Mededeling

Collapse
No announcement yet.

Search-daily en andere spyware problemen

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Search-daily en andere spyware problemen

    Beste,

    Ik zit nu met een pc met een nogal moeilijk te verwijderen stukje spyware. Ik ken het stukje spyware wel (je wordt regelmatig doorverwezen naar search-daily.com/..... en je krijgt meldingen van 'nep-virus/spyware scanners') en ik heb het probleem ook al kunnen verkleinen. Er verschijnen minder popups, een sidebar die eerst in IE werd getoond is verdwenen en alles draait alweer wat soepeler. Als ik echter het bestand dat (volgens mij) verantwoordelijk is voor het doorverwijzen naar search-daily.com wil verwijderen lukt dat niet (cabin.dll). Het komt elke keer terug. Ik heb hieronder een HJT en een Combofix-logje. Zou iemand even met mij mee willen kijken?

    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:02, on 2008-01-26
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Citrix\ICA Client\ssonsvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Eicon\Diva\DiTask.exe
    C:\Program Files\Eicon\Diva\Divamon.exe
    C:\Program Files\Eicon\Diva\diinfo.exe
    C:\Program Files\Eicon\Diva\watch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Eicon\Diva\cgserver.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.worldonline.nl:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    [B]O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)[/B]
    [B]O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll[/B]
    [B]O2 - BHO: (no name) - {5946C84B-DE15-4144-A89F-CC4E952483A9} - C:\WINDOWS\system32\cabine.dll[/B]
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\nl-nl\msntb.dll
    [B]O2 - BHO: Media Holding Enterprises, LLC - {E82E0739-0AAE-4E99-9052-B40F7DABFA34} - C:\Program Files\ErrorsTool\ErrorsTool-1.dll[/B]
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\nl-nl\msntb.dll
    [B]O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)[/B]
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [DiTask.exe] "C:\Program Files\Eicon\Diva\DiTask.exe"
    O4 - HKLM\..\Run: [Divamon.exe] "C:\Program Files\Eicon\Diva\Divamon.exe"
    O4 - HKLM\..\Run: [Eicon TechnologyLAN_DAEMON] "C:\Program Files\Eicon\Diva\watch.exe"
    O4 - HKLM\..\Run: [CGServer] "C:\Program Files\Eicon\Diva\cgserver.exe"
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
    O4 - Global Startup: VPN Client.lnk = ?
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.worldonline.nl
    O16 - DPF: RaptisoftGameLoader - http://www.raptisoft.com/webgames/raptisoftgameloader.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    
    --
    End of file - 11090 bytes
    Ik heb dingen die mij verdacht leken even dikgedrukt gemaakt. Er zitten er vast nog veel meer in maar dit waren de enige waarvan ik vrijwel 100% zeker ben.

    En nog een combofix-logje (scan duurde heel lang wat wel aangeeft dat er iets flink mis is):
    Code:
    ComboFix 08-01-23.1C - Paul Veth 2008-01-26 16:52:46.1 - NTFSx86
    Gestart vanuit: C:\Documents and Settings\****\Bureaublad\ComboFix.exe
     * Nieuw herstelpunt werd aangemaakt
    
    [color=red][b]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b][/color]
    .
    
    ((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    
    C:\Documents and Settings\***\Application Data\macromedia\Flash Player\#SharedObjects\AY87RHEZ\iforex.com
    C:\Documents and Settings\***\Application Data\macromedia\Flash Player\#SharedObjects\AY87RHEZ\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
    C:\Documents and Settings\***\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
    C:\Documents and Settings\***\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
    C:\Program Files\anonystat
    C:\Program Files\anonystat\Anonystat-1.dll
    C:\Program Files\anonystat\Anonystat-2.dll
    C:\Program Files\anonystat\Anonystat.dat
    C:\Program Files\anonystat\pcre3.dll
    C:\Program Files\anonystat\uninstall.exe
    C:\Program Files\ContextTool
    C:\Program Files\ContextTool\ContextHelper.dat
    C:\Program Files\ContextTool\ContextTool-1.dll
    C:\Program Files\ContextTool\ContextTool-3.dll
    C:\Program Files\ContextTool\pcre3.dll
    C:\Program Files\ContextTool\uninstall.exe
    C:\WINDOWS\system32\nsk7F.dll
    C:\WINDOWS\system32\sprt_ads.dll
    
    .
    ((((((((((((((((((((   Bestanden Gemaakt van 2007-12-26 to 2008-01-26  ))))))))))))))))))))))))))))))
    .
    
