Mededeling

Collapse
No announcement yet.

Internet geblokkeerd door xs4all, wegens trojan.

Collapse
X
  •  
  • Tijd
  • Show
Clear All
new posts

  • Internet geblokkeerd door xs4all, wegens trojan.

    Mijn internet is geblokkeerd omdat ik volgens xs4all een Trojan op mijn pc zou hebben. Ik werk nu via hun proxy. Heb virusscanners over mijn pc heen laten lopen. Aantal kleine dingen verwijderd. Kunnen jullie hier wat op zien?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:44:56, on 21-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\S3trayp.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\winIogon.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Camfrog\Camfrog Video Chat3.94\Camfrog Video Chat.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about: blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www.proxy.xs4all.nl:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: {ab47f099-eae4-413a-5fb4-92d022774198} - {89147722-0d29-4bf5-a314-4eae990f74ba} - C:\WINDOWS\system32\hxwwlumf.dll
    O2 - BHO: (no name) - {923792ED-A957-4F84-8220-9C8BD97B243A} - C:\WINDOWS\system32\vtsqq.dll (file missing)
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
    O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [58c6a795] rundll32.exe "C:\WINDOWS\system32\rijevihd.dll",b
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat3.94\CamfrogNet.exe" 1 C:\Program Files\Camfrog\Camfrog Video Chat3.94\Camfrog Video Chat.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://crazyslut013.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {64E27CFB-8B69-4B83-80F0-36A81437D587} (CamfrogWEB Basic Control) - http://activex.camfrogweb.com/basic/cfweb_activex.camfrogweb.com-basic_instmodule.exe
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://fotogoodies.foto.com/activex/SpeedUploader.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c008F779.dat
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

    --
    End of file - 8179 bytes

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    Comment


    • #3
      Ik kon de logs hier niet neerzetten.. deze waren te groot. Dus even bijgevoegd in een bijlage (als het goed is gegaan)
      Bijgevoegde Bestanden

      Comment


      • #4
        Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd

        Download de bijlage: CFScript.txt

        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



        Dit zal ComboFix doen herstarten.
        Start opnieuw op als daarom gevraagd wordt,
        en post de inhoud van de Combofix.txt in je volgende antwoord.

        Post ook een nieuw logje van Hijackthis en vertel ook of er nog problemen zijn.
        Bijgevoegde Bestanden

        Comment


        • #5
          Voor zover ik weet, verder geen problemen meer. Maar of xs4all dit ook vind, is nog niet zeker.

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{923792ED-A957-4F84-8220-9C8BD97B243A}]
          C:\WINDOWS\system32\vtsqq.dll

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
          "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44]
          "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:15]
          "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04]
          "Camfrog"="C:\Program Files\Camfrog\Camfrog Video Chat3.94\CamfrogNet.exe" [2003-09-29 07:22]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "VTTimer"="VTTimer.exe" [2006-06-16 03:33 C:\WINDOWS\system32\VTTimer.exe]
          "S3Trayp"="S3trayp.exe" [2006-07-10 19:33 C:\WINDOWS\system32\S3Trayp.exe]
          "RTHDCPL"="RTHDCPL.EXE" [2006-08-23 13:08 C:\WINDOWS\RTHDCPL.exe]
          "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe]
          "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32]
          "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24]
          "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14]
          "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
          "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]
          "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 00:48:20]
          Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 23:01:50]
          Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-04-25 11:01:21]
          Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
          @=""

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
          @=""

          R0 UNPR;UNPR;C:\WINDOWS\system32\unpr.sys [2007-11-11 10:28]
          R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2006-03-30 19:18]
          R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 04:38]
          R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-08-11 03:38]
          S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys

          .
          **************************************************************************

          catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2007-12-23 12:11:01
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          C:\WINDOWS\system32\*ka&#239;&#208;:V€&#212;ka&#239; 40960 bytes executable

          Scan succesvol afgerond
          verborgen bestanden: 1

          **************************************************************************
          .
          Voltooingstijd: 2007-12-23 12:12:33
          C:\ComboFix2.txt ... 2007-12-22 23:51
          C:\ComboFix3.txt ... 2007-10-27 10:14

