Mededeling

Collapse
No announcement yet.

Essa voce precisa VER log

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Essa voce precisa VER log

    Ik heb uit een vorig topic met hetzelfde probleem, nl. Essa voce precisa VER, 'virus'
    kan iemand m'n log voor de zekerheid nakijken, voordat ik mijn mail weer open en iedereen berichten van dat 'virus' krijgt.

    Dit kreeg ik na scan van AVG in RVAXO:
    ----------------RVAXO.exe first run-------------

    Files found:

    C:\WINDOWS\lnk_dados_2.dll
    C:\Documents and Settings\Vermeulen\user.dat
    C:\Documents and Settings\Vermeulen\Emails.dat
    C:\WINDOWS\Media\LTaskup.exe

    Uninstallers Rogue scanners:


    Folders Found:

    C:\WINDOWS\system32\UpMedia

    Hosts-file was reset, If you use a custom hosts file please replace it...

    --------------RVAXO.exe last run---------------

    Files found:

    Folders Found:

    --------------RVAXO.exe finished----------------

    daarna:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:50:30, on 21-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\RaboCommSrv.exe
    D:\Software\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    D:\Software\CloneCD\CloneCDTray.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plukdedag.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: De Telefoongids - {790C1F44-C559-434B-BE18-13C042555D8E} - D:\De Telefoongids Zoekbalk\PhoneShell.dll
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r
    O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CloneCDTray] "D:\Software\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe
    O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - D:\De Telefoongids Zoekbalk\PhoneShell.dll
    O9 - Extra 'Tools' menuitem: De Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - D:\De Telefoongids Zoekbalk\PhoneShell.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163511074390
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C0D9DD48-ACE9-4D96-B1DA-5D912EA18CF8}: NameServer = 194.134.5.55,194.134.5.5
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX - D:\Common\Database\bin\fbserver.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\ImapiRox.exe (file missing)
    O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: Rabo Comm Server (Srv_RaboComm) - Rabobank Nederland - C:\WINDOWS\system32\RaboCommSrv.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Software\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

    --
    End of file - 10051 bytes

    Alvast bedank!
    Last edited by japiegijs; 21-12-07, 13:04.

  • #2
    Logje lijkt schoon te zijn.

    Doe voor de zekerheid dit eens:

    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op,
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht tesamen met een nieuw logje van HijackThis.

    Comment


    • #3
      Ik heb m'n beginpost ook geupdate, hierin staan ook een eerdere rvaxo log


      ----------------RVAXO.exe first run-------------

      Files found:


      Uninstallers Rogue scanners:


      Folders Found:


      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------

      Comment


      • #4
        Je had niet geschreven dat je RVAXO al gebruikt had

        Doe dit nog even:
        Download Combofix naar je Bureaublad.
        Dubbelklik op Combofix.exe
        Kies voor "Continue" door 1 te typen gevolgd door ENTER.
        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
        Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
        Plaats deze log in je volgende post.

        NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

        Comment


        • #5
          Combofix had ik al een keer gedraaid, maar is toen vastgelopen zodat ik niet meer in kon bellen op die pc, degene van wie de pc is is er vanavond pas weer. Misschien een beetje riskant om het nog eens te proberen..

          Comment


          • #6
            Gebruik deze dan maar:
            Download Deckard's System Scanner naar je Bureaublad.
            • Sluit alle toepassingen en vensters.
            • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
            • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
            • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.
            Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
            - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
            Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
            Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

            Comment


            • #7
              Alstu:

              Deckard's System Scanner v20071014.68
              Run by Vermeulen on 2007-12-21 15:28:52
              Computer is in Normal Mode.
              --------------------------------------------------------------------------------

              -- System Restore --------------------------------------------------------------

              Successfully created a Deckard's System Scanner Restore Point.