    2008-01-26 16:49 . 2000-08-31 08:00	51,200	--a------	C:\WINDOWS\Nircmd.exe
    2008-01-26 16:36 . 2008-01-26 16:36	<DIR>	d--------	C:\Program Files\CCleaner
    2008-01-26 16:10 . 	19,584		C:\WINDOWS\SYSTEM32\DRIVERS\ikuracjg.dat
    2008-01-23 16:46 . 2008-01-24 15:00	84,729	--a------	C:\WINDOWS\SYSTEM32\mysidesearch_sidebar_uninstall.exe
    2008-01-22 16:41 . 2004-08-04 09:03	84,480	--a------	C:\WINDOWS\SYSTEM32\cabine.dll
    2008-01-22 16:40 . 2008-01-22 16:40	80,097	--a------	C:\WINDOWS\SYSTEM32\dcads-remove.exe
    2008-01-22 16:40 . 2008-01-22 16:41	77,360	--a------	C:\WINDOWS\SYSTEM32\dcads_sidebar_uninstall.exe
    2008-01-22 16:40 . 2008-01-23 19:26	40,734	--a------	C:\WINDOWS\SYSTEM32\superiorads-uninst.exe
    2008-01-22 16:04 . 2008-01-22 16:05	<DIR>	d--------	C:\Program Files\NCH Software
    2008-01-21 18:36 . 2008-01-21 18:36	<DIR>	d--------	C:\Program Files\Common Files\MAGIX
    2008-01-21 18:34 . 2008-01-21 18:38	<DIR>	d--------	C:\Program Files\MAGIX
    2008-01-21 18:34 . 2007-04-27 10:43	120,200	--a------	C:\WINDOWS\SYSTEM32\DLLDEV32i.dll
    2008-01-19 17:26 . 2008-01-19 17:26	327,680	--a------	C:\WINDOWS\SYSTEM32\mysidesearch_sidebar.dll
    2008-01-17 15:26 . 2008-01-17 16:21	16	--a------	C:\WINDOWS\popcinfo.dat
    2008-01-17 15:20 . 2008-01-17 15:20	<DIR>	d--------	C:\Program Files\PopCap Games
    2008-01-17 15:20 . 2008-01-17 16:21	20	--a------	C:\WINDOWS\popcinfot.dat
    2008-01-17 15:20 . 2008-01-17 15:20	0	--a------	C:\WINDOWS\popcreg.dat
    2008-01-13 15:01 . 2008-01-26 16:16	68,235	--a------	C:\logfile
    2008-01-13 15:00 . 2008-01-26 16:10	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
    2008-01-13 15:00 . 2008-01-13 15:00	1,409	--a------	C:\WINDOWS\QTFont.for
    2008-01-13 14:52 . 2008-01-13 14:52	<DIR>	d--------	C:\WINDOWS\SYSTEM32\BWKDLogs
    2008-01-13 14:52 . 2008-01-13 14:53	<DIR>	d--------	C:\Program Files\QuickTime
    2008-01-13 14:51 . 2008-01-13 14:51	<DIR>	d--------	C:\Program Files\Common Files\Kodak
    2008-01-13 14:51 . 2004-08-04 10:03	159,232	--a------	C:\WINDOWS\SYSTEM32\ptpusd.dll
    2008-01-13 14:51 . 2001-09-06 21:27	5,632	--a------	C:\WINDOWS\SYSTEM32\ptpusb.dll
    2008-01-13 14:49 . 2008-01-13 14:52	<DIR>	d--------	C:\Program Files\Kodak
    2008-01-12 17:00 . 2008-01-26 16:35	<DIR>	d--------	C:\Program Files\LimewirePlus
    2008-01-12 15:59 . 2006-05-03 22:53	174,592	--a------	C:\WINDOWS\SYSTEM32\framedyn.dll
    2008-01-12 15:58 . 2005-08-30 01:49	94,000	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\ssm_mdm.sys
    2008-01-12 15:58 . 2005-08-30 01:47	58,320	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\ssm_bus.sys
    2008-01-12 15:58 . 2005-08-30 01:49	8,336	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\ssm_mdfl.sys
    2008-01-12 15:58 . 2005-08-30 01:49	6,176	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\ssm_cmnt.sys
    2008-01-12 15:58 . 2005-08-30 01:49	6,176	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\ssm_cm.sys
    2008-01-12 15:58 . 2005-08-30 01:47	5,840	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\ssm_whnt.sys
    2008-01-12 15:58 . 2005-08-30 01:47	5,840	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\ssm_wh.sys
    2008-01-12 15:57 . 2006-07-24 16:05	5,632	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\StarOpen.sys
    2008-01-10 21:06 . 2008-01-21 19:48	<DIR>	d--------	C:\Program Files\CinemaForge
    2008-01-10 21:06 . 2007-11-14 00:06	1,558,280	--a------	C:\WINDOWS\screengenie.scr
    2008-01-10 17:54 . 2008-01-10 17:54	<DIR>	d--------	C:\Program Files\Karakter Interactive
    2008-01-07 16:07 . 2008-01-07 16:07	<DIR>	d--------	C:\Program Files\Real
    2008-01-07 16:07 . 2008-01-22 15:52	<DIR>	d--------	C:\Program Files\Common Files\Real
    2008-01-07 15:35 . 2008-01-07 15:35	<DIR>	d--------	C:\WINDOWS\TubeTools
    2008-01-07 15:35 . 2008-01-10 20:40	<DIR>	d--------	C:\Program Files\TubeTools
    
