Open hijackthis, klik 'config' (rechts onderaan)
Kies de tab 'misc Tools' bovenaan.
Kies 'delete a file on reboot'
In het veld, kopieer en plak het volgend lijntje:

C:\WINDOWS\Installer\{d2db6aa6-746c-4c3f-b8b1-c582d43bfd7c}\zip.dll

Klik open.
Hijackthis zal je zeggen dat dit bestand zal verwijderen worden na volgende reboot en of je nu wilt rebooten.
Klik ja/ok

Je pc zal nu rebooten.


Download: RVAXO.exe

• Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
• Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
  Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
• Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
  
• Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
  Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
• Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
• Post de inhoud van de logfile in je volgende bericht.

Download Combofix (mirror) naar je Bureaublad.
Dubbelklik op Combofix.exe
Kies voor "Continue" door 1 te typen gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

het eerste lukt al niet als ik op delete file on a reboot doet hij niets de andere opties werken wel

Ga dan maar verder met de volgende stappen.

dit zijn de logjes
ComboFix 08-02.03.1 - Mine 2008-02-03 14:01:15.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.584 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Mine\Local Settings\Temporary Internet Files\Content.IE5\E1QJSNUD\ComboFix[1].exe
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\byxuusp.dll
C:\WINDOWS\system32\sstqr.dll
C:\WINDOWS\system32\awuexdov.dll
C:\WINDOWS\system32\awuexdov.dll . . . . konden niet verwijderd worden
C:\WINDOWS\system32\awuexdov.dllbox
C:\WINDOWS\system32\byxuusp.dll
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\gfeuhcgj.dll
C:\WINDOWS\system32\jgchuefg.ini
C:\WINDOWS\system32\jkkihef.dll
C:\WINDOWS\system32\oulejmqy.dll
C:\WINDOWS\system32\rqtss.ini
C:\WINDOWS\system32\rqtss.ini2
C:\WINDOWS\system32\sstqr.dll

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-01-03 to 2008-02-03 ))))))))))))))))))))))))))))))
.

