Mededeling

Collapse
No announcement yet.

Search-daily en andere spyware problemen

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Search-daily en andere spyware problemen

    Beste,

    Ik zit nu met een pc met een nogal moeilijk te verwijderen stukje spyware. Ik ken het stukje spyware wel (je wordt regelmatig doorverwezen naar search-daily.com/..... en je krijgt meldingen van 'nep-virus/spyware scanners') en ik heb het probleem ook al kunnen verkleinen. Er verschijnen minder popups, een sidebar die eerst in IE werd getoond is verdwenen en alles draait alweer wat soepeler. Als ik echter het bestand dat (volgens mij) verantwoordelijk is voor het doorverwijzen naar search-daily.com wil verwijderen lukt dat niet (cabin.dll). Het komt elke keer terug. Ik heb hieronder een HJT en een Combofix-logje. Zou iemand even met mij mee willen kijken?

    Code:
    Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02, on 2008-01-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eicon\Diva\DiTask.exe
C:\Program Files\Eicon\Diva\Divamon.exe
C:\Program Files\Eicon\Diva\diinfo.exe
C:\Program Files\Eicon\Diva\watch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eicon\Diva\cgserver.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.worldonline.nl:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[B]O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)[/B]
[B]O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll[/B]
[B]O2 - BHO: (no name) - {5946C84B-DE15-4144-A89F-CC4E952483A9} - C:\WINDOWS\system32\cabine.dll[/B]
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\nl-nl\msntb.dll
[B]O2 - BHO: Media Holding Enterprises, LLC - {E82E0739-0AAE-4E99-9052-B40F7DABFA34} - C:\Program Files\ErrorsTool\ErrorsTool-1.dll[/B]
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\nl-nl\msntb.dll
[B]O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)[/B]
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [DiTask.exe] "C:\Program Files\Eicon\Diva\DiTask.exe"
O4 - HKLM\..\Run: [Divamon.exe] "C:\Program Files\Eicon\Diva\Divamon.exe"
O4 - HKLM\..\Run: [Eicon TechnologyLAN_DAEMON] "C:\Program Files\Eicon\Diva\watch.exe"
O4 - HKLM\..\Run: [CGServer] "C:\Program Files\Eicon\Diva\cgserver.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.worldonline.nl
O16 - DPF: RaptisoftGameLoader - http://www.raptisoft.com/webgames/raptisoftgameloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11090 bytes
    Ik heb dingen die mij verdacht leken even dikgedrukt gemaakt. Er zitten er vast nog veel meer in maar dit waren de enige waarvan ik vrijwel 100% zeker ben.

    En nog een combofix-logje (scan duurde heel lang wat wel aangeeft dat er iets flink mis is):
    Code:
    ComboFix 08-01-23.1C - Paul Veth 2008-01-26 16:52:46.1 - NTFSx86
Gestart vanuit: C:\Documents and Settings\****\Bureaublad\ComboFix.exe
 * Nieuw herstelpunt werd aangemaakt

[color=red][b]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b][/color]
.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\***\Application Data\macromedia\Flash Player\#SharedObjects\AY87RHEZ\iforex.com
C:\Documents and Settings\***\Application Data\macromedia\Flash Player\#SharedObjects\AY87RHEZ\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\***\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\***\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Program Files\anonystat
C:\Program Files\anonystat\Anonystat-1.dll
C:\Program Files\anonystat\Anonystat-2.dll
C:\Program Files\anonystat\Anonystat.dat
C:\Program Files\anonystat\pcre3.dll
C:\Program Files\anonystat\uninstall.exe
C:\Program Files\ContextTool
C:\Program Files\ContextTool\ContextHelper.dat
C:\Program Files\ContextTool\ContextTool-1.dll
C:\Program Files\ContextTool\ContextTool-3.dll
C:\Program Files\ContextTool\pcre3.dll
C:\Program Files\ContextTool\uninstall.exe
C:\WINDOWS\system32\nsk7F.dll
C:\WINDOWS\system32\sprt_ads.dll

.
((((((((((((((((((((   Bestanden Gemaakt van 2007-12-26 to 2008-01-26  ))))))))))))))))))))))))))))))
.

