Mededeling

**smeenk** · 22-02-08, 10:42

Download: RVAXO.exe

Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
Post de inhoud van de logfile in je volgende bericht.

Download Combofix (mirror) naar je Bureaublad.
Dubbelklik op Combofix.exe
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen(je kan hem ook hier vinden: C:\Combofix.txt)
Plaats deze log in je volgende post.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

**Barney007** · 22-02-08, 12:22

Hier de logs:

Eerst RVAXO

---RVAXO.exe Updated: 2008-02-21---first run---
Files found:
C:\WINDOWS\system32\afipelby.dllbox
C:\WINDOWS\system32\vrxrleeh.dllbox
C:\WINDOWS\system32\wjivdodv.dllbox
C:\WINDOWS\system32\vbzip10.dll
C:\Documents and Settings\Job\Mijn documenten\pos???.tmp
C:\pos???.tmp
C:\Documents and Settings\Job\Bureau~1\Help and Support Center.lnk

Uninstallers:

Folders Found:

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------

Files found:

Folders Found:

--------------RVAXO.exe finished----------------

en hier combofix

ComboFix 08-02-22.2 - Job 2008-02-22 11:48:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.574 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Job\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Linde\LOCALS~1\Temp\awvvw.dll
C:\Temp\isgTi19
C:\WINDOWS\system32\jpxsqwuu.ini
C:\WINDOWS\system32\jvjiybex.dll
C:\WINDOWS\system32\kjmsdidq.dll
C:\WINDOWS\system32\lamonluu.ini
C:\WINDOWS\system32\nGpxx18
C:\WINDOWS\system32\qvpwwklj.ini
C:\WINDOWS\system32\vfnhuosg.dll
C:\WINDOWS\Fonts\-

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-01-22 to 2008-02-22 ))))))))))))))))))))))))))))))
.

