\G4B7F.tmp.exe
C:\WINDOWS\system32\G4EB.tmp.exe
C:\WINDOWS\system32\G502C.tmp.exe
C:\WINDOWS\system32\G5278.tmp.exe
C:\WINDOWS\system32\G560F.tmp.exe
C:\WINDOWS\system32\G5647.tmp.exe
C:\WINDOWS\system32\G59A5.tmp.exe
C:\WINDOWS\system32\G5C56.tmp.exe
C:\WINDOWS\system32\G6054.tmp.exe
C:\WINDOWS\system32\G643B.tmp.exe
C:\WINDOWS\system32\G652C.tmp.exe
C:\WINDOWS\system32\G66D6.tmp.exe
C:\WINDOWS\system32\G67E2.tmp.exe
C:\WINDOWS\system32\G6B63.tmp.exe
C:\WINDOWS\system32\G6C90.tmp.exe
C:\WINDOWS\system32\G6CC.tmp.exe
C:\WINDOWS\system32\G6CF9.tmp.exe
C:\WINDOWS\system32\G6D31.tmp.exe
C:\WINDOWS\system32\G6D52.tmp.exe
C:\WINDOWS\system32\G6D71.tmp.exe
C:\WINDOWS\system32\G6D78.tmp.exe
C:\WINDOWS\system32\G6DA2.tmp.exe
C:\WINDOWS\system32\G6DCA.tmp.exe
C:\WINDOWS\system32\G6E31.tmp.exe
C:\WINDOWS\system32\G6EA3.tmp.exe
C:\WINDOWS\system32\G717E.tmp.exe
C:\WINDOWS\system32\G71BD.tmp.exe
C:\WINDOWS\system32\G74C3.tmp.exe
C:\WINDOWS\system32\G7776.tmp.exe
C:\WINDOWS\system32\G77E2.tmp.exe
C:\WINDOWS\system32\G7A27.tmp.exe
C:\WINDOWS\system32\G7BD3.tmp.exe
C:\WINDOWS\system32\G7F3E.tmp.exe
C:\WINDOWS\system32\G809C.tmp.exe
C:\WINDOWS\system32\G8152.tmp.exe
C:\WINDOWS\system32\G83E9.tmp.exe
C:\WINDOWS\system32\G87F4.tmp.exe
C:\WINDOWS\system32\G88EF.tmp.exe
C:\WINDOWS\system32\G8BF4.tmp.exe
C:\WINDOWS\system32\G8D0E.tmp.exe
C:\WINDOWS\system32\G9387.tmp.exe
C:\WINDOWS\system32\G943B.tmp.exe
C:\WINDOWS\system32\G959C.tmp.exe
C:\WINDOWS\system32\G9756.tmp.exe
C:\WINDOWS\system32\G9A47.tmp.exe
C:\WINDOWS\system32\G9AA0.tmp.exe
C:\WINDOWS\system32\G9AD8.tmp.exe
C:\WINDOWS\system32\G9AF0.tmp.exe
C:\WINDOWS\system32\G9B18.tmp.exe
C:\WINDOWS\system32\G9B3A.tmp.exe
C:\WINDOWS\system32\G9B60.tmp.exe
C:\WINDOWS\system32\G9BB0.tmp.exe
C:\WINDOWS\system32\G9C44.tmp.exe
C:\WINDOWS\system32\G9C64.tmp.exe
C:\WINDOWS\system32\G9D46.tmp.exe
C:\WINDOWS\system32\G9FBB.tmp.exe
C:\WINDOWS\system32\GA0E2.tmp.exe
C:\WINDOWS\system32\GA0FE.tmp.exe
C:\WINDOWS\system32\GA176.tmp.exe
C:\WINDOWS\system32\GA23D.tmp.exe
C:\WINDOWS\system32\GAA80.tmp.exe
C:\WINDOWS\system32\GAB6C.tmp.exe
C:\WINDOWS\system32\GACB0.tmp.exe
C:\WINDOWS\system32\GAEE3.tmp.exe
C:\WINDOWS\system32\GB12F.tmp.exe
C:\WINDOWS\system32\GB3F5.tmp.exe
C:\WINDOWS\system32\GB60B.tmp.exe
C:\WINDOWS\system32\GBA22.tmp.exe
C:\WINDOWS\system32\GBC77.tmp.exe
C:\WINDOWS\system32\GC151.tmp.exe
C:\WINDOWS\system32\GC6D8.tmp.exe
C:\WINDOWS\system32\GC6E1.tmp.exe
C:\WINDOWS\system32\GC774.tmp.exe
C:\WINDOWS\system32\GCEA5.tmp.exe
C:\WINDOWS\system32\GCFBC.tmp.exe
C:\WINDOWS\system32\GD269.tmp.exe
C:\WINDOWS\system32\GD42B.tmp.exe
C:\WINDOWS\system32\GD46B.tmp.exe
C:\WINDOWS\system32\GD6D.tmp.exe
C:\WINDOWS\system32\GD851.tmp.exe
C:\WINDOWS\system32\GD97.tmp.exe
C:\WINDOWS\system32\GDFD0.tmp.exe
C:\WINDOWS\system32\GE1CE.tmp.exe
C:\WINDOWS\system32\GE568.tmp.exe
C:\WINDOWS\system32\GE852.tmp.exe
C:\WINDOWS\system32\GEEC2.tmp.exe
C:\WINDOWS\system32\GF11A.tmp.exe
C:\WINDOWS\system32\GF624.tmp.exe
C:\WINDOWS\system32\GFB0B.tmp.exe
C:\WINDOWS\system32\GFE7B.tmp.exe
C:\WINDOWS\system32\mcrupdate.exe
C:\WINDOWS\system32\restore\restore.exe
C:\WINDOWS\system32\shovth.exe
C:\WINDOWS\system32\system32.exe
C:\WINDOWS\system32\winsn.exe
C:\WINDOWS\system32\winsos.exe
C:\WINDOWS\windows.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MSUPDATE
-------\Driver
-------\msupdate
-------\nm