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 12:13:48, on 23-12-2007
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\csrss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Bonjour\mDNSResponder.exe
          C:\Program Files\CyberLink\Shared Files\RichVideo.exe
          C:\Program Files\Spyware Doctor\svcntaux.exe
          C:\Program Files\Spyware Doctor\swdsvc.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\alg.exe
          C:\WINDOWS\system32\VTTimer.exe
          C:\WINDOWS\system32\S3trayp.exe
          C:\WINDOWS\RTHDCPL.EXE
          C:\WINDOWS\system32\LVCOMSX.EXE
          C:\Program Files\Logitech\Video\LogiTray.exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
          C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
          C:\Program Files\Logitech\SetPoint\SetPoint.exe
          C:\Program Files\Logitech\Video\FxSvr2.exe
          C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
          C:\Program Files\Camfrog\Camfrog Video Chat3.94\Camfrog Video Chat.exe
          C:\Program Files\internet explorer\iexplore.exe
          C:\Program Files\MSN Messenger\msnmsgr.exe
          C:\WINDOWS\explorer.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
          C:\WINDOWS\system32\wbem\wmiprvse.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about: blank
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www.proxy.xs4all.nl:8080
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
          O2 - BHO: (no name) - {923792ED-A957-4F84-8220-9C8BD97B243A} - C:\WINDOWS\system32\vtsqq.dll (file missing)
          O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
          O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
          O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
          O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
          O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
          O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
          O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
          O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
          O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
          O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
          O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
          O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat3.94\CamfrogNet.exe" 1 C:\Program Files\Camfrog\Camfrog Video Chat3.94\Camfrog Video Chat.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
          O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
          O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
          O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
          O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://crazyslut013.spaces.live.com//PhotoUpload/MsnPUpld.cab
          O16 - DPF: {64E27CFB-8B69-4B83-80F0-36A81437D587} (CamfrogWEB Basic Control) - http://activex.camfrogweb.com/basic/cfweb_activex.camfrogweb.com-basic_instmodule.exe
          O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
          O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
          O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://fotogoodies.foto.com/activex/SpeedUploader.cab
          O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
          O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
          O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
          O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
          O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
          O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
          O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

          --
          End of file - 7837 bytes

          Comment


          • #6
            Probeer even een volledig logje van Combofix te posten, bij je laatste ontbreekt de bovenste helft

            Comment


            • #7
              K vond em al zo kort.. Maar goed.. hier de volledige log

              ComboFix 07-12-22.1 - Nienke013 2007-12-23 12:04:47.3 - NTFSx86
              Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.76 [GMT 1:00]
              Gestart vanuit: C:\Documents and Settings\Nienke013\Bureaublad\ComboFix.exe
              Command switches used :: C:\Documents and Settings\Nienke013\Bureaublad\cfscript.txt
              * Nieuw herstelpunt werd aangemaakt

              FILE
              C:\WINDOWS\system32\devozd.exe
              C:\WINDOWS\system32\xaoathnr.exe
              .

              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
              .

              C:\WINDOWS\system32\devozd.exe
              C:\WINDOWS\system32\xaoathnr.exe

              .
              (((((((((((((((((((( Bestanden Gemaakt van 2007-11-23 to 2007-12-23 ))))))))))))))))))))))))))))))
              .

