Mededeling

Collapse
No announcement yet.

veel pop ups van ultimate cleaner en meldingen

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • veel pop ups van ultimate cleaner en meldingen

    ik krijg iedere keer dat ik op internet ga pop up's en ook van die balken dat een of andere scanner gaat scannen daarna loopt heel m'n pc vast het lukt maar net om hier een hijackthis-log te posten

    hier mijn logje
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:29:35, on 3/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\zFTPServer\zFTPServer.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
    C:\Program Files\USB Disk Win98 Driver\Res.EXE
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
    C:\Program Files\zFTPServer Administration\zFTPServerAdmin.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\avp.exe
    C:\WINDOWS\mgrs.exe
    C:\DOCUME~1\Mine\LOCALS~1\Temp\agentmon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zeelandnet.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKLM\..\Run: [ccd92b5f] rundll32.exe "C:\WINDOWS\system32\gfeuhcgj.dll",b
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: zFTPServer Administration.lnk = C:\Program Files\zFTPServer Administration\zFTPServerAdmin.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Download FLV by WinAVI... - C:\Program Files\WinAVI FLV Converter\flv_link.htm
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
    O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
    O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
    O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O21 - SSODL: zip - {d2db6aa6-746c-4c3f-b8b1-c582d43bfd7c} - C:\WINDOWS\Installer\{d2db6aa6-746c-4c3f-b8b1-c582d43bfd7c}\zip.dll
    O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: zFTPServer (zFTPSvc) - Unknown owner - C:\Program Files\zFTPServer\zFTPServer.exe

    --
    End of file - 8612 bytes

  • #2
    Open hijackthis, klik 'config' (rechts onderaan)
    Kies de tab 'misc Tools' bovenaan.
    Kies 'delete a file on reboot'
    In het veld, kopieer en plak het volgend lijntje:

    C:\WINDOWS\Installer\{d2db6aa6-746c-4c3f-b8b1-c582d43bfd7c}\zip.dll

    Klik open.
    Hijackthis zal je zeggen dat dit bestand zal verwijderen worden na volgende reboot en of je nu wilt rebooten.
    Klik ja/ok

    Je pc zal nu rebooten.


    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      het eerste lukt al niet als ik op delete file on a reboot doet hij niets de andere opties werken wel

      Comment


      • #4
        Ga dan maar verder met de volgende stappen.

        Comment


        • #5
          dit zijn de logjes
          ComboFix 08-02.03.1 - Mine 2008-02-03 14:01:15.3 - NTFSx86
          Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.584 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Mine\Local Settings\Temporary Internet Files\Content.IE5\E1QJSNUD\ComboFix[1].exe
          * Nieuw herstelpunt werd aangemaakt

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\WINDOWS\system32\byxuusp.dll
          C:\WINDOWS\system32\sstqr.dll
          C:\WINDOWS\system32\awuexdov.dll
          C:\WINDOWS\system32\awuexdov.dll . . . . konden niet verwijderd worden
          C:\WINDOWS\system32\awuexdov.dllbox
          C:\WINDOWS\system32\byxuusp.dll
          C:\WINDOWS\system32\Cache
          C:\WINDOWS\system32\gfeuhcgj.dll
          C:\WINDOWS\system32\jgchuefg.ini
          C:\WINDOWS\system32\jkkihef.dll
          C:\WINDOWS\system32\oulejmqy.dll
          C:\WINDOWS\system32\rqtss.ini
          C:\WINDOWS\system32\rqtss.ini2
          C:\WINDOWS\system32\sstqr.dll

          .
          (((((((((((((((((((( Bestanden Gemaakt van 2008-01-03 to 2008-02-03 ))))))))))))))))))))))))))))))
          .