(((((((((((((((((((( Bestanden Gemaakt van 2007-12-01 to 2008-01-01 ))))))))))))))))))))))))))))))
.

2008-01-01 12:05 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 11:05 . 2008-01-01 11:06 <DIR> d-------- C:\RVAXO
2008-01-01 11:01 . 2007-12-30 23:22 580,216 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-01-01 11:01 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2007-12-31 19:03 . 2007-12-31 19:03 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-30 20:00 . 2007-12-30 20:00 24,576 --a------ C:\WINDOWS\spend.exe
2007-12-30 20:00 . 2007-12-30 20:00 16,384 --a------ C:\WINDOWS\system32\users32.dat
2007-12-30 13:30 . 2005-05-04 19:12 150,576 --a------ C:\Documents and Settings\mattijs1\Application Data\spyguard.exe
2007-12-29 09:28 . 2007-12-30 15:34 16,384 --a------ C:\WINDOWS\system32\userv32.dat
2007-12-26 18:01 . 2007-12-18 18:01 89,088 ---h----- C:\Documents and Settings\Olivier & Emma\Olivier & Emma.exe
2007-12-26 11:06 . 2007-12-26 11:06 <DIR> d-------- C:\Documents and Settings\Olivier & Emma\Application Data\Ahead
2007-12-23 14:41 . 2007-12-18 18:01 89,088 ---h----- C:\WINDOWS\system32\drivers\drivers.exe
2007-12-23 14:41 . 2007-12-18 18:01 89,088 ---h----- C:\WINDOWS\system32\config\systemprofile\systemprofile.exe
2007-12-18 18:01 . 2007-12-18 18:01 89,088 ---hs---- C:\5CEB1017.exe
2007-12-13 17:15 . 2007-12-23 10:41 <DIR> d-------- C:\Program Files\AquariaDemo
2007-12-10 19:40 . 2004-08-03 22:58 5,376 --a------ C:\WINDOWS\system32\MSPCLOCK.sys
2007-12-10 19:26 . 2007-12-10 19:26 <DIR> d-------- C:\Drivers
2007-12-10 19:26 . 2006-10-30 13:46 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys
2007-12-10 19:26 . 2006-10-30 13:46 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys
2007-12-10 19:26 . 2006-10-30 13:46 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
2007-12-10 19:26 . 2006-10-30 13:46 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys
2007-12-10 19:26 . 2006-10-30 13:46 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys
2007-12-10 19:26 . 2006-10-30 13:46 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2007-12-10 17:45 . 2006-11-15 11:29 1,712,128 --a------ C:\WINDOWS\system32\GDIPLUS.DLL
2007-12-10 17:37 . 2007-01-04 10:07 171,520 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
2007-12-10 17:33 . 2007-12-10 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2007-12-10 07:46 . 2007-12-10 07:46 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2007-12-10 07:46 . 2007-12-10 07:46 22,328 --a------ C:\Documents and Settings\mattijs1\Application Data\PnkBstrK.sys
2007-12-10 07:45 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-12-10 07:45 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-12-10 07:45 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-12-09 18:29 . 2007-12-09 18:29 <DIR> d-------- C:\Program Files\LIUtilities
2007-12-09 18:26 . 2007-12-31 14:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-07 10:34 . 2007-12-07 10:34 196,608 --a------ C:\WINDOWS\system32\AcroIEHelper.dll
2007-12-03 22:44 . 2007-12-03 22:44 2,852 --a------ C:\WINDOWS\system32\AcroIEHelper.xml