2008-02-03 13:50 . 2008-02-03 13:54 <DIR> d-------- C:\RVAXO
2008-02-03 13:44 . 2008-02-03 12:12 657,805 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-02-03 13:44 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2008-02-03 13:22 . 2008-02-03 13:22 160,560 --a------ C:\Program Files\udefender_setup.exe
2008-02-03 13:17 . 2008-02-03 14:08 163,904 --a------ C:\WINDOWS\system32\awuexdov.dll
2008-02-03 13:12 . 2008-02-03 13:12 26,624 --a------ C:\WINDOWS\system32\winuqw32.dll
2008-02-03 13:12 . 2008-02-03 13:12 10,240 --a------ C:\Program Files\13617625.exe
2008-02-03 13:06 . 2008-02-03 13:06 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-02-03 13:06 . 2008-02-03 13:06 <DIR> d-------- C:\Program Files\WinAVI FLV Converter
2008-02-03 13:06 . 2008-02-03 13:06 <DIR> d-------- C:\Program Files\WinAVI DVD Copy
2008-02-03 13:05 . 2008-02-03 13:05 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter
2008-02-03 12:54 . 2008-02-03 12:54 <DIR> d-------- C:\Program Files\DVD Shrink
2008-02-03 12:54 . 2008-02-03 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-24 21:09 . 2008-02-03 13:56 <DIR> dr-h----- C:\Documents and Settings\Mine\Onlangs geopend
2008-01-22 20:00 . 2008-01-24 16:58 <DIR> d-------- C:\Documents and Settings\Mine\Application Data\skypePM
2008-01-22 20:00 . 2008-01-22 20:00 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-22 19:58 . 2008-01-24 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-01-18 19:29 . 2008-01-18 19:29 75 --a------ C:\WINDOWS\system32\win32httpdata.db
2008-01-12 19:14 . 2008-01-12 19:14 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-12 19:14 . 2008-01-12 19:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-12 19:14 . 2008-01-12 19:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-12 19:14 . 2008-01-12 19:15 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-12 19:10 . 2008-01-12 19:19 <DIR> d-------- C:\Program Files\QuickTime
2008-01-12 18:18 . 2007-03-04 13:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2008-01-12 18:18 . 2007-03-04 13:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2008-01-12 18:17 . 2008-01-13 16:17 <DIR> d-------- C:\Program Files\Replay Converter
2008-01-12 18:15 . 2008-01-12 18:17 <DIR> d-------- C:\Documents and Settings\Mine\Application Data\GetRightToGo
2008-01-12 17:47 . 2008-01-12 17:47 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-01-09 16:23 . 1999-12-07 14:00 67,856 --a------ C:\WINDOWS\system32\convlog.exe
2008-01-09 16:23 . 1999-12-07 14:00 14,608 --a------ C:\WINDOWS\system32\iisreset.exe
2008-01-09 16:23 . 1999-12-07 14:00 11,355 --a------ C:\WINDOWS\system32\infoctrs.ini
2008-01-09 16:23 . 1999-12-07 14:00 9,488 --a------ C:\WINDOWS\system32\infoctrs.dll
2008-01-09 16:23 . 1999-12-07 14:00 6,928 --a------ C:\WINDOWS\system32\ftpsapi2.dll
2008-01-09 16:23 . 1999-12-07 14:00 6,928 --a------ C:\WINDOWS\system32\admxprox.dll
2008-01-09 16:23 . 1999-12-07 14:00 6,416 --a------ C:\WINDOWS\system32\iisrstap.dll
2008-01-09 13:45 . 2008-01-09 13:45 <DIR> d-------- C:\Program Files\HD Tune
2008-01-09 13:45 . 2008-01-09 13:45 <DIR> d-------- C:\Program Files\Find Junk Files
2008-01-09 13:44 . 2008-01-09 13:44 <DIR> d-------- C:\Program Files\DG-Defragmenter
2008-01-09 13:44 . 2008-01-12 18:17 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-01-07 18:34 . 1998-07-08 17:30 18,944 --a------ C:\WINDOWS\eraser.exe
2008-01-05 19:04 . 2008-01-05 20:47 <DIR> d-------- C:\files
2008-01-05 18:57 . 2008-01-05 19:00 <DIR> d-------- C:\files van maxime lombardo
2008-01-05 17:01 . 2008-01-08 18:01 <DIR> d-------- C:\Program Files\zFTPServer Administration
2008-01-05 17:01 . 2008-01-14 06:43 <DIR> d-------- C:\Program Files\zFTPServer
2008-01-05 15:48 . 2008-01-05 15:48 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-01-05 15:39 . 1999-12-07 14:00 244,496 --a------ C:\WINDOWS\system32\adsiis.dll
2008-01-05 15:39 . 1999-12-07 14:00 123,664 --a------ C:\WINDOWS\system32\iisRtl.dll
2008-01-05 15:39 . 1999-12-07 14:00 57,616 --a------ C:\WINDOWS\system32\iismap.dll
2008-01-05 15:39 . 1999-12-07 14:00 42,768 --a------ C:\WINDOWS\system32\iisext.dll
2008-01-05 15:39 . 1999-12-07 14:00 32,528 --a------ C:\WINDOWS\system32\admwprox.dll
2008-01-05 15:39 . 1999-12-07 14:00 20,752 --a------ C:\WINDOWS\system32\inetsloc.dll
2008-01-05 15:39 . 1999-12-07 14:00 14,096 --a------ C:\WINDOWS\system32\exstrace.dll
2008-01-05 15:39 . 1999-12-07 14:00 12,560 --a------ C:\WINDOWS\system32\infoadmn.dll
2008-01-05 15:39 . 1999-12-07 14:00 8,464 --a------ C:\WINDOWS\system32\staxmem.dll
2008-01-05 15:39 . 1999-12-07 14:00 7,440 --a------ C:\WINDOWS\system32\wamregps.dll
2008-01-05 15:38 . 2003-04-14 20:42 212,992 --a--c--- C:\WINDOWS\system32\dllcache\fpmmcsat.dll
2008-01-05 15:38 . 2003-03-24 15:52 24,632 --a--c--- C:\WINDOWS\system32\dllcache\fpadmcgi.exe
2008-01-05 15:38 . 2003-03-24 15:52 20,541 --a--c--- C:\WINDOWS\system32\dllcache\fpadmdll.dll
2008-01-05 15:38 . 2003-04-14 20:42 16,384 --a--c--- C:\WINDOWS\system32\dllcache\tcptsat.dll
2008-01-05 15:33 . 2002-10-24 17:09 <DIR> d-------- C:\IIS
2008-01-04 23:28 . 2008-01-04 23:28 <DIR> d-------- C:\Program Files\Xvid
2008-01-04 23:28 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-04 23:28 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-04 23:28 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 17:46 --------- d-----w C:\Program Files\LimeWire
2008-01-28 20:08 --------- d-----w C:\Documents and Settings\Mine\Application Data\Canon
2008-01-09 12:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-08 05:46 --------- d-----w C:\Program Files\MSN Messenger
2008-01-08 05:46 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-04 23:03 --------- d-----w C:\Program Files\DivX
2007-12-30 08:27 --------- d-----w C:\Documents and Settings\Mine\Application Data\AdobeUM
2007-12-20 11:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-20 11:38 --------- d-----w C:\Program Files\Windows Live
2007-12-14 07:18 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-13 16:18 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-09 14:49 --------- d-----w C:\Program Files\IrfanView
2007-12-05 13:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-05 13:42 --------- d-----w C:\Program Files\RogueRemover FREE
2007-12-05 12:29 --------- d-----w C:\Program Files\Windows Resource Kits
2007-12-04 17:13 --------- d-----w C:\Documents and Settings\Mine\Application Data\TuneUp Software
2007-12-03 20:30 --------- d-----w C:\Program Files\TweakRAM
1999-02-11 13:11 262,415 ----a-w C:\Documents and Settings\All Users\SETUP.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2008-02-03 14:08 163904 --a------ C:\WINDOWS\system32\awuexdov.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B}]
2008-01-28 04:59 114688 --a------ C:\Program Files\WinAVI FLV Converter\FLVTune.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 19:08 68856]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 11:41 860160]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"NWEReboot"=""
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00 49152]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088]
"cnfgCav"="C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" [2007-09-04 17:48 110592]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 19:44 65536]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

