Download Combofix (mirror) naar je Bureaublad.
Dubbelklik op Combofix.exe
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen(je kan hem ook hier vinden: C:\Combofix.txt)
Plaats deze log in je volgende post.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

ok,doe ik

Ik zie geen sporen van infecties, krijg je die popups met Internet Explorer of met FireFox?

Doe eventueel dit eens:
Download Malwarebytes' Anti-Malware op je bureaublad.
Dubbelklik mbam-setup.exe en kies voor "Next" om de tool te installeren.
Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
Druk daarna op "Finish".
Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
Druk dan op de knop "Start Scan".
Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
Als het programma je computer wil laten herstarten, sta je dit toe.
Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
Post deze log in je volgende bericht

dit zou de juiste log moeten zijn;ik had namelijk eerst de hd nog extern aan mijn notebook gehangen

ComboFix 08-02-21 - Frans 2008-02-22 12:20:45.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1043.18.656 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Frans\Bureaublad\ComboFix.exe

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-01-22 to 2008-02-22 ))))))))))))))))))))))))))))))
.

2008-02-22 12:17 . 2002-09-09 14:07 20,480 --a------ C:\WINDOWS\system32\hidserv.dll
2008-02-22 12:17 . 2002-09-09 14:07 20,480 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-02-22 12:17 . 2001-09-06 18:24 14,080 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-02-22 12:17 . 2001-09-06 18:24 14,080 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-02-22 12:15 . 2001-09-06 19:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-02-22 12:15 . 2001-09-06 19:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-02-22 12:15 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-02-22 12:15 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-02-21 18:25 . 2008-02-21 18:27 <DIR> d-------- C:\RVAXO
2008-02-21 18:25 . 2008-02-21 18:25 <DIR> d-------- C:\Deckard
2008-02-21 18:25 . 2008-02-21 15:42 708,525 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-02-21 18:25 . 2008-02-21 18:26 145,155 --a------ C:\RVAXO.reg
2008-02-21 18:25 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2008-02-21 17:16 . 2008-02-21 17:16 94 --a------ C:\WINDOWS\wininit.ini
2008-02-21 16:53 . 2008-02-21 16:53 <DIR> d-------- C:\deljob
2008-02-16 16:18 . 2008-02-16 16:18 <DIR> d-------- C:\Program Files\blue view
2008-02-15 16:50 . 2008-02-16 17:12 2,246,382 ---hs---- C:\WINDOWS\system32\jajcuofy.ini
2008-01-28 18:32 . 2008-01-28 18:32 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-28 18:32 . 2008-01-28 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-28 18:29 . 2008-01-28 18:29 <DIR> d-------- C:\Program Files\FSG
2008-01-28 18:08 . 2008-01-28 18:23 <DIR> d-------- C:\Program Files\a-squared Free
2008-01-28 18:07 . 2008-01-28 18:07 <DIR> d-------- C:\Program Files\a-squared HiJackFree
2008-01-28 17:57 . 2008-01-28 17:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-28 17:48 . 2008-02-21 18:04 <DIR> d-------- C:\VundoFix Backups