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 10:08 --------- d-----w C:\Documents and Settings\mattijs1\Application Data\Skype
2007-12-30 19:00 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2007-12-29 13:03 --------- d-----w C:\Program Files\LimeWire
2007-12-23 13:20 --------- d-----w C:\Program Files\XviD
2007-12-23 12:37 --------- d-----w C:\Program Files\WarRock
2007-12-23 12:37 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-12-23 12:37 --------- d-----w C:\Program Files\Support Tools
2007-12-23 12:37 --------- d-----w C:\Program Files\SmartFTP Client 2.0 Setup Files
2007-12-23 12:37 --------- d-----w C:\Program Files\SmartFTP Client 2.0
2007-12-23 12:34 --------- d-----w C:\Program Files\QuickTime
2007-12-23 11:49 --------- d-----w C:\Program Files\Macromedia
2007-12-23 11:49 --------- d-----w C:\Program Files\Launch Manager
2007-12-23 11:26 --------- d-----w C:\Program Files\Insaniquarium Deluxe
2007-12-23 11:14 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-23 11:11 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-12-23 10:00 --------- d-----w C:\Program Files\Bonjour
2007-12-23 10:00 --------- d-----w C:\Program Files\BitComet
2007-12-18 17:01 89,088 ---h--w C:\WINDOWS\Help\Help.exe
2007-12-18 17:01 89,088 ---h--w C:\WINDOWS\AppPatch\AppPatch.exe
2007-12-12 06:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-10 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-10 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-12-10 13:52 --------- d-----w C:\Documents and Settings\mattijs1\Application Data\uTorrent
2007-12-10 05:41 --------- d-----w C:\Program Files\Electronic Arts
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-28 15:56 --------- d-----w C:\Documents and Settings\mattijs1\Application Data\Microsoft Games
2007-11-28 06:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Games
2007-11-24 19:37 --------- d-----w C:\Program Files\Alcohol Soft
2007-11-24 19:29 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-23 14:28 --------- d-----w C:\Program Files\asoftech
2007-11-23 13:53 --------- d-----w C:\Program Files\Citrix
2007-11-23 13:53 --------- d-----w C:\Documents and Settings\mattijs1\Application Data\ICAClient
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 21:30 --------- d-----w C:\Program Files\Windows Live
2007-11-10 21:28 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-10 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2002-07-26 16:02 153,088 -c--a-w C:\Program Files\UNWISE.EXE
2007-07-11 10:01 56 --sh--r C:\WINDOWS\system32\9540134103.sys
2007-07-11 10:01 1,994 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3CFA533-7680-4943-A863-B8216390E847}]
2007-12-07 10:34 196608 --a------ C:\WINDOWS\system32\AcroIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-08-21 16:37 20053032]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-12-18 21:09 5724184]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 10:12 139264]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:27 219520]
"LaunchList"="D:\Video\Pinnacle\LaunchList2.exe" [ ]
"inetsrv"="C:\WINDOWS\inetsrv.exe" [2006-12-08 22:16 11776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-11-08 09:19 81920]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 15:25 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 15:24 688218]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 16:23 15961088 C:\WINDOWS\RTHDCPL.exe]
"preload"="C:\Windows\RUNXMLPL.exe" [2004-04-20 15:49 40960]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 14:02 94208]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:00 455168]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 18:59 147456]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 04:00 59392]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 09:45 241664]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-11-08 09:45 69632]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 12:36 32768]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 04:00 208952]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 17:00 397312]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 14:50 69632]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 13:28 20480]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 13:43 45056]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 15:45 2462208]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2004-04-06 19:05 61440]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2004-04-23 11:00 192512]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 16:53 856064]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-22 11:59 282624]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 14:37 40960]
"Sony Ericsson PC Suite"="D:\Mobiel\PC-Suite\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744]
"sis32"="C:\WINDOWS\system32\winsos.exe" [2008-01-01 12:21 28929]
"winroot"="C:\WINDOWS\system32\winsn.exe" [2007-12-18 18:01 89088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Acrobat Snelle start.lnk - C:\WINDOWS\Installer\{AC76BA86-1030-D700-7760-100000000002}\SC_Acrobat.exe [2006-12-29 15:49:15]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-29 13:54:01]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-29 13:54:01]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
BlueSoleil VoIP Plugin.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe [2006-02-17 14:13:56]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-04-28 11:45:56]
TrayMin300.exe.lnk - C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe [2007-09-01 16:53:17]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 10:27]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 17:20]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 13:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 15:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 14:57]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 14:34]
R3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 17:29]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys
S3 SI15CI;SI15CI;c:\elements\1stboot\SI15CI.SYS
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2006-10-30 13:46]

.
Inhoud van de 'Gedeelde Taken' map
"2008-01-01 07:15:00 C:\WINDOWS\Tasks\AutoMe_auto standby.job"
- C:\Program Files\asoftech\AutoMe\am.exe
"2007-12-31 23:49:36 C:\WINDOWS\Tasks\AutoMe_darkthrone recruiter.job"
- C:\Program Files\asoftech\AutoMe\am.exe
"2008-01-01 11:18:07 C:\WINDOWS\Tasks\AutoMe_draadloos netwerk uit.job"
- C:\Program Files\asoftech\AutoMe\am.exe
"2008-01-01 11:18:25 C:\WINDOWS\Tasks\AutoMe_Standaard zaken.job"
- C:\Program Files\asoftech\AutoMe\am.exe
"2008-01-01 11:18:07 C:\WINDOWS\Tasks\AutoMe_travian login.job"
- C:\Program Files\asoftech\AutoMe\am.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 12:18:49
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

C:\WINDOWS\system32\winsn.exe 89088 bytes executable
C:\WINDOWS\system32\winsos.exe 28929 bytes executable
C:\WINDOWS\system32\shovth.exe 89088 bytes executable

Scan succesvol afgerond
verborgen bestanden: 3

**************************************************************************
.
Voltooingstijd: 2008-01-01 12:28:43 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-01 11:28:38
.
2007-12-12 06:58:16 --- E O F ---

Verwijder eerst deze map:

C:\[b]C:\Combofix

Maak dan je prullenbak leeg.

Ga naar Start - Uitvoeren en geef hier het volgende in:
Combofix /U
Druk daarna op OK.
Let op: Er moet een spatie tussen Combofix en /U zitten.

Dit zal Combofix deïnstalleren.

Doe daarna dit maar eens:
Download Dr.Web CureIt en sla het op je bureaublad op.