    .
    (((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-26 15:33	---------	d-----w	C:\Program Files\Hitman Pro
    2008-01-26 15:08	---------	d-----w	C:\Program Files\Symantec AntiVirus
    2008-01-26 08:42	---------	d-----w	C:\Program Files\ErrorsTool
    2008-01-21 17:39	---------	d-----w	C:\Program Files\Common Files\MAGIX Shared
    2008-01-15 15:17	---------	d-----w	C:\Program Files\Microsoft Games
    2008-01-15 15:07	---------	d--h--w	C:\Program Files\InstallShield Installation Information
    2008-01-12 16:09	---------	d-----w	C:\Program Files\LimeWire Plus
    2008-01-12 14:57	---------	d-----w	C:\Program Files\Samsung
    2007-12-24 13:07	319,488	----a-w	C:\WINDOWS\SYSTEM32\dcads_sidebar.dll
    2007-12-23 21:47	---------	d-----w	C:\Program Files\NEXON
    2007-12-22 10:56	---------	d-----w	C:\Program Files\GameSpy Arcade
    2007-12-20 06:58	---------	d-s---w	C:\Program Files\Xfire
    2007-12-13 17:02	107,832	----a-w	C:\WINDOWS\SYSTEM32\PnkBstrB.exe
    2007-12-12 19:01	22,328	----a-w	C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-11-30 16:27	194,560	----a-w	C:\WINDOWS\SYSTEM32\screensaver_NextGeneration.scr
    2007-11-30 16:27	12,288	----a-w	C:\WINDOWS\SYSTEM32\impborl.dll
    2007-11-28 09:54	---------	d-----w	C:\Program Files\Spyware Doctor
    2007-11-27 21:30	---------	d-----w	C:\Program Files\SpywareBlaster
    2007-11-19 10:36	64,000	----a-w	C:\WINDOWS\SYSTEM32\spads.dll
    2007-11-13 23:06	35,080	----a-w	C:\WINDOWS\SYSTEM32\npmirage.dll
    2007-11-13 23:06	1,558,280	----a-w	C:\WINDOWS\SYSTEM32\xmirage.exe
    2007-11-07 09:30	727,040	----a-w	C:\WINDOWS\SYSTEM32\lsasrv.dll
    2007-11-07 09:30	727,040	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
    2007-11-04 16:25	66,872	----a-w	C:\WINDOWS\SYSTEM32\PnkBstrA.exe
    2007-10-30 23:27	3,590,656	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
    2007-10-30 17:20	360,064	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
    2007-10-29 22:45	1,291,776	----a-w	C:\WINDOWS\SYSTEM32\quartz.dll
    2007-10-29 22:45	1,291,776	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
    2007-05-09 13:05	63,012,165	----a-w	C:\Program Files\music_maker_11_deluxe_60mb_us.exe
    2007-05-08 15:15	147,782,696	----a-w	C:\Program Files\UVS11Plus_TBYB_E(US).exe
    2007-08-07 13:02	32,768	--sha-w	C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Tijdelijke Internet-bestanden\Content.IE5\index.dat
    .
    
