Mededeling

Collapse
No announcement yet.

veel popups

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • veel popups

    all,

    ik kom er niet uit.de pc heeft veel popups;ik laat oa spybot in de veilige modus spyware verwijderen.ik pluis het hjt logje uit via castlecops,maar toch blijft er spyware aanweizg.qilt iemand eens kijken?? bedankt.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:23:23, on 21-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\basfipm.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\FolderSize\FolderSizeSvc.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\FSG\DialerDetect\dd.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.nl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy/proxyconf.pac
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
    O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\IEPro.dll
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\RunOnce: [WDM_SPLITTER0] rundll32.exe streamci.dll,StreamingDeviceSetup {2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C},{9B365890-165F-11D0-A195-0020AFD156E4},{9EA331FA-B91B-45F8-9285-BD2BC77AFCDE},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install
    O4 - HKLM\..\RunOnce: [AskSBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-18 Startup: Dialer Detect.lnk = C:\Program Files\FSG\DialerDetect\dd.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Dialer Detect.lnk = C:\Program Files\FSG\DialerDetect\dd.exe (User 'Default user')
    O4 - Startup: Dialer Detect.lnk = C:\Program Files\FSG\DialerDetect\dd.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll
    O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted IP range: 192.168.1.12
    O15 - Trusted IP range: 192.168.50.15
    O16 - DPF: iLO 2 Remote Console Applet - https://192.168.10.240/dvc.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - https://webvpn.cegeka.be/vdesk/terminal/f5tunsrv.cab#version=6010,2007,0726,1521
    O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\DOCUME~1\ANDR~1\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab
    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193162011640
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} (F5 Virtual Sandbox Class) - https://webvpn.cegeka.be/vdesk/terminal/vdeskctrl.cab#version=6010,2007,0726,1520
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
    O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://webvpn.cegeka.be/vdesk/terminal/urxshost.cab#version=6010,2007,0726,1519
    O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://webvpn.cegeka.be/vdesk/terminal/urxhost.cab#version=6010,2007,0726,1519
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vangansewinkel.corp.local,cegeka.be
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vangansewinkel.corp.local,cegeka.be
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vangansewinkel.corp.local,cegeka.be
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 13135 bytes

  • #2
    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen(je kan hem ook hier vinden: C:\Combofix.txt)
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      ok,doe ik
      Last edited by deheugden; 22-02-08, 10:43.

      Comment


      • #4
        Ik zie geen sporen van infecties, krijg je die popups met Internet Explorer of met FireFox?

        Doe eventueel dit eens:
        Download Malwarebytes' Anti-Malware op je bureaublad.
        Dubbelklik mbam-setup.exe en kies voor "Next" om de tool te installeren.
        Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
        Druk daarna op "Finish".
        Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
        Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
        Druk dan op de knop "Start Scan".
        Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
        Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
        Als het programma je computer wil laten herstarten, sta je dit toe.
        Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
        Post deze log in je volgende bericht

        Comment


        • #5
          dit zou de juiste log moeten zijn;ik had namelijk eerst de hd nog extern aan mijn notebook gehangen

          ComboFix 08-02-21 - Frans 2008-02-22 12:20:45.6 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.1.1252.1.1043.18.656 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Frans\Bureaublad\ComboFix.exe

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
          .

          (((((((((((((((((((( Bestanden Gemaakt van 2008-01-22 to 2008-02-22 ))))))))))))))))))))))))))))))
          .

          2008-02-22 12:17 . 2002-09-09 14:07 20,480 --a------ C:\WINDOWS\system32\hidserv.dll
          2008-02-22 12:17 . 2002-09-09 14:07 20,480 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
          2008-02-22 12:17 . 2001-09-06 18:24 14,080 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
          2008-02-22 12:17 . 2001-09-06 18:24 14,080 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
          2008-02-22 12:15 . 2001-09-06 19:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
          2008-02-22 12:15 . 2001-09-06 19:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
          2008-02-22 12:15 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
          2008-02-22 12:15 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
          2008-02-21 18:25 . 2008-02-21 18:27 <DIR> d-------- C:\RVAXO
          2008-02-21 18:25 . 2008-02-21 18:25 <DIR> d-------- C:\Deckard
          2008-02-21 18:25 . 2008-02-21 15:42 708,525 --a------ C:\WINDOWS\system32\RVAXO.bat
          2008-02-21 18:25 . 2008-02-21 18:26 145,155 --a------ C:\RVAXO.reg
          2008-02-21 18:25 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
          2008-02-21 17:16 . 2008-02-21 17:16 94 --a------ C:\WINDOWS\wininit.ini
          2008-02-21 16:53 . 2008-02-21 16:53 <DIR> d-------- C:\deljob
          2008-02-16 16:18 . 2008-02-16 16:18 <DIR> d-------- C:\Program Files\blue view
          2008-02-15 16:50 . 2008-02-16 17:12 2,246,382 ---hs---- C:\WINDOWS\system32\jajcuofy.ini
          2008-01-28 18:32 . 2008-01-28 18:32 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
          2008-01-28 18:32 . 2008-01-28 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2008-01-28 18:29 . 2008-01-28 18:29 <DIR> d-------- C:\Program Files\FSG
          2008-01-28 18:08 . 2008-01-28 18:23 <DIR> d-------- C:\Program Files\a-squared Free
          2008-01-28 18:07 . 2008-01-28 18:07 <DIR> d-------- C:\Program Files\a-squared HiJackFree
          2008-01-28 17:57 . 2008-01-28 17:57 <DIR> d-------- C:\Program Files\Trend Micro
          2008-01-28 17:48 . 2008-02-21 18:04 <DIR> d-------- C:\VundoFix Backups