• Dubbelklik drweb-cureit.exe en sta het toe om te express scan te starten.
  Indien er een popup verschijnt met het voorstel tot kopen/50% korting mag je deze sluiten.
• De express scan zal de bestanden scannen die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt klik op 'alles selecteren' kies nu voor 'repareren' en uit het kleine menutje dat verschijnt kies je 'verplaatsen'.
• Kies bovenaan in het menu voor Language/Taal en wijzig deze naar Dutch (Nederlands) indien deze bij jou anders staat ingesteld.
• Druk op F9, kies daarna voor het tabblad Acties en stel daar het volgende in onder Malware:
  • Adware: Verplaats
  • Dialers: Verplaats
  • Jokes: Rapportage
  • Riskware: Rapportage
  • Hacktools: Verplaats
  • Haal dan het vinkje weg bij 'Prompt bij actie'.
• Kies daarna voor het tabblad Scan en verwijder het vinkje bij Heuristische analyse.
  Druk vervolgens op Toepassen gevolgd door OK.
• Eenmaal als de korte scan is beëindigd vink je aan: Volledige scan.
  Druk daarna op het groene pijltje (start knop) om de scan te starten.
• Gevonden bestanden worden naar '%USERPROFILE%\DocterWeb\Quarantine' -map verplaatst indien het herstellen niet mogelijk is.
• Nadat de scan gedaan is ga dan naar Bestand en kies Rapportage lijst opslaan.
  Bewaar deze op je bureaublad en sluit daarna Dr.Web CureIt.
• Herstart vervolgens de computer!! Dit is een belangrijke stap want het kan zijn dat Dr.Web CureIt bestanden zal verplaatsen/verwijderen tijdens herstart.
• Na het herstarten, kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

Download daarna Combofix opnieuw en maak daarmee een nieuw logje.
Post dit logje in je volgende bericht

oké, een paar probleempjes:
als ik c:\combofix probeer te verwijderen geeft hij de melding dat het door iemand anders of door een ander programma in gebruik is, en het niet kan verwijderen. Die map is trouwens leeg. en wanneer ik Dr.web probeer te dlen geeft firefox deze melding:

"Waarschuwing

550 failed to change directory."


??

Verwijder deze map:
C:\Qoobox

Maak daarna je prullenbak leeg.

Ga naar Start - Uitvoeren en geef hier het volgende in:
Combofix /U
Druk op OK.

Herstart je PC en probeer Dr.Web opnieuw

oké, nu deed hij het wel.
het logje van dr. web:

=============================================================================
Dr.Web® Scanner voor Windows v4.44.2 (4.44.2.11261)
© Igor Daniloff, 1992-2007. All rights reserved.
Log gegenereerd op: 2008-01-03, 20:30:34 [MATTIJS-LAPTOP][mattijs1]
Command-lijn: "C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\setup.exe" /lng:nl-cureit.dwl /ini:setup_XP.ini
Besturingssysteem:Windows XP Home Edition x86 (Build 2600), Service Pack 2
=============================================================================
DwShield gestart
Engine versie: 4.44 (4.44.0.09170)
Engine API versie: 2.02
[Virus base] C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\crwtoday.cdb - 245 virus lijst
[Virus base] C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\crw44420.cdb - 1306 virus lijst
[Virus base] C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\crw44419.cdb - 1234 virus lijst
[Virus base] C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\crw44418.cdb - 1238 virus lijst
[Virus base] C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\crw44417.cdb - 4406 virus lijst
[Virus base] C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\crw44416.cdb - 7847 virus lijst
[Virus base] C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\crw44415.cdb - 6014 virus lijst
[Virus base] C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\crw44414.cdb - 804 virus lijst
[Virus base] C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\crw44413.cdb - 5020 virus lijst
[Virus base] C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\crw44412.cdb - 1565 virus lijst
[Virus base] C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\crw44411.cdb - 1582 virus lijst
[Virus base] C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\crw44410.cdb - 1131 virus lijst
[Virus base] C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\crw44409.cdb - 2303 virus lijst
[Virus base] C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\crw44408.cdb - 3904 virus lijst
[Virus base] C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\crw44407.cdb - 2456 virus lijst
[Virus base] C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\crw44406.cdb - 4411 virus lijst
[Virus base] C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\crw44405.cdb - 1311 virus lijst
[Virus base] C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\crw44404.cdb - 2486 virus lijst
[Virus base] C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\crw44403.cdb - 4462 virus lijst
[Virus base] C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\crw44402.cdb - 94 virus lijst
[Virus base] C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\crw44401.cdb - 557 virus lijst
[Virus base] C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\crw44400.cdb - 945 virus lijst
[Virus base] C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\crwebase.cdb - 209466 virus lijst
[Virus base] C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\cwrtoday.cdb - 199 virus lijst
[Virus base] C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\cwntoday.cdb - 572 virus lijst
[Virus base] C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\cwn44401.cdb - 698 virus lijst
[Virus base] C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\crwrisky.cdb - 2747 virus lijst
[Virus base] C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\crwnasty.cdb - 13534 virus lijst
Totaal aantal virus definities: 282537
C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\setup.exe gepakt door BINARYRES
Sleutel bestand: C:\DOCUME~1\mattijs1\LOCALS~1\Temp\RarSFX1\setup.key
Licentie sleutel nummer: 0010092936
Geregistreerd aan: Dr.Web CureIt Project
Licentie sleutel activatie: 2007-02-05
Licentie sleutel verloopt: 2010-02-11



en het logje van comboFix:


ComboFix 08-01-03.4 - mattijs1 2008-01-03 20:40:42.2 - NTFSx86
Gestart vanuit: C:\Documents and Settings\mattijs1\Bureaublad\ComboFix.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\1043\1043.exe
C:\WINDOWS\system32\GAA05.tmp.exe
C:\WINDOWS\system32\restore\restore.exe
C:\WINDOWS\system32\system32.exe
C:\WINDOWS\windows.exe
D:\Autorun.inf

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-12-03 to 2008-01-03 ))))))))))))))))))))))))))))))
.