2008-01-26 16:49 . 2000-08-31 08:00	51,200	--a------	C:\WINDOWS\Nircmd.exe
2008-01-26 16:36 . 2008-01-26 16:36	<DIR>	d--------	C:\Program Files\CCleaner
2008-01-26 16:10 . 	19,584		C:\WINDOWS\SYSTEM32\DRIVERS\ikuracjg.dat
2008-01-23 16:46 . 2008-01-24 15:00	84,729	--a------	C:\WINDOWS\SYSTEM32\mysidesearch_sidebar_uninstall.exe
2008-01-22 16:41 . 2004-08-04 09:03	84,480	--a------	C:\WINDOWS\SYSTEM32\cabine.dll
2008-01-22 16:40 . 2008-01-22 16:40	80,097	--a------	C:\WINDOWS\SYSTEM32\dcads-remove.exe
2008-01-22 16:40 . 2008-01-22 16:41	77,360	--a------	C:\WINDOWS\SYSTEM32\dcads_sidebar_uninstall.exe
2008-01-22 16:40 . 2008-01-23 19:26	40,734	--a------	C:\WINDOWS\SYSTEM32\superiorads-uninst.exe
2008-01-22 16:04 . 2008-01-22 16:05	<DIR>	d--------	C:\Program Files\NCH Software
2008-01-21 18:36 . 2008-01-21 18:36	<DIR>	d--------	C:\Program Files\Common Files\MAGIX
2008-01-21 18:34 . 2008-01-21 18:38	<DIR>	d--------	C:\Program Files\MAGIX
2008-01-21 18:34 . 2007-04-27 10:43	120,200	--a------	C:\WINDOWS\SYSTEM32\DLLDEV32i.dll
2008-01-19 17:26 . 2008-01-19 17:26	327,680	--a------	C:\WINDOWS\SYSTEM32\mysidesearch_sidebar.dll
2008-01-17 15:26 . 2008-01-17 16:21	16	--a------	C:\WINDOWS\popcinfo.dat
2008-01-17 15:20 . 2008-01-17 15:20	<DIR>	d--------	C:\Program Files\PopCap Games
2008-01-17 15:20 . 2008-01-17 16:21	20	--a------	C:\WINDOWS\popcinfot.dat
2008-01-17 15:20 . 2008-01-17 15:20	0	--a------	C:\WINDOWS\popcreg.dat
2008-01-13 15:01 . 2008-01-26 16:16	68,235	--a------	C:\logfile
2008-01-13 15:00 . 2008-01-26 16:10	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-01-13 15:00 . 2008-01-13 15:00	1,409	--a------	C:\WINDOWS\QTFont.for
2008-01-13 14:52 . 2008-01-13 14:52	<DIR>	d--------	C:\WINDOWS\SYSTEM32\BWKDLogs
2008-01-13 14:52 . 2008-01-13 14:53	<DIR>	d--------	C:\Program Files\QuickTime
2008-01-13 14:51 . 2008-01-13 14:51	<DIR>	d--------	C:\Program Files\Common Files\Kodak
2008-01-13 14:51 . 2004-08-04 10:03	159,232	--a------	C:\WINDOWS\SYSTEM32\ptpusd.dll
2008-01-13 14:51 . 2001-09-06 21:27	5,632	--a------	C:\WINDOWS\SYSTEM32\ptpusb.dll
2008-01-13 14:49 . 2008-01-13 14:52	<DIR>	d--------	C:\Program Files\Kodak
2008-01-12 17:00 . 2008-01-26 16:35	<DIR>	d--------	C:\Program Files\LimewirePlus
2008-01-12 15:59 . 2006-05-03 22:53	174,592	--a------	C:\WINDOWS\SYSTEM32\framedyn.dll
2008-01-12 15:58 . 2005-08-30 01:49	94,000	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\ssm_mdm.sys
2008-01-12 15:58 . 2005-08-30 01:47	58,320	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\ssm_bus.sys
2008-01-12 15:58 . 2005-08-30 01:49	8,336	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\ssm_mdfl.sys
2008-01-12 15:58 . 2005-08-30 01:49	6,176	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\ssm_cmnt.sys
2008-01-12 15:58 . 2005-08-30 01:49	6,176	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\ssm_cm.sys
2008-01-12 15:58 . 2005-08-30 01:47	5,840	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\ssm_whnt.sys
2008-01-12 15:58 . 2005-08-30 01:47	5,840	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\ssm_wh.sys
2008-01-12 15:57 . 2006-07-24 16:05	5,632	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\StarOpen.sys
2008-01-10 21:06 . 2008-01-21 19:48	<DIR>	d--------	C:\Program Files\CinemaForge
2008-01-10 21:06 . 2007-11-14 00:06	1,558,280	--a------	C:\WINDOWS\screengenie.scr
2008-01-10 17:54 . 2008-01-10 17:54	<DIR>	d--------	C:\Program Files\Karakter Interactive
2008-01-07 16:07 . 2008-01-07 16:07	<DIR>	d--------	C:\Program Files\Real
2008-01-07 16:07 . 2008-01-22 15:52	<DIR>	d--------	C:\Program Files\Common Files\Real
2008-01-07 15:35 . 2008-01-07 15:35	<DIR>	d--------	C:\WINDOWS\TubeTools
2008-01-07 15:35 . 2008-01-10 20:40	<DIR>	d--------	C:\Program Files\TubeTools