              2007-12-21 23:16 . 2007-12-21 23:16 45 --a------ C:\WINDOWS\system32\delrvaxo.bat
              2007-12-21 16:31 . 2007-12-21 16:31 92 --a------ C:\WINDOWS\wininit.ini
              2007-12-21 15:06 . 2007-04-25 10:32 <DIR> d--h----- C:\Documents and Settings\Administrator.NIENKE\Sjablonen
              2007-12-21 15:06 . 2007-04-25 12:26 <DIR> d--h----- C:\Documents and Settings\Administrator.NIENKE\Onlangs geopend
              2007-12-21 15:06 . 2007-04-25 12:26 <DIR> d--h----- C:\Documents and Settings\Administrator.NIENKE\Netwerkprinteromgeving
              2007-12-21 15:06 . 2007-04-25 12:26 <DIR> d-------- C:\Documents and Settings\Administrator.NIENKE\Mijn documenten
              2007-12-21 15:06 . 2007-04-25 12:26 <DIR> dr------- C:\Documents and Settings\Administrator.NIENKE\Menu Start
              2007-12-21 15:06 . 2007-12-21 15:28 <DIR> d-------- C:\Documents and Settings\Administrator.NIENKE\Favorieten
              2007-12-21 15:06 . 2007-12-21 15:42 <DIR> d-------- C:\Documents and Settings\Administrator.NIENKE\Bureaublad
              2007-12-19 20:10 . 2007-12-21 15:54 <DIR> d-------- C:\Program Files\Spyware Doctor
              2007-12-19 20:10 . 2007-12-19 20:10 <DIR> d-------- C:\Documents and Settings\Nienke013\Application Data\PC Tools
              2007-12-19 20:10 . 2007-12-19 20:24 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
              2007-12-19 20:10 . 2007-12-19 20:24 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
              2007-12-19 20:10 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
              2007-12-19 20:10 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
              2007-12-19 20:09 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
              2007-12-19 00:20 . 2003-05-14 21:07 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx
              2007-12-19 00:20 . 2007-12-19 00:20 13,824 --a------ C:\WINDOWS\system32\drivers\splitcam.sys
              2007-12-13 16:26 . 2007-12-13 16:26 <DIR> d-------- C:\Program Files\Trend Micro
              2007-12-12 22:37 . 2007-12-12 22:40 <DIR> d-------- C:\Program Files\SurfAnonymous3
              2007-12-12 22:30 . 2007-12-12 22:32 <DIR> d-------- C:\Program Files\SurfAnonymous2
              2007-12-12 22:16 . 2007-12-12 22:17 <DIR> d-------- C:\Program Files\SurfAnonymous
              2007-12-12 21:34 . 2007-12-12 21:53 <DIR> d-------- C:\Documents and Settings\Administrator\Sjablonen
              2007-12-12 16:33 . 2007-12-21 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
              2007-12-12 15:14 . 2007-12-12 22:01 <DIR> d-------- C:\Program Files\The Cleaner Free
              2007-12-08 18:02 . 2007-12-08 18:02 <DIR> d-------- C:\Program Files\IceOp
              2007-12-08 18:02 . 2007-12-08 18:02 1,538,741 --a------ C:\WINDOWS\IceOp Uninstaller.exe
              2007-12-08 01:12 . 2007-12-08 01:12 <DIR> d-------- C:\Program Files\Bonjour
              2007-11-30 21:50 . 2007-11-30 22:14 <DIR> d-------- C:\Program Files\Incomplete
              2007-11-30 21:50 . 2007-11-30 21:50 <DIR> d-------- C:\Documents and Settings\Nienke013\Incomplete
              2007-11-30 21:49 . 2007-11-30 22:14 <DIR> d-------- C:\Documents and Settings\Nienke013\Application Data\LimeWire
              2007-11-30 21:48 . 2007-11-30 22:47 <DIR> d-------- C:\Program Files\LimeWire
              2007-11-30 17:32 . 2007-12-11 22:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
              2007-11-30 17:32 . 2007-11-30 17:32 1,409 --a------ C:\WINDOWS\QTFont.for
              2007-11-30 17:30 . 2007-11-30 17:31 <DIR> d-------- C:\Program Files\QuickTime
              2007-11-30 17:30 . 2007-11-30 17:30 <DIR> d-------- C:\Program Files\Apple Software Update
              2007-11-30 17:30 . 2007-11-30 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
              2007-11-30 17:30 . 2007-11-30 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
              2007-11-26 21:39 . 2007-11-26 21:39 <DIR> d-------- C:\Program Files\BitTorrent
              2007-11-26 21:39 . 2007-11-26 21:47 <DIR> d-------- C:\Documents and Settings\Nienke013\Application Data\BitTorrent