          2008-02-03 13:50 . 2008-02-03 13:54 <DIR> d-------- C:\RVAXO
          2008-02-03 13:44 . 2008-02-03 12:12 657,805 --a------ C:\WINDOWS\system32\RVAXO.bat
          2008-02-03 13:44 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
          2008-02-03 13:22 . 2008-02-03 13:22 160,560 --a------ C:\Program Files\udefender_setup.exe
          2008-02-03 13:17 . 2008-02-03 14:08 163,904 --a------ C:\WINDOWS\system32\awuexdov.dll
          2008-02-03 13:12 . 2008-02-03 13:12 26,624 --a------ C:\WINDOWS\system32\winuqw32.dll
          2008-02-03 13:12 . 2008-02-03 13:12 10,240 --a------ C:\Program Files\13617625.exe
          2008-02-03 13:06 . 2008-02-03 13:06 <DIR> d-------- C:\Program Files\WinAVI Video Converter
          2008-02-03 13:06 . 2008-02-03 13:06 <DIR> d-------- C:\Program Files\WinAVI FLV Converter
          2008-02-03 13:06 . 2008-02-03 13:06 <DIR> d-------- C:\Program Files\WinAVI DVD Copy
          2008-02-03 13:05 . 2008-02-03 13:05 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter
          2008-02-03 12:54 . 2008-02-03 12:54 <DIR> d-------- C:\Program Files\DVD Shrink
          2008-02-03 12:54 . 2008-02-03 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
          2008-01-24 21:09 . 2008-02-03 13:56 <DIR> dr-h----- C:\Documents and Settings\Mine\Onlangs geopend
          2008-01-22 20:00 . 2008-01-24 16:58 <DIR> d-------- C:\Documents and Settings\Mine\Application Data\skypePM
          2008-01-22 20:00 . 2008-01-22 20:00 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
          2008-01-22 19:58 . 2008-01-24 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
          2008-01-18 19:29 . 2008-01-18 19:29 75 --a------ C:\WINDOWS\system32\win32httpdata.db
          2008-01-12 19:14 . 2008-01-12 19:14 <DIR> d-------- C:\Program Files\Apple Software Update
          2008-01-12 19:14 . 2008-01-12 19:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
          2008-01-12 19:14 . 2008-01-12 19:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
          2008-01-12 19:14 . 2008-01-12 19:15 1,409 --a------ C:\WINDOWS\QTFont.for
          2008-01-12 19:10 . 2008-01-12 19:19 <DIR> d-------- C:\Program Files\QuickTime
          2008-01-12 18:18 . 2007-03-04 13:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
          2008-01-12 18:18 . 2007-03-04 13:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
          2008-01-12 18:17 . 2008-01-13 16:17 <DIR> d-------- C:\Program Files\Replay Converter
          2008-01-12 18:15 . 2008-01-12 18:17 <DIR> d-------- C:\Documents and Settings\Mine\Application Data\GetRightToGo
          2008-01-12 17:47 . 2008-01-12 17:47 <DIR> d-------- C:\WINDOWS\Applian FLV Player
          2008-01-09 16:23 . 1999-12-07 14:00 67,856 --a------ C:\WINDOWS\system32\convlog.exe
          2008-01-09 16:23 . 1999-12-07 14:00 14,608 --a------ C:\WINDOWS\system32\iisreset.exe
          2008-01-09 16:23 . 1999-12-07 14:00 11,355 --a------ C:\WINDOWS\system32\infoctrs.ini
          2008-01-09 16:23 . 1999-12-07 14:00 9,488 --a------ C:\WINDOWS\system32\infoctrs.dll
          2008-01-09 16:23 . 1999-12-07 14:00 6,928 --a------ C:\WINDOWS\system32\ftpsapi2.dll
          2008-01-09 16:23 . 1999-12-07 14:00 6,928 --a------ C:\WINDOWS\system32\admxprox.dll
          2008-01-09 16:23 . 1999-12-07 14:00 6,416 --a------ C:\WINDOWS\system32\iisrstap.dll
          2008-01-09 13:45 . 2008-01-09 13:45 <DIR> d-------- C:\Program Files\HD Tune
          2008-01-09 13:45 . 2008-01-09 13:45 <DIR> d-------- C:\Program Files\Find Junk Files
          2008-01-09 13:44 . 2008-01-09 13:44 <DIR> d-------- C:\Program Files\DG-Defragmenter
          2008-01-09 13:44 . 2008-01-12 18:17 737,280 --a------ C:\WINDOWS\iun6002.exe
          2008-01-07 18:34 . 1998-07-08 17:30 18,944 --a------ C:\WINDOWS\eraser.exe