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 15:33	---------	d-----w	C:\Program Files\Hitman Pro
2008-01-26 15:08	---------	d-----w	C:\Program Files\Symantec AntiVirus
2008-01-26 08:42	---------	d-----w	C:\Program Files\ErrorsTool
2008-01-21 17:39	---------	d-----w	C:\Program Files\Common Files\MAGIX Shared
2008-01-15 15:17	---------	d-----w	C:\Program Files\Microsoft Games
2008-01-15 15:07	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-01-12 16:09	---------	d-----w	C:\Program Files\LimeWire Plus
2008-01-12 14:57	---------	d-----w	C:\Program Files\Samsung
2007-12-24 13:07	319,488	----a-w	C:\WINDOWS\SYSTEM32\dcads_sidebar.dll
2007-12-23 21:47	---------	d-----w	C:\Program Files\NEXON
2007-12-22 10:56	---------	d-----w	C:\Program Files\GameSpy Arcade
2007-12-20 06:58	---------	d-s---w	C:\Program Files\Xfire
2007-12-13 17:02	107,832	----a-w	C:\WINDOWS\SYSTEM32\PnkBstrB.exe
2007-12-12 19:01	22,328	----a-w	C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-30 16:27	194,560	----a-w	C:\WINDOWS\SYSTEM32\screensaver_NextGeneration.scr
2007-11-30 16:27	12,288	----a-w	C:\WINDOWS\SYSTEM32\impborl.dll
2007-11-28 09:54	---------	d-----w	C:\Program Files\Spyware Doctor
2007-11-27 21:30	---------	d-----w	C:\Program Files\SpywareBlaster
2007-11-19 10:36	64,000	----a-w	C:\WINDOWS\SYSTEM32\spads.dll
2007-11-13 23:06	35,080	----a-w	C:\WINDOWS\SYSTEM32\npmirage.dll
2007-11-13 23:06	1,558,280	----a-w	C:\WINDOWS\SYSTEM32\xmirage.exe
2007-11-07 09:30	727,040	----a-w	C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:30	727,040	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
2007-11-04 16:25	66,872	----a-w	C:\WINDOWS\SYSTEM32\PnkBstrA.exe
2007-10-30 23:27	3,590,656	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-30 17:20	360,064	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2007-10-29 22:45	1,291,776	----a-w	C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:45	1,291,776	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-05-09 13:05	63,012,165	----a-w	C:\Program Files\music_maker_11_deluxe_60mb_us.exe
2007-05-08 15:15	147,782,696	----a-w	C:\Program Files\UVS11Plus_TBYB_E(US).exe
2007-08-07 13:02	32,768	--sha-w	C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Tijdelijke Internet-bestanden\Content.IE5\index.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2008-01-19 17:26	327680	--a------	C:\WINDOWS\system32\mysidesearch_sidebar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5946C84B-DE15-4144-A89F-CC4E952483A9}]
2004-08-04 09:03	84480	--a------	C:\WINDOWS\system32\cabine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]
2007-11-19 11:36	64000	--a------	C:\WINDOWS\system32\spads.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E82E0739-0AAE-4E99-9052-B40F7DABFA34}]
2007-03-09 01:34	593920	--a------	C:\Program Files\ErrorsTool\ErrorsTool-1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiTask.exe"="C:\Program Files\Eicon\Diva\DiTask.exe" [2002-04-10 10:21 143360]
"Divamon.exe"="C:\Program Files\Eicon\Diva\Divamon.exe" [2002-04-10 10:28 32768]
"Eicon TechnologyLAN_DAEMON"="C:\Program Files\Eicon\Diva\watch.exe" [2002-04-10 10:27 192512]
"CGServer"="C:\Program Files\Eicon\Diva\cgserver.exe" [2002-04-10 10:26 40960]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-08-14 19:22 28672]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 17:44 679936]
"Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 21:08 57344]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 14:52 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 11:30 85184]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 22:56:14 282624]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08 16423]
Microsoft Office.lnk - C:\Program Files\Office2K\Office\OSA9.EXE [2000-01-21 09:15:54 65588]
VPN Client.lnk - C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2007-10-02 08:12:40 6144]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-05-10 10:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-04 16:22 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--a------ 2007-03-03 13:12 341488 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