    (((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
    2008-01-19 17:26	327680	--a------	C:\WINDOWS\system32\mysidesearch_sidebar.dll
    
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5946C84B-DE15-4144-A89F-CC4E952483A9}]
    2004-08-04 09:03	84480	--a------	C:\WINDOWS\system32\cabine.dll
    
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]
    2007-11-19 11:36	64000	--a------	C:\WINDOWS\system32\spads.dll
    
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E82E0739-0AAE-4E99-9052-B40F7DABFA34}]
    2007-03-09 01:34	593920	--a------	C:\Program Files\ErrorsTool\ErrorsTool-1.dll
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DiTask.exe"="C:\Program Files\Eicon\Diva\DiTask.exe" [2002-04-10 10:21 143360]
    "Divamon.exe"="C:\Program Files\Eicon\Diva\Divamon.exe" [2002-04-10 10:28 32768]
    "Eicon TechnologyLAN_DAEMON"="C:\Program Files\Eicon\Diva\watch.exe" [2002-04-10 10:27 192512]
    "CGServer"="C:\Program Files\Eicon\Diva\cgserver.exe" [2002-04-10 10:26 40960]
    "DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-08-14 19:22 28672]
    "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 17:44 679936]
    "Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 21:08 57344]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 14:52 48752]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 11:30 85184]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
    
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 22:56:14 282624]
    KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08 16423]
    Microsoft Office.lnk - C:\Program Files\Office2K\Office\OSA9.EXE [2000-01-21 09:15:54 65588]
    VPN Client.lnk - C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2007-10-02 08:12:40 6144]
    
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup
    
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Desktop Search.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Desktop Search.lnk
    backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
    --a------ 2006-05-10 10:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    --a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-08-04 16:22 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
    --a------ 2007-03-03 13:12 341488 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
    
    R0 DiMaint;Eicon-onderhoudsstuurprogramma;C:\WINDOWS\system32\DRIVERS\DISDN\dimaint.sys [2002-12-04 14:49]
    R2 DiCapi;Eicon CAPI 2.0-stuurprogramma;C:\WINDOWS\system32\DRIVERS\DISDN\capi202k.sys [2001-06-12 14:27]
    R2 DiPort;Eicon-poortstuurprogramma;C:\WINDOWS\system32\DRIVERS\DISDN\diport40.sys [2002-10-16 15:32]
    R3 DiWan;Eicon-stuurprogramma voor alle Diva-clientkaarten;C:\WINDOWS\system32\DRIVERS\DISDN\Diwan.sys [2002-10-03 16:35]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
    S3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\System32\drivers\NMSCFG.SYS [2002-05-03 12:30]
    S3 NMSSvc;Intel(R) NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 12:29]
    S3 pohci13F;pohci13F;C:\DOCUME~1\TIMVET~1\LOCALS~1\Temp\pohci13F.sys []
    
    *Newly Created Service* - DUEAVLEL 
    *Newly Created Service* - PROCEXP90 
    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-01-13 13:54:32 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
    - C:\WINDOWS\system32\rundll32.exe
    .
    **************************************************************************
    
    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-26 17:18:22
    Windows 5.1.2600 Service Pack 2 NTFS
    
    scannen van verborgen processen ...
    
    scannen van verborgen autostart items ...
    
    scannen van verborgen bestanden ...
    