          2008-01-05 19:04 . 2008-01-05 20:47 <DIR> d-------- C:\files
          2008-01-05 18:57 . 2008-01-05 19:00 <DIR> d-------- C:\files van maxime lombardo
          2008-01-05 17:01 . 2008-01-08 18:01 <DIR> d-------- C:\Program Files\zFTPServer Administration
          2008-01-05 17:01 . 2008-01-14 06:43 <DIR> d-------- C:\Program Files\zFTPServer
          2008-01-05 15:48 . 2008-01-05 15:48 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files
          2008-01-05 15:39 . 1999-12-07 14:00 244,496 --a------ C:\WINDOWS\system32\adsiis.dll
          2008-01-05 15:39 . 1999-12-07 14:00 123,664 --a------ C:\WINDOWS\system32\iisRtl.dll
          2008-01-05 15:39 . 1999-12-07 14:00 57,616 --a------ C:\WINDOWS\system32\iismap.dll
          2008-01-05 15:39 . 1999-12-07 14:00 42,768 --a------ C:\WINDOWS\system32\iisext.dll
          2008-01-05 15:39 . 1999-12-07 14:00 32,528 --a------ C:\WINDOWS\system32\admwprox.dll
          2008-01-05 15:39 . 1999-12-07 14:00 20,752 --a------ C:\WINDOWS\system32\inetsloc.dll
          2008-01-05 15:39 . 1999-12-07 14:00 14,096 --a------ C:\WINDOWS\system32\exstrace.dll
          2008-01-05 15:39 . 1999-12-07 14:00 12,560 --a------ C:\WINDOWS\system32\infoadmn.dll
          2008-01-05 15:39 . 1999-12-07 14:00 8,464 --a------ C:\WINDOWS\system32\staxmem.dll
          2008-01-05 15:39 . 1999-12-07 14:00 7,440 --a------ C:\WINDOWS\system32\wamregps.dll
          2008-01-05 15:38 . 2003-04-14 20:42 212,992 --a--c--- C:\WINDOWS\system32\dllcache\fpmmcsat.dll
          2008-01-05 15:38 . 2003-03-24 15:52 24,632 --a--c--- C:\WINDOWS\system32\dllcache\fpadmcgi.exe
          2008-01-05 15:38 . 2003-03-24 15:52 20,541 --a--c--- C:\WINDOWS\system32\dllcache\fpadmdll.dll
          2008-01-05 15:38 . 2003-04-14 20:42 16,384 --a--c--- C:\WINDOWS\system32\dllcache\tcptsat.dll
          2008-01-05 15:33 . 2002-10-24 17:09 <DIR> d-------- C:\IIS
          2008-01-04 23:28 . 2008-01-04 23:28 <DIR> d-------- C:\Program Files\Xvid
          2008-01-04 23:28 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
          2008-01-04 23:28 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
          2008-01-04 23:28 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-01-29 17:46 --------- d-----w C:\Program Files\LimeWire
          2008-01-28 20:08 --------- d-----w C:\Documents and Settings\Mine\Application Data\Canon
          2008-01-09 12:33 --------- d-----w C:\Program Files\Common Files\Adobe
          2008-01-08 05:46 --------- d-----w C:\Program Files\MSN Messenger
          2008-01-08 05:46 --------- d-----w C:\Program Files\Messenger Plus! Live
          2008-01-04 23:03 --------- d-----w C:\Program Files\DivX
          2007-12-30 08:27 --------- d-----w C:\Documents and Settings\Mine\Application Data\AdobeUM
          2007-12-20 11:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
          2007-12-20 11:38 --------- d-----w C:\Program Files\Windows Live
          2007-12-14 07:18 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
          2007-12-13 16:18 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
          2007-12-09 14:49 --------- d-----w C:\Program Files\IrfanView
          2007-12-05 13:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
          2007-12-05 13:42 --------- d-----w C:\Program Files\RogueRemover FREE
          2007-12-05 12:29 --------- d-----w C:\Program Files\Windows Resource Kits
          2007-12-04 17:13 --------- d-----w C:\Documents and Settings\Mine\Application Data\TuneUp Software
          2007-12-03 20:30 --------- d-----w C:\Program Files\TweakRAM
          1999-02-11 13:11 262,415 ----a-w C:\Documents and Settings\All Users\SETUP.EXE
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
          2008-02-03 14:08 163904 --a------ C:\WINDOWS\system32\awuexdov.dll