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 16:25 --------- d-----w C:\Program Files\LimeWire
2008-02-16 15:19 --------- d-----w C:\Documents and Settings\Karen\Application Data\blue view
2008-02-16 15:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web
2008-02-07 22:17 --------- d-----w C:\Program Files\ESET
2008-01-28 17:24 --------- d-----w C:\Program Files\Macrogaming
2008-01-21 17:26 --------- d-----w C:\Documents and Settings\Toos\Application Data\blue view
2008-01-20 09:20 --------- d-----w C:\Documents and Settings\Frans\Application Data\blue view
2008-01-16 19:40 --------- d-----w C:\Documents and Settings\Noortje\Application Data\blue view
2008-01-15 15:42 --------- d-----w C:\Documents and Settings\Peter\Application Data\blue view
2008-01-04 21:37 --------- d-----w C:\Program Files\QuickTime
2008-01-04 21:35 --------- d-----w C:\Program Files\iTunes
2008-01-04 21:35 --------- d-----w C:\Program Files\iPod
2008-01-04 21:33 --------- d-----w C:\Program Files\Apple Software Update
2008-01-04 21:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-03-28 19:18 2,242,720 ----a-w C:\Documents and Settings\Toos\ib2006_win_setup.exe
2006-04-18 17:56 958,464 ----a-w C:\Documents and Settings\Karen\PC Sync.exe
2006-04-18 17:56 163,840 ----a-w C:\Documents and Settings\Karen\OutlookManager.dll
2006-04-18 17:51 3,064 ----a-w C:\Documents and Settings\Karen\Model.reg
2006-04-18 17:15 73,728 ----a-w C:\Documents and Settings\Karen\SecToPC.exe
2006-04-18 17:15 73,728 ----a-w C:\Documents and Settings\Karen\PXControls.dll
2006-04-18 17:15 53,248 ----a-w C:\Documents and Settings\Karen\PXCommon.dll
2006-04-18 17:15 409,600 ----a-w C:\Documents and Settings\Karen\PhoneExplorer.exe
2006-04-18 17:15 405,504 ----a-w C:\Documents and Settings\Karen\MediaCheck.dll
2006-04-18 17:15 38,912 ----a-w C:\Documents and Settings\Karen\SecToPhone.exe
2006-04-18 17:15 327,680 ----a-w C:\Documents and Settings\Karen\PXCmd.dll
2006-04-18 17:15 274,432 ----a-w C:\Documents and Settings\Karen\ProfileManager.dll
2006-04-18 17:15 23,040 ----a-w C:\Documents and Settings\Karen\DrmCheck.dll
2006-04-18 17:15 217,088 ----a-w C:\Documents and Settings\Karen\PXViewCtrls.dll
2006-04-18 17:15 188,416 ----a-w C:\Documents and Settings\Karen\PXSecCommonDlg.dll
2006-04-18 17:13 155,648 ----a-w C:\Documents and Settings\Karen\SyncEngine.dll
2006-04-18 17:12 25,088 ----a-w C:\Documents and Settings\Karen\MgrConfig.dll
2006-04-18 17:12 196,608 ----a-w C:\Documents and Settings\Karen\SMLParser.dll
2006-04-18 17:12 19,456 ----a-w C:\Documents and Settings\Karen\MgrLogFile.dll
2006-04-18 17:11 462,848 ----a-w C:\Documents and Settings\Karen\Launcher.exe
2006-04-18 17:10 360,448 ----a-w C:\Documents and Settings\Karen\LCRes.dll
2006-04-18 17:06 180,224 ----a-w C:\Documents and Settings\Karen\PXRes.dll
2006-04-18 16:20 483,328 ----a-w C:\Documents and Settings\Karen\MM.exe
2006-04-18 16:19 503,808 ----a-w C:\Documents and Settings\Karen\PE.exe
2006-04-18 16:19 491,520 ----a-w C:\Documents and Settings\Karen\PSIESe.dll
2006-04-18 16:19 217,088 ----a-w C:\Documents and Settings\Karen\PSPrint.dll
2006-04-18 16:18 196,608 ----a-w C:\Documents and Settings\Karen\PSFind.dll
2006-04-18 16:18 1,191,936 ----a-w C:\Documents and Settings\Karen\PSCtrlSe.dll
2006-04-18 15:55 159,744 ----a-w C:\Documents and Settings\Karen\MMSMenuBar.dll
2006-04-18 15:26 643,072 ----a-w C:\Documents and Settings\Karen\MovieEditor.exe
2006-04-18 15:26 323,584 ----a-w C:\Documents and Settings\Karen\MECommon.dll
2006-04-18 14:07 65,536 ----a-w C:\Documents and Settings\Karen\DShowHelper.dll
2006-04-18 13:37 172,032 ----a-w C:\Documents and Settings\Karen\PSComn.dll
2006-04-18 09:16 499,712 ----a-w C:\Documents and Settings\Karen\ConWiz.exe
2006-04-18 09:02 151,552 ----a-w C:\Documents and Settings\Karen\ConMgr_Setting.exe
2006-04-18 08:41 827,392 ----a-w C:\Documents and Settings\Karen\SecTheme.dll
2006-04-18 08:40 192,512 ----a-w C:\Documents and Settings\Karen\PSLib.dll
2006-04-17 22:01 679,936 ----a-w C:\Documents and Settings\Karen\PMRes.dll
2006-04-17 18:00 503,808 ----a-w C:\Documents and Settings\Karen\MMSComposer.exe
2006-04-17 18:00 487,424 ----a-w C:\Documents and Settings\Karen\MMSConsole.dll
2006-04-17 18:00 458,752 ----a-w C:\Documents and Settings\Karen\MMSMediaPlayer.exe
2006-04-17 18:00 192,512 ----a-w C:\Documents and Settings\Karen\MMSMessageBrowser.dll
2006-04-17 18:00 1,224,704 ----a-w C:\Documents and Settings\Karen\MMSContBrowser.dll
2006-04-17 17:59 81,920 ----a-w C:\Documents and Settings\Karen\MMSData.dll
2006-04-17 17:59 684,032 ----a-w C:\Documents and Settings\Karen\MMSPhotoEditor.dll
2006-04-17 17:59 1,351,680 ----a-w C:\Documents and Settings\Karen\MMSPageEditor.dll
2006-04-17 17:59 1,048,576 ----a-w C:\Documents and Settings\Karen\MMSComm.dll
2006-04-17 17:44 434,176 ----a-w C:\Documents and Settings\Karen\NetworkingWizard.exe
2006-04-17 14:02 73,728 ----a-w C:\Documents and Settings\Karen\extFilter.dll
2006-04-17 14:02 614,400 ----a-w C:\Documents and Settings\Karen\imageLib.dll
2006-04-17 14:02 39,936 ----a-w C:\Documents and Settings\Karen\global_func.dll
2006-04-17 14:02 389,120 ----a-w C:\Documents and Settings\Karen\global_control.dll
2006-04-17 14:02 319,488 ----a-w C:\Documents and Settings\Karen\PhotoAlbum.exe
2006-04-17 14:02 31,744 ----a-w C:\Documents and Settings\Karen\ManagerFrame.dll
2006-04-17 14:02 28,672 ----a-w C:\Documents and Settings\Karen\global_db.dll
2006-04-14 16:46 5,932 ----a-w C:\Documents and Settings\Karen\MDPF.dat
2006-04-14 07:20 163,840 ----a-w C:\Documents and Settings\Karen\OpenEntry.exe
2006-04-13 08:06 323,584 ----a-w C:\Documents and Settings\Karen\LiveUpdateReal.exe
2006-04-13 08:06 323,584 ----a-w C:\Documents and Settings\Karen\LiveUpdate.exe
2006-04-11 11:13 69,632 ----a-w C:\Documents and Settings\Karen\ConMgrC.dll
2006-04-11 11:13 118,784 ----a-w C:\Documents and Settings\Karen\ConMgr.exe
2006-04-11 08:10 28,672 ----a-w C:\Documents and Settings\Karen\mobex.dll
2006-04-11 08:10 16,384 ----a-w C:\Documents and Settings\Karen\ConMgrInterface.dll
2006-04-09 04:09 544,768 ----a-w C:\Documents and Settings\Karen\SoundEditor.exe
2006-04-09 01:53 94,208 ----a-w C:\Documents and Settings\Karen\UICtrlDll.dll
2006-04-09 01:52 20,480 ----a-w C:\Documents and Settings\Karen\SE_WaveOut.dll
2006-04-09 01:52 16,384 ----a-w C:\Documents and Settings\Karen\DCFCheck.dll
2006-04-09 01:52 1,482,752 ----a-w C:\Documents and Settings\Karen\SamsungResDll.dll
2006-04-09 00:48 139,264 ----a-w C:\Documents and Settings\Karen\MLMMSMsg.dll
2006-04-09 00:48 102,400 ----a-w C:\Documents and Settings\Karen\MLMMObjCtrl.dll
2006-04-09 00:47 86,016 ----a-w C:\Documents and Settings\Karen\MLXMLDoc.dll
2006-04-09 00:47 61,440 ----a-w C:\Documents and Settings\Karen\MLSYAud.dll
2006-04-09 00:47 37,888 ----a-w C:\Documents and Settings\Karen\MLTXStr.dll
2006-04-09 00:47 217,088 ----a-w C:\Documents and Settings\Karen\MLDShow.dll
2006-04-09 00:46 806,912 ----a-w C:\Documents and Settings\Karen\MLBMImg.dll
2006-04-07 18:20 368,640 ----a-w C:\Documents and Settings\Karen\MLUICtrl.dll
2006-04-05 13:16 77,824 ----a-w C:\Documents and Settings\Karen\ComnCtrl.dll
2006-03-31 07:12 122,880 ----a-w C:\Documents and Settings\Karen\libsml.dll
2006-03-28 14:57 221,184 ----a-w C:\Documents and Settings\Karen\MObexDll.dll
2006-03-21 13:32 77,824 ----a-w C:\Documents and Settings\Karen\DecMPA.dll
2006-03-21 13:32 294,912 ----a-w C:\Documents and Settings\Karen\lame_enc.dll
2006-03-21 07:54 7,168 ----a-w C:\Documents and Settings\Karen\ConMgrPS.dll
2006-01-10 14:27 827,392 ----a-w C:\Documents and Settings\Karen\PXImage.dll
2005-12-28 11:08 4,120 ----a-w C:\Documents and Settings\Karen\funbox_filter.reg
2005-12-16 14:41 2,027,520 ----a-w C:\Documents and Settings\Karen\M5_EmuSmw5.dll
2005-12-16 14:41 1,019,904 ----a-w C:\Documents and Settings\Karen\M5_EmuHw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{046233ec-c935-43da-a58f-092170b10534}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c57303b8-e722-48d6-9c40-66e5d0a936ba}]
C:\WINDOWS\System32\qkapaveb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD8C76B3-5391-4EC6-B169-358664E61D4B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EADB1075-2079-489D-B443-138F1ECCE6D1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F28B74FD-AB3B-4156-B9B1-169FCCAC4E91}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5FD185B-87D5-4A82-A169-845F51849BBD}]
C:\WINDOWS\System32\ssqpo.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 13:08 13312]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44 196608]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 19:59 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 03:07 843776]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 08:19 729088]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-02-13 14:05 7557120]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-02-13 14:05 86016]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [ ]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 16:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 10:18 49152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"axis web cake second"="C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web\Part Else.exe" [2008-02-22 12:19 3261440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-09 13:08 13312]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