    Scan succesvol afgerond 
    verborgen bestanden: 0 
    
    **************************************************************************
    .
    Voltooingstijd: 2008-01-26 17:24:57
    ComboFix-quarantined-files.txt  2008-01-26 16:24:51
    .
    2008-01-09 15:21:14	--- E O F ---
    Alvast bedankt!
    Maarten

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download IceSword en unzip het naar je bureaublad in een map.
    - Open die map, dubbelklik op het "Sword icon" om IceSword te starten.
    - Links klik je op file.
    - Kies nu deze computer in icesword en navigeer naar dit bestand:

    C:\WINDOWS\SYSTEM32\DRIVERS\ikuracjg.dat

    - Rechtsklik er op en kies voor delete.

    - Doe dit ook voor:

    C:\WINDOWS\SYSTEM32\cabine.dll

    Herstart je PC en post een nieuw logje van Combofix

    Comment


    • #3
      Dit is het logje van RVAXO:

      Code:
      ---RVAXO.exe Updated: [color=red]2008-01-27[/color]---first run--- 
      Files found: 
      C:\WINDOWS\system32\spads.dll 
      C:\WINDOWS\system32\dcads_sidebar.dll 
      C:\WINDOWS\system32\Dcads_sidebar_uninstall.exe 
       
      Uninstallers Rogue scanners: 
       
       
      Folders Found: 
       
      C:\Program Files\ErrorsTool 
       
      Hosts-file was reset, If you use a custom hosts file please replace it... 
       
      --------------RVAXO.exe last run--------------- 
       
      Files found: 
       
      Folders Found: 
       
      --------------RVAXO.exe finished----------------

      Comment


      • #4
        En dit is het combofix logje. Niks heeft tot nu toe gewerkt. Het cabine.dll bestand blijft hardnekkig terugkomen en daarmee ook mijn problemen. HJT, icesword en combofix halen op dit moment niks uit. Iets wat mij opviel is wel dat er een heel aantal bestanden is dat op exact hetzelfde tijdstip als cabine.dll is aangepast, tot op de seconde precies. Dit zou een indicatie kunnen zijn dat deze bestanden ook geinfecteerd zijn. Het gaat om bestanden als:
        bitsprx2.dll,bitsprx3.dll,browser.dll,browsewm.dll,bthci.dll,bthserv.dll

        Dit zijn wel allemaal 'normale' files, ze worden niet aangegeven als spyware oid dus dat brengt me aan het twijfelen.

        Hoe nu verder?

        Code:
        ComboFix 08-01-23.1C - **** 2008-01-27 17:40:47.5 - NTFSx86
        Gestart vanuit: C:\Documents and Settings\***\Bureaublad\ComboFix.exe
        
        [color=red][b]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b][/color]
        .
        
        ((((((((((((((((((((   Bestanden Gemaakt van 2007-12-27 to 2008-01-27  ))))))))))))))))))))))))))))))
        .
        