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B}]
          2008-01-28 04:59 114688 --a------ C:\Program Files\WinAVI FLV Converter\FLVTune.dll

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 19:08 68856]
          "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44 196608]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11 1388544]
          "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 11:41 860160]
          "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
          "NWEReboot"=""
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
          "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00 49152]
          "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
          "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
          "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
          "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32 221184]
          "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752]
          "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088]
          "cnfgCav"="C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" [2007-09-04 17:48 110592]
          "USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 19:44 65536]
          "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

          C:\Documents and Settings\Mine\Menu Start\Programma's\Opstarten\
          zFTPServer Administration.lnk - C:\Program Files\zFTPServer Administration\zFTPServerAdmin.exe [2008-01-08 07:04:13 4402688]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-12 15:23:40 528384]
          Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 14:05:56 65588]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
          "AllowLegacyWebView"= 1 (0x1)
          "AllowUnhashedWebView"= 1 (0x1)

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awuexdov]
          awuexdov.dll 2008-02-03 14:08 163904 C:\WINDOWS\system32\awuexdov.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln]
          monln.dll 2007-09-04 17:48 216576 C:\WINDOWS\system32\monln.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wineij32]
          wineij32.dll

          R2 zFTPSvc;zFTPServer;C:\Program Files\zFTPServer\zFTPServer.exe [2007-12-10 17:21]

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1b1c691-472f-11db-9c2f-806d6172696f}]
          \Shell\AutoRun\command - E:\setup.exe

          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-02-01 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
          - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
          "2008-02-01 14:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-02-03 14:11:37
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          --------------------- DLLs Geladen Onder Lopende Processen ---------------------

          PROCESS: C:\WINDOWS\system32\winlogon.exe
          -> C:\WINDOWS\system32\awuexdov.dll

          PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
          -> C:\WINDOWS\system32\awuexdov.dll
          .
          ------------------------ Other Running Processes ------------------------
          .
          C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
          C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
          C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
          C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
          C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
          C:\Program Files\Logitech\Video\FxSvr2.exe
          C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
          .
          **************************************************************************
          .
          Voltooingstijd: 2008-02-03 14:13:41 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-02-03 13:13:35
          ComboFix2.txt 2007-10-10 16:37:33
          ComboFix3.txt 2007-10-10 15:56:59
          .



          ---RVAXO.exe Updated: 2008-02-03---first run---
          Files found:
          C:\WINDOWS\system32\awuexdov.dllbox
          C:\WINDOWS\system32\wineij32.dll
          C:\WINDOWS\system32\winrkp32.dll
          C:\WINDOWS\system32\winuqw32.dll
          C:\WINDOWS\system32\rqtss.ini2
          C:\WINDOWS\mgrs.exe
          C:\Program Files\ucleaner_setup.exe
          C:\WINDOWS\avp.exe

          Uninstallers:


          Folders Found:

          C:\Program Files\Ultimate Defender
          C:\Program Files\Outerinfo

          Hosts-file was reset, If you use a custom hosts file please replace it...

          --------------RVAXO.exe last run---------------

          Files found:

          C:\WINDOWS\system32\winuqw32.dll
          Folders Found:

          --------------RVAXO.exe finished----------------

          Comment


          • #6
            Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

            File::
            C:\Program Files\udefender_setup.exe
            C:\WINDOWS\system32\awuexdov.dll
            C:\WINDOWS\system32\winuqw32.dll
            C:\Program Files\13617625.exe


            Sla dit op op je Bureaublad als CFScript.txt

            Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



            Dit zal ComboFix doen herstarten.
            Start opnieuw op als daarom gevraagd wordt,
            en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

            Comment


            • #7
              ComboFix 08-02.03.1 - Mine 2008-02-03 14:51:05.4 - NTFSx86
              Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.554 [GMT 1:00]
              Gestart vanuit: C:\Documents and Settings\Mine\Bureaublad\ComboFix.exe
              Command switches used :: C:\Documents and Settings\Mine\Bureaublad\CFScript.txt
              * Nieuw herstelpunt werd aangemaakt

              WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
              .

              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
              .

              C:\WINDOWS\system32\awuexdov.dll
              C:\WINDOWS\system32\awuexdov.dllbox

              .
              (((((((((((((((((((( Bestanden Gemaakt van 2008-01-03 to 2008-02-03 ))))))))))))))))))))))))))))))
              .