2008-02-22 11:41 . 2008-02-22 11:41 <DIR> d-------- C:\RVAXO
2008-02-22 11:37 . 2008-02-21 15:42 708,525 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-02-22 11:37 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2008-02-22 09:05 . 2008-02-22 09:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-21 12:08 . 2008-02-21 12:08 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AppDate
2008-02-21 08:54 . 2008-02-21 08:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-21 08:54 . 2008-02-21 08:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-20 13:10 . 2008-02-20 13:10 <DIR> d-------- C:\Documents and Settings\Linde\Application Data\AppDate
2008-02-20 10:45 . 2008-02-21 08:15 <DIR> d-------- C:\Documents and Settings\Job\Application Data\AppDate
2008-02-20 10:45 . 2008-02-20 10:45 34,304 --a------ C:\WINDOWS\system32\vturomll.dll
2008-02-20 10:45 . 2008-02-20 10:45 34,304 --a------ C:\WINDOWS\ddcyvtss.dll
2008-02-20 10:45 . 2008-02-20 10:45 34,304 --a------ C:\Documents and Settings\Job\Application Data\jkhfcayy.dll
2008-02-20 10:45 . 2008-02-22 11:53 341 --a------ C:\WINDOWS\system32\yayyaaxv
2008-02-16 15:26 . 2008-02-16 15:29 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-02-16 14:46 . 2008-02-16 14:51 <DIR> d-------- C:\Program Files\Disney Interactive
2008-02-16 14:46 . 2008-02-16 14:51 2,048 --a------ C:\WINDOWS\disney.ini
2008-02-15 23:25 . 2008-02-15 23:25 <DIR> dr------- C:\Documents and Settings\LocalService\Favorieten
2008-02-15 13:00 . 2008-02-15 13:03 <DIR> d-------- C:\Program Files\DirPrn
2008-02-15 13:00 . 2008-02-15 13:00 249,856 --------- C:\WINDOWS\Setup1.exe
2008-02-15 13:00 . 2008-02-15 13:00 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-02-14 18:04 . 2008-02-14 18:04 <DIR> d-------- C:\Documents and Settings\Ellen\Application Data\VanDale
2008-02-10 17:02 . 2008-02-10 17:02 <DIR> d-------- C:\Documents and Settings\Job\Application Data\VanDale
2008-02-10 16:57 . 2008-02-10 21:38 304 --a------ C:\WINDOWS\vdgwwin.ini
2008-02-10 16:55 . 2008-02-10 16:55 <DIR> d-------- C:\VanDale
2008-02-10 16:54 . 2008-02-10 16:54 <DIR> d-------- C:\Documents and Settings\Job\WINDOWS
2008-02-09 18:34 . 2008-02-21 09:59 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-09 18:34 . 2008-02-09 18:34 <DIR> d-------- C:\Documents and Settings\Job\Application Data\PC Tools
2008-02-09 18:34 . 2008-02-22 11:53 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-09 18:34 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-09 18:34 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-09 18:34 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-09 18:34 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-09 18:33 . 2008-02-22 11:32 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-02-09 18:33 . 2008-02-21 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-09 12:33 . 2008-02-20 10:56 <DIR> d-------- C:\Documents and Settings\Job\Application Data\LimeWire
2008-02-05 16:56 . 2008-02-05 16:56 <DIR> d-------- C:\Documents and Settings\Job\Application Data\vlc
2008-02-03 19:05 . 2008-02-03 19:05 <DIR> d-------- C:\Documents and Settings\Gast\Application Data\Jasc Software Inc
2008-02-03 19:04 . 2004-09-13 13:59 <DIR> d--h----- C:\Documents and Settings\Gast\Sjablonen
2008-02-03 19:04 . 2008-02-03 21:24 <DIR> dr-h----- C:\Documents and Settings\Gast\Onlangs geopend
2008-02-03 19:04 . 2004-09-13 13:59 <DIR> d--h----- C:\Documents and Settings\Gast\Netwerkprinteromgeving
2008-02-03 19:04 . 2008-02-03 19:05 <DIR> dr------- C:\Documents and Settings\Gast\Mijn documenten
2008-02-03 19:04 . 2004-09-13 13:59 <DIR> dr------- C:\Documents and Settings\Gast\Menu Start
2008-02-03 19:04 . 2008-02-03 19:04 <DIR> dr------- C:\Documents and Settings\Gast\Favorieten
2008-02-03 19:04 . 2008-02-03 21:21 <DIR> d-------- C:\Documents and Settings\Gast\Bureaublad
2008-02-03 19:04 . 2007-06-22 17:49 <DIR> d-------- C:\Documents and Settings\Gast\Application Data\Symantec
2008-02-03 19:04 . 2008-02-03 19:04 <DIR> d-------- C:\Documents and Settings\Gast\Application Data\Logitech
2008-02-03 19:04 . 2007-06-22 17:52 <DIR> d--h----- C:\Documents and Settings\Gast\Application Data\Gtek
2008-01-31 15:25 . 2008-02-20 13:15 <DIR> d-------- C:\Program Files\eMule
2008-01-30 16:55 . 2008-01-30 16:55 <DIR> d-------- C:\Program Files\Malmberg
2008-01-30 16:55 . 1999-03-24 01:06 1,046,288 --a------ C:\WINDOWS\system32\msjet35.dll
2008-01-30 16:55 . 1996-11-08 01:48 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-01-30 16:55 . 2000-12-13 16:47 123,664 --a------ C:\WINDOWS\system32\MSJINT35.DLL
2008-01-30 16:52 . 2008-01-30 16:52 <DIR> d-------- C:\temp\Data
2008-01-30 16:51 . 2008-01-30 16:51 <DIR> d-------- C:\temp\Extra Software
2008-01-28 10:00 . 2008-01-28 10:00 52 --a------ C:\WINDOWS\cool.ini
2008-01-28 09:59 . 2008-01-28 09:59 <DIR> d-------- C:\Documents and Settings\Job\Application Data\Syntrillium
2008-01-28 09:58 . 2008-01-28 10:00 <DIR> d-------- C:\Program Files\Cool2000
2008-01-27 16:21 . 2008-01-27 16:22 <DIR> d-------- C:\wamp
2008-01-26 16:04 . 2008-01-26 16:04 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\Logitech
2008-01-25 18:41 . 2008-01-25 18:41 <DIR> d-------- C:\Program Files\Common Files\AmbraSoft
2008-01-25 18:41 . 2008-01-25 18:41 <DIR> d-------- C:\Program Files\AmbraSoft