        2008-01-27 17:18 . 2008-01-27 17:34	<DIR>	d--------	C:\RVAXO
        2008-01-27 17:16 . 2008-01-27 12:02	634,007	--a------	C:\WINDOWS\SYSTEM32\RVAXO.bat
        2008-01-27 17:16 . 2001-10-01 14:51	69,632	--a------	C:\WINDOWS\SYSTEM32\remove.exe
        2008-01-26 17:28 . 2008-01-26 17:28	<DIR>	d--------	C:\Program Files\Trend Micro
        2008-01-26 16:49 . 2000-08-31 08:00	51,200	--a------	C:\WINDOWS\Nircmd.exe
        2008-01-26 16:36 . 2008-01-26 16:36	<DIR>	d--------	C:\Program Files\CCleaner
        2008-01-22 16:41 . 2004-08-04 09:03	84,480	--a------	C:\WINDOWS\SYSTEM32\cabine.dll
        2008-01-22 16:04 . 2008-01-22 16:05	<DIR>	d--------	C:\Program Files\NCH Software
        2008-01-21 18:36 . 2008-01-21 18:36	<DIR>	d--------	C:\Program Files\Common Files\MAGIX
        2008-01-21 18:34 . 2008-01-21 18:38	<DIR>	d--------	C:\Program Files\MAGIX
        2008-01-21 18:34 . 2007-04-27 10:43	120,200	--a------	C:\WINDOWS\SYSTEM32\DLLDEV32i.dll
        2008-01-17 15:26 . 2008-01-17 16:21	16	--a------	C:\WINDOWS\popcinfo.dat
        2008-01-17 15:20 . 2008-01-17 15:20	<DIR>	d--------	C:\Program Files\PopCap Games
        2008-01-17 15:20 . 2008-01-17 16:21	20	--a------	C:\WINDOWS\popcinfot.dat
        2008-01-17 15:20 . 2008-01-17 15:20	0	--a------	C:\WINDOWS\popcreg.dat
        2008-01-13 15:01 . 2008-01-27 17:43	69,966	--a------	C:\logfile
        2008-01-13 15:00 . 2008-01-27 17:37	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
        2008-01-13 15:00 . 2008-01-13 15:00	1,409	--a------	C:\WINDOWS\QTFont.for
        2008-01-13 14:52 . 2008-01-13 14:52	<DIR>	d--------	C:\WINDOWS\SYSTEM32\BWKDLogs
        2008-01-13 14:52 . 2008-01-13 14:53	<DIR>	d--------	C:\Program Files\QuickTime
        2008-01-13 14:51 . 2008-01-13 14:51	<DIR>	d--------	C:\Program Files\Common Files\Kodak
        2008-01-13 14:51 . 2004-08-04 10:03	159,232	--a------	C:\WINDOWS\SYSTEM32\ptpusd.dll
        2008-01-13 14:51 . 2001-09-06 21:27	5,632	--a------	C:\WINDOWS\SYSTEM32\ptpusb.dll
        2008-01-13 14:49 . 2008-01-13 14:52	<DIR>	d--------	C:\Program Files\Kodak
        2008-01-12 17:00 . 2008-01-26 17:47	<DIR>	d--------	C:\Program Files\LimewirePlus
        2008-01-12 15:59 . 2006-05-03 22:53	174,592	--a------	C:\WINDOWS\SYSTEM32\framedyn.dll
        2008-01-12 15:58 . 2005-08-30 01:49	94,000	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\ssm_mdm.sys
        2008-01-12 15:58 . 2005-08-30 01:47	58,320	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\ssm_bus.sys
        2008-01-12 15:58 . 2005-08-30 01:49	8,336	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\ssm_mdfl.sys
        2008-01-12 15:58 . 2005-08-30 01:49	6,176	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\ssm_cmnt.sys
        2008-01-12 15:58 . 2005-08-30 01:49	6,176	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\ssm_cm.sys
        2008-01-12 15:58 . 2005-08-30 01:47	5,840	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\ssm_whnt.sys
        2008-01-12 15:58 . 2005-08-30 01:47	5,840	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\ssm_wh.sys
        2008-01-12 15:57 . 2006-07-24 16:05	5,632	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\StarOpen.sys
        2008-01-10 21:06 . 2008-01-21 19:48	<DIR>	d--------	C:\Program Files\CinemaForge
        2008-01-10 21:06 . 2007-11-14 00:06	1,558,280	--a------	C:\WINDOWS\screengenie.scr
        2008-01-10 17:54 . 2008-01-10 17:54	<DIR>	d--------	C:\Program Files\Karakter Interactive
        2008-01-07 16:07 . 2008-01-07 16:07	<DIR>	d--------	C:\Program Files\Real
        2008-01-07 16:07 . 2008-01-22 15:52	<DIR>	d--------	C:\Program Files\Common Files\Real
        2008-01-07 15:35 . 2008-01-07 15:35	<DIR>	d--------	C:\WINDOWS\TubeTools
        2008-01-07 15:35 . 2008-01-10 20:40	<DIR>	d--------	C:\Program Files\TubeTools
        