              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2007-12-23 10:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
              2007-12-20 07:38 --------- d-----w C:\Documents and Settings\Nienke013\Application Data\Camfrog
              2007-12-18 23:20 --------- d-----w C:\Program Files\SplitCam
              2007-12-12 21:08 --------- d-----w C:\Program Files\ICE
              2007-12-10 15:09 --------- d-----w C:\Program Files\FlashFXP
              2007-12-09 17:15 --------- d-----w C:\Program Files\Camfrog
              2007-12-08 00:12 --------- d-----w C:\Program Files\Common Files\Adobe
              2007-11-30 20:45 --------- d-----w C:\Program Files\Java
              2007-11-21 18:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
              2007-11-17 19:41 --------- d-----w C:\Documents and Settings\Nienke013\Application Data\FlashFXP
              2007-11-16 14:59 --------- d-----w C:\Program Files\Teamspeak2_RC2
              2007-11-16 14:59 --------- d-----w C:\Documents and Settings\Nienke013\Application Data\teamspeak2
              2007-11-14 21:03 --------- d-----w C:\Documents and Settings\Nienke013\Application Data\TextPad
              2007-11-14 20:57 --------- d-----w C:\Program Files\TextPad 4
              2007-11-14 16:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
              2007-11-14 15:46 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
              2007-11-09 12:35 42,092 ----a-w C:\Documents and Settings\Nienke013\Application Data\mdbu.bin
              2007-11-07 13:10 --------- d-----w C:\Program Files\Foto's KimmY En Mij
              2007-10-30 17:35 --------- d-----w C:\Program Files\aMSN
              2007-10-29 18:27 --------- d-----w C:\Program Files\FTDv3.81
              2007-10-25 13:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
              2007-10-25 12:50 --------- d-----w C:\Program Files\foto's
              2007-10-24 15:51 --------- d-----w C:\Program Files\Tools
              2007-09-28 20:16 76 ---ha-w C:\Program Files\Desktop.ini
              2007-06-14 21:40 5,156,028 ----a-w C:\Program Files\camfrog.zip
              2007-05-24 14:12 5,184,912 ----a-w C:\Program Files\camfrog.exe
              2007-05-20 15:21 977,789 ----a-w C:\Program Files\mo_fredo.zip
              2007-05-20 15:21 419,436 ----a-w C:\Program Files\mo_suz.zip
              2007-05-20 15:21 404,287 ----a-w C:\Program Files\mo_olivier.zip
              2007-05-20 15:20 507,032 ----a-w C:\Program Files\pm_serie2.zip
              2007-05-20 15:20 325,043 ----a-w C:\Program Files\pm_cath.zip
              2007-05-20 15:20 306,539 ----a-w C:\Program Files\pm_arbres.zip
              2007-05-20 15:20 262,916 ----a-w C:\Program Files\pm_dany.zip
              2007-05-20 15:20 2,673,806 ----a-w C:\Program Files\pm_mifo.zip
              2007-05-20 15:20 193,415 ----a-w C:\Program Files\mo_steph.zip
              2007-05-20 15:20 101,561 ----a-w C:\Program Files\pm_jb.zip
              2007-05-02 19:50 2,876,616 ----a-w C:\Program Files\pfs-setup-en.exe
              2007-04-26 20:26 3,981,497 ----a-w C:\Program Files\aMSN-0.96-3-windows-installer.exe
              .

              ((((((((((((((((((((((((((((( snapshot_2007-12-22_23.49.48.01 )))))))))))))))))))))))))))))))))))))))))
              .
              - 2007-12-22 22:46:48 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
              + 2007-12-23 10:56:05 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
              - 2007-12-22 22:46:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
              + 2007-12-23 10:56:05 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
              - 2007-12-22 22:46:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
              + 2007-12-23 10:56:05 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
              .
              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              REGEDIT4
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

              [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{923792ED-A957-4F84-8220-9C8BD97B243A}]
              C:\WINDOWS\system32\vtsqq.dll

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
              "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44]
              "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:15]
              "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04]
              "Camfrog"="C:\Program Files\Camfrog\Camfrog Video Chat3.94\CamfrogNet.exe" [2003-09-29 07:22]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "VTTimer"="VTTimer.exe" [2006-06-16 03:33 C:\WINDOWS\system32\VTTimer.exe]
              "S3Trayp"="S3trayp.exe" [2006-07-10 19:33 C:\WINDOWS\system32\S3Trayp.exe]
              "RTHDCPL"="RTHDCPL.EXE" [2006-08-23 13:08 C:\WINDOWS\RTHDCPL.exe]
              "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe]
              "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32]
              "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24]
              "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14]
              "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
              "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
              "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]
              "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]

              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03]

              C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
              Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 00:48:20]
              Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 23:01:50]
              Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-04-25 11:01:21]
              Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
              @=""

              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
              @=""

              R0 UNPR;UNPR;C:\WINDOWS\system32\unpr.sys [2007-11-11 10:28]
              R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2006-03-30 19:18]
              R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 04:38]
              R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-08-11 03:38]
              S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys

              .
              **************************************************************************

              catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2007-12-23 12:11:01
              Windows 5.1.2600 Service Pack 2 NTFS

              scannen van verborgen processen ...

              scannen van verborgen autostart items ...

              scannen van verborgen bestanden ...

              C:\WINDOWS\system32\*kaïÐ:V€Ôkaï 40960 bytes executable

              Scan succesvol afgerond
              verborgen bestanden: 1

              **************************************************************************
              .
              Voltooingstijd: 2007-12-23 12:12:33
              C:\ComboFix2.txt ... 2007-12-22 23:51
              C:\ComboFix3.txt ... 2007-10-27 10:14

              Comment


              • #8
                Start HijackThis nog een keer, kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regel:
                O2 - BHO: (no name) - {923792ED-A957-4F84-8220-9C8BD97B243A} - C:\WINDOWS\system32\vtsqq.dll (file missing)
                Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

                Verwijder de volgende map:
                C:\Qoobox

                Maak dan je prullenbak leeg.