R0 DiMaint;Eicon-onderhoudsstuurprogramma;C:\WINDOWS\system32\DRIVERS\DISDN\dimaint.sys [2002-12-04 14:49]
R2 DiCapi;Eicon CAPI 2.0-stuurprogramma;C:\WINDOWS\system32\DRIVERS\DISDN\capi202k.sys [2001-06-12 14:27]
R2 DiPort;Eicon-poortstuurprogramma;C:\WINDOWS\system32\DRIVERS\DISDN\diport40.sys [2002-10-16 15:32]
R3 DiWan;Eicon-stuurprogramma voor alle Diva-clientkaarten;C:\WINDOWS\system32\DRIVERS\DISDN\Diwan.sys [2002-10-03 16:35]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\System32\drivers\NMSCFG.SYS [2002-05-03 12:30]
S3 NMSSvc;Intel(R) NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 12:29]
S3 pohci13F;pohci13F;C:\DOCUME~1\TIMVET~1\LOCALS~1\Temp\pohci13F.sys []

*Newly Created Service* - DUEAVLEL 
*Newly Created Service* - PROCEXP90 
.
Inhoud van de 'Gedeelde Taken' map
"2008-01-13 13:54:32 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 17:18:22
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond 
verborgen bestanden: 0 

**************************************************************************
.
Voltooingstijd: 2008-01-26 17:24:57
ComboFix-quarantined-files.txt  2008-01-26 16:24:51
.
2008-01-09 15:21:14	--- E O F ---
    Alvast bedankt!
    Maarten
    Labels: Geen
    • Citaat
  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download IceSword en unzip het naar je bureaublad in een map.
    - Open die map, dubbelklik op het "Sword icon" om IceSword te starten.
    - Links klik je op file.
    - Kies nu deze computer in icesword en navigeer naar dit bestand:

    C:\WINDOWS\SYSTEM32\DRIVERS\ikuracjg.dat

    - Rechtsklik er op en kies voor delete.

    - Doe dit ook voor:

    C:\WINDOWS\SYSTEM32\cabine.dll

    Herstart je PC en post een nieuw logje van Combofix
    • Citaat

    Comment

    • #3
      Dit is het logje van RVAXO:

      Code:
      ---RVAXO.exe Updated: [color=red]2008-01-27[/color]---first run--- 
Files found: 
C:\WINDOWS\system32\spads.dll 
C:\WINDOWS\system32\dcads_sidebar.dll 
C:\WINDOWS\system32\Dcads_sidebar_uninstall.exe 
 
Uninstallers Rogue scanners: 
 
 
Folders Found: 
 
C:\Program Files\ErrorsTool 
 
Hosts-file was reset, If you use a custom hosts file please replace it... 
 
--------------RVAXO.exe last run--------------- 
 
Files found: 
 
Folders Found: 
 
--------------RVAXO.exe finished----------------
      • Citaat

      Comment

      • #4
        En dit is het combofix logje. Niks heeft tot nu toe gewerkt. Het cabine.dll bestand blijft hardnekkig terugkomen en daarmee ook mijn problemen. HJT, icesword en combofix halen op dit moment niks uit. Iets wat mij opviel is wel dat er een heel aantal bestanden is dat op exact hetzelfde tijdstip als cabine.dll is aangepast, tot op de seconde precies. Dit zou een indicatie kunnen zijn dat deze bestanden ook geinfecteerd zijn. Het gaat om bestanden als:
        bitsprx2.dll,bitsprx3.dll,browser.dll,browsewm.dll,bthci.dll,bthserv.dll

        Dit zijn wel allemaal 'normale' files, ze worden niet aangegeven als spyware oid dus dat brengt me aan het twijfelen.