              -- Last 5 Restore Point(s) --
              85: 2007-12-21 14:29:01 UTC - RP503 - Deckard's System Scanner Restore Point
              84: 2007-12-21 10:35:33 UTC - RP502 - ComboFix created restore point
              83: 2007-12-21 08:46:31 UTC - RP501 - Installed AVG 7.5
              82: 2007-12-21 08:23:34 UTC - RP500 - Software Distribution Service 3.0
              81: 2007-12-20 20:37:31 UTC - RP499 - Installed SPAMfighter.


              -- First Restore Point --
              1: 2007-10-09 10:59:17 UTC - RP419 - Controlepunt van systeem


              Backed up registry hives.
              Performed disk cleanup.

              Total Physical Memory: 511 MiB (512 MiB recommended).
              System Drive C: has 3.45 GiB (less than 15%) free.


              -- HijackThis (run as Vermeulen.exe) -------------------------------------------

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 15:29:51, on 21-12-2007
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16574)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Windows Defender\MsMpEng.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
              C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
              C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
              C:\Program Files\Common Files\LightScribe\LSSrvc.exe
              C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
              C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
              C:\Program Files\SPAMfighter\sfus.exe
              C:\WINDOWS\system32\RaboCommSrv.exe
              D:\Software\Alcohol 120\StarWind\StarWindService.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\RealVNC\VNC4\WinVNC4.exe
              C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
              C:\Program Files\Windows Defender\MSASCui.exe
              C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
              C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
              C:\Program Files\Common Files\Symantec Shared\ccApp.exe
              C:\Program Files\QuickTime\qttask.exe
              D:\Software\CloneCD\CloneCDTray.exe
              C:\Program Files\SPAMfighter\SFAgent.exe
              C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
              C:\Documents and Settings\Vermeulen\Bureaublad\dss.exe
              C:\PROGRA~1\TRENDM~1\HIJACK~1\Vermeulen.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plukdedag.net/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
              O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
              O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
              O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
              O3 - Toolbar: De Telefoongids - {790C1F44-C559-434B-BE18-13C042555D8E} - D:\De Telefoongids Zoekbalk\PhoneShell.dll
              O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
              O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
              O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
              O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
              O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r
              O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
              O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
              O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
              O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
              O4 - HKLM\..\Run: [CloneCDTray] "D:\Software\CloneCD\CloneCDTray.exe" /s
              O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
              O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
              O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
              O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
              O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe
              O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra button: Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - D:\De Telefoongids Zoekbalk\PhoneShell.dll
              O9 - Extra 'Tools' menuitem: De Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - D:\De Telefoongids Zoekbalk\PhoneShell.dll
              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163511074390
              O17 - HKLM\System\CCS\Services\Tcpip\..\{C0D9DD48-ACE9-4D96-B1DA-5D912EA18CF8}: NameServer = 194.134.5.55,194.134.5.5
              O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
              O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
              O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
              O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
              O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX - D:\Common\Database\bin\fbserver.exe
              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\ImapiRox.exe (file missing)
              O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
              O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
              O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
              O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
              O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
              O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
              O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
              O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
              O23 - Service: Rabo Comm Server (Srv_RaboComm) - Rabobank Nederland - C:\WINDOWS\system32\RaboCommSrv.exe
              O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Software\Alcohol 120\StarWind\StarWindService.exe
              O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
              O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
              O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

              --
              End of file - 10096 bytes

              -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

              backup-20071221-113321-224 O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\ImapiRox.exe (file missing)

              -- File Associations -----------------------------------------------------------

              All associations okay.


              -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

              R0 nlem32nt - c:\windows\system32\drivers\nlem32nt.sys
              R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
              R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys
              R3 WB6692 (%WB6692.DeviceDesc%) - c:\windows\system32\drivers\wb692pci.sys

              S3 catchme - c:\docume~1\vermeu~1\locals~1\temp\catchme.sys (file missing)
              S3 ezplay (VSO Software ezplay) - c:\windows\system32\drivers\ezplay.sys <Not Verified; VSO Software; ezplay driver>