C:\Documents and Settings\Mine\Menu Start\Programma's\Opstarten\
zFTPServer Administration.lnk - C:\Program Files\zFTPServer Administration\zFTPServerAdmin.exe [2008-01-08 07:04:13 4402688]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-12 15:23:40 528384]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 14:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awuexdov]
awuexdov.dll 2008-02-03 14:08 163904 C:\WINDOWS\system32\awuexdov.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln]
monln.dll 2007-09-04 17:48 216576 C:\WINDOWS\system32\monln.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wineij32]
wineij32.dll

R2 zFTPSvc;zFTPServer;C:\Program Files\zFTPServer\zFTPServer.exe [2007-12-10 17:21]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1b1c691-472f-11db-9c2f-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Inhoud van de 'Gedeelde Taken' map
"2008-02-01 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-02-01 14:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 14:11:37
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\awuexdov.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\awuexdov.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
.
**************************************************************************
.
Voltooingstijd: 2008-02-03 14:13:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-03 13:13:35
ComboFix2.txt 2007-10-10 16:37:33
ComboFix3.txt 2007-10-10 15:56:59
.



---RVAXO.exe Updated: 2008-02-03---first run---
Files found:
C:\WINDOWS\system32\awuexdov.dllbox
C:\WINDOWS\system32\wineij32.dll
C:\WINDOWS\system32\winrkp32.dll
C:\WINDOWS\system32\winuqw32.dll
C:\WINDOWS\system32\rqtss.ini2
C:\WINDOWS\mgrs.exe
C:\Program Files\ucleaner_setup.exe
C:\WINDOWS\avp.exe

Uninstallers:


Folders Found:

C:\Program Files\Ultimate Defender
C:\Program Files\Outerinfo

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------

Files found:

C:\WINDOWS\system32\winuqw32.dll
Folders Found:

--------------RVAXO.exe finished----------------

Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

File::
C:\Program Files\udefender_setup.exe
C:\WINDOWS\system32\awuexdov.dll
C:\WINDOWS\system32\winuqw32.dll
C:\Program Files\13617625.exe


Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

ComboFix 08-02.03.1 - Mine 2008-02-03 14:51:05.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.554 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Mine\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mine\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awuexdov.dll
C:\WINDOWS\system32\awuexdov.dllbox

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-01-03 to 2008-02-03 ))))))))))))))))))))))))))))))
.