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-02-18 16:25 --------- d-----w C:\Program Files\LimeWire
          2008-02-16 15:19 --------- d-----w C:\Documents and Settings\Karen\Application Data\blue view
          2008-02-16 15:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web
          2008-02-07 22:17 --------- d-----w C:\Program Files\ESET
          2008-01-28 17:24 --------- d-----w C:\Program Files\Macrogaming
          2008-01-21 17:26 --------- d-----w C:\Documents and Settings\Toos\Application Data\blue view
          2008-01-20 09:20 --------- d-----w C:\Documents and Settings\Frans\Application Data\blue view
          2008-01-16 19:40 --------- d-----w C:\Documents and Settings\Noortje\Application Data\blue view
          2008-01-15 15:42 --------- d-----w C:\Documents and Settings\Peter\Application Data\blue view
          2008-01-04 21:37 --------- d-----w C:\Program Files\QuickTime
          2008-01-04 21:35 --------- d-----w C:\Program Files\iTunes
          2008-01-04 21:35 --------- d-----w C:\Program Files\iPod
          2008-01-04 21:33 --------- d-----w C:\Program Files\Apple Software Update
          2008-01-04 21:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
          2007-03-28 19:18 2,242,720 ----a-w C:\Documents and Settings\Toos\ib2006_win_setup.exe
          2006-04-18 17:56 958,464 ----a-w C:\Documents and Settings\Karen\PC Sync.exe
          2006-04-18 17:56 163,840 ----a-w C:\Documents and Settings\Karen\OutlookManager.dll
          2006-04-18 17:51 3,064 ----a-w C:\Documents and Settings\Karen\Model.reg
          2006-04-18 17:15 73,728 ----a-w C:\Documents and Settings\Karen\SecToPC.exe
          2006-04-18 17:15 73,728 ----a-w C:\Documents and Settings\Karen\PXControls.dll
          2006-04-18 17:15 53,248 ----a-w C:\Documents and Settings\Karen\PXCommon.dll
          2006-04-18 17:15 409,600 ----a-w C:\Documents and Settings\Karen\PhoneExplorer.exe
          2006-04-18 17:15 405,504 ----a-w C:\Documents and Settings\Karen\MediaCheck.dll
          2006-04-18 17:15 38,912 ----a-w C:\Documents and Settings\Karen\SecToPhone.exe
          2006-04-18 17:15 327,680 ----a-w C:\Documents and Settings\Karen\PXCmd.dll
          2006-04-18 17:15 274,432 ----a-w C:\Documents and Settings\Karen\ProfileManager.dll
          2006-04-18 17:15 23,040 ----a-w C:\Documents and Settings\Karen\DrmCheck.dll
          2006-04-18 17:15 217,088 ----a-w C:\Documents and Settings\Karen\PXViewCtrls.dll
          2006-04-18 17:15 188,416 ----a-w C:\Documents and Settings\Karen\PXSecCommonDlg.dll
          2006-04-18 17:13 155,648 ----a-w C:\Documents and Settings\Karen\SyncEngine.dll
          2006-04-18 17:12 25,088 ----a-w C:\Documents and Settings\Karen\MgrConfig.dll
          2006-04-18 17:12 196,608 ----a-w C:\Documents and Settings\Karen\SMLParser.dll
          2006-04-18 17:12 19,456 ----a-w C:\Documents and Settings\Karen\MgrLogFile.dll
          2006-04-18 17:11 462,848 ----a-w C:\Documents and Settings\Karen\Launcher.exe
          2006-04-18 17:10 360,448 ----a-w C:\Documents and Settings\Karen\LCRes.dll
          2006-04-18 17:06 180,224 ----a-w C:\Documents and Settings\Karen\PXRes.dll
          2006-04-18 16:20 483,328 ----a-w C:\Documents and Settings\Karen\MM.exe
          2006-04-18 16:19 503,808 ----a-w C:\Documents and Settings\Karen\PE.exe
          2006-04-18 16:19 491,520 ----a-w C:\Documents and Settings\Karen\PSIESe.dll
          2006-04-18 16:19 217,088 ----a-w C:\Documents and Settings\Karen\PSPrint.dll
          2006-04-18 16:18 196,608 ----a-w C:\Documents and Settings\Karen\PSFind.dll
          2006-04-18 16:18 1,191,936 ----a-w C:\Documents and Settings\Karen\PSCtrlSe.dll
          2006-04-18 15:55 159,744 ----a-w C:\Documents and Settings\Karen\MMSMenuBar.dll
          2006-04-18 15:26 643,072 ----a-w C:\Documents and Settings\Karen\MovieEditor.exe
          2006-04-18 15:26 323,584 ----a-w C:\Documents and Settings\Karen\MECommon.dll
          2006-04-18 14:07 65,536 ----a-w C:\Documents and Settings\Karen\DShowHelper.dll
          2006-04-18 13:37 172,032 ----a-w C:\Documents and Settings\Karen\PSComn.dll
          2006-04-18 09:16 499,712 ----a-w C:\Documents and Settings\Karen\ConWiz.exe
          2006-04-18 09:02 151,552 ----a-w C:\Documents and Settings\Karen\ConMgr_Setting.exe
          2006-04-18 08:41 827,392 ----a-w C:\Documents and Settings\Karen\SecTheme.dll
          2006-04-18 08:40 192,512 ----a-w C:\Documents and Settings\Karen\PSLib.dll
          2006-04-17 22:01 679,936 ----a-w C:\Documents and Settings\Karen\PMRes.dll
          2006-04-17 18:00 503,808 ----a-w C:\Documents and Settings\Karen\MMSComposer.exe
          2006-04-17 18:00 487,424 ----a-w C:\Documents and Settings\Karen\MMSConsole.dll
          2006-04-17 18:00 458,752 ----a-w C:\Documents and Settings\Karen\MMSMediaPlayer.exe
          2006-04-17 18:00 192,512 ----a-w C:\Documents and Settings\Karen\MMSMessageBrowser.dll
          2006-04-17 18:00 1,224,704 ----a-w C:\Documents and Settings\Karen\MMSContBrowser.dll
          2006-04-17 17:59 81,920 ----a-w C:\Documents and Settings\Karen\MMSData.dll
          2006-04-17 17:59 684,032 ----a-w C:\Documents and Settings\Karen\MMSPhotoEditor.dll
          2006-04-17 17:59 1,351,680 ----a-w C:\Documents and Settings\Karen\MMSPageEditor.dll
          2006-04-17 17:59 1,048,576 ----a-w C:\Documents and Settings\Karen\MMSComm.dll
          2006-04-17 17:44 434,176 ----a-w C:\Documents and Settings\Karen\NetworkingWizard.exe
          2006-04-17 14:02 73,728 ----a-w C:\Documents and Settings\Karen\extFilter.dll
          2006-04-17 14:02 614,400 ----a-w C:\Documents and Settings\Karen\imageLib.dll
          2006-04-17 14:02 39,936 ----a-w C:\Documents and Settings\Karen\global_func.dll
          2006-04-17 14:02 389,120 ----a-w C:\Documents and Settings\Karen\global_control.dll
          2006-04-17 14:02 319,488 ----a-w C:\Documents and Settings\Karen\PhotoAlbum.exe
          2006-04-17 14:02 31,744 ----a-w C:\Documents and Settings\Karen\ManagerFrame.dll
          2006-04-17 14:02 28,672 ----a-w C:\Documents and Settings\Karen\global_db.dll
          2006-04-14 16:46 5,932 ----a-w C:\Documents and Settings\Karen\MDPF.dat
          2006-04-14 07:20 163,840 ----a-w C:\Documents and Settings\Karen\OpenEntry.exe
          2006-04-13 08:06 323,584 ----a-w C:\Documents and Settings\Karen\LiveUpdateReal.exe
          2006-04-13 08:06 323,584 ----a-w C:\Documents and Settings\Karen\LiveUpdate.exe
          2006-04-11 11:13 69,632 ----a-w C:\Documents and Settings\Karen\ConMgrC.dll
          2006-04-11 11:13 118,784 ----a-w C:\Documents and Settings\Karen\ConMgr.exe
          2006-04-11 08:10 28,672 ----a-w C:\Documents and Settings\Karen\mobex.dll
          2006-04-11 08:10 16,384 ----a-w C:\Documents and Settings\Karen\ConMgrInterface.dll
          2006-04-09 04:09 544,768 ----a-w C:\Documents and Settings\Karen\SoundEditor.exe
          2006-04-09 01:53 94,208 ----a-w C:\Documents and Settings\Karen\UICtrlDll.dll
          2006-04-09 01:52 20,480 ----a-w C:\Documents and Settings\Karen\SE_WaveOut.dll
          2006-04-09 01:52 16,384 ----a-w C:\Documents and Settings\Karen\DCFCheck.dll
          2006-04-09 01:52 1,482,752 ----a-w C:\Documents and Settings\Karen\SamsungResDll.dll
          2006-04-09 00:48 139,264 ----a-w C:\Documents and Settings\Karen\MLMMSMsg.dll
          2006-04-09 00:48 102,400 ----a-w C:\Documents and Settings\Karen\MLMMObjCtrl.dll
          2006-04-09 00:47 86,016 ----a-w C:\Documents and Settings\Karen\MLXMLDoc.dll
          2006-04-09 00:47 61,440 ----a-w C:\Documents and Settings\Karen\MLSYAud.dll
          2006-04-09 00:47 37,888 ----a-w C:\Documents and Settings\Karen\MLTXStr.dll
          2006-04-09 00:47 217,088 ----a-w C:\Documents and Settings\Karen\MLDShow.dll
          2006-04-09 00:46 806,912 ----a-w C:\Documents and Settings\Karen\MLBMImg.dll
          2006-04-07 18:20 368,640 ----a-w C:\Documents and Settings\Karen\MLUICtrl.dll
          2006-04-05 13:16 77,824 ----a-w C:\Documents and Settings\Karen\ComnCtrl.dll
          2006-03-31 07:12 122,880 ----a-w C:\Documents and Settings\Karen\libsml.dll
          2006-03-28 14:57 221,184 ----a-w C:\Documents and Settings\Karen\MObexDll.dll
          2006-03-21 13:32 77,824 ----a-w C:\Documents and Settings\Karen\DecMPA.dll
          2006-03-21 13:32 294,912 ----a-w C:\Documents and Settings\Karen\lame_enc.dll
          2006-03-21 07:54 7,168 ----a-w C:\Documents and Settings\Karen\ConMgrPS.dll
          2006-01-10 14:27 827,392 ----a-w C:\Documents and Settings\Karen\PXImage.dll
          2005-12-28 11:08 4,120 ----a-w C:\Documents and Settings\Karen\funbox_filter.reg
          2005-12-16 14:41 2,027,520 ----a-w C:\Documents and Settings\Karen\M5_EmuSmw5.dll
          2005-12-16 14:41 1,019,904 ----a-w C:\Documents and Settings\Karen\M5_EmuHw.dll
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{046233ec-c935-43da-a58f-092170b10534}]

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c57303b8-e722-48d6-9c40-66e5d0a936ba}]
          C:\WINDOWS\System32\qkapaveb.dll

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD8C76B3-5391-4EC6-B169-358664E61D4B}]

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EADB1075-2079-489D-B443-138F1ECCE6D1}]