        Hoe nu verder?

        Code:
        ComboFix 08-01-23.1C - **** 2008-01-27 17:40:47.5 - NTFSx86
Gestart vanuit: C:\Documents and Settings\***\Bureaublad\ComboFix.exe

[color=red][b]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b][/color]
.

((((((((((((((((((((   Bestanden Gemaakt van 2007-12-27 to 2008-01-27  ))))))))))))))))))))))))))))))
.

2008-01-27 17:18 . 2008-01-27 17:34	<DIR>	d--------	C:\RVAXO
2008-01-27 17:16 . 2008-01-27 12:02	634,007	--a------	C:\WINDOWS\SYSTEM32\RVAXO.bat
2008-01-27 17:16 . 2001-10-01 14:51	69,632	--a------	C:\WINDOWS\SYSTEM32\remove.exe
2008-01-26 17:28 . 2008-01-26 17:28	<DIR>	d--------	C:\Program Files\Trend Micro
2008-01-26 16:49 . 2000-08-31 08:00	51,200	--a------	C:\WINDOWS\Nircmd.exe
2008-01-26 16:36 . 2008-01-26 16:36	<DIR>	d--------	C:\Program Files\CCleaner
2008-01-22 16:41 . 2004-08-04 09:03	84,480	--a------	C:\WINDOWS\SYSTEM32\cabine.dll
2008-01-22 16:04 . 2008-01-22 16:05	<DIR>	d--------	C:\Program Files\NCH Software
2008-01-21 18:36 . 2008-01-21 18:36	<DIR>	d--------	C:\Program Files\Common Files\MAGIX
2008-01-21 18:34 . 2008-01-21 18:38	<DIR>	d--------	C:\Program Files\MAGIX
2008-01-21 18:34 . 2007-04-27 10:43	120,200	--a------	C:\WINDOWS\SYSTEM32\DLLDEV32i.dll
2008-01-17 15:26 . 2008-01-17 16:21	16	--a------	C:\WINDOWS\popcinfo.dat
2008-01-17 15:20 . 2008-01-17 15:20	<DIR>	d--------	C:\Program Files\PopCap Games
2008-01-17 15:20 . 2008-01-17 16:21	20	--a------	C:\WINDOWS\popcinfot.dat
2008-01-17 15:20 . 2008-01-17 15:20	0	--a------	C:\WINDOWS\popcreg.dat
2008-01-13 15:01 . 2008-01-27 17:43	69,966	--a------	C:\logfile
2008-01-13 15:00 . 2008-01-27 17:37	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-01-13 15:00 . 2008-01-13 15:00	1,409	--a------	C:\WINDOWS\QTFont.for
2008-01-13 14:52 . 2008-01-13 14:52	<DIR>	d--------	C:\WINDOWS\SYSTEM32\BWKDLogs
2008-01-13 14:52 . 2008-01-13 14:53	<DIR>	d--------	C:\Program Files\QuickTime
2008-01-13 14:51 . 2008-01-13 14:51	<DIR>	d--------	C:\Program Files\Common Files\Kodak
2008-01-13 14:51 . 2004-08-04 10:03	159,232	--a------	C:\WINDOWS\SYSTEM32\ptpusd.dll
2008-01-13 14:51 . 2001-09-06 21:27	5,632	--a------	C:\WINDOWS\SYSTEM32\ptpusb.dll
2008-01-13 14:49 . 2008-01-13 14:52	<DIR>	d--------	C:\Program Files\Kodak
2008-01-12 17:00 . 2008-01-26 17:47	<DIR>	d--------	C:\Program Files\LimewirePlus
2008-01-12 15:59 . 2006-05-03 22:53	174,592	--a------	C:\WINDOWS\SYSTEM32\framedyn.dll
2008-01-12 15:58 . 2005-08-30 01:49	94,000	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\ssm_mdm.sys
2008-01-12 15:58 . 2005-08-30 01:47	58,320	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\ssm_bus.sys
2008-01-12 15:58 . 2005-08-30 01:49	8,336	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\ssm_mdfl.sys
2008-01-12 15:58 . 2005-08-30 01:49	6,176	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\ssm_cmnt.sys
2008-01-12 15:58 . 2005-08-30 01:49	6,176	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\ssm_cm.sys
2008-01-12 15:58 . 2005-08-30 01:47	5,840	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\ssm_whnt.sys
2008-01-12 15:58 . 2005-08-30 01:47	5,840	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\ssm_wh.sys
2008-01-12 15:57 . 2006-07-24 16:05	5,632	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\StarOpen.sys
2008-01-10 21:06 . 2008-01-21 19:48	<DIR>	d--------	C:\Program Files\CinemaForge
2008-01-10 21:06 . 2007-11-14 00:06	1,558,280	--a------	C:\WINDOWS\screengenie.scr
2008-01-10 17:54 . 2008-01-10 17:54	<DIR>	d--------	C:\Program Files\Karakter Interactive
2008-01-07 16:07 . 2008-01-07 16:07	<DIR>	d--------	C:\Program Files\Real
2008-01-07 16:07 . 2008-01-22 15:52	<DIR>	d--------	C:\Program Files\Common Files\Real
2008-01-07 15:35 . 2008-01-07 15:35	<DIR>	d--------	C:\WINDOWS\TubeTools
2008-01-07 15:35 . 2008-01-10 20:40	<DIR>	d--------	C:\Program Files\TubeTools

