Mededeling

Collapse
No announcement yet.

AdwareRemover 2007

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    AdwareRemover 2007

    Lieve mensen van Nucia,

    Sinds vorige week verschijnt er op de lap top van mijn schoonvader elke keer een soort van pop-up van AdwareRemover 2007. Hij is er zo wanhopig van geworden dat hij een nieuwe lap top wil gaan kopen. We hebben met AV panda gescand en die heeft wel het 1 en ander verwijdert alleen het probleem met de AdwareRemover 2007 blijft. Ik hoop dat een nieuwe lap top kopen niet hoeft.

    Dit is het Hijack This logje:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:29:51, on 12/22/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\RegSrvc.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    C:\WINDOWS\system32\ICO.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Program Files\Sony\HotKey Utility\HKserv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\WINDOWS\system32\1XConfig.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Sony\HotKey Utility\HKWnd.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
    C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
    C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
    C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
    C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE
    C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINDOWS\system32\SearchTool\nsp5C.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: OFK System - {F08487B1-AFEC-45CF-B2E9-D05DEE137D22} - C:\WINDOWS\blopenvtok.dll
    O3 - Toolbar: De Telefoongids - {790C1F44-C559-434B-BE18-13C042555D8E} - C:\Program Files\De Telefoongids\De Telefoongids Zoekbalk\PhoneShell.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: The retnsrp - {9EF873D0-0259-4D2A-AA60-F61FA5B28FE8} - C:\WINDOWS\retnsrp.dll
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 - HKLM\..\Run: [Minolta QMS Soft Font Downloader] MLTSFDL.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\AA954A~1.LAP\LOCALS~1\Temp\{6CA25782-BC6E-4E7B-A475-EDDF8AB64905}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0013"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
    O4 - HKLM\..\RunOnce: [BorraT2006TMP] cmd /C RD /s/q "C:\DOCUME~1\AA954A~1.LAP\LOCALS~1\Temp\L2007tmp\"
    O4 - HKLM\..\RunOnce: [Panda_cleaner] C:\Program Files\Panda Security\Panda Antivirus 2008\pavdr.exe "C:\Program Files\Panda Security\Panda Antivirus 2008\cace2423dfb97c58fe7dd9f120557063pavdr.act"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - C:\Program Files\De Telefoongids\De Telefoongids Zoekbalk\PhoneShell.dll
    O9 - Extra 'Tools' menuitem: De Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - C:\Program Files\De Telefoongids\De Telefoongids Zoekbalk\PhoneShell.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
    O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart_nl.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://onlinefotoservice.fotoklein.nl/FotoKlein/UserControls/Part/Upload/ImageUploader4.cab
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab
    O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - http://secure.ingbank.nl/download/DigiSign.cab
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator.contentsvc.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeDutchNewReleaseInstall.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0C786265-A573-4C5A-8A72-DEBCDB5F0448}: NameServer = 10.0.0.2
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0C786265-A573-4C5A-8A72-DEBCDB5F0448}: NameServer = 10.0.0.2
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0C786265-A573-4C5A-8A72-DEBCDB5F0448}: NameServer = 10.0.0.2
    O21 - SSODL: nopzet - {B7D9DC4C-ECB8-4A60-ABCF-BB8F7D352D58} - C:\WINDOWS\nopzet.dll
    O21 - SSODL: leorop - {E4A8F480-AE3F-428F-BFD3-D71F6BB9FC92} - C:\WINDOWS\leorop.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
    O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: xControlCOM - Siemens - C:\Program Files\Gigaset\talk&surf 5.1 pentavox\xControlCOM.exe

    --
    End of file - 10991 bytes
    Labels: Geen
    • Citaat
  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht tesamen met een nieuw logje van HijackThis.
    • Citaat

    Comment

    • #3
      Hier het logje van RVAXO:

      ----------------RVAXO.exe first run-------------

      Files found:

      C:\WINDOWS\blopenvtok.dll
      C:\Documents and Settings\AA.LAPTOP\err.log
      C:\WINDOWS\dat.txt
      C:\WINDOWS\rs.txt
      C:\WINDOWS\nopzet.dll
      C:\WINDOWS\retnsrp.dll
      C:\WINDOWS\jokvip.exe
      C:\WINDOWS\search_res.txt
      C:\WINDOWS\leorop.dll
      C:\Documents and Settings\AA.LAPTOP\Desktop\Error Cleaner.url
      C:\Documents and Settings\AA.LAPTOP\Desktop\Spyware&Malware Protection.url
      C:\Documents and Settings\AA.LAPTOP\Desktop\Privacy Protector.url
      C:\Documents and Settings\All Users\STARTM~1\Online Security Guide.url
      C:\Documents and Settings\All Users\STARTM~1\Security Troubleshooting.url
      C:\Documents and Settings\AA.LAPTOP\FAVORI~1\Error Cleaner.url
      C:\Documents and Settings\AA.LAPTOP\FAVORI~1\Privacy Protector.url
      C:\Documents and Settings\AA.LAPTOP\FAVORI~1\Spyware&Malware Protection.url

      Uninstallers Rogue scanners:

      Search Enhancer uninstaller found

      Folders Found:

      C:\Documents and Settings\AA.LAPTOP\Application Data\DriveCleaner 2006 Free
      C:\Program Files\RichVideoCodec
      C:\Program Files\mediapipe
      C:\WINDOWS\privacy_danger
      C:\Program Files\Video Add-on

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------


      En hier het logje van Hijack This:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:35:01, on 12/22/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\S24EvMon.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
      C:\WINDOWS\system32\RegSrvc.exe
      C:\Program Files\SPAMfighter\sfus.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\ezSP_Px.exe
      C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
      C:\WINDOWS\system32\ICO.EXE
      C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
      C:\Program Files\Sony\HotKey Utility\HKserv.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Program Files\Apoint\Apoint.exe
      C:\WINDOWS\system32\ZCfgSvc.exe
      C:\Program Files\Sony\HotKey Utility\HKWnd.exe
      C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
      C:\WINDOWS\system32\1XConfig.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Apoint\Apntex.exe
      C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
      C:\Program Files\SPAMfighter\SFAgent.exe
      C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
      C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
      C:\WINDOWS\system32\msiexec.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\WINDOWS\System32\wbem\wmiprvse.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: (no name) - - (no file)
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: De Telefoongids - {790C1F44-C559-434B-BE18-13C042555D8E} - C:\Program Files\De Telefoongids\De Telefoongids Zoekbalk\PhoneShell.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
      O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
      O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
      O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
      O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
      O4 - HKLM\..\Run: [Minolta QMS Soft Font Downloader] MLTSFDL.EXE
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
      O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
      O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
      O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
      O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
      O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
      O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
      O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
      O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
      O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\AA954A~1.LAP\LOCALS~1\Temp\{6CA25782-BC6E-4E7B-A475-EDDF8AB64905}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0013"
      O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
      O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
      O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
      O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
      O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
      O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
      O9 - Extra button: Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - C:\Program Files\De Telefoongids\De Telefoongids Zoekbalk\PhoneShell.dll
      O9 - Extra 'Tools' menuitem: De Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - C:\Program Files\De Telefoongids\De Telefoongids Zoekbalk\PhoneShell.dll
      O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
      O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart_nl.cab
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://onlinefotoservice.fotoklein.nl/FotoKlein/UserControls/Part/Upload/ImageUploader4.cab
      O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab
      O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - http://secure.ingbank.nl/download/DigiSign.cab
      O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator.contentsvc.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeDutchNewReleaseInstall.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{0C786265-A573-4C5A-8A72-DEBCDB5F0448}: NameServer = 10.0.0.2
      O17 - HKLM\System\CS1\Services\Tcpip\..\{0C786265-A573-4C5A-8A72-DEBCDB5F0448}: NameServer = 10.0.0.2
      O17 - HKLM\System\CS2\Services\Tcpip\..\{0C786265-A573-4C5A-8A72-DEBCDB5F0448}: NameServer = 10.0.0.2
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
      O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
      O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
      O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
      O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
      O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
      O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
      O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
      O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
      O23 - Service: xControlCOM - Siemens - C:\Program Files\Gigaset\talk&surf 5.1 pentavox\xControlCOM.exe