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F28B74FD-AB3B-4156-B9B1-169FCCAC4E91}]

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5FD185B-87D5-4A82-A169-845F51849BBD}]
          C:\WINDOWS\System32\ssqpo.dll

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 13:08 13312]
          "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44 196608]
          "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 19:59 68856]
          "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 03:07 843776]
          "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 08:19 729088]
          "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-02-13 14:05 7557120]
          "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-02-13 14:05 86016]
          "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [ ]
          "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 16:32 221184]
          "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752]
          "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
          "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 10:18 49152]
          "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
          "axis web cake second"="C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web\Part Else.exe" [2008-02-22 12:19 3261440]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-09 13:08 13312]
          "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

          C:\Documents and Settings\Frans\Menu Start\Programma's\Opstarten\
          Dialer Detect.lnk - C:\Program Files\FSG\DialerDetect\dd.exe [2008-01-28 18:29:05 333312]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 10:40:44 282624]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccdbcc]
          fccdbcc.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\01 Mapi Mail Delete]
          C:\Documents and Settings\All Users\Application Data\BoneMp301Mapi\Play shim.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
          --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
          --a------ 2006-02-13 14:05 1519616 C:\WINDOWS\system32\nwiz.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
          --a------ 2006-04-20 00:17 421888 C:\Program Files\Picasa2\PicasaMediaDetector.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
          --a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\qttask.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
          C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
          C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
          "SiteAdvisor Service"=2 (0x2)
          "gusvc"=3 (0x3)

          S3 Asushwio;Asushwio;C:\WINDOWS\System32\drivers\Asushwio.sys [2004-04-27 08:26]

          *Newly Created Service* - HIDSERV
          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-01-04 21:33:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          "2008-01-20 17:55:00 C:\WINDOWS\Tasks\{37EBA8EC-BB38-4A3E-AB87-E8E802332AF5}_ARCXP_Peter.job"
          - C:\WINDOWS\system32\[email protected] /Schedule=
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-02-22 12:22:44
          Windows 5.1.2600 Service Pack 1 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          --------------------- DLLs Geladen Onder Lopende Processen ---------------------

          PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.1106]
          -> C:\Program Files\Eset\pr_imon.dll
          .
          Voltooingstijd: 2008-02-22 12:23:10
          ComboFix-quarantined-files.txt 2008-02-22 11:23:02
          ComboFix2.txt 2008-02-21 17:21:41
          ComboFix3.txt 2008-02-21 17:02:28
          ComboFix4.txt 2008-02-21 16:59:20
          ComboFix5.txt 2008-02-21 16:52:39

          Comment


          • #6
            en dit is de log van anti malware

            Malwarebytes' Anti-Malware 1.05
            Database versie: 392

            Scan type: Volledige Scan (C:\|E:\|G:\|H:\|I:\|J:\|)
            Objecten gescand: 91841
            Verstreken tijd: 23 minute(s), 36 second(s)

            Geheugenprocessen geïnfecteerd: 0
            Geheugenmodulen geïnfecteerd: 0
            Registersleutels geïnfecteerd: 5
            Registerwaarden geïnfecteerd: 0
            Registerdata bestanden geïnfecteerd: 0
            Mappen geïnfecteerd: 0
            Bestanden geïnfecteerd: 1

            Geheugenprocessen geïnfecteerd:
            (Geen kwaadaardige items gevonden)

            Geheugenmodulen geïnfecteerd:
            (Geen kwaadaardige items gevonden)

            Registersleutels geïnfecteerd:
            HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
            HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

            Registerwaarden geïnfecteerd:
            (Geen kwaadaardige items gevonden)

            Registerdata bestanden geïnfecteerd:
            (Geen kwaadaardige items gevonden)

            Mappen geïnfecteerd:
            (Geen kwaadaardige items gevonden)

            Bestanden geïnfecteerd:
            C:\Documents and Settings\Noortje\Local Settings\Tempmbroit.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.



            popups van oa ad.yieldmanager en poker.ook veel runtime errors in de internet explorer

            Comment


            • #7
              Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:



              File::
              C:\WINDOWS\system32\RVAXO.bat
              C:\Documents and Settings\Frans\Bureaublad\RVAXO.exe
              C:\RVAXO.reg
              C:\WINDOWS\system32\remove.exe
              C:\WINDOWS\system32\jajcuofy.ini
              C:\firstrun4.log
              C:\rvaxo-results.log
              C:\rvaxo-vfind.log

              Folder::
              C:\RVAXO
              C:\Deckard
              C:\deljob
              C:\Program Files\blue view
              C:\VundoFix Backups
              C:\Documents and Settings\Frans\Bureaublad\RVAXO
              C:\Documents and Settings\Karen\Application Data\blue view
              C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web
              C:\Documents and Settings\Toos\Application Data\blue view
              C:\Documents and Settings\Frans\Application Data\blue view
              C:\Documents and Settings\Noortje\Application Data\blue view
              C:\Documents and Settings\Peter\Application Data\blue view
              C:\Documents and Settings\All Users\Application Data\BoneMp301Mapi

              Registry::
              [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{046233ec-c935-43da-a58f-092170b10534}]
              [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c57303b8-e722-48d6-9c40-66e5d0a936ba}]
              [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD8C76B3-5391-4EC6-B169-358664E61D4B}]
              [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EADB1075-2079-489D-B443-138F1ECCE6D1}]
              [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F28B74FD-AB3B-4156-B9B1-169FCCAC4E91}]
              [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5FD185B-87D5-4A82-A169-845F51849BBD}]
              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "axis web cake second"=-
              [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccdbcc]
              [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\01 Mapi Mail Delete]




              Sla dit op op je Bureaublad als CFScript.txt

              Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



              Dit zal ComboFix doen herstarten.
              Start opnieuw op als daarom gevraagd wordt,
              en post de inhoud van de Combofix.txt in je volgende antwoord.

              Comment


              • #8
                hier is het
                ComboFix 08-02-21 - Frans 2008-02-22 13:34:03.7 - NTFSx86
                Microsoft Windows XP Professional 5.1.2600.1.1252.1.1043.18.563 [GMT 1:00]
                Gestart vanuit: C:\Documents and Settings\Frans\Bureaublad\ComboFix.exe
                Command switches used :: C:\Documents and Settings\Frans\Bureaublad\cfscript.txt
                * Nieuw herstelpunt werd aangemaakt

                WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

                FILE ::
                C:\Documents and Settings\Frans\Bureaublad\RVAXO.exe
                C:\firstrun4.log
                C:\rvaxo-results.log
                C:\rvaxo-vfind.log
                C:\RVAXO.reg
                C:\WINDOWS\system32\jajcuofy.ini
                C:\WINDOWS\system32\remove.exe
                C:\WINDOWS\system32\RVAXO.bat
                .

                (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                .