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-22 10:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-22 07:06 --------- d-----w C:\Program Files\CDex_150
2008-02-21 09:48 22 ----a-w C:\WINDOWS\Fonts\x.zip
2008-02-16 13:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-09 17:33 --------- d-----w C:\Program Files\Google
2008-02-04 22:06 --------- d-----w C:\Documents and Settings\Job\Application Data\FileZilla
2008-02-04 21:56 --------- d-----w C:\Program Files\FileZilla Client
2008-01-20 20:14 --------- d-----w C:\Program Files\CDBurnerXP
2008-01-20 20:03 --------- d-----w C:\Program Files\Reference Assemblies
2008-01-20 20:03 --------- d-----w C:\Program Files\MSBuild
2008-01-20 20:01 --------- d-----w C:\Program Files\MSXML 6.0
2008-01-19 21:16 --------- d-----w C:\Documents and Settings\Job\Application Data\Ahead
2008-01-18 19:37 --------- d-----w C:\Program Files\Pinnacle
2008-01-18 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2008-01-18 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-01-18 17:05 --------- d-----w C:\Program Files\proDAD
2008-01-18 16:56 --------- d-----w C:\Program Files\AdorageI-SAL
2008-01-18 16:56 --------- d-----w C:\Program Files\AdorageI-GfxDatas
2008-01-18 16:54 --------- d-----w C:\Program Files\QuickTime
2008-01-18 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-01-18 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-01-18 16:27 --------- d-----w C:\Program Files\SmartSound Software
2008-01-18 16:26 --------- d-----w C:\Program Files\DivX
2008-01-15 16:17 --------- d-----w C:\Documents and Settings\Ellen\Application Data\Logitech
2008-01-15 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-15 16:05 --------- d-----w C:\Documents and Settings\Mischa\Application Data\Logitech
2008-01-14 15:33 --------- d-----w C:\Documents and Settings\Linde\Application Data\Logitech
2008-01-14 13:18 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-14 13:18 --------- d-----w C:\Documents and Settings\Job\Application Data\Logitech
2008-01-14 13:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-01-14 13:17 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-01-14 13:17 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-01-14 13:17 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-01-14 13:16 --------- d-----w C:\Program Files\Logitech
2008-01-14 13:16 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-01-14 13:16 --------- d-----w C:\Documents and Settings\Job\Application Data\InstallShield
2008-01-14 13:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-14 09:06 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-14 09:02 --------- d-----w C:\Program Files\Bonjour
2008-01-14 08:58 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-01-14 08:38 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-13 21:56 --------- d-----w C:\Program Files\Java
2008-01-11 05:52 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-08 15:22 --------- d-----w C:\Documents and Settings\Job\Application Data\.ABC
2007-12-26 10:24 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-25 16:54 --------- d-----w C:\Documents and Settings\Linde\Application Data\Jasc Software Inc
2007-12-24 17:40 --------- d-----w C:\Documents and Settings\Job\Application Data\PHP Designer 2007
2007-12-24 17:39 --------- d-----w C:\Program Files\PHP Designer 2007
2007-12-24 13:06 --------- d-----w C:\Program Files\EasyPHP1-8
2007-12-24 13:04 --------- d-----w C:\Program Files\ABC
2007-12-24 11:46 --------- d-----w C:\Documents and Settings\Ellen\Application Data\Jasc Software Inc
2007-12-24 10:12 --------- d-----w C:\Program Files\Ahead
2007-12-24 10:10 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-24 10:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2007-12-23 22:41 --------- d-----w C:\Documents and Settings\Job\Application Data\phpDesigner 2008
2007-12-23 22:36 --------- d-----w C:\Documents and Settings\Job\Application Data\HAPedit
2007-12-23 22:30 --------- d-----w C:\Documents and Settings\Job\Application Data\Sonic
2007-12-23 22:30 --------- d-----w C:\Documents and Settings\Job\Application Data\Leadertech
2007-12-23 19:13 99,776 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2007-12-23 19:13 --------- d-----w C:\Program Files\Common Files\Acronis
2007-12-23 19:13 --------- d-----w C:\Program Files\Acronis
2007-12-22 13:43 --------- d-----w C:\Documents and Settings\Ruben\Application Data\Jasc Software Inc
2007-12-22 13:41 --------- d-----w C:\Documents and Settings\Mischa\Application Data\Jasc Software Inc
2007-12-22 12:52 --------- d-----w C:\Program Files\Electronic Arts
2007-12-22 10:10 --------- d-----w C:\Program Files\Jasc Software Inc
2007-12-22 10:10 --------- d-----w C:\Program Files\Common Files\Jasc Software Inc
2007-12-22 10:10 --------- d-----w C:\Documents and Settings\Job\Application Data\Jasc Software Inc
2007-12-19 22:57 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 05:18 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:04 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:04 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:42 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{646AD24F-2F19-4481-BBB0-B08501139A1B}]
2008-02-20 10:45 34304 --a------ C:\WINDOWS\ddcyvtss.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-10 18:36 7323648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 10:20 282624 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 07:15 151552]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12 94208]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"PCLEUSBTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [ ]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514]
"IJNetworkScanUtility"="C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2006-10-26 01:16 132704]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28 36352]
"OSSelectorReinstall"="C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2006-04-12 15:15 1261475]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 00:26 406016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-18 17:54 98304]
"yayxwvuuro"="C:\WINDOWS\system32\vturomll.dll" [2008-02-20 10:45 34304]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-09 18:33:18 125624]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-14 14:16:42 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\afipelby]
afipelby.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vrxrleeh]
vrxrleeh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wjivdodv]
wjivdodv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli C:\Documents and Settings\Job\Application Data\jkhfcayy.dll C:\Documents and Settings\Job\Application Data\jkhfcayy.dll