2008-01-03 20:37 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 18:00 . 2008-01-03 18:00 <DIR> d-------- C:\Documents and Settings\mattijs1\DoctorWeb
2008-01-01 12:30 . 2007-12-18 18:01 89,088 ---h----- C:\Documents and Settings\All Users\All Users.exe
2008-01-01 11:05 . 2008-01-01 16:54 <DIR> d-------- C:\RVAXO
2008-01-01 11:01 . 2007-12-30 23:22 580,216 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-01-01 11:01 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2007-12-31 19:03 . 2007-12-31 19:03 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-30 20:00 . 2007-12-30 20:00 24,576 --a------ C:\WINDOWS\spend.exe
2007-12-30 20:00 . 2007-12-30 20:00 16,384 --a------ C:\WINDOWS\system32\users32.dat
2007-12-30 13:30 . 2005-05-04 19:12 150,576 --a------ C:\Documents and Settings\mattijs1\Application Data\spyguard.exe
2007-12-29 09:28 . 2007-12-30 15:34 16,384 --a------ C:\WINDOWS\system32\userv32.dat
2007-12-26 18:01 . 2007-12-18 18:01 89,088 ---h----- C:\Documents and Settings\Olivier & Emma\Olivier & Emma.exe
2007-12-26 11:06 . 2007-12-26 11:06 <DIR> d-------- C:\Documents and Settings\Olivier & Emma\Application Data\Ahead
2007-12-23 14:41 . 2007-12-18 18:01 89,088 ---h----- C:\WINDOWS\system32\drivers\drivers.exe
2007-12-23 14:41 . 2007-12-18 18:01 89,088 ---h----- C:\WINDOWS\system32\config\systemprofile\systemprofile.exe
2007-12-13 17:15 . 2007-12-23 10:41 <DIR> d-------- C:\Program Files\AquariaDemo
2007-12-10 19:40 . 2004-08-03 22:58 5,376 --a------ C:\WINDOWS\system32\MSPCLOCK.sys
2007-12-10 19:26 . 2007-12-10 19:26 <DIR> d-------- C:\Drivers
2007-12-10 19:26 . 2006-10-30 13:46 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys
2007-12-10 19:26 . 2006-10-30 13:46 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys
2007-12-10 19:26 . 2006-10-30 13:46 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
2007-12-10 19:26 . 2006-10-30 13:46 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys
2007-12-10 19:26 . 2006-10-30 13:46 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys
2007-12-10 19:26 . 2006-10-30 13:46 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2007-12-10 17:45 . 2006-11-15 11:29 1,712,128 --a------ C:\WINDOWS\system32\GDIPLUS.DLL
2007-12-10 17:37 . 2007-01-04 10:07 171,520 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
2007-12-10 17:33 . 2007-12-10 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2007-12-10 07:46 . 2007-12-10 07:46 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2007-12-10 07:46 . 2007-12-10 07:46 22,328 --a------ C:\Documents and Settings\mattijs1\Application Data\PnkBstrK.sys
2007-12-10 07:45 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-12-10 07:45 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-12-10 07:45 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-12-09 18:29 . 2007-12-09 18:29 <DIR> d-------- C:\Program Files\LIUtilities
2007-12-09 18:26 . 2007-12-31 14:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-07 10:34 . 2007-12-07 10:34 196,608 --a------ C:\WINDOWS\system32\AcroIEHelper.dll
2007-12-03 22:44 . 2007-12-03 22:44 2,852 --a------ C:\WINDOWS\system32\AcroIEHelper.xml