                C:\Deckard
                C:\deljob
                C:\deljob\A7132B08905CA704.job
                C:\deljob\AEAA2D1F91CDA237.job
                C:\deljob\AF2CF67F912774F7.job
                C:\deljob\AF61210F917ADEA3.job
                C:\Documents and Settings\All Users\Application Data\BoneMp301Mapi
                C:\Documents and Settings\All Users\Application Data\BoneMp301Mapi\defaultgplfork
                C:\Documents and Settings\All Users\Application Data\BoneMp301Mapi\meetfirsthole
                C:\Documents and Settings\All Users\Application Data\BoneMp301Mapi\send axis window
                C:\Documents and Settings\All Users\Application Data\BoneMp301Mapi\twouserspam
                C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web\Dog Exit.exe
                C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web\manager stupid.exe
                C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web\Part Else.exe
                C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web\Sign Proxy.exe
                C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web\warn bash.exe
                C:\Documents and Settings\Frans\Application Data\blue view
                C:\Documents and Settings\Frans\Application Data\blue view\0
                C:\Documents and Settings\Frans\Application Data\blue view\16 Face Dog.exe
                C:\Documents and Settings\Frans\Application Data\blue view\axbcaokf.exe
                C:\Documents and Settings\Frans\Application Data\blue view\ceznvhby.exe
                C:\Documents and Settings\Frans\Application Data\blue view\cjzbfqbh.exe
                C:\Documents and Settings\Frans\Application Data\blue view\hehkilyt.exe
                C:\Documents and Settings\Frans\Application Data\blue view\IDLEBORESHIMCDROM.exe
                C:\Documents and Settings\Frans\Application Data\blue view\peak extra hole.exe
                C:\Documents and Settings\Karen\Application Data\blue view
                C:\Documents and Settings\Karen\Application Data\blue view\0
                C:\Documents and Settings\Karen\Application Data\blue view\16 Face Dog.exe
                C:\Documents and Settings\Karen\Application Data\blue view\gegktqfr.exe
                C:\Documents and Settings\Karen\Application Data\blue view\gphiqvgs.exe
                C:\Documents and Settings\Karen\Application Data\blue view\IDLEBORESHIMCDROM.exe
                C:\Documents and Settings\Karen\Application Data\blue view\irbahyed.exe
                C:\Documents and Settings\Karen\Application Data\blue view\peak extra hole.exe
                C:\Documents and Settings\Karen\Application Data\blue view\tgshosyl.exe
                C:\Documents and Settings\Karen\Application Data\blue view\uozpgapk.exe
                C:\Documents and Settings\Karen\Application Data\blue view\wkynnabv.exe
                C:\Documents and Settings\Noortje\Application Data\blue view
                C:\Documents and Settings\Noortje\Application Data\blue view\0
                C:\Documents and Settings\Noortje\Application Data\blue view\16 Face Dog.exe
                C:\Documents and Settings\Noortje\Application Data\blue view\IDLEBORESHIMCDROM.exe
                C:\Documents and Settings\Noortje\Application Data\blue view\lwgnspci.exe
                C:\Documents and Settings\Noortje\Application Data\blue view\mdygunef.exe
                C:\Documents and Settings\Noortje\Application Data\blue view\peak extra hole.exe
                C:\Documents and Settings\Noortje\Application Data\blue view\twnwexkk.exe
                C:\Documents and Settings\Noortje\Application Data\blue view\weesclfj.exe
                C:\Documents and Settings\Peter\Application Data\blue view
                C:\Documents and Settings\Peter\Application Data\blue view\0
                C:\Documents and Settings\Peter\Application Data\blue view\16 Face Dog.exe
                C:\Documents and Settings\Peter\Application Data\blue view\IDLEBORESHIMCDROM.exe
                C:\Documents and Settings\Peter\Application Data\blue view\jqhvryre.exe
                C:\Documents and Settings\Peter\Application Data\blue view\ndsgwdrv.exe
                C:\Documents and Settings\Peter\Application Data\blue view\peak extra hole.exe
                C:\Documents and Settings\Peter\Application Data\blue view\wofrwuno.exe
                C:\Documents and Settings\Toos\Application Data\blue view
                C:\Documents and Settings\Toos\Application Data\blue view\0
                C:\Documents and Settings\Toos\Application Data\blue view\16 Face Dog.exe
                C:\Documents and Settings\Toos\Application Data\blue view\xbfbqnff.exe
                C:\Program Files\blue view
                C:\rvaxo-results.log
                C:\RVAXO
                C:\RVAXO.reg
                C:\RVAXO\qmgr0.dat
                C:\RVAXO\RVAXO3
                C:\RVAXO\ssodl.reg
                C:\RVAXO\sts.reg
                C:\VundoFix Backups
                C:\VundoFix Backups\addmorefiles.txt
                C:\VundoFix Backups\aptihguo.dll.bad
                C:\VundoFix Backups\dvgockom.dll.bad
                C:\VundoFix Backups\eexagfbu.dll.bad
                C:\VundoFix Backups\jghikwqb.dll.bad
                C:\VundoFix Backups\jxmdvcgn.dll.bad
                C:\VundoFix Backups\knmkmlwr.ini.bad
                C:\VundoFix Backups\oiyamoka.dll.bad
                C:\VundoFix Backups\omxbytlx.dll.bad
                C:\VundoFix Backups\oughitpa.ini.bad
                C:\VundoFix Backups\qkapaveb.dll.bad
                C:\VundoFix Backups\rlygurja.dll.bad
                C:\VundoFix Backups\rwlmkmnk.dll.bad
                C:\VundoFix Backups\sbmuqmpn.dll.bad
                C:\VundoFix Backups\snyifrwf.dll.bad
                C:\VundoFix Backups\ssqpo.dll.bad
                C:\VundoFix Backups\uhkiiweo.dll.bad
                C:\VundoFix Backups\vslfuqog.dll.bad
                C:\WINDOWS\system32\jajcuofy.ini
                C:\WINDOWS\system32\remove.exe
                C:\WINDOWS\system32\RVAXO.bat
                C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web

                .
                (((((((((((((((((((( Bestanden Gemaakt van 2008-01-22 to 2008-02-22 ))))))))))))))))))))))))))))))
                .

                2008-02-22 13:13 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
                2008-02-22 13:13 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
                2008-02-22 13:13 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
                2008-02-22 13:12 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
                2008-02-22 12:27 . 2008-02-22 12:27 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
                2008-02-22 12:27 . 2008-02-22 12:27 <DIR> d-------- C:\Program Files\Common Files\Download Manager
                2008-02-22 12:27 . 2008-02-22 12:27 <DIR> d-------- C:\Documents and Settings\Frans\Application Data\Malwarebytes
                2008-02-22 12:27 . 2008-02-22 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
                2008-02-22 12:17 . 2002-09-09 14:07 20,480 --a------ C:\WINDOWS\system32\hidserv.dll
                2008-02-22 12:17 . 2002-09-09 14:07 20,480 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
                2008-02-22 12:17 . 2001-09-06 18:24 14,080 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
                2008-02-22 12:17 . 2001-09-06 18:24 14,080 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
                2008-02-22 12:15 . 2001-09-06 19:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
                2008-02-22 12:15 . 2001-09-06 19:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
                2008-02-22 12:15 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
                2008-02-22 12:15 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
                2008-02-21 17:16 . 2008-02-21 17:16 94 --a------ C:\WINDOWS\wininit.ini
                2008-01-28 18:32 . 2008-01-28 18:32 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
                2008-01-28 18:32 . 2008-01-28 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                2008-01-28 18:29 . 2008-01-28 18:29 <DIR> d-------- C:\Program Files\FSG
                2008-01-28 18:08 . 2008-01-28 18:23 <DIR> d-------- C:\Program Files\a-squared Free
                2008-01-28 18:07 . 2008-01-28 18:07 <DIR> d-------- C:\Program Files\a-squared HiJackFree
                2008-01-28 17:57 . 2008-01-28 17:57 <DIR> d-------- C:\Program Files\Trend Micro