R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 03:39]
S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" [2007-09-05 08:59]
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld

S3 ZD1211U(Sitecom);Sitecom Wireless Network USB Adapter Driver(Sitecom);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-07-05 22:38]

*Newly Created Service* - ENTDRV51
.
Inhoud van de 'Gedeelde Taken' map
"2008-02-15 22:24:13 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 11:52:55
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Documents and Settings\Job\Application Data\jkhfcayy.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\vturomll.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
.
**************************************************************************
.
Voltooingstijd: 2008-02-22 11:56:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-22 10:56:37
.
2008-02-14 16:46:22 --- E O F ---

Wat kun je hier nu uithalen?

**smeenk** · 22-02-08, 14:15

Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

File::
C:\WINDOWS\system32\vturomll.dll
C:\WINDOWS\ddcyvtss.dll
C:\Documents and Settings\Job\Application Data\jkhfcayy.dll
C:\WINDOWS\system32\yayyaaxv
C:\WINDOWS\Fonts\x.zip

Folder::
C:\Documents and Settings\LocalService\Application Data\AppDate
C:\Documents and Settings\Linde\Application Data\AppDate
C:\Documents and Settings\Job\Application Data\AppDate

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{646AD24F-2F19-4481-BBB0-B08501139A1B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"yayxwvuuro"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\afipelby]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vrxrleeh]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wjivdodv]

Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.

**Barney007** · 22-02-08, 15:09

LOG 2 Combofix:

ComboFix 08-02-22.2 - Job 2008-02-22 14:56:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.531 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Job\Bureaublad\ComboFix.exe
Command switches used :: F:\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE ::
C:\Documents and Settings\Job\Application Data\jkhfcayy.dll
C:\WINDOWS\ddcyvtss.dll
C:\WINDOWS\Fonts\x.zip
C:\WINDOWS\system32\vturomll.dll
C:\WINDOWS\system32\yayyaaxv
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Job\Application Data\AppDate
C:\Documents and Settings\Job\Application Data\jkhfcayy.dll
C:\Documents and Settings\Linde\Application Data\AppDate
C:\Documents and Settings\LocalService\Application Data\AppDate
C:\WINDOWS\ddcyvtss.dll
C:\WINDOWS\Fonts\x.zip
C:\WINDOWS\system32\vturomll.dll
C:\WINDOWS\system32\yayyaaxv

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-01-22 to 2008-02-22 ))))))))))))))))))))))))))))))
.