C:\Documents and Settings\Frans\Menu Start\Programma's\Opstarten\
Dialer Detect.lnk - C:\Program Files\FSG\DialerDetect\dd.exe [2008-01-28 18:29:05 333312]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 10:40:44 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccdbcc]
fccdbcc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\01 Mapi Mail Delete]
C:\Documents and Settings\All Users\Application Data\BoneMp301Mapi\Play shim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-02-13 14:05 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2006-04-20 00:17 421888 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SiteAdvisor Service"=2 (0x2)
"gusvc"=3 (0x3)

S3 Asushwio;Asushwio;C:\WINDOWS\System32\drivers\Asushwio.sys [2004-04-27 08:26]

*Newly Created Service* - HIDSERV
.
Inhoud van de 'Gedeelde Taken' map
"2008-01-04 21:33:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-20 17:55:00 C:\WINDOWS\Tasks\{37EBA8EC-BB38-4A3E-AB87-E8E802332AF5}_ARCXP_Peter.job"
- C:\WINDOWS\system32\[email protected] /Schedule=
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 12:22:44
Windows 5.1.2600 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.1106]
-> C:\Program Files\Eset\pr_imon.dll
.
Voltooingstijd: 2008-02-22 12:23:10
ComboFix-quarantined-files.txt 2008-02-22 11:23:02
ComboFix2.txt 2008-02-21 17:21:41
ComboFix3.txt 2008-02-21 17:02:28
ComboFix4.txt 2008-02-21 16:59:20
ComboFix5.txt 2008-02-21 16:52:39

en dit is de log van anti malware

Malwarebytes' Anti-Malware 1.05
Database versie: 392

Scan type: Volledige Scan (C:\|E:\|G:\|H:\|I:\|J:\|)
Objecten gescand: 91841
Verstreken tijd: 23 minute(s), 36 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 5
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
C:\Documents and Settings\Noortje\Local Settings\Tempmbroit.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.



popups van oa ad.yieldmanager en poker.ook veel runtime errors in de internet explorer

Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:



File::
C:\WINDOWS\system32\RVAXO.bat
C:\Documents and Settings\Frans\Bureaublad\RVAXO.exe
C:\RVAXO.reg
C:\WINDOWS\system32\remove.exe
C:\WINDOWS\system32\jajcuofy.ini
C:\firstrun4.log
C:\rvaxo-results.log
C:\rvaxo-vfind.log

Folder::
C:\RVAXO
C:\Deckard
C:\deljob
C:\Program Files\blue view
C:\VundoFix Backups
C:\Documents and Settings\Frans\Bureaublad\RVAXO
C:\Documents and Settings\Karen\Application Data\blue view
C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web
C:\Documents and Settings\Toos\Application Data\blue view
C:\Documents and Settings\Frans\Application Data\blue view
C:\Documents and Settings\Noortje\Application Data\blue view
C:\Documents and Settings\Peter\Application Data\blue view
C:\Documents and Settings\All Users\Application Data\BoneMp301Mapi

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{046233ec-c935-43da-a58f-092170b10534}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c57303b8-e722-48d6-9c40-66e5d0a936ba}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD8C76B3-5391-4EC6-B169-358664E61D4B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EADB1075-2079-489D-B443-138F1ECCE6D1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F28B74FD-AB3B-4156-B9B1-169FCCAC4E91}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5FD185B-87D5-4A82-A169-845F51849BBD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"axis web cake second"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccdbcc]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\01 Mapi Mail Delete]



Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.