                .
                ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                2008-02-18 16:25 --------- d-----w C:\Program Files\LimeWire
                2008-02-07 22:17 --------- d-----w C:\Program Files\ESET
                2008-01-28 17:24 --------- d-----w C:\Program Files\Macrogaming
                2008-01-04 21:37 --------- d-----w C:\Program Files\QuickTime
                2008-01-04 21:35 --------- d-----w C:\Program Files\iTunes
                2008-01-04 21:35 --------- d-----w C:\Program Files\iPod
                2008-01-04 21:33 --------- d-----w C:\Program Files\Apple Software Update
                2008-01-04 21:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
                2007-03-28 19:18 2,242,720 ----a-w C:\Documents and Settings\Toos\ib2006_win_setup.exe
                2006-04-18 17:56 958,464 ----a-w C:\Documents and Settings\Karen\PC Sync.exe
                2006-04-18 17:56 163,840 ----a-w C:\Documents and Settings\Karen\OutlookManager.dll
                2006-04-18 17:51 3,064 ----a-w C:\Documents and Settings\Karen\Model.reg
                2006-04-18 17:15 73,728 ----a-w C:\Documents and Settings\Karen\SecToPC.exe
                2006-04-18 17:15 73,728 ----a-w C:\Documents and Settings\Karen\PXControls.dll
                2006-04-18 17:15 53,248 ----a-w C:\Documents and Settings\Karen\PXCommon.dll
                2006-04-18 17:15 409,600 ----a-w C:\Documents and Settings\Karen\PhoneExplorer.exe
                2006-04-18 17:15 405,504 ----a-w C:\Documents and Settings\Karen\MediaCheck.dll
                2006-04-18 17:15 38,912 ----a-w C:\Documents and Settings\Karen\SecToPhone.exe
                2006-04-18 17:15 327,680 ----a-w C:\Documents and Settings\Karen\PXCmd.dll
                2006-04-18 17:15 274,432 ----a-w C:\Documents and Settings\Karen\ProfileManager.dll
                2006-04-18 17:15 23,040 ----a-w C:\Documents and Settings\Karen\DrmCheck.dll
                2006-04-18 17:15 217,088 ----a-w C:\Documents and Settings\Karen\PXViewCtrls.dll
                2006-04-18 17:15 188,416 ----a-w C:\Documents and Settings\Karen\PXSecCommonDlg.dll
                2006-04-18 17:13 155,648 ----a-w C:\Documents and Settings\Karen\SyncEngine.dll
                2006-04-18 17:12 25,088 ----a-w C:\Documents and Settings\Karen\MgrConfig.dll
                2006-04-18 17:12 196,608 ----a-w C:\Documents and Settings\Karen\SMLParser.dll
                2006-04-18 17:12 19,456 ----a-w C:\Documents and Settings\Karen\MgrLogFile.dll
                2006-04-18 17:11 462,848 ----a-w C:\Documents and Settings\Karen\Launcher.exe
                2006-04-18 17:10 360,448 ----a-w C:\Documents and Settings\Karen\LCRes.dll
                2006-04-18 17:06 180,224 ----a-w C:\Documents and Settings\Karen\PXRes.dll
                2006-04-18 16:20 483,328 ----a-w C:\Documents and Settings\Karen\MM.exe
                2006-04-18 16:19 503,808 ----a-w C:\Documents and Settings\Karen\PE.exe
                2006-04-18 16:19 491,520 ----a-w C:\Documents and Settings\Karen\PSIESe.dll
                2006-04-18 16:19 217,088 ----a-w C:\Documents and Settings\Karen\PSPrint.dll
                2006-04-18 16:18 196,608 ----a-w C:\Documents and Settings\Karen\PSFind.dll
                2006-04-18 16:18 1,191,936 ----a-w C:\Documents and Settings\Karen\PSCtrlSe.dll
                2006-04-18 15:55 159,744 ----a-w C:\Documents and Settings\Karen\MMSMenuBar.dll
                2006-04-18 15:26 643,072 ----a-w C:\Documents and Settings\Karen\MovieEditor.exe
                2006-04-18 15:26 323,584 ----a-w C:\Documents and Settings\Karen\MECommon.dll
                2006-04-18 14:07 65,536 ----a-w C:\Documents and Settings\Karen\DShowHelper.dll
                2006-04-18 13:37 172,032 ----a-w C:\Documents and Settings\Karen\PSComn.dll
                2006-04-18 09:16 499,712 ----a-w C:\Documents and Settings\Karen\ConWiz.exe
                2006-04-18 09:02 151,552 ----a-w C:\Documents and Settings\Karen\ConMgr_Setting.exe
                2006-04-18 08:41 827,392 ----a-w C:\Documents and Settings\Karen\SecTheme.dll
                2006-04-18 08:40 192,512 ----a-w C:\Documents and Settings\Karen\PSLib.dll
                2006-04-17 22:01 679,936 ----a-w C:\Documents and Settings\Karen\PMRes.dll
                2006-04-17 18:00 503,808 ----a-w C:\Documents and Settings\Karen\MMSComposer.exe
                2006-04-17 18:00 487,424 ----a-w C:\Documents and Settings\Karen\MMSConsole.dll
                2006-04-17 18:00 458,752 ----a-w C:\Documents and Settings\Karen\MMSMediaPlayer.exe
                2006-04-17 18:00 192,512 ----a-w C:\Documents and Settings\Karen\MMSMessageBrowser.dll
                2006-04-17 18:00 1,224,704 ----a-w C:\Documents and Settings\Karen\MMSContBrowser.dll
                2006-04-17 17:59 81,920 ----a-w C:\Documents and Settings\Karen\MMSData.dll
                2006-04-17 17:59 684,032 ----a-w C:\Documents and Settings\Karen\MMSPhotoEditor.dll
                2006-04-17 17:59 1,351,680 ----a-w C:\Documents and Settings\Karen\MMSPageEditor.dll
                2006-04-17 17:59 1,048,576 ----a-w C:\Documents and Settings\Karen\MMSComm.dll
                2006-04-17 17:44 434,176 ----a-w C:\Documents and Settings\Karen\NetworkingWizard.exe
                2006-04-17 14:02 73,728 ----a-w C:\Documents and Settings\Karen\extFilter.dll
                2006-04-17 14:02 614,400 ----a-w C:\Documents and Settings\Karen\imageLib.dll
                2006-04-17 14:02 39,936 ----a-w C:\Documents and Settings\Karen\global_func.dll
                2006-04-17 14:02 389,120 ----a-w C:\Documents and Settings\Karen\global_control.dll
                2006-04-17 14:02 319,488 ----a-w C:\Documents and Settings\Karen\PhotoAlbum.exe
                2006-04-17 14:02 31,744 ----a-w C:\Documents and Settings\Karen\ManagerFrame.dll
                2006-04-17 14:02 28,672 ----a-w C:\Documents and Settings\Karen\global_db.dll
                2006-04-14 16:46 5,932 ----a-w C:\Documents and Settings\Karen\MDPF.dat
                2006-04-14 07:20 163,840 ----a-w C:\Documents and Settings\Karen\OpenEntry.exe
                2006-04-13 08:06 323,584 ----a-w C:\Documents and Settings\Karen\LiveUpdateReal.exe
                2006-04-13 08:06 323,584 ----a-w C:\Documents and Settings\Karen\LiveUpdate.exe
                2006-04-11 11:13 69,632 ----a-w C:\Documents and Settings\Karen\ConMgrC.dll
                2006-04-11 11:13 118,784 ----a-w C:\Documents and Settings\Karen\ConMgr.exe
                2006-04-11 08:10 28,672 ----a-w C:\Documents and Settings\Karen\mobex.dll
                2006-04-11 08:10 16,384 ----a-w C:\Documents and Settings\Karen\ConMgrInterface.dll
                2006-04-09 04:09 544,768 ----a-w C:\Documents and Settings\Karen\SoundEditor.exe
                2006-04-09 01:53 94,208 ----a-w C:\Documents and Settings\Karen\UICtrlDll.dll
                2006-04-09 01:52 20,480 ----a-w C:\Documents and Settings\Karen\SE_WaveOut.dll
                2006-04-09 01:52 16,384 ----a-w C:\Documents and Settings\Karen\DCFCheck.dll
                2006-04-09 01:52 1,482,752 ----a-w C:\Documents and Settings\Karen\SamsungResDll.dll
                2006-04-09 00:48 139,264 ----a-w C:\Documents and Settings\Karen\MLMMSMsg.dll
                2006-04-09 00:48 102,400 ----a-w C:\Documents and Settings\Karen\MLMMObjCtrl.dll
                2006-04-09 00:47 86,016 ----a-w C:\Documents and Settings\Karen\MLXMLDoc.dll
                2006-04-09 00:47 61,440 ----a-w C:\Documents and Settings\Karen\MLSYAud.dll
                2006-04-09 00:47 37,888 ----a-w C:\Documents and Settings\Karen\MLTXStr.dll
                2006-04-09 00:47 217,088 ----a-w C:\Documents and Settings\Karen\MLDShow.dll
                2006-04-09 00:46 806,912 ----a-w C:\Documents and Settings\Karen\MLBMImg.dll
                2006-04-07 18:20 368,640 ----a-w C:\Documents and Settings\Karen\MLUICtrl.dll
                2006-04-05 13:16 77,824 ----a-w C:\Documents and Settings\Karen\ComnCtrl.dll
                2006-03-31 07:12 122,880 ----a-w C:\Documents and Settings\Karen\libsml.dll
                2006-03-28 14:57 221,184 ----a-w C:\Documents and Settings\Karen\MObexDll.dll
                2006-03-21 13:32 77,824 ----a-w C:\Documents and Settings\Karen\DecMPA.dll
                2006-03-21 13:32 294,912 ----a-w C:\Documents and Settings\Karen\lame_enc.dll
                2006-03-21 07:54 7,168 ----a-w C:\Documents and Settings\Karen\ConMgrPS.dll
                2006-01-10 14:27 827,392 ----a-w C:\Documents and Settings\Karen\PXImage.dll
                2005-12-28 11:08 4,120 ----a-w C:\Documents and Settings\Karen\funbox_filter.reg
                2005-12-16 14:41 2,027,520 ----a-w C:\Documents and Settings\Karen\M5_EmuSmw5.dll
                2005-12-16 14:41 1,019,904 ----a-w C:\Documents and Settings\Karen\M5_EmuHw.dll
                2005-12-12 09:39 73,728 ----a-w C:\Documents and Settings\Karen\KillProcess2ForPCStudio.dll
                2005-11-19 17:16 65,536 ----a-w C:\Documents and Settings\Karen\MFC71DEU.DLL
                2005-11-19 17:16 61,440 ----a-w C:\Documents and Settings\Karen\MFC71ITA.DLL
                2005-11-19 17:16 61,440 ----a-w C:\Documents and Settings\Karen\MFC71FRA.DLL
                2005-11-19 17:16 61,440 ----a-w C:\Documents and Settings\Karen\MFC71ESP.DLL
                2005-11-19 17:16 57,344 ----a-w C:\Documents and Settings\Karen\MFC71ENU.DLL
                .

                ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                .
                REGEDIT4
                *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{046233ec-c935-43da-a58f-092170b10534}]

                [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c57303b8-e722-48d6-9c40-66e5d0a936ba}]

                [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD8C76B3-5391-4EC6-B169-358664E61D4B}]

                [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EADB1075-2079-489D-B443-138F1ECCE6D1}]

                [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F28B74FD-AB3B-4156-B9B1-169FCCAC4E91}]

                [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5FD185B-87D5-4A82-A169-845F51849BBD}]

                [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 13:08 13312]
                "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44 196608]
                "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 19:59 68856]
                "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 03:07 843776]
                "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 08:19 729088]
                "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-02-13 14:05 7557120]
                "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-02-13 14:05 86016]
                "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [ ]
                "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 16:32 221184]
                "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752]
                "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088]
                "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
                "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 10:18 49152]
                "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
                "axis web cake second"="C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web\Part Else.exe" [ ]

                [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-09 13:08 13312]
                "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

                C:\Documents and Settings\Frans\Menu Start\Programma's\Opstarten\
                Dialer Detect.lnk - C:\Program Files\FSG\DialerDetect\dd.exe [2008-01-28 18:29:05 333312]

                C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 10:40:44 282624]

                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccdbcc]

                [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
                SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
                --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
                --a------ 2006-02-13 14:05 1519616 C:\WINDOWS\system32\nwiz.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
                --a------ 2006-04-20 00:17 421888 C:\Program Files\Picasa2\PicasaMediaDetector.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
                --a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\qttask.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
                C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
                C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
                "SiteAdvisor Service"=2 (0x2)
                "gusvc"=3 (0x3)

                S3 Asushwio;Asushwio;C:\WINDOWS\System32\drivers\Asushwio.sys [2004-04-27 08:26]

                .
                Inhoud van de 'Gedeelde Taken' map
                "2008-01-04 21:33:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
                - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
                "2008-01-20 17:55:00 C:\WINDOWS\Tasks\{37EBA8EC-BB38-4A3E-AB87-E8E802332AF5}_ARCXP_Peter.job"
                - C:\WINDOWS\system32\[email protected] /Schedule=
                .
                **************************************************************************

                catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                Rootkit scan 2008-02-22 13:40:55
                Windows 5.1.2600 Service Pack 1 NTFS

                scannen van verborgen processen ...

                scannen van verborgen autostart items ...

                scannen van verborgen bestanden ...

                Scan succesvol afgerond
                verborgen bestanden: 0

                **************************************************************************
                .
                --------------------- DLLs Geladen Onder Lopende Processen ---------------------

                PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.1106]
                -> C:\Program Files\Eset\pr_imon.dll
                .
                ------------------------ Other Running Processes ------------------------
                .
                C:\Program Files\a-squared Free\a2service.exe
                C:\WINDOWS\ATKKBService.exe
                C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                C:\Program Files\Eset\nod32krn.exe
                C:\WINDOWS\System32\nvsvc32.exe
                C:\WINDOWS\System32\RUNDLL32.EXE
                C:\Program Files\Logitech\Video\FxSvr2.exe
                C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
                C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
                C:\WINDOWS\System32\HPZinw12.exe
                .
                **************************************************************************
                .
                Voltooingstijd: 2008-02-22 13:42:12 - machine was rebooted
                ComboFix-quarantined-files.txt 2008-02-22 12:42:10
                ComboFix2.txt 2008-02-22 11:23:10
                ComboFix3.txt 2008-02-21 17:21:41
                ComboFix4.txt 2008-02-21 17:02:28
                ComboFix5.txt 2008-02-21 16:59:20



                ik merk alleen nog een hoop runtime error in de internet explorer

                Comment


                • #9
                  TeaTimer van Spybot is actief, deze moet uitgeschakeld worden omdat deze wijzigingen met Hijackthis weer ongedaan gaat maken.

                  Spybot openen > Modus > Geavanceerde modus > Gereedschap > Resident > TeaTimer uitschakelen > PC Herstarten

                  Download het volgende naar je bureaublad:

                  Dubbelklik daarna op ResetTeaTimer.bat.
                  Dit zal de voorgaande items die je toegelaten hebt of geblokkeerd hebt via teatimer terug resetten.

                  Doe die stap met CFScript.txt nu even opnieuw en post het nieuwe logje van Combofix

                  Comment


                  • #10
                    ComboFix 08-02-21 - Frans 2008-02-22 16:53:56.8 - NTFSx86
                    Microsoft Windows XP Professional 5.1.2600.1.1252.1.1043.18.704 [GMT 1:00]
                    Gestart vanuit: C:\Documents and Settings\Frans\Bureaublad\ComboFix.exe
                    Command switches used :: C:\Documents and Settings\Frans\Bureaublad\cfscript.txt
                    * Nieuw herstelpunt werd aangemaakt

                    WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

                    FILE ::
                    C:\Documents and Settings\Frans\Bureaublad\RVAXO.exe
                    C:\firstrun4.log
                    C:\rvaxo-results.log
                    C:\rvaxo-vfind.log
                    C:\RVAXO.reg
                    C:\WINDOWS\system32\jajcuofy.ini
                    C:\WINDOWS\system32\remove.exe
                    C:\WINDOWS\system32\RVAXO.bat
                    .

                    (((((((((((((((((((( Bestanden Gemaakt van 2008-01-22 to 2008-02-22 ))))))))))))))))))))))))))))))
                    .

                    2008-02-22 13:13 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
                    2008-02-22 13:13 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
                    2008-02-22 13:13 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
                    2008-02-22 13:12 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
                    2008-02-22 12:27 . 2008-02-22 12:27 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
                    2008-02-22 12:27 . 2008-02-22 12:27 <DIR> d-------- C:\Program Files\Common Files\Download Manager
                    2008-02-22 12:27 . 2008-02-22 12:27 <DIR> d-------- C:\Documents and Settings\Frans\Application Data\Malwarebytes
                    2008-02-22 12:27 . 2008-02-22 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
                    2008-02-22 12:17 . 2002-09-09 14:07 20,480 --a------ C:\WINDOWS\system32\hidserv.dll
                    2008-02-22 12:17 . 2002-09-09 14:07 20,480 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
                    2008-02-22 12:17 . 2001-09-06 18:24 14,080 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
                    2008-02-22 12:17 . 2001-09-06 18:24 14,080 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
                    2008-02-22 12:15 . 2001-09-06 19:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
                    2008-02-22 12:15 . 2001-09-06 19:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
                    2008-02-22 12:15 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
                    2008-02-22 12:15 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
                    2008-02-21 17:16 . 2008-02-21 17:16 94 --a------ C:\WINDOWS\wininit.ini
                    2008-01-28 18:32 . 2008-01-28 18:32 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
                    2008-01-28 18:32 . 2008-01-28 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                    2008-01-28 18:29 . 2008-01-28 18:29 <DIR> d-------- C:\Program Files\FSG
                    2008-01-28 18:08 . 2008-01-28 18:23 <DIR> d-------- C:\Program Files\a-squared Free
                    2008-01-28 18:07 . 2008-01-28 18:07 <DIR> d-------- C:\Program Files\a-squared HiJackFree
                    2008-01-28 17:57 . 2008-01-28 17:57 <DIR> d-------- C:\Program Files\Trend Micro