2008-02-03 14:45 . 2008-02-03 14:45 <DIR> d-------- C:\Program Files\Any Video Converter Professional
2008-02-03 14:45 . 2008-02-03 14:45 <DIR> d-------- C:\Documents and Settings\Mine\Application Data\Any Video Converter Professional
2008-02-03 14:45 . 2008-02-03 14:46 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-03 13:50 . 2008-02-03 13:54 <DIR> d-------- C:\RVAXO
2008-02-03 13:44 . 2008-02-03 12:12 657,805 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-02-03 13:44 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2008-02-03 13:22 . 2008-02-03 13:22 160,560 --a------ C:\Program Files\udefender_setup.exe
2008-02-03 13:12 . 2008-02-03 13:12 26,624 --a------ C:\WINDOWS\system32\winuqw32.dll
2008-02-03 13:12 . 2008-02-03 13:12 10,240 --a------ C:\Program Files\13617625.exe
2008-02-03 13:06 . 2008-02-03 13:06 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-02-03 13:06 . 2008-02-03 13:06 <DIR> d-------- C:\Program Files\WinAVI FLV Converter
2008-02-03 13:06 . 2008-02-03 13:06 <DIR> d-------- C:\Program Files\WinAVI DVD Copy
2008-02-03 13:05 . 2008-02-03 13:05 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter
2008-02-03 12:54 . 2008-02-03 12:54 <DIR> d-------- C:\Program Files\DVD Shrink
2008-02-03 12:54 . 2008-02-03 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-24 21:09 . 2008-02-03 14:49 <DIR> dr-h----- C:\Documents and Settings\Mine\Onlangs geopend
2008-01-22 20:00 . 2008-01-24 16:58 <DIR> d-------- C:\Documents and Settings\Mine\Application Data\skypePM
2008-01-22 20:00 . 2008-01-22 20:00 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-22 19:58 . 2008-01-24 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-01-18 19:29 . 2008-01-18 19:29 75 --a------ C:\WINDOWS\system32\win32httpdata.db
2008-01-12 19:14 . 2008-01-12 19:14 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-12 19:14 . 2008-01-12 19:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-12 19:14 . 2008-01-12 19:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-12 19:14 . 2008-01-12 19:15 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-12 19:10 . 2008-01-12 19:19 <DIR> d-------- C:\Program Files\QuickTime
2008-01-12 18:18 . 2007-03-04 13:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2008-01-12 18:18 . 2007-03-04 13:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2008-01-12 18:17 . 2008-01-13 16:17 <DIR> d-------- C:\Program Files\Replay Converter
2008-01-12 18:15 . 2008-01-12 18:17 <DIR> d-------- C:\Documents and Settings\Mine\Application Data\GetRightToGo
2008-01-12 17:47 . 2008-01-12 17:47 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-01-09 16:23 . 1999-12-07 14:00 67,856 --a------ C:\WINDOWS\system32\convlog.exe
2008-01-09 16:23 . 1999-12-07 14:00 14,608 --a------ C:\WINDOWS\system32\iisreset.exe
2008-01-09 16:23 . 1999-12-07 14:00 11,355 --a------ C:\WINDOWS\system32\infoctrs.ini
2008-01-09 16:23 . 1999-12-07 14:00 9,488 --a------ C:\WINDOWS\system32\infoctrs.dll
2008-01-09 16:23 . 1999-12-07 14:00 6,928 --a------ C:\WINDOWS\system32\ftpsapi2.dll
2008-01-09 16:23 . 1999-12-07 14:00 6,928 --a------ C:\WINDOWS\system32\admxprox.dll
2008-01-09 16:23 . 1999-12-07 14:00 6,416 --a------ C:\WINDOWS\system32\iisrstap.dll
2008-01-09 13:45 . 2008-01-09 13:45 <DIR> d-------- C:\Program Files\HD Tune
2008-01-09 13:45 . 2008-01-09 13:45 <DIR> d-------- C:\Program Files\Find Junk Files
2008-01-09 13:44 . 2008-01-09 13:44 <DIR> d-------- C:\Program Files\DG-Defragmenter
2008-01-09 13:44 . 2008-01-12 18:17 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-01-07 18:34 . 1998-07-08 17:30 18,944 --a------ C:\WINDOWS\eraser.exe
2008-01-05 19:04 . 2008-01-05 20:47 <DIR> d-------- C:\files
2008-01-05 18:57 . 2008-01-05 19:00 <DIR> d-------- C:\files van maxime lombardo