hier is het
ComboFix 08-02-21 - Frans 2008-02-22 13:34:03.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1043.18.563 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Frans\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Frans\Bureaublad\cfscript.txt
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE ::
C:\Documents and Settings\Frans\Bureaublad\RVAXO.exe
C:\firstrun4.log
C:\rvaxo-results.log
C:\rvaxo-vfind.log
C:\RVAXO.reg
C:\WINDOWS\system32\jajcuofy.ini
C:\WINDOWS\system32\remove.exe
C:\WINDOWS\system32\RVAXO.bat
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Deckard
C:\deljob
C:\deljob\A7132B08905CA704.job
C:\deljob\AEAA2D1F91CDA237.job
C:\deljob\AF2CF67F912774F7.job
C:\deljob\AF61210F917ADEA3.job
C:\Documents and Settings\All Users\Application Data\BoneMp301Mapi
C:\Documents and Settings\All Users\Application Data\BoneMp301Mapi\defaultgplfork
C:\Documents and Settings\All Users\Application Data\BoneMp301Mapi\meetfirsthole
C:\Documents and Settings\All Users\Application Data\BoneMp301Mapi\send axis window
C:\Documents and Settings\All Users\Application Data\BoneMp301Mapi\twouserspam
C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web\Dog Exit.exe
C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web\manager stupid.exe
C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web\Part Else.exe
C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web\Sign Proxy.exe
C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web\warn bash.exe
C:\Documents and Settings\Frans\Application Data\blue view
C:\Documents and Settings\Frans\Application Data\blue view\0
C:\Documents and Settings\Frans\Application Data\blue view\16 Face Dog.exe
C:\Documents and Settings\Frans\Application Data\blue view\axbcaokf.exe
C:\Documents and Settings\Frans\Application Data\blue view\ceznvhby.exe
C:\Documents and Settings\Frans\Application Data\blue view\cjzbfqbh.exe
C:\Documents and Settings\Frans\Application Data\blue view\hehkilyt.exe
C:\Documents and Settings\Frans\Application Data\blue view\IDLEBORESHIMCDROM.exe
C:\Documents and Settings\Frans\Application Data\blue view\peak extra hole.exe
C:\Documents and Settings\Karen\Application Data\blue view
C:\Documents and Settings\Karen\Application Data\blue view\0
C:\Documents and Settings\Karen\Application Data\blue view\16 Face Dog.exe
C:\Documents and Settings\Karen\Application Data\blue view\gegktqfr.exe
C:\Documents and Settings\Karen\Application Data\blue view\gphiqvgs.exe
C:\Documents and Settings\Karen\Application Data\blue view\IDLEBORESHIMCDROM.exe
C:\Documents and Settings\Karen\Application Data\blue view\irbahyed.exe
C:\Documents and Settings\Karen\Application Data\blue view\peak extra hole.exe
C:\Documents and Settings\Karen\Application Data\blue view\tgshosyl.exe
C:\Documents and Settings\Karen\Application Data\blue view\uozpgapk.exe
C:\Documents and Settings\Karen\Application Data\blue view\wkynnabv.exe
C:\Documents and Settings\Noortje\Application Data\blue view
C:\Documents and Settings\Noortje\Application Data\blue view\0
C:\Documents and Settings\Noortje\Application Data\blue view\16 Face Dog.exe
C:\Documents and Settings\Noortje\Application Data\blue view\IDLEBORESHIMCDROM.exe
C:\Documents and Settings\Noortje\Application Data\blue view\lwgnspci.exe
C:\Documents and Settings\Noortje\Application Data\blue view\mdygunef.exe
C:\Documents and Settings\Noortje\Application Data\blue view\peak extra hole.exe
C:\Documents and Settings\Noortje\Application Data\blue view\twnwexkk.exe
C:\Documents and Settings\Noortje\Application Data\blue view\weesclfj.exe
C:\Documents and Settings\Peter\Application Data\blue view
C:\Documents and Settings\Peter\Application Data\blue view\0
C:\Documents and Settings\Peter\Application Data\blue view\16 Face Dog.exe
C:\Documents and Settings\Peter\Application Data\blue view\IDLEBORESHIMCDROM.exe
C:\Documents and Settings\Peter\Application Data\blue view\jqhvryre.exe
C:\Documents and Settings\Peter\Application Data\blue view\ndsgwdrv.exe
C:\Documents and Settings\Peter\Application Data\blue view\peak extra hole.exe
C:\Documents and Settings\Peter\Application Data\blue view\wofrwuno.exe
C:\Documents and Settings\Toos\Application Data\blue view
C:\Documents and Settings\Toos\Application Data\blue view\0
C:\Documents and Settings\Toos\Application Data\blue view\16 Face Dog.exe
C:\Documents and Settings\Toos\Application Data\blue view\xbfbqnff.exe
C:\Program Files\blue view
C:\rvaxo-results.log
C:\RVAXO
C:\RVAXO.reg
C:\RVAXO\qmgr0.dat
C:\RVAXO\RVAXO3
C:\RVAXO\ssodl.reg
C:\RVAXO\sts.reg
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\aptihguo.dll.bad
C:\VundoFix Backups\dvgockom.dll.bad
C:\VundoFix Backups\eexagfbu.dll.bad
C:\VundoFix Backups\jghikwqb.dll.bad
C:\VundoFix Backups\jxmdvcgn.dll.bad
C:\VundoFix Backups\knmkmlwr.ini.bad
C:\VundoFix Backups\oiyamoka.dll.bad
C:\VundoFix Backups\omxbytlx.dll.bad
C:\VundoFix Backups\oughitpa.ini.bad
C:\VundoFix Backups\qkapaveb.dll.bad
C:\VundoFix Backups\rlygurja.dll.bad
C:\VundoFix Backups\rwlmkmnk.dll.bad
C:\VundoFix Backups\sbmuqmpn.dll.bad
C:\VundoFix Backups\snyifrwf.dll.bad
C:\VundoFix Backups\ssqpo.dll.bad
C:\VundoFix Backups\uhkiiweo.dll.bad
C:\VundoFix Backups\vslfuqog.dll.bad
C:\WINDOWS\system32\jajcuofy.ini
C:\WINDOWS\system32\remove.exe
C:\WINDOWS\system32\RVAXO.bat
C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-01-22 to 2008-02-22 ))))))))))))))))))))))))))))))
.

2008-02-22 13:13 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-02-22 13:13 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-02-22 13:13 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-02-22 13:12 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-02-22 12:27 . 2008-02-22 12:27 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-22 12:27 . 2008-02-22 12:27 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-02-22 12:27 . 2008-02-22 12:27 <DIR> d-------- C:\Documents and Settings\Frans\Application Data\Malwarebytes
2008-02-22 12:27 . 2008-02-22 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-22 12:17 . 2002-09-09 14:07 20,480 --a------ C:\WINDOWS\system32\hidserv.dll
2008-02-22 12:17 . 2002-09-09 14:07 20,480 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-02-22 12:17 . 2001-09-06 18:24 14,080 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-02-22 12:17 . 2001-09-06 18:24 14,080 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-02-22 12:15 . 2001-09-06 19:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-02-22 12:15 . 2001-09-06 19:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-02-22 12:15 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-02-22 12:15 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-02-21 17:16 . 2008-02-21 17:16 94 --a------ C:\WINDOWS\wininit.ini
2008-01-28 18:32 . 2008-01-28 18:32 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-28 18:32 . 2008-01-28 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-28 18:29 . 2008-01-28 18:29 <DIR> d-------- C:\Program Files\FSG
2008-01-28 18:08 . 2008-01-28 18:23 <DIR> d-------- C:\Program Files\a-squared Free
2008-01-28 18:07 . 2008-01-28 18:07 <DIR> d-------- C:\Program Files\a-squared HiJackFree
2008-01-28 17:57 . 2008-01-28 17:57 <DIR> d-------- C:\Program Files\Trend Micro