                    .
                    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    2008-02-18 16:25 --------- d-----w C:\Program Files\LimeWire
                    2008-02-07 22:17 --------- d-----w C:\Program Files\ESET
                    2008-01-28 17:24 --------- d-----w C:\Program Files\Macrogaming
                    2008-01-04 21:37 --------- d-----w C:\Program Files\QuickTime
                    2008-01-04 21:35 --------- d-----w C:\Program Files\iTunes
                    2008-01-04 21:35 --------- d-----w C:\Program Files\iPod
                    2008-01-04 21:33 --------- d-----w C:\Program Files\Apple Software Update
                    2008-01-04 21:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
                    2007-03-28 19:18 2,242,720 ----a-w C:\Documents and Settings\Toos\ib2006_win_setup.exe
                    2006-04-18 17:56 958,464 ----a-w C:\Documents and Settings\Karen\PC Sync.exe
                    2006-04-18 17:56 163,840 ----a-w C:\Documents and Settings\Karen\OutlookManager.dll
                    2006-04-18 17:51 3,064 ----a-w C:\Documents and Settings\Karen\Model.reg
                    2006-04-18 17:15 73,728 ----a-w C:\Documents and Settings\Karen\SecToPC.exe
                    2006-04-18 17:15 73,728 ----a-w C:\Documents and Settings\Karen\PXControls.dll
                    2006-04-18 17:15 53,248 ----a-w C:\Documents and Settings\Karen\PXCommon.dll
                    2006-04-18 17:15 409,600 ----a-w C:\Documents and Settings\Karen\PhoneExplorer.exe
                    2006-04-18 17:15 405,504 ----a-w C:\Documents and Settings\Karen\MediaCheck.dll
                    2006-04-18 17:15 38,912 ----a-w C:\Documents and Settings\Karen\SecToPhone.exe
                    2006-04-18 17:15 327,680 ----a-w C:\Documents and Settings\Karen\PXCmd.dll
                    2006-04-18 17:15 274,432 ----a-w C:\Documents and Settings\Karen\ProfileManager.dll
                    2006-04-18 17:15 23,040 ----a-w C:\Documents and Settings\Karen\DrmCheck.dll
                    2006-04-18 17:15 217,088 ----a-w C:\Documents and Settings\Karen\PXViewCtrls.dll
                    2006-04-18 17:15 188,416 ----a-w C:\Documents and Settings\Karen\PXSecCommonDlg.dll
                    2006-04-18 17:13 155,648 ----a-w C:\Documents and Settings\Karen\SyncEngine.dll
                    2006-04-18 17:12 25,088 ----a-w C:\Documents and Settings\Karen\MgrConfig.dll
                    2006-04-18 17:12 196,608 ----a-w C:\Documents and Settings\Karen\SMLParser.dll
                    2006-04-18 17:12 19,456 ----a-w C:\Documents and Settings\Karen\MgrLogFile.dll
                    2006-04-18 17:11 462,848 ----a-w C:\Documents and Settings\Karen\Launcher.exe
                    2006-04-18 17:10 360,448 ----a-w C:\Documents and Settings\Karen\LCRes.dll
                    2006-04-18 17:06 180,224 ----a-w C:\Documents and Settings\Karen\PXRes.dll
                    2006-04-18 16:20 483,328 ----a-w C:\Documents and Settings\Karen\MM.exe
                    2006-04-18 16:19 503,808 ----a-w C:\Documents and Settings\Karen\PE.exe
                    2006-04-18 16:19 491,520 ----a-w C:\Documents and Settings\Karen\PSIESe.dll
                    2006-04-18 16:19 217,088 ----a-w C:\Documents and Settings\Karen\PSPrint.dll
                    2006-04-18 16:18 196,608 ----a-w C:\Documents and Settings\Karen\PSFind.dll
                    2006-04-18 16:18 1,191,936 ----a-w C:\Documents and Settings\Karen\PSCtrlSe.dll
                    2006-04-18 15:55 159,744 ----a-w C:\Documents and Settings\Karen\MMSMenuBar.dll
                    2006-04-18 15:26 643,072 ----a-w C:\Documents and Settings\Karen\MovieEditor.exe
                    2006-04-18 15:26 323,584 ----a-w C:\Documents and Settings\Karen\MECommon.dll
                    2006-04-18 14:07 65,536 ----a-w C:\Documents and Settings\Karen\DShowHelper.dll
                    2006-04-18 13:37 172,032 ----a-w C:\Documents and Settings\Karen\PSComn.dll
                    2006-04-18 09:16 499,712 ----a-w C:\Documents and Settings\Karen\ConWiz.exe
                    2006-04-18 09:02 151,552 ----a-w C:\Documents and Settings\Karen\ConMgr_Setting.exe
                    2006-04-18 08:41 827,392 ----a-w C:\Documents and Settings\Karen\SecTheme.dll
                    2006-04-18 08:40 192,512 ----a-w C:\Documents and Settings\Karen\PSLib.dll
                    2006-04-17 22:01 679,936 ----a-w C:\Documents and Settings\Karen\PMRes.dll
                    2006-04-17 18:00 503,808 ----a-w C:\Documents and Settings\Karen\MMSComposer.exe
                    2006-04-17 18:00 487,424 ----a-w C:\Documents and Settings\Karen\MMSConsole.dll
                    2006-04-17 18:00 458,752 ----a-w C:\Documents and Settings\Karen\MMSMediaPlayer.exe
                    2006-04-17 18:00 192,512 ----a-w C:\Documents and Settings\Karen\MMSMessageBrowser.dll
                    2006-04-17 18:00 1,224,704 ----a-w C:\Documents and Settings\Karen\MMSContBrowser.dll
                    2006-04-17 17:59 81,920 ----a-w C:\Documents and Settings\Karen\MMSData.dll
                    2006-04-17 17:59 684,032 ----a-w C:\Documents and Settings\Karen\MMSPhotoEditor.dll
                    2006-04-17 17:59 1,351,680 ----a-w C:\Documents and Settings\Karen\MMSPageEditor.dll
                    2006-04-17 17:59 1,048,576 ----a-w C:\Documents and Settings\Karen\MMSComm.dll
                    2006-04-17 17:44 434,176 ----a-w C:\Documents and Settings\Karen\NetworkingWizard.exe
                    2006-04-17 14:02 73,728 ----a-w C:\Documents and Settings\Karen\extFilter.dll
                    2006-04-17 14:02 614,400 ----a-w C:\Documents and Settings\Karen\imageLib.dll
                    2006-04-17 14:02 39,936 ----a-w C:\Documents and Settings\Karen\global_func.dll
                    2006-04-17 14:02 389,120 ----a-w C:\Documents and Settings\Karen\global_control.dll
                    2006-04-17 14:02 319,488 ----a-w C:\Documents and Settings\Karen\PhotoAlbum.exe
                    2006-04-17 14:02 31,744 ----a-w C:\Documents and Settings\Karen\ManagerFrame.dll
                    2006-04-17 14:02 28,672 ----a-w C:\Documents and Settings\Karen\global_db.dll
                    2006-04-14 16:46 5,932 ----a-w C:\Documents and Settings\Karen\MDPF.dat
                    2006-04-14 07:20 163,840 ----a-w C:\Documents and Settings\Karen\OpenEntry.exe
                    2006-04-13 08:06 323,584 ----a-w C:\Documents and Settings\Karen\LiveUpdateReal.exe
                    2006-04-13 08:06 323,584 ----a-w C:\Documents and Settings\Karen\LiveUpdate.exe
                    2006-04-11 11:13 69,632 ----a-w C:\Documents and Settings\Karen\ConMgrC.dll
                    2006-04-11 11:13 118,784 ----a-w C:\Documents and Settings\Karen\ConMgr.exe
                    2006-04-11 08:10 28,672 ----a-w C:\Documents and Settings\Karen\mobex.dll
                    2006-04-11 08:10 16,384 ----a-w C:\Documents and Settings\Karen\ConMgrInterface.dll
                    2006-04-09 04:09 544,768 ----a-w C:\Documents and Settings\Karen\SoundEditor.exe
                    2006-04-09 01:53 94,208 ----a-w C:\Documents and Settings\Karen\UICtrlDll.dll
                    2006-04-09 01:52 20,480 ----a-w C:\Documents and Settings\Karen\SE_WaveOut.dll
                    2006-04-09 01:52 16,384 ----a-w C:\Documents and Settings\Karen\DCFCheck.dll
                    2006-04-09 01:52 1,482,752 ----a-w C:\Documents and Settings\Karen\SamsungResDll.dll
                    2006-04-09 00:48 139,264 ----a-w C:\Documents and Settings\Karen\MLMMSMsg.dll
                    2006-04-09 00:48 102,400 ----a-w C:\Documents and Settings\Karen\MLMMObjCtrl.dll
                    2006-04-09 00:47 86,016 ----a-w C:\Documents and Settings\Karen\MLXMLDoc.dll
                    2006-04-09 00:47 61,440 ----a-w C:\Documents and Settings\Karen\MLSYAud.dll
                    2006-04-09 00:47 37,888 ----a-w C:\Documents and Settings\Karen\MLTXStr.dll
                    2006-04-09 00:47 217,088 ----a-w C:\Documents and Settings\Karen\MLDShow.dll
                    2006-04-09 00:46 806,912 ----a-w C:\Documents and Settings\Karen\MLBMImg.dll
                    2006-04-07 18:20 368,640 ----a-w C:\Documents and Settings\Karen\MLUICtrl.dll
                    2006-04-05 13:16 77,824 ----a-w C:\Documents and Settings\Karen\ComnCtrl.dll
                    2006-03-31 07:12 122,880 ----a-w C:\Documents and Settings\Karen\libsml.dll
                    2006-03-28 14:57 221,184 ----a-w C:\Documents and Settings\Karen\MObexDll.dll
                    2006-03-21 13:32 77,824 ----a-w C:\Documents and Settings\Karen\DecMPA.dll
                    2006-03-21 13:32 294,912 ----a-w C:\Documents and Settings\Karen\lame_enc.dll
                    2006-03-21 07:54 7,168 ----a-w C:\Documents and Settings\Karen\ConMgrPS.dll
                    2006-01-10 14:27 827,392 ----a-w C:\Documents and Settings\Karen\PXImage.dll
                    2005-12-28 11:08 4,120 ----a-w C:\Documents and Settings\Karen\funbox_filter.reg
                    2005-12-16 14:41 2,027,520 ----a-w C:\Documents and Settings\Karen\M5_EmuSmw5.dll
                    2005-12-16 14:41 1,019,904 ----a-w C:\Documents and Settings\Karen\M5_EmuHw.dll
                    2005-12-12 09:39 73,728 ----a-w C:\Documents and Settings\Karen\KillProcess2ForPCStudio.dll
                    2005-11-19 17:16 65,536 ----a-w C:\Documents and Settings\Karen\MFC71DEU.DLL
                    2005-11-19 17:16 61,440 ----a-w C:\Documents and Settings\Karen\MFC71ITA.DLL
                    2005-11-19 17:16 61,440 ----a-w C:\Documents and Settings\Karen\MFC71FRA.DLL
                    2005-11-19 17:16 61,440 ----a-w C:\Documents and Settings\Karen\MFC71ESP.DLL
                    2005-11-19 17:16 57,344 ----a-w C:\Documents and Settings\Karen\MFC71ENU.DLL
                    .