      --
      End of file - 10623 bytes
      • Citaat

      Comment

      • #4
        Start HijackThis nog een keer, kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        R3 - URLSearchHook: (no name) - - (no file)
        O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
        O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\AA954A~1.LAP\LOCALS~1\Temp\{6CA25782-BC6E-4E7B-A475-EDDF8AB64905}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0013"
        O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
        O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installd...erstart_nl.cab
        O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator.contentsvc.com/sites/...aseInstall.cab
        Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

        Download Combofix naar je Bureaublad.
        Dubbelklik op Combofix.exe
        Kies voor "Continue" door 1 te typen gevolgd door ENTER.
        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
        Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
        Plaats deze log in je volgende post.

        NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
        • Citaat

        Comment

        • #5
          Hier het logje van combofix:

          ComboFix 07-12-23.1 - AA 2007-12-22 20:30:46.1 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.100 [GMT 1:00]
          Running from: C:\DOCUME~1\AA954A~1.LAP\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\ZLNT1Z0U\ComboFix[1].exe
          * Created a new restore point
          .

          ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\Documents and Settings\AA.LAPTOP\Application Data.\Ultimate Cleaner
          C:\Documents and Settings\AA.LAPTOP\Application Data.\Ultimate Cleaner\settings.dat
          C:\Documents and Settings\AA.LAPTOP\Application Data\Ultimate Cleaner\settings.dat
          C:\Documents and Settings\AA.LAPTOP\Desktop\movieland terms.lnk
          C:\Documents and Settings\AA.LAPTOP\Desktop\movieland.url
          C:\Program Files\p2pnetworks
          C:\Program Files\p2pnetworks\AlConfig.xml
          C:\Program Files\p2pnetworks\alp2plib.log
          C:\Program Files\p2pnetworks\alp2plib.log.bak
          C:\Program Files\p2pnetworks\install.log
          C:\Program Files\p2pnetworks\sp2p.cache
          C:\Program Files\p2pnetworks\uninst.exe

          .
          ((((((((((((((((((((((((( Files Created from 2007-11-23 to 2007-12-23 )))))))))))))))))))))))))))))))
          .

          2007-12-22 19:27 . 2007-12-22 19:27 <DIR> d-------- C:\RVAXO
          2007-12-22 19:24 . 2007-12-22 20:00 558,354 --a------ C:\WINDOWS\system32\RVAXO.bat
          2007-12-22 19:24 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
          2007-12-22 18:55 . 2007-12-22 18:55 <DIR> d-------- C:\Program Files\Enigma Software Group
          2007-12-22 18:29 . 2007-12-22 18:29 <DIR> d-------- C:\Program Files\Trend Micro
          2007-12-22 16:57 . 2007-12-22 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
          2007-12-22 16:56 . 2007-12-22 17:06 <DIR> d-------- C:\WINDOWS\system32\PAV
          2007-12-22 16:56 . 2007-06-06 11:43 83,640 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
          2007-12-22 16:56 . 2007-12-22 16:56 248 --a------ C:\WINDOWS\system32\PavCPL.dat
          2007-12-22 16:55 . 2007-12-22 16:55 <DIR> d-------- C:\Program Files\Panda Security
          2007-12-22 16:55 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl
          2007-12-22 16:55 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll
          2007-12-21 16:00 . 2007-12-21 16:00 <DIR> d-------- C:\Program Files\Common Files\Ankiro
          2007-12-21 15:58 . 2007-12-22 19:29 <DIR> d-------- C:\Program Files\SPAMfighter
          2007-12-21 15:58 . 2007-12-21 15:58 <DIR> d-------- C:\Program Files\Common Files\Application
          2007-11-23 21:46 . 2007-11-23 21:46 20 --a------ C:\Picasa.ini