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 16:34	---------	d-----w	C:\Program Files\Symantec AntiVirus
2008-01-26 15:33	---------	d-----w	C:\Program Files\Hitman Pro
2008-01-21 17:39	---------	d-----w	C:\Program Files\Common Files\MAGIX Shared
2008-01-15 15:17	---------	d-----w	C:\Program Files\Microsoft Games
2008-01-15 15:07	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-01-12 16:09	---------	d-----w	C:\Program Files\LimeWire Plus
2008-01-12 14:57	---------	d-----w	C:\Program Files\Samsung
2007-12-23 21:47	---------	d-----w	C:\Program Files\NEXON
2007-12-22 10:56	---------	d-----w	C:\Program Files\GameSpy Arcade
2007-12-20 06:58	---------	d-s---w	C:\Program Files\Xfire
2007-12-13 17:02	107,832	----a-w	C:\WINDOWS\SYSTEM32\PnkBstrB.exe
2007-12-12 19:01	22,328	----a-w	C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-30 16:27	194,560	----a-w	C:\WINDOWS\SYSTEM32\screensaver_NextGeneration.scr
2007-11-30 16:27	12,288	----a-w	C:\WINDOWS\SYSTEM32\impborl.dll
2007-11-28 09:54	---------	d-----w	C:\Program Files\Spyware Doctor
2007-11-27 21:30	---------	d-----w	C:\Program Files\SpywareBlaster
2007-11-13 23:06	35,080	----a-w	C:\WINDOWS\SYSTEM32\npmirage.dll
2007-11-13 23:06	1,558,280	----a-w	C:\WINDOWS\SYSTEM32\xmirage.exe
2007-11-07 09:30	727,040	----a-w	C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:30	727,040	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
2007-11-04 16:25	66,872	----a-w	C:\WINDOWS\SYSTEM32\PnkBstrA.exe
2007-10-30 23:27	3,590,656	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-30 17:20	360,064	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2007-10-29 22:45	1,291,776	----a-w	C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:45	1,291,776	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-05-09 13:05	63,012,165	----a-w	C:\Program Files\music_maker_11_deluxe_60mb_us.exe
2007-05-08 15:15	147,782,696	----a-w	C:\Program Files\UVS11Plus_TBYB_E(US).exe
2007-08-07 13:02	32,768	--sha-w	C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Tijdelijke Internet-bestanden\Content.IE5\index.dat
.