                Download ATF cleaner (mirror)(gemaakt door Atribune)

                Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                Dubbelklik op ATF cleaner om het programma te starten.
                Op het tabblad "Main", plaats je een vinkje bij Select All.
                Klik op de knop Empty Selected.

                Het volgende doen als je ook FireFox als browser hebt:
                Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                Klik op de knop Empty Selected.

                Het volgende doen als je ook Opera als browser hebt:
                Klik op tabblad "Opera", plaats een vinkje bij Select All.
                Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                Klik op de knop Empty Selected.
                Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                Ga naar Start - Uitvoeren en geef hier het volgende in:
                Combofix /U
                Druk daarna op OK.
                Let op: Er moet een spatie tussen Combofix en /U zitten.

                Dit zal Combofix deïnstalleren.

                Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                Kijk hier hoe je je systeemherstel moet uitschakelen.
                Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                Post als laatste nog een nieuw logje van Hijackthis ter controle

                Comment


                • #9
                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 23:35:06, on 23-12-2007
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\csrss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\Program Files\Bonjour\mDNSResponder.exe
                  C:\Program Files\CyberLink\Shared Files\RichVideo.exe
                  C:\Program Files\Spyware Doctor\svcntaux.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\Program Files\Spyware Doctor\swdsvc.exe
                  C:\WINDOWS\system32\VTTimer.exe
                  C:\WINDOWS\system32\S3trayp.exe
                  C:\WINDOWS\RTHDCPL.EXE
                  C:\WINDOWS\system32\LVCOMSX.EXE
                  C:\Program Files\Logitech\Video\LogiTray.exe
                  C:\Program Files\MSN Messenger\MsnMsgr.Exe
                  C:\Program Files\Messenger\msmsgs.exe
                  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
                  C:\Program Files\Logitech\SetPoint\SetPoint.exe
                  C:\Program Files\Logitech\Video\FxSvr2.exe
                  C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
                  C:\WINDOWS\System32\alg.exe
                  C:\Program Files\Camfrog\Camfrog Video Chat3.94\Camfrog Video Chat.exe
                  C:\Program Files\internet explorer\iexplore.exe
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
                  C:\WINDOWS\system32\wbem\wmiprvse.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about: blank
                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www.proxy.xs4all.nl:8080
                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
                  O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
                  O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
                  O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
                  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
                  O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
                  O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
                  O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
                  O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
                  O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
                  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                  O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
                  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
                  O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
                  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                  O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat3.94\CamfrogNet.exe" 1 C:\Program Files\Camfrog\Camfrog Video Chat3.94\Camfrog Video Chat.exe
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
                  O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
                  O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
                  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
                  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                  O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                  O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
                  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://crazyslut013.spaces.live.com//PhotoUpload/MsnPUpld.cab
                  O16 - DPF: {64E27CFB-8B69-4B83-80F0-36A81437D587} (CamfrogWEB Basic Control) - http://activex.camfrogweb.com/basic/cfweb_activex.camfrogweb.com-basic_instmodule.exe
                  O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
                  O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
                  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                  O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://fotogoodies.foto.com/activex/SpeedUploader.cab
                  O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
                  O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
                  O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
                  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
                  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

                  --
                  End of file - 7728 bytes

                  Comment


                  • #10
                    Zou je het volgende bestand nog even willen scannen met VirusTotal?: http://www.virustotal.com/
                    C:\WINDOWS\system32\unpr.sys

                    Upload het bestand en wacht geduldig op het scanresultaat.
                    Kopieer het scanresultaat en post dat in je volgende bericht

                    Comment


                    • #11
                      Dit bestand is reeds gescanned:
                      MD5: 4bc149d90bb94a2ee09ae6d5153932ad
                      Datum: 2007.12.01 01:26:38 (CET) [>21D]
                      Resultaat: 18/32
                      Permalink: resultado.html?8a9179fa81447d1389681b2f5de7e491

                      K heb die Permalink aangeklikt, daar kwam dit te staan:

                      Antivirus Versie Laatst geüpdatet Resultaat
                      AhnLab-V3 - - -
                      AntiVir - - TR/Killav.CN.3
                      Authentium - - -
                      Avast - - -
                      AVG - - Generic9.UIO
                      BitDefender - - Trojan.Rootkit.Virtob.A
                      CAT-QuickHeal - - Trojan.KillAV.cn
                      ClamAV - - -
                      DrWeb - - -
                      eSafe - - -
                      eTrust-Vet - - -
                      Ewido - - Trojan.KillAV.cn
                      FileAdvisor - - -
                      Fortinet - - W32/KillAV.CN!tr
                      F-Prot - - -
                      F-Secure - - Trojan.Win32.KillAV.cn
                      Ikarus - - Trojan.Win32.KillAV.CN
                      Kaspersky - - Trojan.Win32.KillAV.cn
                      McAfee - - -
                      Microsoft - - Trojan:Win32/Killav.KB
                      NOD32v2 - - Win32/KillAV.NBU
                      Norman - - W32/Killav.ADY
                      Panda - - -
                      Prevx1 - - Rootkit.Rustock.gen
                      Rising - - -
                      Sophos - - Troj/KillAV-EC
                      Sunbelt - - Trojan.Rootkit.Virtob.A
                      Symantec - - -
                      TheHacker - - Trojan/KillAV.cn
                      VBA32 - - Trojan.Win32.KillAV.cn
                      VirusBuster - - -
                      Webwasher-Gateway - - Trojan.Killav.CN.3
                      Extra informatie
                      MD5: 4bc149d90bb94a2ee09ae6d5153932ad

                      Geen idee of dat er bij moest, maar voor de zekerheid maar wel gedaan

                      Comment


                      • #12
                        Die moet er ook nog uit.

                        Download Combofix opnieuw naar je Bureaublad.

                        Download de bijlage: CFScript.txt

                        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



                        Dit zal ComboFix doen herstarten.
                        Start opnieuw op als daarom gevraagd wordt,
                        en post de inhoud van de Combofix.txt in je volgende antwoord.
                        Bijgevoegde Bestanden

                        Comment


                        • #13
                          ComboFix 07-12-23.1 - Nienke013 2007-12-23 10:56:21.4 - NTFSx86
                          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.137 [GMT 1:00]
                          Gestart vanuit: C:\Documents and Settings\Nienke013\Bureaublad\ComboFix.exe
                          Command switches used :: C:\Documents and Settings\Nienke013\Bureaublad\cfscript.txt
                          * Nieuw herstelpunt werd aangemaakt

                          FILE
                          C:\WINDOWS\system32\unpr.sys
                          .

                          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                          .

                          C:\WINDOWS\system32\unpr.sys

                          .
                          ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

                          .
                          -------\LEGACY_SETUPNTGLM7X
                          -------\LEGACY_UNPR
                          -------\SetupNTGLM7X
                          -------\UNPR


                          (((((((((((((((((((( Bestanden Gemaakt van 2007-11-23 to 2007-12-23 ))))))))))))))))))))))))))))))
                          .