              2008-02-03 14:45 . 2008-02-03 14:45 <DIR> d-------- C:\Program Files\Any Video Converter Professional
              2008-02-03 14:45 . 2008-02-03 14:45 <DIR> d-------- C:\Documents and Settings\Mine\Application Data\Any Video Converter Professional
              2008-02-03 14:45 . 2008-02-03 14:46 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
              2008-02-03 13:50 . 2008-02-03 13:54 <DIR> d-------- C:\RVAXO
              2008-02-03 13:44 . 2008-02-03 12:12 657,805 --a------ C:\WINDOWS\system32\RVAXO.bat
              2008-02-03 13:44 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
              2008-02-03 13:22 . 2008-02-03 13:22 160,560 --a------ C:\Program Files\udefender_setup.exe
              2008-02-03 13:12 . 2008-02-03 13:12 26,624 --a------ C:\WINDOWS\system32\winuqw32.dll
              2008-02-03 13:12 . 2008-02-03 13:12 10,240 --a------ C:\Program Files\13617625.exe
              2008-02-03 13:06 . 2008-02-03 13:06 <DIR> d-------- C:\Program Files\WinAVI Video Converter
              2008-02-03 13:06 . 2008-02-03 13:06 <DIR> d-------- C:\Program Files\WinAVI FLV Converter
              2008-02-03 13:06 . 2008-02-03 13:06 <DIR> d-------- C:\Program Files\WinAVI DVD Copy
              2008-02-03 13:05 . 2008-02-03 13:05 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter
              2008-02-03 12:54 . 2008-02-03 12:54 <DIR> d-------- C:\Program Files\DVD Shrink
              2008-02-03 12:54 . 2008-02-03 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
              2008-01-24 21:09 . 2008-02-03 14:49 <DIR> dr-h----- C:\Documents and Settings\Mine\Onlangs geopend
              2008-01-22 20:00 . 2008-01-24 16:58 <DIR> d-------- C:\Documents and Settings\Mine\Application Data\skypePM
              2008-01-22 20:00 . 2008-01-22 20:00 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
              2008-01-22 19:58 . 2008-01-24 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
              2008-01-18 19:29 . 2008-01-18 19:29 75 --a------ C:\WINDOWS\system32\win32httpdata.db
              2008-01-12 19:14 . 2008-01-12 19:14 <DIR> d-------- C:\Program Files\Apple Software Update
              2008-01-12 19:14 . 2008-01-12 19:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
              2008-01-12 19:14 . 2008-01-12 19:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
              2008-01-12 19:14 . 2008-01-12 19:15 1,409 --a------ C:\WINDOWS\QTFont.for
              2008-01-12 19:10 . 2008-01-12 19:19 <DIR> d-------- C:\Program Files\QuickTime
              2008-01-12 18:18 . 2007-03-04 13:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
              2008-01-12 18:18 . 2007-03-04 13:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
              2008-01-12 18:17 . 2008-01-13 16:17 <DIR> d-------- C:\Program Files\Replay Converter
              2008-01-12 18:15 . 2008-01-12 18:17 <DIR> d-------- C:\Documents and Settings\Mine\Application Data\GetRightToGo
              2008-01-12 17:47 . 2008-01-12 17:47 <DIR> d-------- C:\WINDOWS\Applian FLV Player
              2008-01-09 16:23 . 1999-12-07 14:00 67,856 --a------ C:\WINDOWS\system32\convlog.exe
              2008-01-09 16:23 . 1999-12-07 14:00 14,608 --a------ C:\WINDOWS\system32\iisreset.exe
              2008-01-09 16:23 . 1999-12-07 14:00 11,355 --a------ C:\WINDOWS\system32\infoctrs.ini
              2008-01-09 16:23 . 1999-12-07 14:00 9,488 --a------ C:\WINDOWS\system32\infoctrs.dll
              2008-01-09 16:23 . 1999-12-07 14:00 6,928 --a------ C:\WINDOWS\system32\ftpsapi2.dll
              2008-01-09 16:23 . 1999-12-07 14:00 6,928 --a------ C:\WINDOWS\system32\admxprox.dll
              2008-01-09 16:23 . 1999-12-07 14:00 6,416 --a------ C:\WINDOWS\system32\iisrstap.dll
              2008-01-09 13:45 . 2008-01-09 13:45 <DIR> d-------- C:\Program Files\HD Tune
              2008-01-09 13:45 . 2008-01-09 13:45 <DIR> d-------- C:\Program Files\Find Junk Files
              2008-01-09 13:44 . 2008-01-09 13:44 <DIR> d-------- C:\Program Files\DG-Defragmenter
              2008-01-09 13:44 . 2008-01-12 18:17 737,280 --a------ C:\WINDOWS\iun6002.exe
              2008-01-07 18:34 . 1998-07-08 17:30 18,944 --a------ C:\WINDOWS\eraser.exe
              2008-01-05 19:04 . 2008-01-05 20:47 <DIR> d-------- C:\files
              2008-01-05 18:57 . 2008-01-05 19:00 <DIR> d-------- C:\files van maxime lombardo
              2008-01-05 17:01 . 2008-01-08 18:01 <DIR> d-------- C:\Program Files\zFTPServer Administration
              2008-01-05 17:01 . 2008-01-14 06:43 <DIR> d-------- C:\Program Files\zFTPServer
              2008-01-05 15:48 . 2008-01-05 15:48 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files
              2008-01-05 15:39 . 1999-12-07 14:00 244,496 --a------ C:\WINDOWS\system32\adsiis.dll
              2008-01-05 15:39 . 1999-12-07 14:00 123,664 --a------ C:\WINDOWS\system32\iisRtl.dll
              2008-01-05 15:39 . 1999-12-07 14:00 57,616 --a------ C:\WINDOWS\system32\iismap.dll
              2008-01-05 15:39 . 1999-12-07 14:00 42,768 --a------ C:\WINDOWS\system32\iisext.dll
              2008-01-05 15:39 . 1999-12-07 14:00 32,528 --a------ C:\WINDOWS\system32\admwprox.dll
              2008-01-05 15:39 . 1999-12-07 14:00 20,752 --a------ C:\WINDOWS\system32\inetsloc.dll
              2008-01-05 15:39 . 1999-12-07 14:00 14,096 --a------ C:\WINDOWS\system32\exstrace.dll
              2008-01-05 15:39 . 1999-12-07 14:00 12,560 --a------ C:\WINDOWS\system32\infoadmn.dll
              2008-01-05 15:39 . 1999-12-07 14:00 8,464 --a------ C:\WINDOWS\system32\staxmem.dll
              2008-01-05 15:39 . 1999-12-07 14:00 7,440 --a------ C:\WINDOWS\system32\wamregps.dll
              2008-01-05 15:38 . 2003-04-14 20:42 212,992 --a--c--- C:\WINDOWS\system32\dllcache\fpmmcsat.dll
              2008-01-05 15:38 . 2003-03-24 15:52 24,632 --a--c--- C:\WINDOWS\system32\dllcache\fpadmcgi.exe
              2008-01-05 15:38 . 2003-03-24 15:52 20,541 --a--c--- C:\WINDOWS\system32\dllcache\fpadmdll.dll
              2008-01-05 15:38 . 2003-04-14 20:42 16,384 --a--c--- C:\WINDOWS\system32\dllcache\tcptsat.dll
              2008-01-05 15:33 . 2002-10-24 17:09 <DIR> d-------- C:\IIS
              2008-01-04 23:28 . 2008-01-04 23:28 <DIR> d-------- C:\Program Files\Xvid
              2008-01-04 23:28 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
              2008-01-04 23:28 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
              2008-01-04 23:28 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax

              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2008-01-29 17:46 --------- d-----w C:\Program Files\LimeWire
              2008-01-28 20:08 --------- d-----w C:\Documents and Settings\Mine\Application Data\Canon
              2008-01-09 12:33 --------- d-----w C:\Program Files\Common Files\Adobe
              2008-01-08 05:46 --------- d-----w C:\Program Files\MSN Messenger
              2008-01-08 05:46 --------- d-----w C:\Program Files\Messenger Plus! Live
              2008-01-04 23:03 --------- d-----w C:\Program Files\DivX
              2007-12-30 08:27 --------- d-----w C:\Documents and Settings\Mine\Application Data\AdobeUM
              2007-12-20 11:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
              2007-12-20 11:38 --------- d-----w C:\Program Files\Windows Live
              2007-12-14 07:18 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
              2007-12-13 16:18 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
              2007-12-09 14:49 --------- d-----w C:\Program Files\IrfanView
              2007-12-05 13:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
              2007-12-05 13:42 --------- d-----w C:\Program Files\RogueRemover FREE
              2007-12-05 12:29 --------- d-----w C:\Program Files\Windows Resource Kits
              2007-12-04 17:13 --------- d-----w C:\Documents and Settings\Mine\Application Data\TuneUp Software
              2007-12-03 20:30 --------- d-----w C:\Program Files\TweakRAM
              1999-02-11 13:11 262,415 ----a-w C:\Documents and Settings\All Users\SETUP.EXE
              .