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 16:25 --------- d-----w C:\Program Files\LimeWire
2008-02-07 22:17 --------- d-----w C:\Program Files\ESET
2008-01-28 17:24 --------- d-----w C:\Program Files\Macrogaming
2008-01-04 21:37 --------- d-----w C:\Program Files\QuickTime
2008-01-04 21:35 --------- d-----w C:\Program Files\iTunes
2008-01-04 21:35 --------- d-----w C:\Program Files\iPod
2008-01-04 21:33 --------- d-----w C:\Program Files\Apple Software Update
2008-01-04 21:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-03-28 19:18 2,242,720 ----a-w C:\Documents and Settings\Toos\ib2006_win_setup.exe
2006-04-18 17:56 958,464 ----a-w C:\Documents and Settings\Karen\PC Sync.exe
2006-04-18 17:56 163,840 ----a-w C:\Documents and Settings\Karen\OutlookManager.dll
2006-04-18 17:51 3,064 ----a-w C:\Documents and Settings\Karen\Model.reg
2006-04-18 17:15 73,728 ----a-w C:\Documents and Settings\Karen\SecToPC.exe
2006-04-18 17:15 73,728 ----a-w C:\Documents and Settings\Karen\PXControls.dll
2006-04-18 17:15 53,248 ----a-w C:\Documents and Settings\Karen\PXCommon.dll
2006-04-18 17:15 409,600 ----a-w C:\Documents and Settings\Karen\PhoneExplorer.exe
2006-04-18 17:15 405,504 ----a-w C:\Documents and Settings\Karen\MediaCheck.dll
2006-04-18 17:15 38,912 ----a-w C:\Documents and Settings\Karen\SecToPhone.exe
2006-04-18 17:15 327,680 ----a-w C:\Documents and Settings\Karen\PXCmd.dll
2006-04-18 17:15 274,432 ----a-w C:\Documents and Settings\Karen\ProfileManager.dll
2006-04-18 17:15 23,040 ----a-w C:\Documents and Settings\Karen\DrmCheck.dll
2006-04-18 17:15 217,088 ----a-w C:\Documents and Settings\Karen\PXViewCtrls.dll
2006-04-18 17:15 188,416 ----a-w C:\Documents and Settings\Karen\PXSecCommonDlg.dll
2006-04-18 17:13 155,648 ----a-w C:\Documents and Settings\Karen\SyncEngine.dll
2006-04-18 17:12 25,088 ----a-w C:\Documents and Settings\Karen\MgrConfig.dll
2006-04-18 17:12 196,608 ----a-w C:\Documents and Settings\Karen\SMLParser.dll
2006-04-18 17:12 19,456 ----a-w C:\Documents and Settings\Karen\MgrLogFile.dll
2006-04-18 17:11 462,848 ----a-w C:\Documents and Settings\Karen\Launcher.exe
2006-04-18 17:10 360,448 ----a-w C:\Documents and Settings\Karen\LCRes.dll
2006-04-18 17:06 180,224 ----a-w C:\Documents and Settings\Karen\PXRes.dll
2006-04-18 16:20 483,328 ----a-w C:\Documents and Settings\Karen\MM.exe
2006-04-18 16:19 503,808 ----a-w C:\Documents and Settings\Karen\PE.exe
2006-04-18 16:19 491,520 ----a-w C:\Documents and Settings\Karen\PSIESe.dll
2006-04-18 16:19 217,088 ----a-w C:\Documents and Settings\Karen\PSPrint.dll
2006-04-18 16:18 196,608 ----a-w C:\Documents and Settings\Karen\PSFind.dll
2006-04-18 16:18 1,191,936 ----a-w C:\Documents and Settings\Karen\PSCtrlSe.dll
2006-04-18 15:55 159,744 ----a-w C:\Documents and Settings\Karen\MMSMenuBar.dll
2006-04-18 15:26 643,072 ----a-w C:\Documents and Settings\Karen\MovieEditor.exe
2006-04-18 15:26 323,584 ----a-w C:\Documents and Settings\Karen\MECommon.dll
2006-04-18 14:07 65,536 ----a-w C:\Documents and Settings\Karen\DShowHelper.dll
2006-04-18 13:37 172,032 ----a-w C:\Documents and Settings\Karen\PSComn.dll
2006-04-18 09:16 499,712 ----a-w C:\Documents and Settings\Karen\ConWiz.exe
2006-04-18 09:02 151,552 ----a-w C:\Documents and Settings\Karen\ConMgr_Setting.exe
2006-04-18 08:41 827,392 ----a-w C:\Documents and Settings\Karen\SecTheme.dll
2006-04-18 08:40 192,512 ----a-w C:\Documents and Settings\Karen\PSLib.dll
2006-04-17 22:01 679,936 ----a-w C:\Documents and Settings\Karen\PMRes.dll
2006-04-17 18:00 503,808 ----a-w C:\Documents and Settings\Karen\MMSComposer.exe
2006-04-17 18:00 487,424 ----a-w C:\Documents and Settings\Karen\MMSConsole.dll
2006-04-17 18:00 458,752 ----a-w C:\Documents and Settings\Karen\MMSMediaPlayer.exe
2006-04-17 18:00 192,512 ----a-w C:\Documents and Settings\Karen\MMSMessageBrowser.dll
2006-04-17 18:00 1,224,704 ----a-w C:\Documents and Settings\Karen\MMSContBrowser.dll
2006-04-17 17:59 81,920 ----a-w C:\Documents and Settings\Karen\MMSData.dll
2006-04-17 17:59 684,032 ----a-w C:\Documents and Settings\Karen\MMSPhotoEditor.dll
2006-04-17 17:59 1,351,680 ----a-w C:\Documents and Settings\Karen\MMSPageEditor.dll
2006-04-17 17:59 1,048,576 ----a-w C:\Documents and Settings\Karen\MMSComm.dll
2006-04-17 17:44 434,176 ----a-w C:\Documents and Settings\Karen\NetworkingWizard.exe
2006-04-17 14:02 73,728 ----a-w C:\Documents and Settings\Karen\extFilter.dll
2006-04-17 14:02 614,400 ----a-w C:\Documents and Settings\Karen\imageLib.dll
2006-04-17 14:02 39,936 ----a-w C:\Documents and Settings\Karen\global_func.dll
2006-04-17 14:02 389,120 ----a-w C:\Documents and Settings\Karen\global_control.dll
2006-04-17 14:02 319,488 ----a-w C:\Documents and Settings\Karen\PhotoAlbum.exe
2006-04-17 14:02 31,744 ----a-w C:\Documents and Settings\Karen\ManagerFrame.dll
2006-04-17 14:02 28,672 ----a-w C:\Documents and Settings\Karen\global_db.dll
2006-04-14 16:46 5,932 ----a-w C:\Documents and Settings\Karen\MDPF.dat
2006-04-14 07:20 163,840 ----a-w C:\Documents and Settings\Karen\OpenEntry.exe
2006-04-13 08:06 323,584 ----a-w C:\Documents and Settings\Karen\LiveUpdateReal.exe
2006-04-13 08:06 323,584 ----a-w C:\Documents and Settings\Karen\LiveUpdate.exe
2006-04-11 11:13 69,632 ----a-w C:\Documents and Settings\Karen\ConMgrC.dll
2006-04-11 11:13 118,784 ----a-w C:\Documents and Settings\Karen\ConMgr.exe
2006-04-11 08:10 28,672 ----a-w C:\Documents and Settings\Karen\mobex.dll
2006-04-11 08:10 16,384 ----a-w C:\Documents and Settings\Karen\ConMgrInterface.dll
2006-04-09 04:09 544,768 ----a-w C:\Documents and Settings\Karen\SoundEditor.exe
2006-04-09 01:53 94,208 ----a-w C:\Documents and Settings\Karen\UICtrlDll.dll
2006-04-09 01:52 20,480 ----a-w C:\Documents and Settings\Karen\SE_WaveOut.dll
2006-04-09 01:52 16,384 ----a-w C:\Documents and Settings\Karen\DCFCheck.dll
2006-04-09 01:52 1,482,752 ----a-w C:\Documents and Settings\Karen\SamsungResDll.dll
2006-04-09 00:48 139,264 ----a-w C:\Documents and Settings\Karen\MLMMSMsg.dll
2006-04-09 00:48 102,400 ----a-w C:\Documents and Settings\Karen\MLMMObjCtrl.dll
2006-04-09 00:47 86,016 ----a-w C:\Documents and Settings\Karen\MLXMLDoc.dll
2006-04-09 00:47 61,440 ----a-w C:\Documents and Settings\Karen\MLSYAud.dll
2006-04-09 00:47 37,888 ----a-w C:\Documents and Settings\Karen\MLTXStr.dll
2006-04-09 00:47 217,088 ----a-w C:\Documents and Settings\Karen\MLDShow.dll
2006-04-09 00:46 806,912 ----a-w C:\Documents and Settings\Karen\MLBMImg.dll
2006-04-07 18:20 368,640 ----a-w C:\Documents and Settings\Karen\MLUICtrl.dll
2006-04-05 13:16 77,824 ----a-w C:\Documents and Settings\Karen\ComnCtrl.dll
2006-03-31 07:12 122,880 ----a-w C:\Documents and Settings\Karen\libsml.dll
2006-03-28 14:57 221,184 ----a-w C:\Documents and Settings\Karen\MObexDll.dll
2006-03-21 13:32 77,824 ----a-w C:\Documents and Settings\Karen\DecMPA.dll
2006-03-21 13:32 294,912 ----a-w C:\Documents and Settings\Karen\lame_enc.dll
2006-03-21 07:54 7,168 ----a-w C:\Documents and Settings\Karen\ConMgrPS.dll
2006-01-10 14:27 827,392 ----a-w C:\Documents and Settings\Karen\PXImage.dll
2005-12-28 11:08 4,120 ----a-w C:\Documents and Settings\Karen\funbox_filter.reg
2005-12-16 14:41 2,027,520 ----a-w C:\Documents and Settings\Karen\M5_EmuSmw5.dll
2005-12-16 14:41 1,019,904 ----a-w C:\Documents and Settings\Karen\M5_EmuHw.dll
2005-12-12 09:39 73,728 ----a-w C:\Documents and Settings\Karen\KillProcess2ForPCStudio.dll
2005-11-19 17:16 65,536 ----a-w C:\Documents and Settings\Karen\MFC71DEU.DLL
2005-11-19 17:16 61,440 ----a-w C:\Documents and Settings\Karen\MFC71ITA.DLL
2005-11-19 17:16 61,440 ----a-w C:\Documents and Settings\Karen\MFC71FRA.DLL
2005-11-19 17:16 61,440 ----a-w C:\Documents and Settings\Karen\MFC71ESP.DLL
2005-11-19 17:16 57,344 ----a-w C:\Documents and Settings\Karen\MFC71ENU.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{046233ec-c935-43da-a58f-092170b10534}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c57303b8-e722-48d6-9c40-66e5d0a936ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD8C76B3-5391-4EC6-B169-358664E61D4B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EADB1075-2079-489D-B443-138F1ECCE6D1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F28B74FD-AB3B-4156-B9B1-169FCCAC4E91}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5FD185B-87D5-4A82-A169-845F51849BBD}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 13:08 13312]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44 196608]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 19:59 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 03:07 843776]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 08:19 729088]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-02-13 14:05 7557120]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-02-13 14:05 86016]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [ ]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 16:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 10:18 49152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"axis web cake second"="C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web\Part Else.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-09 13:08 13312]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