              -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

              R2 Srv_RaboComm (Rabo Comm Server) - "c:\windows\system32\rabocommsrv.exe" <Not Verified; Rabobank Nederland; RaboCommSrv>
              R2 WinVNC4 (VNC Server Version 4) - "c:\program files\realvnc\vnc4\winvnc4.exe" -service <Not Verified; RealVNC Ltd.; VNC Server 4.0>

              S3 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) - d:\common\database\bin\fbserver.exe <Not Verified; MAGIX; Firebird SQL Server - MAGIX Edition>
              S3 ImapiService (IMAPI CD-Burning COM Service) - c:\windows\system32\imapirox.exe (file missing)


              -- Device Manager: Disabled ----------------------------------------------------

              No disabled devices found.


              -- Scheduled Tasks -------------------------------------------------------------

              2007-12-21 13:16:45 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
              2007-12-14 21:25:07 570 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan - Vermeulen.job


              -- Files created between 2007-11-21 and 2007-12-21 -----------------------------

              2007-12-21 13:13:43 0 d-------- C:\RVAXO
              2007-12-21 13:11:28 555344 --a------ C:\WINDOWS\system32\RVAXO.bat
              2007-12-21 13:11:28 69632 --a------ C:\WINDOWS\system32\remove.exe
              2007-12-21 11:29:37 0 d-------- C:\Program Files\Trend Micro
              2007-12-21 10:54:29 0 dr-h----- C:\$VAULT$.AVG
              2007-12-21 09:47:24 0 d-------- C:\Documents and Settings\Vermeulen\Application Data\AVG7
              2007-12-21 09:47:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
              2007-12-21 09:46:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
              2007-12-21 09:46:31 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
              2007-12-21 09:34:17 0 d-------- C:\Documents and Settings\Vermeulen\Application Data\TeamViewer
              2007-12-21 09:34:16 0 d-------- C:\Documents and Settings\Vermeulen\temp
              2007-12-20 21:38:38 0 d-------- C:\Documents and Settings\Vermeulen\Application Data\SPAMfighter
              2007-12-20 21:38:14 0 d-------- C:\Program Files\Common Files\Ankiro
              2007-12-20 21:37:46 0 d-------- C:\Program Files\Common Files\Application
              2007-12-20 21:37:37 0 d-------- C:\Program Files\SPAMfighter
              2007-12-09 14:43:31 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
              2007-12-09 14:39:12 96256 --a------ C:\WINDOWS\system32\drivers\sptd7789.sys
              2007-12-09 14:39:12 642560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
              2007-12-03 16:21:17 40448 --a------ C:\WINDOWS\system32\regobj.dll
              2007-11-21 16:02:34 0 d-------- C:\Program Files\BBC Multimedia


              -- Find3M Report ---------------------------------------------------------------

              2007-12-21 15:30:28 0 d-------- C:\Program Files\Common Files\Symantec Shared
              2007-12-21 11:18:32 0 d-------- C:\Program Files\Google
              2007-12-20 21:38:14 0 d-------- C:\Program Files\Common Files
              2007-12-20 20:42:00 0 d-------- C:\Program Files\Symantec
              2007-12-19 21:02:49 0 d-------- C:\Program Files\Rabotwin
              2007-12-19 20:59:21 0 d-------- C:\Program Files\OfficeNet Extra
              2007-12-17 12:19:05 0 d-------- C:\Program Files\EmpirePokerMaster
              2007-12-12 20:40:01 0 d-------- C:\Program Files\Kwekerij
              2007-12-12 16:33:37 0 d-------- C:\Documents and Settings\Vermeulen\Application Data\Adobe
              2007-12-12 10:39:31 0 d-------- C:\Documents and Settings\Vermeulen\Application Data\Help
              2007-12-09 14:02:59 0 d-------- C:\Documents and Settings\Vermeulen\Application Data\Vso
              2007-12-09 14:02:58 94208 --a------ C:\Documents and Settings\Vermeulen\Application Data\ezplay.sys <Not Verified; VSO Software; ezplay driver>
              2007-12-09 14:02:58 33 --a------ C:\Documents and Settings\Vermeulen\Application Data\ezplay.log
              2007-12-09 14:02:58 7861 --a------ C:\Documents and Settings\Vermeulen\Application Data\ezplay.cat
              2007-12-09 14:02:57 1104 --a------ C:\Documents and Settings\Vermeulen\Application Data\ezplay.inf
              2007-12-03 16:21:13 0 d--h----- C:\Program Files\InstallShield Installation Information
              2007-11-22 09:37:31 0 d-------- C:\Program Files\Norton Internet Security
              2007-11-21 16:03:21 0 d-------- C:\Program Files\QuickTime
              2007-11-01 14:30:22 0 d-------- C:\Program Files\SlySoft
              2007-10-28 19:23:50 465612 --a------ C:\WINDOWS\system32\perfh013.dat
              2007-10-28 19:23:50 81146 --a------ C:\WINDOWS\system32\perfc013.dat
              2007-10-13 10:54:00 72872 --ah----- C:\WINDOWS\system32\mlfcache.dat