                          2007-12-21 23:16 . 2007-12-21 23:16 45 --a------ C:\WINDOWS\system32\delrvaxo.bat
                          2007-12-21 16:31 . 2007-12-21 16:31 92 --a------ C:\WINDOWS\wininit.ini
                          2007-12-21 15:06 . 2007-04-25 10:32 <DIR> d--h----- C:\Documents and Settings\Administrator.NIENKE\Sjablonen
                          2007-12-21 15:06 . 2007-04-25 12:26 <DIR> d--h----- C:\Documents and Settings\Administrator.NIENKE\Onlangs geopend
                          2007-12-21 15:06 . 2007-04-25 12:26 <DIR> d--h----- C:\Documents and Settings\Administrator.NIENKE\Netwerkprinteromgeving
                          2007-12-21 15:06 . 2007-04-25 12:26 <DIR> d-------- C:\Documents and Settings\Administrator.NIENKE\Mijn documenten
                          2007-12-21 15:06 . 2007-04-25 12:26 <DIR> dr------- C:\Documents and Settings\Administrator.NIENKE\Menu Start
                          2007-12-21 15:06 . 2007-12-21 15:28 <DIR> d-------- C:\Documents and Settings\Administrator.NIENKE\Favorieten
                          2007-12-21 15:06 . 2007-12-21 15:42 <DIR> d-------- C:\Documents and Settings\Administrator.NIENKE\Bureaublad
                          2007-12-19 20:10 . 2007-12-21 15:54 <DIR> d-------- C:\Program Files\Spyware Doctor
                          2007-12-19 20:10 . 2007-12-19 20:10 <DIR> d-------- C:\Documents and Settings\Nienke013\Application Data\PC Tools
                          2007-12-19 20:10 . 2007-12-19 20:24 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
                          2007-12-19 20:10 . 2007-12-19 20:24 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
                          2007-12-19 20:10 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
                          2007-12-19 20:10 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
                          2007-12-19 20:09 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
                          2007-12-19 00:20 . 2003-05-14 21:07 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx
                          2007-12-19 00:20 . 2007-12-19 00:20 13,824 --a------ C:\WINDOWS\system32\drivers\splitcam.sys
                          2007-12-13 16:26 . 2007-12-13 16:26 <DIR> d-------- C:\Program Files\Trend Micro
                          2007-12-12 22:37 . 2007-12-12 22:40 <DIR> d-------- C:\Program Files\SurfAnonymous3
                          2007-12-12 22:30 . 2007-12-12 22:32 <DIR> d-------- C:\Program Files\SurfAnonymous2
                          2007-12-12 22:16 . 2007-12-12 22:17 <DIR> d-------- C:\Program Files\SurfAnonymous
                          2007-12-12 21:34 . 2007-12-12 21:53 <DIR> d-------- C:\Documents and Settings\Administrator\Sjablonen
                          2007-12-12 16:33 . 2007-12-21 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                          2007-12-12 15:14 . 2007-12-12 22:01 <DIR> d-------- C:\Program Files\The Cleaner Free
                          2007-12-08 18:02 . 2007-12-08 18:02 <DIR> d-------- C:\Program Files\IceOp
                          2007-12-08 18:02 . 2007-12-08 18:02 1,538,741 --a------ C:\WINDOWS\IceOp Uninstaller.exe
                          2007-12-08 01:12 . 2007-12-08 01:12 <DIR> d-------- C:\Program Files\Bonjour
                          2007-11-30 21:50 . 2007-11-30 22:14 <DIR> d-------- C:\Program Files\Incomplete
                          2007-11-30 21:50 . 2007-11-30 21:50 <DIR> d-------- C:\Documents and Settings\Nienke013\Incomplete
                          2007-11-30 21:49 . 2007-11-30 22:14 <DIR> d-------- C:\Documents and Settings\Nienke013\Application Data\LimeWire
                          2007-11-30 21:48 . 2007-11-30 22:47 <DIR> d-------- C:\Program Files\LimeWire
                          2007-11-30 17:32 . 2007-12-11 22:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
                          2007-11-30 17:32 . 2007-11-30 17:32 1,409 --a------ C:\WINDOWS\QTFont.for
                          2007-11-30 17:30 . 2007-11-30 17:31 <DIR> d-------- C:\Program Files\QuickTime
                          2007-11-30 17:30 . 2007-11-30 17:30 <DIR> d-------- C:\Program Files\Apple Software Update
                          2007-11-30 17:30 . 2007-11-30 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
                          2007-11-30 17:30 . 2007-11-30 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
                          2007-11-26 21:39 . 2007-11-26 21:39 <DIR> d-------- C:\Program Files\BitTorrent
                          2007-11-26 21:39 . 2007-11-26 21:47 <DIR> d-------- C:\Documents and Settings\Nienke013\Application Data\BitTorrent