C:\Documents and Settings\Frans\Menu Start\Programma's\Opstarten\
Dialer Detect.lnk - C:\Program Files\FSG\DialerDetect\dd.exe [2008-01-28 18:29:05 333312]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 10:40:44 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccdbcc]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-02-13 14:05 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2006-04-20 00:17 421888 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SiteAdvisor Service"=2 (0x2)
"gusvc"=3 (0x3)

S3 Asushwio;Asushwio;C:\WINDOWS\System32\drivers\Asushwio.sys [2004-04-27 08:26]

.
Inhoud van de 'Gedeelde Taken' map
"2008-01-04 21:33:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-20 17:55:00 C:\WINDOWS\Tasks\{37EBA8EC-BB38-4A3E-AB87-E8E802332AF5}_ARCXP_Peter.job"
- C:\WINDOWS\system32\[email protected] /Schedule=
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 13:40:55
Windows 5.1.2600 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.1106]
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\HPZinw12.exe
.
**************************************************************************
.
Voltooingstijd: 2008-02-22 13:42:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-22 12:42:10
ComboFix2.txt 2008-02-22 11:23:10
ComboFix3.txt 2008-02-21 17:21:41
ComboFix4.txt 2008-02-21 17:02:28
ComboFix5.txt 2008-02-21 16:59:20



ik merk alleen nog een hoop runtime error in de internet explorer

TeaTimer van Spybot is actief, deze moet uitgeschakeld worden omdat deze wijzigingen met Hijackthis weer ongedaan gaat maken.

Spybot openen > Modus > Geavanceerde modus > Gereedschap > Resident > TeaTimer uitschakelen > PC Herstarten

Download het volgende naar je bureaublad:

Dubbelklik daarna op ResetTeaTimer.bat.
Dit zal de voorgaande items die je toegelaten hebt of geblokkeerd hebt via teatimer terug resetten.

Doe die stap met CFScript.txt nu even opnieuw en post het nieuwe logje van Combofix

ComboFix 08-02-21 - Frans 2008-02-22 16:53:56.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1043.18.704 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Frans\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Frans\Bureaublad\cfscript.txt
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE ::
C:\Documents and Settings\Frans\Bureaublad\RVAXO.exe
C:\firstrun4.log
C:\rvaxo-results.log
C:\rvaxo-vfind.log
C:\RVAXO.reg
C:\WINDOWS\system32\jajcuofy.ini
C:\WINDOWS\system32\remove.exe
C:\WINDOWS\system32\RVAXO.bat
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-01-22 to 2008-02-22 ))))))))))))))))))))))))))))))
.

2008-02-22 13:13 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-02-22 13:13 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-02-22 13:13 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-02-22 13:12 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-02-22 12:27 . 2008-02-22 12:27 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-22 12:27 . 2008-02-22 12:27 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-02-22 12:27 . 2008-02-22 12:27 <DIR> d-------- C:\Documents and Settings\Frans\Application Data\Malwarebytes
2008-02-22 12:27 . 2008-02-22 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-22 12:17 . 2002-09-09 14:07 20,480 --a------ C:\WINDOWS\system32\hidserv.dll
2008-02-22 12:17 . 2002-09-09 14:07 20,480 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-02-22 12:17 . 2001-09-06 18:24 14,080 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-02-22 12:17 . 2001-09-06 18:24 14,080 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-02-22 12:15 . 2001-09-06 19:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-02-22 12:15 . 2001-09-06 19:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-02-22 12:15 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-02-22 12:15 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-02-21 17:16 . 2008-02-21 17:16 94 --a------ C:\WINDOWS\wininit.ini
2008-01-28 18:32 . 2008-01-28 18:32 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-28 18:32 . 2008-01-28 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-28 18:29 . 2008-01-28 18:29 <DIR> d-------- C:\Program Files\FSG
2008-01-28 18:08 . 2008-01-28 18:23 <DIR> d-------- C:\Program Files\a-squared Free
2008-01-28 18:07 . 2008-01-28 18:07 <DIR> d-------- C:\Program Files\a-squared HiJackFree
2008-01-28 17:57 . 2008-01-28 17:57 <DIR> d-------- C:\Program Files\Trend Micro