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 19:29 --------- d-----w C:\Documents and Settings\mattijs1\Application Data\Skype
2008-01-03 13:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-30 19:00 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2007-12-30 19:00 4,224 ----a-w C:\WINDOWS\system32\dllcache\beep.sys
2007-12-29 13:03 --------- d-----w C:\Program Files\LimeWire
2007-12-23 13:20 --------- d-----w C:\Program Files\XviD
2007-12-23 12:37 --------- d-----w C:\Program Files\WarRock
2007-12-23 12:37 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-12-23 12:37 --------- d-----w C:\Program Files\Support Tools
2007-12-23 12:37 --------- d-----w C:\Program Files\SmartFTP Client 2.0 Setup Files
2007-12-23 12:37 --------- d-----w C:\Program Files\SmartFTP Client 2.0
2007-12-23 12:34 --------- d-----w C:\Program Files\QuickTime
2007-12-23 11:49 --------- d-----w C:\Program Files\Macromedia
2007-12-23 11:49 --------- d-----w C:\Program Files\Launch Manager
2007-12-23 11:26 --------- d-----w C:\Program Files\Insaniquarium Deluxe
2007-12-23 11:14 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-23 11:11 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-12-23 10:00 --------- d-----w C:\Program Files\Bonjour
2007-12-23 10:00 --------- d-----w C:\Program Files\BitComet
2007-12-18 17:01 89,088 ---h--w C:\WINDOWS\Registration\Registration.exe
2007-12-18 17:01 89,088 ---h--w C:\WINDOWS\pchealth\helpctr\PackageStore\PackageStore.exe
2007-12-18 17:01 89,088 ---h--w C:\WINDOWS\pchealth\helpctr\Config\Config.exe
2007-12-18 17:01 89,088 ---h--w C:\WINDOWS\pchealth\helpctr\binaries\binaries.exe
2007-12-18 17:01 89,088 ---h--w C:\WINDOWS\Media\Media.exe
2007-12-18 17:01 89,088 ---h--w C:\WINDOWS\inf\inf.exe
2007-12-18 17:01 89,088 ---h--w C:\WINDOWS\Help\Help.exe
2007-12-18 17:01 89,088 ---h--w C:\WINDOWS\AppPatch\AppPatch.exe
2007-12-12 06:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-10 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-12-10 13:52 --------- d-----w C:\Documents and Settings\mattijs1\Application Data\uTorrent
2007-12-10 05:41 --------- d-----w C:\Program Files\Electronic Arts
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-28 15:56 --------- d-----w C:\Documents and Settings\mattijs1\Application Data\Microsoft Games
2007-11-28 06:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Games
2007-11-24 19:37 --------- d-----w C:\Program Files\Alcohol Soft
2007-11-24 19:29 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-23 14:28 --------- d-----w C:\Program Files\asoftech
2007-11-23 13:53 --------- d-----w C:\Program Files\Citrix
2007-11-23 13:53 --------- d-----w C:\Documents and Settings\mattijs1\Application Data\ICAClient
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 21:30 --------- d-----w C:\Program Files\Windows Live
2007-11-10 21:28 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-10 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-30 23:27 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:53 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:53 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:53 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:53 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:53 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:53 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:53 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:53 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:53 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:53 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:53 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:53 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:53 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:53 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:02 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 11:02 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2002-07-26 16:02 153,088 -c--a-w C:\Program Files\UNWISE.EXE
2007-07-11 10:01 56 --sh--r C:\WINDOWS\system32\9540134103.sys
2007-07-11 10:01 1,994 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3CFA533-7680-4943-A863-B8216390E847}]
2007-12-07 10:34 196608 --a------ C:\WINDOWS\system32\AcroIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-08-21 16:37 20053032]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-12-18 21:09 5724184]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 10:12 139264]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:27 219520]
"LaunchList"="D:\Video\Pinnacle\LaunchList2.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-11-08 09:19 81920]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 15:25 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 15:24 688218]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 16:23 15961088 C:\WINDOWS\RTHDCPL.exe]
"preload"="C:\Windows\RUNXMLPL.exe" [2004-04-20 15:49 40960]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 14:02 94208]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:00 455168]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 18:59 147456]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 04:00 59392]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 09:45 241664]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-11-08 09:45 69632]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 12:36 32768]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 04:00 208952]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 17:00 397312]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 14:50 69632]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 13:28 20480]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 13:43 45056]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 15:45 2462208]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2004-04-06 19:05 61440]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2004-04-23 11:00 192512]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 16:53 856064]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-22 11:59 282624]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 14:37 40960]
"Sony Ericsson PC Suite"="D:\Mobiel\PC-Suite\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Acrobat Snelle start.lnk - C:\WINDOWS\Installer\{AC76BA86-1030-D700-7760-100000000002}\SC_Acrobat.exe [2006-12-29 15:49:15]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-29 13:54:01]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-29 13:54:01]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
BlueSoleil VoIP Plugin.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe [2006-02-17 14:13:56]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 10:27]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 17:20]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 13:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 15:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 14:57]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 14:34]
R3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 17:29]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys
S3 SI15CI;SI15CI;c:\elements\1stboot\SI15CI.SYS
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2006-10-30 13:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command -
\Shell\open\Command -

.
Inhoud van de 'Gedeelde Taken' map
"2008-01-03 07:15:02 C:\WINDOWS\Tasks\AutoMe_auto standby.job"
- C:\Program Files\asoftech\AutoMe\am.exe
"2008-01-03 08:57:56 C:\WINDOWS\Tasks\AutoMe_darkthrone recruiter.job"
- C:\Program Files\asoftech\AutoMe\am.exe
"2008-01-03 19:27:46 C:\WINDOWS\Tasks\AutoMe_draadloos netwerk uit.job"
- C:\Program Files\asoftech\AutoMe\am.exe
"2008-01-03 19:27:46 C:\WINDOWS\Tasks\AutoMe_Standaard zaken.job"
- C:\Program Files\asoftech\AutoMe\am.exe
"2008-01-03 19:27:45 C:\WINDOWS\Tasks\AutoMe_travian login.job"
- C:\Program Files\asoftech\AutoMe\am.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 20:47:20
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-03 20:50:50
ComboFix-quarantined-files.txt 2008-01-03 19:50:41
ComboFix2.txt 2008-01-01 11:28:43
.
2007-12-12 06:58:16 --- E O F ---

Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd

Download de bijlage: CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.