          .
          (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2007-12-22 16:29 --------- d-----w C:\Program Files\DownloadManager
          2007-12-22 16:09 381 ----a-w C:\Documents and Settings\AA.LAPTOP\Application Data\internaldb1942.dat
          2007-12-22 16:05 20,480 ----a-w C:\Documents and Settings\AA.LAPTOP\Application Data\internaldb4827.dat
          2007-12-22 15:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2007-12-22 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
          2007-12-22 15:51 --------- d-----w C:\Program Files\McAfee
          2007-12-22 15:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
          2007-12-22 15:42 --------- d-----w C:\Documents and Settings\AA.LAPTOP\Application Data\U3
          2007-12-22 15:16 523 ----a-w C:\Documents and Settings\AA.LAPTOP\Application Data\internaldb9693.dat
          2007-12-01 20:48 53,746 ----a-w C:\Documents and Settings\AA.LAPTOP\Application Data\mdb.bin
          2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
          2007-11-02 19:10 90,938,950 ----a-w C:\feestje.zip
          2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
          2007-10-29 18:13 --------- d-----w C:\Program Files\Picasa2
          2007-10-27 16:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
          2007-09-25 18:21 22,789,104 ----a-w C:\Fotoklein.exe
          2006-12-31 15:33 0 ----a-w C:\Documents and Settings\AA.LAPTOP\Application Data\internaldb5436.dat
          2006-02-26 18:48 26,958 -c--a-w C:\Program Files\MovieLand Terms.html
          .

          ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          *Note* empty entries & legit default entries are not shown
          REGEDIT4

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 15:25]
          "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-06-24 13:08]
          "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe"
          "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 16:40]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 11:29]
          "Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2003-01-15 13:07]
          "Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-15 01:46 C:\WINDOWS\system32\ico.exe]
          "Minolta QMS Soft Font Downloader"="MLTSFDL.EXE" [1999-06-04 15:42 C:\WINDOWS\system32\MLTSFDL.EXE]
          "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 11:08]
          "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 12:40]
          "HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2003-01-14 22:00]
          "DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 21:56]
          "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 08:56 C:\WINDOWS\system32\bthprops.cpl]
          "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-01-15 16:03]
          "ATIModeChange"="Ati2mdxx.exe" [2001-09-05 01:24 C:\WINDOWS\system32\Ati2mdxx.exe]
          "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2002-10-18 15:58]
          "ZCfgSvc.exe"="C:\WINDOWS\system32\ZCfgSvc.exe" [2005-07-05 00:32]
          "PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-06-27 07:45]
          "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
          "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 08:56]
          "DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 10:31]
          "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 14:29]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
          "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
          "VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe"
          "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe"
          "SM_IAN"="C:\Program Files\AdvancedCleaner Free\ian_monitor.exe"
          "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-12-14 09:55]
          "APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-07-19 15:23]
          "SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2007-11-30 13:47]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56]
          "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17]

          C:\Documents and Settings\h.korsten\Menu Start\Programma's\Opstarten\
          PP1100L.exe [2004-02-04 10:32:42]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
          avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2395093253-1062313956-3566637311-1142\Scripts\Logon\0\0]
          "Script"=\\aatech.local\SysVol\aatech.local\scripts\general.bat

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
          path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
          backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digimax Viewer 2.0.lnk]
          path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digimax Viewer 2.0.lnk
          backup=C:\WINDOWS\pss\Digimax Viewer 2.0.lnkCommon Startup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
          path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
          backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^talk&surf 5.1 pentavox Monitor.lnk]
          path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\talk&surf 5.1 pentavox Monitor.lnk
          backup=C:\WINDOWS\pss\talk&surf 5.1 pentavox Monitor.lnkCommon Startup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detection]
          2007-07-16 13:50 101888 --a------ C:\Program Files\Foto Klein Fotoservice\NL\dd.exe