        .
        (((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2008-01-27 16:34	---------	d-----w	C:\Program Files\Symantec AntiVirus
        2008-01-26 15:33	---------	d-----w	C:\Program Files\Hitman Pro
        2008-01-21 17:39	---------	d-----w	C:\Program Files\Common Files\MAGIX Shared
        2008-01-15 15:17	---------	d-----w	C:\Program Files\Microsoft Games
        2008-01-15 15:07	---------	d--h--w	C:\Program Files\InstallShield Installation Information
        2008-01-12 16:09	---------	d-----w	C:\Program Files\LimeWire Plus
        2008-01-12 14:57	---------	d-----w	C:\Program Files\Samsung
        2007-12-23 21:47	---------	d-----w	C:\Program Files\NEXON
        2007-12-22 10:56	---------	d-----w	C:\Program Files\GameSpy Arcade
        2007-12-20 06:58	---------	d-s---w	C:\Program Files\Xfire
        2007-12-13 17:02	107,832	----a-w	C:\WINDOWS\SYSTEM32\PnkBstrB.exe
        2007-12-12 19:01	22,328	----a-w	C:\WINDOWS\system32\drivers\PnkBstrK.sys
        2007-11-30 16:27	194,560	----a-w	C:\WINDOWS\SYSTEM32\screensaver_NextGeneration.scr
        2007-11-30 16:27	12,288	----a-w	C:\WINDOWS\SYSTEM32\impborl.dll
        2007-11-28 09:54	---------	d-----w	C:\Program Files\Spyware Doctor
        2007-11-27 21:30	---------	d-----w	C:\Program Files\SpywareBlaster
        2007-11-13 23:06	35,080	----a-w	C:\WINDOWS\SYSTEM32\npmirage.dll
        2007-11-13 23:06	1,558,280	----a-w	C:\WINDOWS\SYSTEM32\xmirage.exe
        2007-11-07 09:30	727,040	----a-w	C:\WINDOWS\SYSTEM32\lsasrv.dll
        2007-11-07 09:30	727,040	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
        2007-11-04 16:25	66,872	----a-w	C:\WINDOWS\SYSTEM32\PnkBstrA.exe
        2007-10-30 23:27	3,590,656	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
        2007-10-30 17:20	360,064	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
        2007-10-29 22:45	1,291,776	----a-w	C:\WINDOWS\SYSTEM32\quartz.dll
        2007-10-29 22:45	1,291,776	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
        2007-05-09 13:05	63,012,165	----a-w	C:\Program Files\music_maker_11_deluxe_60mb_us.exe
        2007-05-08 15:15	147,782,696	----a-w	C:\Program Files\UVS11Plus_TBYB_E(US).exe
        2007-08-07 13:02	32,768	--sha-w	C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Tijdelijke Internet-bestanden\Content.IE5\index.dat
        .
        
        (((((((((((((((((((((((((((((   [email protected]_17.24.23,75   )))))))))))))))))))))))))))))))))))))))))
        .
        - 2008-01-26 15:51:05	1,421,312	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
        + 2008-01-26 16:40:31	1,421,312	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
        - 2008-01-26 15:51:05	8,192	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
        + 2008-01-26 16:40:32	8,192	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
        - 2008-01-26 15:51:05	1,421,312	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
        + 2008-01-26 16:40:32	1,421,312	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
        - 2008-01-26 15:51:05	8,192	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
        + 2008-01-26 16:40:32	8,192	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
        - 2008-01-26 15:51:06	8,654,848	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat
        + 2008-01-26 16:40:32	8,654,848	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat
        - 2008-01-26 15:51:06	139,264	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
        + 2008-01-26 16:40:33	143,360	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
        + 2004-08-04 08:03:05	85,504	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\cabview.dll
        - 2000-08-31 07:00:00	49,152	----a-w	C:\WINDOWS\SYSTEM32\VFind.exe
        + 2008-01-03 18:47:58	49,152	----a-w	C:\WINDOWS\SYSTEM32\VFind.exe
        .
        (((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        REGEDIT4
        *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
        
        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11910655-E57E-4D0E-A1CC-B2E57202A8F9}]
        2004-08-04 09:03	84480	--a------	C:\WINDOWS\system32\cabine.dll
        
        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5946C84B-DE15-4144-A89F-CC4E952483A9}]
        2004-08-04 09:03	84480	--a------	C:\WINDOWS\system32\cabine.dll
        