                          .
                          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          2007-12-23 10:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
                          2007-12-20 07:38 --------- d-----w C:\Documents and Settings\Nienke013\Application Data\Camfrog
                          2007-12-18 23:20 --------- d-----w C:\Program Files\SplitCam
                          2007-12-12 21:08 --------- d-----w C:\Program Files\ICE
                          2007-12-10 15:09 --------- d-----w C:\Program Files\FlashFXP
                          2007-12-09 17:15 --------- d-----w C:\Program Files\Camfrog
                          2007-12-08 00:12 --------- d-----w C:\Program Files\Common Files\Adobe
                          2007-11-30 20:45 --------- d-----w C:\Program Files\Java
                          2007-11-21 18:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
                          2007-11-17 19:41 --------- d-----w C:\Documents and Settings\Nienke013\Application Data\FlashFXP
                          2007-11-16 14:59 --------- d-----w C:\Program Files\Teamspeak2_RC2
                          2007-11-16 14:59 --------- d-----w C:\Documents and Settings\Nienke013\Application Data\teamspeak2
                          2007-11-14 21:03 --------- d-----w C:\Documents and Settings\Nienke013\Application Data\TextPad
                          2007-11-14 20:57 --------- d-----w C:\Program Files\TextPad 4
                          2007-11-14 16:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
                          2007-11-14 15:46 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
                          2007-11-09 12:35 42,092 ----a-w C:\Documents and Settings\Nienke013\Application Data\mdbu.bin
                          2007-11-07 13:10 --------- d-----w C:\Program Files\Foto's KimmY En Mij
                          2007-10-30 17:35 --------- d-----w C:\Program Files\aMSN
                          2007-10-29 18:27 --------- d-----w C:\Program Files\FTDv3.81
                          2007-10-25 13:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
                          2007-10-25 12:50 --------- d-----w C:\Program Files\foto's
                          2007-10-24 15:51 --------- d-----w C:\Program Files\Tools
                          2007-09-28 20:16 76 ---ha-w C:\Program Files\Desktop.ini
                          2007-06-14 21:40 5,156,028 ----a-w C:\Program Files\camfrog.zip
                          2007-05-24 14:12 5,184,912 ----a-w C:\Program Files\camfrog.exe
                          2007-05-20 15:21 977,789 ----a-w C:\Program Files\mo_fredo.zip
                          2007-05-20 15:21 419,436 ----a-w C:\Program Files\mo_suz.zip
                          2007-05-20 15:21 404,287 ----a-w C:\Program Files\mo_olivier.zip
                          2007-05-20 15:20 507,032 ----a-w C:\Program Files\pm_serie2.zip
                          2007-05-20 15:20 325,043 ----a-w C:\Program Files\pm_cath.zip
                          2007-05-20 15:20 306,539 ----a-w C:\Program Files\pm_arbres.zip
                          2007-05-20 15:20 262,916 ----a-w C:\Program Files\pm_dany.zip
                          2007-05-20 15:20 2,673,806 ----a-w C:\Program Files\pm_mifo.zip
                          2007-05-20 15:20 193,415 ----a-w C:\Program Files\mo_steph.zip
                          2007-05-20 15:20 101,561 ----a-w C:\Program Files\pm_jb.zip
                          2007-05-02 19:50 2,876,616 ----a-w C:\Program Files\pfs-setup-en.exe
                          2007-04-26 20:26 3,981,497 ----a-w C:\Program Files\aMSN-0.96-3-windows-installer.exe
                          .

                          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          .
                          REGEDIT4
                          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
                          "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44]
                          "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:15]
                          "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04]
                          "Camfrog"="C:\Program Files\Camfrog\Camfrog Video Chat3.94\CamfrogNet.exe" [2003-09-29 07:22]

                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "VTTimer"="VTTimer.exe" [2006-06-16 03:33 C:\WINDOWS\system32\VTTimer.exe]
                          "S3Trayp"="S3trayp.exe" [2006-07-10 19:33 C:\WINDOWS\system32\S3Trayp.exe]
                          "RTHDCPL"="RTHDCPL.EXE" [2006-08-23 13:08 C:\WINDOWS\RTHDCPL.exe]
                          "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe]
                          "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32]
                          "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24]
                          "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14]
                          "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
                          "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
                          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]
                          "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]

                          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03]

                          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                          Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 00:48:20]
                          Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 23:01:50]
                          Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-04-25 11:01:21]
                          Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
                          @=""

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
                          @=""

                          R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2006-03-30 19:18]
                          R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 04:38]
                          R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-08-11 03:38]

                          .
                          Last edited by _-Nienke-_; 23-12-07, 10:10.

                          Comment


                          • #14
                            Ziet er goed uit

                            Ga naar Start - Uitvoeren en geef het volgende in:
                            Combofix /u
                            Druk op OK.

                            Dit zal Combofix opnieuw doen verwijderen.

                            Zou je het volgende ook nog even willen doen?

                            Start - Uitvoeren en hier de volgende regel ingeven:
                            start notepad.exe C:\WINDOWS\system32\delrvaxo.bat
                            Druk op OK.

                            Er opent een kladblokbestand, post de inhoud

                            Comment


                            • #15
                              Hmm.. dat laatste heb ik geprobeerd, ik krijg de volgende melding:

                              " Windows kan het bestand start niet vinden. Controleer of u de naam juist hebt ingevoerd en probeer het daarna opnieuw. Klik als u naar een bestand wilt zoeken op de knop Start en daarna op Zoeken. "

                              start notepad.exe C:\windows\system32\delrvaxo.bat

                              Zo heb ik het ingevoerd..

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X
                              😀
                              🥰
                              🤢
                              😎
                              😡
                              👍
                              👎