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 16:25 --------- d-----w C:\Program Files\LimeWire
2008-02-07 22:17 --------- d-----w C:\Program Files\ESET
2008-01-28 17:24 --------- d-----w C:\Program Files\Macrogaming
2008-01-04 21:37 --------- d-----w C:\Program Files\QuickTime
2008-01-04 21:35 --------- d-----w C:\Program Files\iTunes
2008-01-04 21:35 --------- d-----w C:\Program Files\iPod
2008-01-04 21:33 --------- d-----w C:\Program Files\Apple Software Update
2008-01-04 21:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-03-28 19:18 2,242,720 ----a-w C:\Documents and Settings\Toos\ib2006_win_setup.exe
2006-04-18 17:56 958,464 ----a-w C:\Documents and Settings\Karen\PC Sync.exe
2006-04-18 17:56 163,840 ----a-w C:\Documents and Settings\Karen\OutlookManager.dll
2006-04-18 17:51 3,064 ----a-w C:\Documents and Settings\Karen\Model.reg
2006-04-18 17:15 73,728 ----a-w C:\Documents and Settings\Karen\SecToPC.exe
2006-04-18 17:15 73,728 ----a-w C:\Documents and Settings\Karen\PXControls.dll
2006-04-18 17:15 53,248 ----a-w C:\Documents and Settings\Karen\PXCommon.dll
2006-04-18 17:15 409,600 ----a-w C:\Documents and Settings\Karen\PhoneExplorer.exe
2006-04-18 17:15 405,504 ----a-w C:\Documents and Settings\Karen\MediaCheck.dll
2006-04-18 17:15 38,912 ----a-w C:\Documents and Settings\Karen\SecToPhone.exe
2006-04-18 17:15 327,680 ----a-w C:\Documents and Settings\Karen\PXCmd.dll
2006-04-18 17:15 274,432 ----a-w C:\Documents and Settings\Karen\ProfileManager.dll
2006-04-18 17:15 23,040 ----a-w C:\Documents and Settings\Karen\DrmCheck.dll
2006-04-18 17:15 217,088 ----a-w C:\Documents and Settings\Karen\PXViewCtrls.dll
2006-04-18 17:15 188,416 ----a-w C:\Documents and Settings\Karen\PXSecCommonDlg.dll
2006-04-18 17:13 155,648 ----a-w C:\Documents and Settings\Karen\SyncEngine.dll
2006-04-18 17:12 25,088 ----a-w C:\Documents and Settings\Karen\MgrConfig.dll
2006-04-18 17:12 196,608 ----a-w C:\Documents and Settings\Karen\SMLParser.dll
2006-04-18 17:12 19,456 ----a-w C:\Documents and Settings\Karen\MgrLogFile.dll
2006-04-18 17:11 462,848 ----a-w C:\Documents and Settings\Karen\Launcher.exe
2006-04-18 17:10 360,448 ----a-w C:\Documents and Settings\Karen\LCRes.dll
2006-04-18 17:06 180,224 ----a-w C:\Documents and Settings\Karen\PXRes.dll
2006-04-18 16:20 483,328 ----a-w C:\Documents and Settings\Karen\MM.exe
2006-04-18 16:19 503,808 ----a-w C:\Documents and Settings\Karen\PE.exe
2006-04-18 16:19 491,520 ----a-w C:\Documents and Settings\Karen\PSIESe.dll
2006-04-18 16:19 217,088 ----a-w C:\Documents and Settings\Karen\PSPrint.dll
2006-04-18 16:18 196,608 ----a-w C:\Documents and Settings\Karen\PSFind.dll
2006-04-18 16:18 1,191,936 ----a-w C:\Documents and Settings\Karen\PSCtrlSe.dll
2006-04-18 15:55 159,744 ----a-w C:\Documents and Settings\Karen\MMSMenuBar.dll
2006-04-18 15:26 643,072 ----a-w C:\Documents and Settings\Karen\MovieEditor.exe
2006-04-18 15:26 323,584 ----a-w C:\Documents and Settings\Karen\MECommon.dll
2006-04-18 14:07 65,536 ----a-w C:\Documents and Settings\Karen\DShowHelper.dll
2006-04-18 13:37 172,032 ----a-w C:\Documents and Settings\Karen\PSComn.dll
2006-04-18 09:16 499,712 ----a-w C:\Documents and Settings\Karen\ConWiz.exe
2006-04-18 09:02 151,552 ----a-w C:\Documents and Settings\Karen\ConMgr_Setting.exe
2006-04-18 08:41 827,392 ----a-w C:\Documents and Settings\Karen\SecTheme.dll
2006-04-18 08:40 192,512 ----a-w C:\Documents and Settings\Karen\PSLib.dll
2006-04-17 22:01 679,936 ----a-w C:\Documents and Settings\Karen\PMRes.dll
2006-04-17 18:00 503,808 ----a-w C:\Documents and Settings\Karen\MMSComposer.exe
2006-04-17 18:00 487,424 ----a-w C:\Documents and Settings\Karen\MMSConsole.dll
2006-04-17 18:00 458,752 ----a-w C:\Documents and Settings\Karen\MMSMediaPlayer.exe
2006-04-17 18:00 192,512 ----a-w C:\Documents and Settings\Karen\MMSMessageBrowser.dll
2006-04-17 18:00 1,224,704 ----a-w C:\Documents and Settings\Karen\MMSContBrowser.dll
2006-04-17 17:59 81,920 ----a-w C:\Documents and Settings\Karen\MMSData.dll
2006-04-17 17:59 684,032 ----a-w C:\Documents and Settings\Karen\MMSPhotoEditor.dll
2006-04-17 17:59 1,351,680 ----a-w C:\Documents and Settings\Karen\MMSPageEditor.dll
2006-04-17 17:59 1,048,576 ----a-w C:\Documents and Settings\Karen\MMSComm.dll
2006-04-17 17:44 434,176 ----a-w C:\Documents and Settings\Karen\NetworkingWizard.exe
2006-04-17 14:02 73,728 ----a-w C:\Documents and Settings\Karen\extFilter.dll
2006-04-17 14:02 614,400 ----a-w C:\Documents and Settings\Karen\imageLib.dll
2006-04-17 14:02 39,936 ----a-w C:\Documents and Settings\Karen\global_func.dll
2006-04-17 14:02 389,120 ----a-w C:\Documents and Settings\Karen\global_control.dll
2006-04-17 14:02 319,488 ----a-w C:\Documents and Settings\Karen\PhotoAlbum.exe
2006-04-17 14:02 31,744 ----a-w C:\Documents and Settings\Karen\ManagerFrame.dll
2006-04-17 14:02 28,672 ----a-w C:\Documents and Settings\Karen\global_db.dll
2006-04-14 16:46 5,932 ----a-w C:\Documents and Settings\Karen\MDPF.dat
2006-04-14 07:20 163,840 ----a-w C:\Documents and Settings\Karen\OpenEntry.exe
2006-04-13 08:06 323,584 ----a-w C:\Documents and Settings\Karen\LiveUpdateReal.exe
2006-04-13 08:06 323,584 ----a-w C:\Documents and Settings\Karen\LiveUpdate.exe
2006-04-11 11:13 69,632 ----a-w C:\Documents and Settings\Karen\ConMgrC.dll
2006-04-11 11:13 118,784 ----a-w C:\Documents and Settings\Karen\ConMgr.exe
2006-04-11 08:10 28,672 ----a-w C:\Documents and Settings\Karen\mobex.dll
2006-04-11 08:10 16,384 ----a-w C:\Documents and Settings\Karen\ConMgrInterface.dll
2006-04-09 04:09 544,768 ----a-w C:\Documents and Settings\Karen\SoundEditor.exe
2006-04-09 01:53 94,208 ----a-w C:\Documents and Settings\Karen\UICtrlDll.dll
2006-04-09 01:52 20,480 ----a-w C:\Documents and Settings\Karen\SE_WaveOut.dll
2006-04-09 01:52 16,384 ----a-w C:\Documents and Settings\Karen\DCFCheck.dll
2006-04-09 01:52 1,482,752 ----a-w C:\Documents and Settings\Karen\SamsungResDll.dll
2006-04-09 00:48 139,264 ----a-w C:\Documents and Settings\Karen\MLMMSMsg.dll
2006-04-09 00:48 102,400 ----a-w C:\Documents and Settings\Karen\MLMMObjCtrl.dll
2006-04-09 00:47 86,016 ----a-w C:\Documents and Settings\Karen\MLXMLDoc.dll
2006-04-09 00:47 61,440 ----a-w C:\Documents and Settings\Karen\MLSYAud.dll
2006-04-09 00:47 37,888 ----a-w C:\Documents and Settings\Karen\MLTXStr.dll
2006-04-09 00:47 217,088 ----a-w C:\Documents and Settings\Karen\MLDShow.dll
2006-04-09 00:46 806,912 ----a-w C:\Documents and Settings\Karen\MLBMImg.dll
2006-04-07 18:20 368,640 ----a-w C:\Documents and Settings\Karen\MLUICtrl.dll
2006-04-05 13:16 77,824 ----a-w C:\Documents and Settings\Karen\ComnCtrl.dll
2006-03-31 07:12 122,880 ----a-w C:\Documents and Settings\Karen\libsml.dll
2006-03-28 14:57 221,184 ----a-w C:\Documents and Settings\Karen\MObexDll.dll
2006-03-21 13:32 77,824 ----a-w C:\Documents and Settings\Karen\DecMPA.dll
2006-03-21 13:32 294,912 ----a-w C:\Documents and Settings\Karen\lame_enc.dll
2006-03-21 07:54 7,168 ----a-w C:\Documents and Settings\Karen\ConMgrPS.dll
2006-01-10 14:27 827,392 ----a-w C:\Documents and Settings\Karen\PXImage.dll
2005-12-28 11:08 4,120 ----a-w C:\Documents and Settings\Karen\funbox_filter.reg
2005-12-16 14:41 2,027,520 ----a-w C:\Documents and Settings\Karen\M5_EmuSmw5.dll
2005-12-16 14:41 1,019,904 ----a-w C:\Documents and Settings\Karen\M5_EmuHw.dll
2005-12-12 09:39 73,728 ----a-w C:\Documents and Settings\Karen\KillProcess2ForPCStudio.dll
2005-11-19 17:16 65,536 ----a-w C:\Documents and Settings\Karen\MFC71DEU.DLL
2005-11-19 17:16 61,440 ----a-w C:\Documents and Settings\Karen\MFC71ITA.DLL
2005-11-19 17:16 61,440 ----a-w C:\Documents and Settings\Karen\MFC71FRA.DLL
2005-11-19 17:16 61,440 ----a-w C:\Documents and Settings\Karen\MFC71ESP.DLL
2005-11-19 17:16 57,344 ----a-w C:\Documents and Settings\Karen\MFC71ENU.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-09 13:08 13312]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44 196608]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 19:59 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 03:07 843776]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 08:19 729088]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-02-13 14:05 7557120]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-02-13 14:05 86016]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [ ]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 16:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 10:18 49152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-09 13:08 13312]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