2008-02-22 11:41 . 2008-02-22 11:41 <DIR> d-------- C:\RVAXO
2008-02-22 11:37 . 2008-02-21 15:42 708,525 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-02-22 11:37 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2008-02-22 09:05 . 2008-02-22 09:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-21 08:54 . 2008-02-21 08:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-21 08:54 . 2008-02-21 08:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-16 15:26 . 2008-02-16 15:29 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-02-16 14:46 . 2008-02-16 14:51 <DIR> d-------- C:\Program Files\Disney Interactive
2008-02-16 14:46 . 2008-02-16 14:51 2,048 --a------ C:\WINDOWS\disney.ini
2008-02-15 23:25 . 2008-02-15 23:25 <DIR> dr------- C:\Documents and Settings\LocalService\Favorieten
2008-02-15 13:00 . 2008-02-15 13:03 <DIR> d-------- C:\Program Files\DirPrn
2008-02-15 13:00 . 2008-02-15 13:00 249,856 --------- C:\WINDOWS\Setup1.exe
2008-02-15 13:00 . 2008-02-15 13:00 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-02-14 18:04 . 2008-02-14 18:04 <DIR> d-------- C:\Documents and Settings\Ellen\Application Data\VanDale
2008-02-10 17:02 . 2008-02-10 17:02 <DIR> d-------- C:\Documents and Settings\Job\Application Data\VanDale
2008-02-10 16:57 . 2008-02-10 21:38 304 --a------ C:\WINDOWS\vdgwwin.ini
2008-02-10 16:55 . 2008-02-10 16:55 <DIR> d-------- C:\VanDale
2008-02-10 16:54 . 2008-02-10 16:54 <DIR> d-------- C:\Documents and Settings\Job\WINDOWS
2008-02-09 18:34 . 2008-02-21 09:59 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-09 18:34 . 2008-02-09 18:34 <DIR> d-------- C:\Documents and Settings\Job\Application Data\PC Tools
2008-02-09 18:34 . 2008-02-22 15:03 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-09 18:34 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-09 18:34 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-09 18:34 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-09 18:34 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-09 18:33 . 2008-02-22 15:00 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-02-09 18:33 . 2008-02-21 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-09 12:33 . 2008-02-20 10:56 <DIR> d-------- C:\Documents and Settings\Job\Application Data\LimeWire
2008-02-05 16:56 . 2008-02-05 16:56 <DIR> d-------- C:\Documents and Settings\Job\Application Data\vlc
2008-02-03 19:05 . 2008-02-03 19:05 <DIR> d-------- C:\Documents and Settings\Gast\Application Data\Jasc Software Inc
2008-02-03 19:04 . 2004-09-13 13:59 <DIR> d--h----- C:\Documents and Settings\Gast\Sjablonen
2008-02-03 19:04 . 2008-02-03 21:24 <DIR> dr-h----- C:\Documents and Settings\Gast\Onlangs geopend
2008-02-03 19:04 . 2004-09-13 13:59 <DIR> d--h----- C:\Documents and Settings\Gast\Netwerkprinteromgeving
2008-02-03 19:04 . 2008-02-03 19:05 <DIR> dr------- C:\Documents and Settings\Gast\Mijn documenten
2008-02-03 19:04 . 2004-09-13 13:59 <DIR> dr------- C:\Documents and Settings\Gast\Menu Start
2008-02-03 19:04 . 2008-02-03 19:04 <DIR> dr------- C:\Documents and Settings\Gast\Favorieten
2008-02-03 19:04 . 2008-02-03 21:21 <DIR> d-------- C:\Documents and Settings\Gast\Bureaublad
2008-02-03 19:04 . 2007-06-22 17:49 <DIR> d-------- C:\Documents and Settings\Gast\Application Data\Symantec
2008-02-03 19:04 . 2008-02-03 19:04 <DIR> d-------- C:\Documents and Settings\Gast\Application Data\Logitech
2008-02-03 19:04 . 2007-06-22 17:52 <DIR> d--h----- C:\Documents and Settings\Gast\Application Data\Gtek
2008-01-31 15:25 . 2008-02-20 13:15 <DIR> d-------- C:\Program Files\eMule
2008-01-30 16:55 . 2008-01-30 16:55 <DIR> d-------- C:\Program Files\Malmberg
2008-01-30 16:55 . 1999-03-24 01:06 1,046,288 --a------ C:\WINDOWS\system32\msjet35.dll
2008-01-30 16:55 . 1996-11-08 01:48 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-01-30 16:55 . 2000-12-13 16:47 123,664 --a------ C:\WINDOWS\system32\MSJINT35.DLL
2008-01-30 16:52 . 2008-01-30 16:52 <DIR> d-------- C:\temp\Data
2008-01-30 16:51 . 2008-01-30 16:51 <DIR> d-------- C:\temp\Extra Software
2008-01-28 10:00 . 2008-01-28 10:00 52 --a------ C:\WINDOWS\cool.ini
2008-01-28 09:59 . 2008-01-28 09:59 <DIR> d-------- C:\Documents and Settings\Job\Application Data\Syntrillium
2008-01-28 09:58 . 2008-01-28 10:00 <DIR> d-------- C:\Program Files\Cool2000
2008-01-27 16:21 . 2008-01-27 16:22 <DIR> d-------- C:\wamp
2008-01-26 16:04 . 2008-01-26 16:04 <DIR> d-------- C:\Documents and Settings\Ruben\Application Data\Logitech
2008-01-25 18:41 . 2008-01-25 18:41 <DIR> d-------- C:\Program Files\Common Files\AmbraSoft
2008-01-25 18:41 . 2008-01-25 18:41 <DIR> d-------- C:\Program Files\AmbraSoft