                    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    .
                    REGEDIT4
                    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 13:08 13312]
                    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44 196608]
                    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 19:59 68856]

                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 03:07 843776]
                    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 08:19 729088]
                    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-02-13 14:05 7557120]
                    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-02-13 14:05 86016]
                    "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [ ]
                    "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 16:32 221184]
                    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752]
                    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088]
                    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
                    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 10:18 49152]
                    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]

                    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-09 13:08 13312]
                    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

                    C:\Documents and Settings\Frans\Menu Start\Programma's\Opstarten\
                    Dialer Detect.lnk - C:\Program Files\FSG\DialerDetect\dd.exe [2008-01-28 18:29:05 333312]

                    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 10:40:44 282624]

                    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
                    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
                    --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
                    --a------ 2006-02-13 14:05 1519616 C:\WINDOWS\system32\nwiz.exe

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
                    --a------ 2006-04-20 00:17 421888 C:\Program Files\Picasa2\PicasaMediaDetector.exe

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
                    --a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\qttask.exe

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
                    C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
                    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
                    "SiteAdvisor Service"=2 (0x2)
                    "gusvc"=3 (0x3)

                    S3 Asushwio;Asushwio;C:\WINDOWS\System32\drivers\Asushwio.sys [2004-04-27 08:26]

                    .
                    Inhoud van de 'Gedeelde Taken' map
                    "2008-01-04 21:33:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
                    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
                    "2008-01-20 17:55:00 C:\WINDOWS\Tasks\{37EBA8EC-BB38-4A3E-AB87-E8E802332AF5}_ARCXP_Peter.job"
                    - C:\WINDOWS\system32\[email protected] /Schedule=
                    .
                    **************************************************************************

                    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                    Rootkit scan 2008-02-22 16:55:28
                    Windows 5.1.2600 Service Pack 1 NTFS

                    scannen van verborgen processen ...

                    scannen van verborgen autostart items ...

                    scannen van verborgen bestanden ...

                    Scan succesvol afgerond
                    verborgen bestanden: 0

                    **************************************************************************
                    .
                    --------------------- DLLs Geladen Onder Lopende Processen ---------------------

                    PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.1106]
                    -> C:\Program Files\Eset\pr_imon.dll
                    .
                    Voltooingstijd: 2008-02-22 16:56:04
                    ComboFix-quarantined-files.txt 2008-02-22 15:55:56
                    ComboFix2.txt 2008-02-22 12:42:13
                    ComboFix3.txt 2008-02-22 11:23:10
                    ComboFix4.txt 2008-02-21 17:21:41
                    ComboFix5.txt 2008-02-21 17:02:28

                    Comment


                    • #11
                      Download ATF cleaner (mirror)(gemaakt door Atribune)

                      Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                      Dubbelklik op ATF cleaner om het programma te starten.
                      Op het tabblad "Main", plaats je een vinkje bij Select All.
                      Klik op de knop Empty Selected.

                      Het volgende doen als je ook FireFox als browser hebt:
                      Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                      Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                      (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                      Klik op de knop Empty Selected.

                      Het volgende doen als je ook Opera als browser hebt:
                      Klik op tabblad "Opera", plaats een vinkje bij Select All.
                      Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                      Klik op de knop Empty Selected.
                      Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                      Ga naar Start - Uitvoeren en geef hier het volgende in:
                      Combofix /U
                      Druk daarna op OK.
                      Let op: Er moet een spatie tussen Combofix en /U zitten.

                      Dit zal Combofix deïnstalleren.

                      Post als laatste nog een nieuw logje van Hijackthis ter controle

                      Comment


                      • #12
                        done!

                        Logfile of Trend Micro HijackThis v2.0.2
                        Scan saved at 17:12:19, on 23-2-2008
                        Platform: Windows XP SP1 (WinNT 5.01.2600)
                        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
                        Boot mode: Normal

                        Running processes:
                        C:\WINDOWS\System32\smss.exe
                        C:\WINDOWS\system32\winlogon.exe
                        C:\WINDOWS\system32\services.exe
                        C:\WINDOWS\system32\lsass.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\WINDOWS\system32\spoolsv.exe
                        C:\Program Files\a-squared Free\a2service.exe
                        C:\WINDOWS\ATKKBService.exe
                        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                        C:\Program Files\Eset\nod32krn.exe
                        C:\WINDOWS\System32\nvsvc32.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\WINDOWS\Explorer.EXE
                        C:\Program Files\Analog Devices\Core\smax4pnp.exe
                        C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
                        C:\WINDOWS\System32\RUNDLL32.EXE
                        C:\WINDOWS\System32\LVCOMSX.EXE
                        C:\Program Files\Logitech\Video\LogiTray.exe
                        C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                        C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                        C:\WINDOWS\System32\ctfmon.exe
                        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                        C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                        C:\Program Files\FSG\DialerDetect\dd.exe
                        C:\Program Files\Logitech\Video\FxSvr2.exe
                        C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
                        C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
                        C:\WINDOWS\System32\wuauclt.exe
                        C:\WINDOWS\System32\HPZinw12.exe
                        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
                        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
                        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
                        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
                        O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
                        O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
                        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
                        O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
                        O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
                        O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
                        O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
                        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                        O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                        O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
                        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                        O4 - Startup: Dialer Detect.lnk = C:\Program Files\FSG\DialerDetect\dd.exe
                        O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                        O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                        O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://paardjeees.spaces.live.com//PhotoUpload/MsnPUpld.cab
                        O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
                        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203682156312
                        O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
                        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                        O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
                        O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                        O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
                        O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
                        O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                        O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
                        O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
                        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
                        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

                        --
                        End of file - 6951 bytes

                        Comment


                        • #13
                          Logje ziet er goed uit

                          Comment


                          • #14
                            Fijn en bedankt voor de hulp.maar wat heb ik nu over het hoofd gezien(ik probeer namelijk ook wat kennis op te doen mbt het verwijderen van spyware via castlecops).

                            Comment


                            • #15
                              Graag gedaan hoor

                              Je had o.a. Vundo en LOP op je systeem, die infecties werken met random file names en random sleutels, daar zal je m.b.v. Castlecops niet veel van terug vinden.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X