2008-01-05 17:01 . 2008-01-08 18:01 <DIR> d-------- C:\Program Files\zFTPServer Administration
2008-01-05 17:01 . 2008-01-14 06:43 <DIR> d-------- C:\Program Files\zFTPServer
2008-01-05 15:48 . 2008-01-05 15:48 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-01-05 15:39 . 1999-12-07 14:00 244,496 --a------ C:\WINDOWS\system32\adsiis.dll
2008-01-05 15:39 . 1999-12-07 14:00 123,664 --a------ C:\WINDOWS\system32\iisRtl.dll
2008-01-05 15:39 . 1999-12-07 14:00 57,616 --a------ C:\WINDOWS\system32\iismap.dll
2008-01-05 15:39 . 1999-12-07 14:00 42,768 --a------ C:\WINDOWS\system32\iisext.dll
2008-01-05 15:39 . 1999-12-07 14:00 32,528 --a------ C:\WINDOWS\system32\admwprox.dll
2008-01-05 15:39 . 1999-12-07 14:00 20,752 --a------ C:\WINDOWS\system32\inetsloc.dll
2008-01-05 15:39 . 1999-12-07 14:00 14,096 --a------ C:\WINDOWS\system32\exstrace.dll
2008-01-05 15:39 . 1999-12-07 14:00 12,560 --a------ C:\WINDOWS\system32\infoadmn.dll
2008-01-05 15:39 . 1999-12-07 14:00 8,464 --a------ C:\WINDOWS\system32\staxmem.dll
2008-01-05 15:39 . 1999-12-07 14:00 7,440 --a------ C:\WINDOWS\system32\wamregps.dll
2008-01-05 15:38 . 2003-04-14 20:42 212,992 --a--c--- C:\WINDOWS\system32\dllcache\fpmmcsat.dll
2008-01-05 15:38 . 2003-03-24 15:52 24,632 --a--c--- C:\WINDOWS\system32\dllcache\fpadmcgi.exe
2008-01-05 15:38 . 2003-03-24 15:52 20,541 --a--c--- C:\WINDOWS\system32\dllcache\fpadmdll.dll
2008-01-05 15:38 . 2003-04-14 20:42 16,384 --a--c--- C:\WINDOWS\system32\dllcache\tcptsat.dll
2008-01-05 15:33 . 2002-10-24 17:09 <DIR> d-------- C:\IIS
2008-01-04 23:28 . 2008-01-04 23:28 <DIR> d-------- C:\Program Files\Xvid
2008-01-04 23:28 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-04 23:28 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-04 23:28 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 17:46 --------- d-----w C:\Program Files\LimeWire
2008-01-28 20:08 --------- d-----w C:\Documents and Settings\Mine\Application Data\Canon
2008-01-09 12:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-08 05:46 --------- d-----w C:\Program Files\MSN Messenger
2008-01-08 05:46 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-04 23:03 --------- d-----w C:\Program Files\DivX
2007-12-30 08:27 --------- d-----w C:\Documents and Settings\Mine\Application Data\AdobeUM
2007-12-20 11:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-20 11:38 --------- d-----w C:\Program Files\Windows Live
2007-12-14 07:18 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-13 16:18 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-09 14:49 --------- d-----w C:\Program Files\IrfanView
2007-12-05 13:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-05 13:42 --------- d-----w C:\Program Files\RogueRemover FREE
2007-12-05 12:29 --------- d-----w C:\Program Files\Windows Resource Kits
2007-12-04 17:13 --------- d-----w C:\Documents and Settings\Mine\Application Data\TuneUp Software
2007-12-03 20:30 --------- d-----w C:\Program Files\TweakRAM
1999-02-11 13:11 262,415 ----a-w C:\Documents and Settings\All Users\SETUP.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B}]
2008-01-28 04:59 114688 --a------ C:\Program Files\WinAVI FLV Converter\FLVTune.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 19:08 68856]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 11:41 860160]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"NWEReboot"=""
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00 49152]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088]
"cnfgCav"="C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" [2007-09-04 17:48 110592]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 19:44 65536]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