              -- Registry Dump ---------------------------------------------------------------

              *Note* empty entries & legit default entries are not shown


              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [05-05-2003 08:57]
              "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03-11-2006 18:20]
              "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09-07-2001 11:50]
              "RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [02-11-2004 20:24]
              "NWEReboot"=""
              "gemstrmw"="C:\WINDOWS\system32\gemstrmw.exe" [10-12-2002 09:44]
              "PE2CKFNT SE"="C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [03-07-1998 12:51]
              "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 00:11]
              "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09-01-2007 21:59]
              "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [05-09-2006 18:22]
              "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12-03-2007 09:22]
              "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [21-11-2007 16:03]
              "CloneCDTray"="D:\Software\CloneCD\CloneCDTray.exe" [28-09-2006 20:21]
              "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [14-12-2007 09:55]
              "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [21-12-2007 09:46]

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 12:00]
              "ares"="C:\Program Files\Ares\Ares.exe"

              [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
              "Picasa Media Detector"=D:\Software\Picasa2\PicasaMediaDetector.exe

              C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
              Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23-9-2005 22:05:26]
              Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17-2-1999 19:05:56]
              Photo Express Calendar Checker SE.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe [16-11-2006 20:50:05]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
              "ForceClassicControlPanel"=1 (0x1)

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
              "NoSMConfigurePrograms"=1 (0x1)

              [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
              "NoSMConfigurePrograms"=1 (0x1)

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
              Usnsvc usnsvc


              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cdec06e-59f1-11dc-90e2-00112f21b32e}]
              AutoRun\command- E:\LaunchU3.exe

              *Newly Created Service* - COMHOST



              -- End of Deckard's System Scanner: finished at 2007-12-21 15:31:12 ------------

              Comment


              • #8
                Logje ziet er schoon uit hoor

                ik zag dit:
                System Drive C: has 3.45 GiB (less than 15%) free.
                Ik weet niet of er meerdere schijven/partities zijn, maar als een schijf te vol wordt kan je problemen krijgen met defragmenteren e.d.
                Als er fotomateriaal/filmmateriaal op staat, zou je dat beter naar een andere schijf/partitie kunnen verplaatsen om het systeem wat beter te laten lopen

                Comment


                • #9
                  Blij dat het er schoon uit ziet.

                  Van die schijf heb ik meteen ook even vermeld ja.

                  Mag ik trouwens vragen waar je net op hebt gelet bij de vorige log?
                  bepaalde files? extensies?
                  we leveren hier wel service met verwijderen van virus/spyware maar er is mij gevraagd om eens goed die hijackthis logs te bestuderen zodat ik ze zelf uit kan lezen.

                  Ik ga de rest van het forum morgen wel even doorlezen

                  Comment


                  • #10
                    Die Deckard's System Scanner laat veel meer zien dan alleen een Hijackthis logje.

                    Het vereist enige oefening, maar de meeste malwareproblemen kan je er in opsporen

                    Comment

                    Sorry, you are not authorized to view this page
                    Working...
                    X