hier is ie:

ComboFix 08-01-03.4 - mattijs1 2008-01-04 10:51:59.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.268 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\mattijs1\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\mattijs1\Bureaublad\cfscript.txt
* Nieuw herstelpunt werd aangemaakt

FILE
C:\Documents and Settings\All Users\All Users.exe
C:\Documents and Settings\mattijs1\Application Data\spyguard.exe
C:\Documents and Settings\Olivier & Emma\Olivier & Emma.exe
C:\WINDOWS\AppPatch\AppPatch.exe
C:\WINDOWS\Help\Help.exe
C:\WINDOWS\inf\inf.exe
C:\WINDOWS\Media\Media.exe
C:\WINDOWS\pchealth\helpctr\binaries\binaries.exe
C:\WINDOWS\pchealth\helpctr\Config\Config.exe
C:\WINDOWS\pchealth\helpctr\PackageStore\PackageStore.exe
C:\WINDOWS\Registration\Registration.exe
C:\WINDOWS\spend.exe
C:\WINDOWS\system32\config\systemprofile\systemprofile.exe
C:\WINDOWS\system32\drivers\drivers.exe
C:\WINDOWS\system32\pbsvc.exe
C:\WINDOWS\system32\users32.dat
C:\WINDOWS\system32\userv32.dat
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\All Users.exe
C:\Documents and Settings\mattijs1\Application Data\spyguard.exe
C:\Documents and Settings\Olivier & Emma\Olivier & Emma.exe
C:\WINDOWS\AppPatch\AppPatch.exe
C:\WINDOWS\Help\Help.exe
C:\WINDOWS\inf\inf.exe
C:\WINDOWS\Media\Media.exe
C:\WINDOWS\pchealth\helpctr\binaries\binaries.exe
C:\WINDOWS\pchealth\helpctr\Config\Config.exe
C:\WINDOWS\pchealth\helpctr\PackageStore\PackageStore.exe
C:\WINDOWS\Registration\Registration.exe
C:\WINDOWS\spend.exe
C:\WINDOWS\system32\config\systemprofile\systemprofile.exe
C:\WINDOWS\system32\drivers\drivers.exe
C:\WINDOWS\system32\pbsvc.exe
C:\WINDOWS\system32\users32.dat
C:\WINDOWS\system32\userv32.dat

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))
.