          R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-12-14 09:57]
          R3 HRCMPA;ISDN Wan driver (Ver. 1.10.0021);C:\WINDOWS\system32\DRIVERS\hrcmpa.sys [2002-01-31 08:56]
          R3 oibtvcom;Bluetooth Virtual COM Port;C:\WINDOWS\system32\Drivers\oivmvcom.sys [2003-01-06 18:20]
          R3 oivmctrl;VCOMM Device Controller;C:\WINDOWS\system32\Drivers\oivmctrl.sys [2003-01-06 18:20]
          R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2002-08-20 11:59]
          R3 WDM_YAMAHAAC97;YAMAHA AC-XG Audio Device;C:\WINDOWS\system32\drivers\yacxgc.sys [2002-09-19 19:19]
          S3 Gigusb;Dect USB Driver;C:\WINDOWS\system32\Drivers\Gigusb.sys [2002-04-18 12:21]
          S3 IUAPIWDM;ISDN USB Interface (Ver. 1.10.0021);C:\WINDOWS\system32\DRIVERS\IUAPIWDM.sys [2001-07-20 08:58]
          S3 siellif;siellif;C:\WINDOWS\system32\Drivers\siellif.sys [2002-04-18 12:21]
          S3 xControlCOM;xControlCOM;C:\Program Files\Gigaset\talk&surf 5.1 pentavox\xControlCOM.exe [2002-04-18 12:24]

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
          \Shell\AutoRun\command - F:\LaunchU3.exe -a

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d3e1a22-5c8c-11dc-9ca9-00042359fdf4}]
          \Shell\AutoRun\command - F:\LaunchU3.exe -a

          *Newly Created Service* - CATCHME
          *Newly Created Service* - PROCEXP90
          .
          Contents of the 'Scheduled Tasks' folder
          "2007-10-24 18:13:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          .
          **************************************************************************

          catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2007-12-23 20:37:27
          Windows 5.1.2600 Service Pack 2 NTFS

          scanning hidden processes ...

          scanning hidden autostart entries ...

          HKLM\Software\Microsoft\Windows\CurrentVersion\Run
          SM_IAN = C:\Program Files\AdvancedCleaner Free\ian_monitor.exe??|[email protected][email protected]????????????????|[email protected]?????????p???????x A?3??|???|[email protected][email protected]???????C????????|[email protected]?????????,[email protected][email protected]?d???u)?|[email protected]??????????)?|???|[email protected]?3? ?|[email protected][email protected]?????????? A????|[email protected]?d??????

          scanning hidden files ...

          **************************************************************************
          .
          Completion time: 2007-12-23 20:39:17
          .
          2007-12-21 15:11:56 --- E O F ---
          • Citaat

          Comment

          • #6
            Start HijackThis nog een keer, kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regel:
            O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
            Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

            Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
            Dit zal alles van RVAXO doen verwijderen.

            Verwijder de volgende map:
            C:\Qoobox

            Maak dan je prullenbak leeg.

            Download ATF cleaner (mirror)(gemaakt door Atribune)

            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Ga naar Start - Uitvoeren en geef hier het volgende in:
            Combofix /U
            Druk daarna op OK.
            Let op: Er moet een spatie tussen Combofix en /U zitten.

            Dit zal Combofix deïnstalleren.

            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
            Kijk hier hoe je je systeemherstel moet uitschakelen.
            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

            Dan denk ik dat alles weer OK is
            • Citaat

            Comment

            • #7
              Ik wil je namens mijn schoonvader heel erg bedanken. Er zijn geen problemen meer. De lap top is weer als van ouds
              • Citaat

              Comment

              • #8
                Graag gedaan hoor
                • Citaat

                Comment

                Vorige template Volgende
                Sorry, you are not authorized to view this page
                Working...
                X