              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              REGEDIT4
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

              [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B}]
              2008-01-28 04:59 114688 --a------ C:\Program Files\WinAVI FLV Converter\FLVTune.dll

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 19:08 68856]
              "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44 196608]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11 1388544]
              "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 11:41 860160]
              "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
              "NWEReboot"=""
              "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
              "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00 49152]
              "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
              "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
              "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
              "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32 221184]
              "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752]
              "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088]
              "cnfgCav"="C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" [2007-09-04 17:48 110592]
              "USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 19:44 65536]
              "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

              C:\Documents and Settings\Mine\Menu Start\Programma's\Opstarten\
              zFTPServer Administration.lnk - C:\Program Files\zFTPServer Administration\zFTPServerAdmin.exe [2008-01-08 07:04:13 4402688]

              C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
              Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-12 15:23:40 528384]
              Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 14:05:56 65588]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
              "AllowLegacyWebView"= 1 (0x1)
              "AllowUnhashedWebView"= 1 (0x1)

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln]
              monln.dll 2007-09-04 17:48 216576 C:\WINDOWS\system32\monln.dll

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wineij32]
              wineij32.dll

              R2 zFTPSvc;zFTPServer;C:\Program Files\zFTPServer\zFTPServer.exe [2007-12-10 17:21]

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1b1c691-472f-11db-9c2f-806d6172696f}]
              \Shell\AutoRun\command - E:\setup.exe

              .
              Inhoud van de 'Gedeelde Taken' map
              "2008-02-01 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
              - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
              "2008-02-01 14:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
              - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
              .
              **************************************************************************

              catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2008-02-03 14:58:47
              Windows 5.1.2600 Service Pack 2 NTFS

              scannen van verborgen processen ...

              scannen van verborgen autostart items ...

              scannen van verborgen bestanden ...

              Scan succesvol afgerond
              verborgen bestanden: 0

              **************************************************************************
              .
              ------------------------ Other Running Processes ------------------------
              .
              C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
              C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
              C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
              C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
              C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
              C:\Program Files\Logitech\Video\FxSvr2.exe
              C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
              .
              **************************************************************************
              .
              Voltooingstijd: 2008-02-03 15:01:01 - machine was rebooted
              ComboFix-quarantined-files.txt 2008-02-03 14:00:58
              ComboFix2.txt 2008-02-03 13:13:41
              ComboFix3.txt 2007-10-10 16:37:33
              ComboFix4.txt 2007-10-10 15:56:59
              .
              2008-01-09 05:51:25 --- E O F ---



              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 18:08:53, on 3/02/2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
              C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\zFTPServer\zFTPServer.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
              C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
              C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
              C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
              C:\WINDOWS\system32\igfxtray.exe
              C:\WINDOWS\system32\hkcmd.exe
              C:\WINDOWS\system32\igfxpers.exe
              C:\WINDOWS\system32\LVCOMSX.EXE
              C:\Program Files\Logitech\Video\LogiTray.exe
              C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
              C:\Program Files\USB Disk Win98 Driver\Res.EXE
              C:\Program Files\Logitech\SetPoint\SetPoint.exe
              C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
              C:\Program Files\zFTPServer Administration\zFTPServerAdmin.exe
              C:\Program Files\Logitech\Video\FxSvr2.exe
              C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
              C:\Program Files\Windows Media Player\wmplayer.exe
              C:\WINDOWS\system32\igfxsrvc.exe
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
              C:\Program Files\Windows Live\Messenger\msnmsgr.exe
              C:\Program Files\Windows Live\Messenger\usnsvc.exe
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zeelandnet.nl/
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
              O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
              O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
              O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
              O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
              O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
              O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
              O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
              O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
              O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
              O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
              O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
              O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
              O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
              O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
              O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
              O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
              O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
              O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
              O4 - Startup: zFTPServer Administration.lnk = C:\Program Files\zFTPServer Administration\zFTPServerAdmin.exe
              O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
              O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
              O8 - Extra context menu item: &Download FLV by WinAVI... - C:\Program Files\WinAVI FLV Converter\flv_link.htm
              O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
              O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
              O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
              O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
              O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
              O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
              O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
              O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
              O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
              O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
              O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
              O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
              O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
              O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
              O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
              O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
              O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
              O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
              O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)
              O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
              O23 - Service: zFTPServer (zFTPSvc) - Unknown owner - C:\Program Files\zFTPServer\zFTPServer.exe

              --
              End of file - 9115 bytes

              Comment


              • #8
                Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
                O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
                O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)

                Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

                Verwijder de volgende bestanden:
                C:\Program Files\udefender_setup.exe
                C:\WINDOWS\system32\winuqw32.dll
                C:\Program Files\13617625.exe

                Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
                Dit zal alles van RVAXO doen verwijderen.