C:\Documents and Settings\Mine\Menu Start\Programma's\Opstarten\
zFTPServer Administration.lnk - C:\Program Files\zFTPServer Administration\zFTPServerAdmin.exe [2008-01-08 07:04:13 4402688]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-12 15:23:40 528384]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 14:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln]
monln.dll 2007-09-04 17:48 216576 C:\WINDOWS\system32\monln.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wineij32]
wineij32.dll

R2 zFTPSvc;zFTPServer;C:\Program Files\zFTPServer\zFTPServer.exe [2007-12-10 17:21]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1b1c691-472f-11db-9c2f-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Inhoud van de 'Gedeelde Taken' map
"2008-02-01 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-02-01 14:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 14:58:47
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
.
**************************************************************************
.
Voltooingstijd: 2008-02-03 15:01:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-03 14:00:58
ComboFix2.txt 2008-02-03 13:13:41
ComboFix3.txt 2007-10-10 16:37:33
ComboFix4.txt 2007-10-10 15:56:59
.
2008-01-09 05:51:25 --- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08:53, on 3/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\zFTPServer\zFTPServer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\Program Files\zFTPServer Administration\zFTPServerAdmin.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zeelandnet.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: zFTPServer Administration.lnk = C:\Program Files\zFTPServer Administration\zFTPServerAdmin.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download FLV by WinAVI... - C:\Program Files\WinAVI FLV Converter\flv_link.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: zFTPServer (zFTPSvc) - Unknown owner - C:\Program Files\zFTPServer\zFTPServer.exe

--
End of file - 9115 bytes

Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)
Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

Verwijder de volgende bestanden:
C:\Program Files\udefender_setup.exe
C:\WINDOWS\system32\winuqw32.dll
C:\Program Files\13617625.exe

Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
Dit zal alles van RVAXO doen verwijderen.

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Ga naar Start - Uitvoeren en geef hier het volgende in:
Combofix /U
Druk daarna op OK.
Let op: Er moet een spatie tussen Combofix en /U zitten.

Dit zal Combofix deïnstalleren.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Post als laatste nog een nieuw logje van Hijackthis ter controle

het is al veel verbeterd maar er komen nog enkele popup's van cleaners

dit is m'n logje
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:41, on 5/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\zFTPServer\zFTPServer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\zFTPServer Administration\zFTPServerAdmin.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Comodo\Comodo AntiVirus\cavemsrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zeelandnet.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: zFTPServer Administration.lnk = C:\Program Files\zFTPServer Administration\zFTPServerAdmin.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download FLV by WinAVI... - C:\Program Files\WinAVI FLV Converter\flv_link.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: zFTPServer (zFTPSvc) - Unknown owner - C:\Program Files\zFTPServer\zFTPServer.exe

--
End of file - 9131 bytes

Ken je dit programma:
O23 - Service: zFTPServer (zFTPSvc) - Unknown owner - C:\Program Files\zFTPServer\zFTPServer.exe

ja dat is mijn server die ik af en toe wel eens gebruik

Deze vertrouw ik ook niet erg:
O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll

moet ik hem verwijderen?
die heb ik een tijd geleden verwijdert van m'n computer blijkbaar staat het er nog op

Doe hem maar weg met Hijackthis, herstart je PC en post dan een nieuw logje.
Vertel of je dan nog popups krijgt

ik kan nu even een tijdje niet op m'n pc ik zal rond zaterdag weer kunnen antwoorden