(((((((((((((((((((((((((((((   [email protected]_17.24.23,75   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-26 15:51:05	1,421,312	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-26 16:40:31	1,421,312	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-01-26 15:51:05	8,192	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-26 16:40:32	8,192	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-01-26 15:51:05	1,421,312	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
+ 2008-01-26 16:40:32	1,421,312	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
- 2008-01-26 15:51:05	8,192	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-26 16:40:32	8,192	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-26 15:51:06	8,654,848	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat
+ 2008-01-26 16:40:32	8,654,848	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat
- 2008-01-26 15:51:06	139,264	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-26 16:40:33	143,360	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2004-08-04 08:03:05	85,504	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\cabview.dll
- 2000-08-31 07:00:00	49,152	----a-w	C:\WINDOWS\SYSTEM32\VFind.exe
+ 2008-01-03 18:47:58	49,152	----a-w	C:\WINDOWS\SYSTEM32\VFind.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11910655-E57E-4D0E-A1CC-B2E57202A8F9}]
2004-08-04 09:03	84480	--a------	C:\WINDOWS\system32\cabine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5946C84B-DE15-4144-A89F-CC4E952483A9}]
2004-08-04 09:03	84480	--a------	C:\WINDOWS\system32\cabine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{875C7F9A-DA6C-4524-9E06-D6BE524BE925}]
2004-08-04 09:03	84480	--a------	C:\WINDOWS\system32\cabine.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiTask.exe"="C:\Program Files\Eicon\Diva\DiTask.exe" [2002-04-10 10:21 143360]
"Divamon.exe"="C:\Program Files\Eicon\Diva\Divamon.exe" [2002-04-10 10:28 32768]
"Eicon TechnologyLAN_DAEMON"="C:\Program Files\Eicon\Diva\watch.exe" [2002-04-10 10:27 192512]
"CGServer"="C:\Program Files\Eicon\Diva\cgserver.exe" [2002-04-10 10:26 40960]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-08-14 19:22 28672]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 17:44 679936]
"Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 21:08 57344]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 14:52 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 11:30 85184]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 22:56:14 282624]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08 16423]
Microsoft Office.lnk - C:\Program Files\Office2K\Office\OSA9.EXE [2000-01-21 09:15:54 65588]
VPN Client.lnk - C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2007-10-02 08:12:40 6144]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-05-10 10:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-04 16:22 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--a------ 2007-03-03 13:12 341488 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

R0 DiMaint;Eicon-onderhoudsstuurprogramma;C:\WINDOWS\system32\DRIVERS\DISDN\dimaint.sys [2002-12-04 14:49]
R0 dueavlel;dueavlel;C:\WINDOWS\system32\drivers\ikuracjg.dat []
R2 DiCapi;Eicon CAPI 2.0-stuurprogramma;C:\WINDOWS\system32\DRIVERS\DISDN\capi202k.sys [2001-06-12 14:27]
R2 DiPort;Eicon-poortstuurprogramma;C:\WINDOWS\system32\DRIVERS\DISDN\diport40.sys [2002-10-16 15:32]
R3 DiWan;Eicon-stuurprogramma voor alle Diva-clientkaarten;C:\WINDOWS\system32\DRIVERS\DISDN\Diwan.sys [2002-10-03 16:35]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\System32\drivers\NMSCFG.SYS [2002-05-03 12:30]
S3 NMSSvc;Intel(R) NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 12:29]
S3 pohci13F;pohci13F;C:\DOCUME~1\TIMVET~1\LOCALS~1\Temp\pohci13F.sys []

.
Inhoud van de 'Gedeelde Taken' map
"2008-01-13 13:54:32 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 17:50:39
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond 
verborgen bestanden: 0 

**************************************************************************
.
Voltooingstijd: 2008-01-27 17:55:52
ComboFix-quarantined-files.txt  2008-01-27 16:55:35
ComboFix2.txt  2008-01-26 18:54:14
ComboFix3.txt  2008-01-26 16:24:58
.
2008-01-09 15:21:14	--- E O F ---
        • Citaat

        Comment

        • #5
          Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
          Dit zal alles van RVAXO doen verwijderen.

          Download de bijlage: CFScript.txt

          Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



          Dit zal ComboFix doen herstarten.
          Start opnieuw op als daarom gevraagd wordt,
          en post de inhoud van de Combofix.txt in je volgende antwoord.

          Post ook een nieuw logje van Hijackthis en vertel of je nog problemen ondervindt
          Bijgevoegde Bestanden
          • Citaat

          Comment

          Vorige template Volgende
          Sorry, you are not authorized to view this page
          Working...
          X