                Download ATF cleaner (mirror)(gemaakt door Atribune)

                Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                Dubbelklik op ATF cleaner om het programma te starten.
                Op het tabblad "Main", plaats je een vinkje bij Select All.
                Klik op de knop Empty Selected.

                Het volgende doen als je ook FireFox als browser hebt:
                Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                Klik op de knop Empty Selected.

                Het volgende doen als je ook Opera als browser hebt:
                Klik op tabblad "Opera", plaats een vinkje bij Select All.
                Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                Klik op de knop Empty Selected.
                Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                Ga naar Start - Uitvoeren en geef hier het volgende in:
                Combofix /U
                Druk daarna op OK.
                Let op: Er moet een spatie tussen Combofix en /U zitten.

                Dit zal Combofix deïnstalleren.

                Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                Kijk hier hoe je je systeemherstel moet uitschakelen.
                Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                Post als laatste nog een nieuw logje van Hijackthis ter controle

                Comment


                • #9
                  het is al veel verbeterd maar er komen nog enkele popup's van cleaners

                  dit is m'n logje
                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 11:53:41, on 5/02/2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
                  C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\zFTPServer\zFTPServer.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
                  C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
                  C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                  C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
                  C:\WINDOWS\system32\igfxtray.exe
                  C:\WINDOWS\system32\hkcmd.exe
                  C:\WINDOWS\system32\igfxpers.exe
                  C:\WINDOWS\system32\LVCOMSX.EXE
                  C:\Program Files\Logitech\Video\LogiTray.exe
                  C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
                  C:\Program Files\USB Disk Win98 Driver\Res.EXE
                  C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
                  C:\Program Files\Logitech\SetPoint\SetPoint.exe
                  C:\Program Files\Logitech\Video\FxSvr2.exe
                  C:\Program Files\zFTPServer Administration\zFTPServerAdmin.exe
                  C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
                  C:\Program Files\Outlook Express\msimn.exe
                  C:\Program Files\Messenger\msmsgs.exe
                  C:\Program Files\Internet Explorer\IEXPLORE.EXE
                  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                  C:\Program Files\Comodo\Comodo AntiVirus\cavemsrv.exe
                  C:\Program Files\Internet Explorer\IEXPLORE.EXE
                  C:\Program Files\Windows Live\Messenger\msnmsgr.exe
                  C:\Program Files\Windows Live\Messenger\usnsvc.exe
                  C:\Program Files\LimeWire\LimeWire.exe
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zeelandnet.nl/
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
                  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                  O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
                  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
                  O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
                  O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
                  O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
                  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                  O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
                  O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
                  O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
                  O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
                  O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
                  O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
                  O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
                  O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
                  O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
                  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                  O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                  O4 - Startup: zFTPServer Administration.lnk = C:\Program Files\zFTPServer Administration\zFTPServerAdmin.exe
                  O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
                  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                  O8 - Extra context menu item: &Download FLV by WinAVI... - C:\Program Files\WinAVI FLV Converter\flv_link.htm
                  O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
                  O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
                  O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
                  O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
                  O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
                  O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
                  O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
                  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
                  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                  O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
                  O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                  O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
                  O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
                  O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
                  O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
                  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                  O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                  O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
                  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                  O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                  O23 - Service: zFTPServer (zFTPSvc) - Unknown owner - C:\Program Files\zFTPServer\zFTPServer.exe

                  --
                  End of file - 9131 bytes

                  Comment


                  • #10
                    Ken je dit programma:
                    O23 - Service: zFTPServer (zFTPSvc) - Unknown owner - C:\Program Files\zFTPServer\zFTPServer.exe

                    Comment


                    • #11
                      ja dat is mijn server die ik af en toe wel eens gebruik

                      Comment


                      • #12
                        Deze vertrouw ik ook niet erg:
                        O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll

                        Comment


                        • #13
                          moet ik hem verwijderen?
                          die heb ik een tijd geleden verwijdert van m'n computer blijkbaar staat het er nog op

                          Comment


                          • #14
                            Doe hem maar weg met Hijackthis, herstart je PC en post dan een nieuw logje.
                            Vertel of je dan nog popups krijgt

                            Comment


                            • #15
                              ik kan nu even een tijdje niet op m'n pc ik zal rond zaterdag weer kunnen antwoorden

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X