        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{875C7F9A-DA6C-4524-9E06-D6BE524BE925}]
        2004-08-04 09:03	84480	--a------	C:\WINDOWS\system32\cabine.dll
        
        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
        "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
        
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "DiTask.exe"="C:\Program Files\Eicon\Diva\DiTask.exe" [2002-04-10 10:21 143360]
        "Divamon.exe"="C:\Program Files\Eicon\Diva\Divamon.exe" [2002-04-10 10:28 32768]
        "Eicon TechnologyLAN_DAEMON"="C:\Program Files\Eicon\Diva\watch.exe" [2002-04-10 10:27 192512]
        "CGServer"="C:\Program Files\Eicon\Diva\cgserver.exe" [2002-04-10 10:26 40960]
        "DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-08-14 19:22 28672]
        "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 17:44 679936]
        "Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 21:08 57344]
        "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 14:52 48752]
        "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 11:30 85184]
        "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
        
        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
        
        C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
        Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 22:56:14 282624]
        KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08 16423]
        Microsoft Office.lnk - C:\Program Files\Office2K\Office\OSA9.EXE [2000-01-21 09:15:54 65588]
        VPN Client.lnk - C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2007-10-02 08:12:40 6144]
        
        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
        path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
        backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup
        
        [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Desktop Search.lnk]
        path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Desktop Search.lnk
        backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
        
        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
        --a------ 2006-05-10 10:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe
        
        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
        --a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
        
        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
        --a------ 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe
        
        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
        --a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
        
        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
        C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
        
        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
        --a------ 2007-08-04 16:22 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        
        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
        --a------ 2007-03-03 13:12 341488 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
        
        R0 DiMaint;Eicon-onderhoudsstuurprogramma;C:\WINDOWS\system32\DRIVERS\DISDN\dimaint.sys [2002-12-04 14:49]
        R0 dueavlel;dueavlel;C:\WINDOWS\system32\drivers\ikuracjg.dat []
        R2 DiCapi;Eicon CAPI 2.0-stuurprogramma;C:\WINDOWS\system32\DRIVERS\DISDN\capi202k.sys [2001-06-12 14:27]
        R2 DiPort;Eicon-poortstuurprogramma;C:\WINDOWS\system32\DRIVERS\DISDN\diport40.sys [2002-10-16 15:32]
        R3 DiWan;Eicon-stuurprogramma voor alle Diva-clientkaarten;C:\WINDOWS\system32\DRIVERS\DISDN\Diwan.sys [2002-10-03 16:35]
        S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
        S3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\System32\drivers\NMSCFG.SYS [2002-05-03 12:30]
        S3 NMSSvc;Intel(R) NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 12:29]
        S3 pohci13F;pohci13F;C:\DOCUME~1\TIMVET~1\LOCALS~1\Temp\pohci13F.sys []
        
        .
        Inhoud van de 'Gedeelde Taken' map
        "2008-01-13 13:54:32 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
        - C:\WINDOWS\system32\rundll32.exe
        .
        **************************************************************************
        
        catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-01-27 17:50:39
        Windows 5.1.2600 Service Pack 2 NTFS
        
        scannen van verborgen processen ...
        
        scannen van verborgen autostart items ...
        
        scannen van verborgen bestanden ...
        
        Scan succesvol afgerond 
        verborgen bestanden: 0 
        
        **************************************************************************
        .
        Voltooingstijd: 2008-01-27 17:55:52
        ComboFix-quarantined-files.txt  2008-01-27 16:55:35
        ComboFix2.txt  2008-01-26 18:54:14
        ComboFix3.txt  2008-01-26 16:24:58
        .
        2008-01-09 15:21:14	--- E O F ---

        Comment


        • #5
          Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
          Dit zal alles van RVAXO doen verwijderen.

          Download de bijlage: CFScript.txt

          Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



          Dit zal ComboFix doen herstarten.
          Start opnieuw op als daarom gevraagd wordt,
          en post de inhoud van de Combofix.txt in je volgende antwoord.

          Post ook een nieuw logje van Hijackthis en vertel of je nog problemen ondervindt
          Bijgevoegde Bestanden

          Comment

          Sorry, you are not authorized to view this page
          Working...
          X