2008-01-03 20:37 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 18:00 . 2008-01-03 18:00 <DIR> d-------- C:\Documents and Settings\mattijs1\DoctorWeb
2007-12-31 19:03 . 2007-12-31 19:03 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-26 11:06 . 2007-12-26 11:06 <DIR> d-------- C:\Documents and Settings\Olivier & Emma\Application Data\Ahead
2007-12-13 17:15 . 2007-12-23 10:41 <DIR> d-------- C:\Program Files\AquariaDemo
2007-12-10 19:40 . 2004-08-03 22:58 5,376 --a------ C:\WINDOWS\system32\MSPCLOCK.sys
2007-12-10 19:26 . 2007-12-10 19:26 <DIR> d-------- C:\Drivers
2007-12-10 19:26 . 2006-10-30 13:46 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys
2007-12-10 19:26 . 2006-10-30 13:46 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys
2007-12-10 19:26 . 2006-10-30 13:46 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
2007-12-10 19:26 . 2006-10-30 13:46 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys
2007-12-10 19:26 . 2006-10-30 13:46 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys
2007-12-10 19:26 . 2006-10-30 13:46 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2007-12-10 17:45 . 2006-11-15 11:29 1,712,128 --a------ C:\WINDOWS\system32\GDIPLUS.DLL
2007-12-10 17:37 . 2007-01-04 10:07 171,520 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
2007-12-10 17:33 . 2007-12-10 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2007-12-10 07:46 . 2007-12-10 07:46 22,328 --a------ C:\Documents and Settings\mattijs1\Application Data\PnkBstrK.sys
2007-12-10 07:45 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-12-10 07:45 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-12-10 07:45 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-12-09 18:29 . 2007-12-09 18:29 <DIR> d-------- C:\Program Files\LIUtilities
2007-12-09 18:26 . 2007-12-31 14:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-07 10:34 . 2007-12-07 10:34 196,608 --a------ C:\WINDOWS\system32\AcroIEHelper.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 19:29 --------- d-----w C:\Documents and Settings\mattijs1\Application Data\Skype
2008-01-03 13:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-30 19:00 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2007-12-30 19:00 4,224 ----a-w C:\WINDOWS\system32\dllcache\beep.sys
2007-12-29 13:03 --------- d-----w C:\Program Files\LimeWire
2007-12-23 13:20 --------- d-----w C:\Program Files\XviD
2007-12-23 12:37 --------- d-----w C:\Program Files\WarRock
2007-12-23 12:37 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-12-23 12:37 --------- d-----w C:\Program Files\Support Tools
2007-12-23 12:37 --------- d-----w C:\Program Files\SmartFTP Client 2.0 Setup Files
2007-12-23 12:37 --------- d-----w C:\Program Files\SmartFTP Client 2.0
2007-12-23 12:34 --------- d-----w C:\Program Files\QuickTime
2007-12-23 11:49 --------- d-----w C:\Program Files\Macromedia
2007-12-23 11:49 --------- d-----w C:\Program Files\Launch Manager
2007-12-23 11:26 --------- d-----w C:\Program Files\Insaniquarium Deluxe
2007-12-23 11:14 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-23 11:11 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-12-23 10:00 --------- d-----w C:\Program Files\Bonjour
2007-12-23 10:00 --------- d-----w C:\Program Files\BitComet
2007-12-12 06:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-10 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-12-10 13:52 --------- d-----w C:\Documents and Settings\mattijs1\Application Data\uTorrent
2007-12-10 05:41 --------- d-----w C:\Program Files\Electronic Arts
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-28 15:56 --------- d-----w C:\Documents and Settings\mattijs1\Application Data\Microsoft Games
2007-11-28 06:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Games
2007-11-24 19:37 --------- d-----w C:\Program Files\Alcohol Soft
2007-11-24 19:29 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-23 14:28 --------- d-----w C:\Program Files\asoftech
2007-11-23 13:53 --------- d-----w C:\Program Files\Citrix
2007-11-23 13:53 --------- d-----w C:\Documents and Settings\mattijs1\Application Data\ICAClient
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 21:30 --------- d-----w C:\Program Files\Windows Live
2007-11-10 21:28 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-10 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-30 23:27 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:53 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:53 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:53 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:53 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:53 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:53 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:53 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:53 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:53 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:53 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:53 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:53 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:53 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:53 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:02 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 11:02 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2002-07-26 16:02 153,088 -c--a-w C:\Program Files\UNWISE.EXE
2007-07-11 10:01 56 --sh--r C:\WINDOWS\system32\9540134103.sys
2007-07-11 10:01 1,994 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3CFA533-7680-4943-A863-B8216390E847}]
2007-12-07 10:34 196608 --a------ C:\WINDOWS\system32\AcroIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-08-21 16:37 20053032]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-12-18 21:09 5724184]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 10:12 139264]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:27 219520]
"LaunchList"="D:\Video\Pinnacle\LaunchList2.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-11-08 09:19 81920]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 15:25 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 15:24 688218]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 16:23 15961088 C:\WINDOWS\RTHDCPL.exe]
"preload"="C:\Windows\RUNXMLPL.exe" [2004-04-20 15:49 40960]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 14:02 94208]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:00 455168]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 18:59 147456]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 04:00 59392]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 09:45 241664]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-11-08 09:45 69632]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 12:36 32768]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 04:00 208952]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 17:00 397312]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 14:50 69632]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 13:28 20480]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 13:43 45056]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 15:45 2462208]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2004-04-06 19:05 61440]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2004-04-23 11:00 192512]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 16:53 856064]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-22 11:59 282624]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 14:37 40960]
"Sony Ericsson PC Suite"="D:\Mobiel\PC-Suite\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Acrobat Snelle start.lnk - C:\WINDOWS\Installer\{AC76BA86-1030-D700-7760-100000000002}\SC_Acrobat.exe [2006-12-29 15:49:15]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-29 13:54:01]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-29 13:54:01]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
BlueSoleil VoIP Plugin.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe [2006-02-17 14:13:56]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 10:27]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 17:20]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 13:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 15:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 14:57]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 14:34]
R3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 17:29]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys
S3 SI15CI;SI15CI;c:\elements\1stboot\SI15CI.SYS
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2006-10-30 13:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command -
\Shell\open\Command -

.
Inhoud van de 'Gedeelde Taken' map
"2008-01-04 07:15:00 C:\WINDOWS\Tasks\AutoMe_auto standby.job"
- C:\Program Files\asoftech\AutoMe\am.exe
"2008-01-03 23:00:00 C:\WINDOWS\Tasks\AutoMe_darkthrone recruiter.job"
- C:\Program Files\asoftech\AutoMe\am.exe
"2008-01-03 19:27:46 C:\WINDOWS\Tasks\AutoMe_draadloos netwerk uit.job"
- C:\Program Files\asoftech\AutoMe\am.exe
"2008-01-03 19:27:46 C:\WINDOWS\Tasks\AutoMe_Standaard zaken.job"
- C:\Program Files\asoftech\AutoMe\am.exe
"2008-01-03 19:27:45 C:\WINDOWS\Tasks\AutoMe_travian login.job"
- C:\Program Files\asoftech\AutoMe\am.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 10:58:00
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-04 11:01:17
ComboFix-quarantined-files.txt 2008-01-04 10:01:00
ComboFix2.txt 2008-01-03 19:50:51
ComboFix3.txt 2008-01-01 11:28:43
.
2007-12-12 06:58:16 --- E O F ---

Open Kladblok, kopiëer en plak het volgende (vetgedrukte) in een leeg venster:

• @echo off
  Vfind -ltf -s+335360 -d+2007-12-16 %systemdrive%\*.exe > Log.txt
  echo.>>Log.txt
  echo. =============>>Log.txt
  Start Log.txt
  Del %0
  
  Sla dit op op je Bureaublad als find.bat, met als type 'alle bestanden'.
  
  Dubbelklik op find.bat en post het logje, tussen code tags dat verschijnt in je volgende antwoord.

nou, de log is helemaal leeg. hij heeft niets gevonden.
maar hij geeft ook geen melding dat hij niets kan vinden...

en btw, is er nog een programmaatje dat jullie aanraden om te voorkomen dat ik weer besmet raak?
en welke virusscanner raden jullie aan?

Probeer deze eens: zoek.exe