C:\Documents and Settings\Frans\Menu Start\Programma's\Opstarten\
Dialer Detect.lnk - C:\Program Files\FSG\DialerDetect\dd.exe [2008-01-28 18:29:05 333312]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 10:40:44 282624]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-02-13 14:05 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2006-04-20 00:17 421888 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SiteAdvisor Service"=2 (0x2)
"gusvc"=3 (0x3)

S3 Asushwio;Asushwio;C:\WINDOWS\System32\drivers\Asushwio.sys [2004-04-27 08:26]

.
Inhoud van de 'Gedeelde Taken' map
"2008-01-04 21:33:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-20 17:55:00 C:\WINDOWS\Tasks\{37EBA8EC-BB38-4A3E-AB87-E8E802332AF5}_ARCXP_Peter.job"
- C:\WINDOWS\system32\[email protected] /Schedule=
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 16:55:28
Windows 5.1.2600 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.1106]
-> C:\Program Files\Eset\pr_imon.dll
.
Voltooingstijd: 2008-02-22 16:56:04
ComboFix-quarantined-files.txt 2008-02-22 15:55:56
ComboFix2.txt 2008-02-22 12:42:13
ComboFix3.txt 2008-02-22 11:23:10
ComboFix4.txt 2008-02-21 17:21:41
ComboFix5.txt 2008-02-21 17:02:28

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Ga naar Start - Uitvoeren en geef hier het volgende in:
Combofix /U
Druk daarna op OK.
Let op: Er moet een spatie tussen Combofix en /U zitten.

Dit zal Combofix deïnstalleren.

Post als laatste nog een nieuw logje van Hijackthis ter controle

done!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:19, on 23-2-2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\FSG\DialerDetect\dd.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\HPZinw12.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dialer Detect.lnk = C:\Program Files\FSG\DialerDetect\dd.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://paardjeees.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203682156312
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 6951 bytes

Logje ziet er goed uit

Fijn en bedankt voor de hulp.maar wat heb ik nu over het hoofd gezien(ik probeer namelijk ook wat kennis op te doen mbt het verwijderen van spyware via castlecops).

Graag gedaan hoor

Je had o.a. Vundo en LOP op je systeem, die infecties werken met random file names en random sleutels, daar zal je m.b.v. Castlecops niet veel van terug vinden.