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-22 12:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-22 07:06 --------- d-----w C:\Program Files\CDex_150
2008-02-16 13:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-09 17:33 --------- d-----w C:\Program Files\Google
2008-02-04 22:06 --------- d-----w C:\Documents and Settings\Job\Application Data\FileZilla
2008-02-04 21:56 --------- d-----w C:\Program Files\FileZilla Client
2008-01-20 20:14 --------- d-----w C:\Program Files\CDBurnerXP
2008-01-20 20:03 --------- d-----w C:\Program Files\Reference Assemblies
2008-01-20 20:03 --------- d-----w C:\Program Files\MSBuild
2008-01-20 20:01 --------- d-----w C:\Program Files\MSXML 6.0
2008-01-19 21:16 --------- d-----w C:\Documents and Settings\Job\Application Data\Ahead
2008-01-18 19:37 --------- d-----w C:\Program Files\Pinnacle
2008-01-18 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2008-01-18 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-01-18 17:05 --------- d-----w C:\Program Files\proDAD
2008-01-18 16:56 --------- d-----w C:\Program Files\AdorageI-SAL
2008-01-18 16:56 --------- d-----w C:\Program Files\AdorageI-GfxDatas
2008-01-18 16:54 --------- d-----w C:\Program Files\QuickTime
2008-01-18 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-01-18 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-01-18 16:27 --------- d-----w C:\Program Files\SmartSound Software
2008-01-18 16:26 --------- d-----w C:\Program Files\DivX
2008-01-15 16:17 --------- d-----w C:\Documents and Settings\Ellen\Application Data\Logitech
2008-01-15 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-15 16:05 --------- d-----w C:\Documents and Settings\Mischa\Application Data\Logitech
2008-01-14 15:33 --------- d-----w C:\Documents and Settings\Linde\Application Data\Logitech
2008-01-14 13:18 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-14 13:18 --------- d-----w C:\Documents and Settings\Job\Application Data\Logitech
2008-01-14 13:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-01-14 13:17 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-01-14 13:17 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-01-14 13:17 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-01-14 13:16 --------- d-----w C:\Program Files\Logitech
2008-01-14 13:16 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-01-14 13:16 --------- d-----w C:\Documents and Settings\Job\Application Data\InstallShield
2008-01-14 13:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-14 09:06 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-14 09:02 --------- d-----w C:\Program Files\Bonjour
2008-01-14 08:58 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-01-14 08:38 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-13 21:56 --------- d-----w C:\Program Files\Java
2008-01-08 15:22 --------- d-----w C:\Documents and Settings\Job\Application Data\.ABC
2007-12-26 10:24 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-25 16:54 --------- d-----w C:\Documents and Settings\Linde\Application Data\Jasc Software Inc
2007-12-24 17:40 --------- d-----w C:\Documents and Settings\Job\Application Data\PHP Designer 2007
2007-12-24 17:39 --------- d-----w C:\Program Files\PHP Designer 2007
2007-12-24 13:06 --------- d-----w C:\Program Files\EasyPHP1-8
2007-12-24 13:04 --------- d-----w C:\Program Files\ABC
2007-12-24 11:46 --------- d-----w C:\Documents and Settings\Ellen\Application Data\Jasc Software Inc
2007-12-24 10:12 --------- d-----w C:\Program Files\Ahead
2007-12-24 10:10 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-24 10:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2007-12-23 22:41 --------- d-----w C:\Documents and Settings\Job\Application Data\phpDesigner 2008
2007-12-23 22:36 --------- d-----w C:\Documents and Settings\Job\Application Data\HAPedit
2007-12-23 22:30 --------- d-----w C:\Documents and Settings\Job\Application Data\Sonic
2007-12-23 22:30 --------- d-----w C:\Documents and Settings\Job\Application Data\Leadertech
2007-12-23 19:13 99,776 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2007-12-23 19:13 --------- d-----w C:\Program Files\Common Files\Acronis
2007-12-23 19:13 --------- d-----w C:\Program Files\Acronis
2007-12-22 13:43 --------- d-----w C:\Documents and Settings\Ruben\Application Data\Jasc Software Inc
2007-12-22 13:41 --------- d-----w C:\Documents and Settings\Mischa\Application Data\Jasc Software Inc
2007-12-22 12:52 --------- d-----w C:\Program Files\Electronic Arts
2007-12-22 10:10 --------- d-----w C:\Program Files\Jasc Software Inc
2007-12-22 10:10 --------- d-----w C:\Program Files\Common Files\Jasc Software Inc
2007-12-22 10:10 --------- d-----w C:\Documents and Settings\Job\Application Data\Jasc Software Inc
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-10 18:36 7323648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 10:20 282624 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 07:15 151552]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12 94208]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"PCLEUSBTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [ ]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514]
"IJNetworkScanUtility"="C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2006-10-26 01:16 132704]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28 36352]
"OSSelectorReinstall"="C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2006-04-12 15:15 1261475]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 00:26 406016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-18 17:54 98304]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-09 18:33:18 125624]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-14 14:16:42 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 03:39]
S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" [2007-09-05 08:59]
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld

S3 ZD1211U(Sitecom);Sitecom Wireless Network USB Adapter Driver(Sitecom);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-07-05 22:38]

.
Inhoud van de 'Gedeelde Taken' map
"2008-02-22 14:01:18 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 15:03:46
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
.
**************************************************************************
.
Voltooingstijd: 2008-02-22 15:07:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-22 14:07:04
ComboFix2.txt 2008-02-22 10:56:42
.
2008-02-14 16:46:22 --- E O F ---

**smeenk** · 22-02-08, 15:36

Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
Dit zal alles van RVAXO doen verwijderen.

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Ga naar Start - Uitvoeren en geef hier het volgende in:
Combofix /U
Druk daarna op OK.
Let op: Er moet een spatie tussen Combofix en /U zitten.

Dit zal Combofix deïnstalleren.

Post als laatste nog een nieuw logje van Hijackthis ter controle

**Barney007** · 22-02-08, 15:47

en het nieuwe Hijack logje:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:46:19, on 22-2-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?hl=nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=0070623
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=0070623
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

--
End of file - 10241 bytes

**smeenk** · 22-02-08, 16:00

Logje ziet er goed uit

Ondervind je nog problemen?

**Barney007** · 22-02-08, 16:46

Volgens mij ben ik helemaal schoon. De diverse spyware scanners staan nog even te draaien, maar het ziet er goed uit.

Grote waardering voor je/jullie snelle reactie en deskundigheid. Ik ga een donatie doen, want dit scheelt een heleboel herinstallatie ellende.

Ik heb net jullie algemene informatie gelezen. Eén vraag staat nog open: hoe worden jullie gefinancierd want van de donaties kun je niet leven lijkt me...

ciao, Job

**smeenk** · 22-02-08, 17:09

Graag gedaan hoor

We zijn vrijwilligers en zullen het met die donaties moeten doen

**Barney007** · 22-02-08, 17:34

Donatie gedaan, nogmaals dank!

**smeenk** · 22-02-08, 17:57

Bedankt namens de crew

Mededeling

antispywareconductor.com/Trojan Metajuan

antispywareconductor.com/Trojan Metajuan

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment