Mededeling

Collapse
No announcement yet.

internet popups

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    internet popups

    hier mijn log, ik hab last van spyware ben als bezig met ad-aware en spybot. melding van trojan!!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:13:01, on 22-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\WINDOWS\17PHolmes1188.exe
    C:\Program Files\outlook\outlook.exe
    C:\WINDOWS\system32\ardCo07\ardCo071084.exe
    C:\Program Files\Network Monitor\netmon.exe
    C:\WINDOWS\VG9pbmUgTGVpZGVsbWVpamVy\command.exe
    C:\WINDOWS\17PHolmes1000106.exe
    C:\WINDOWS\17PHolmes1000140.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\b122.exe
    C:\Program Files\WinAble\winable.exe
    C:\Documents and Settings\Toine's computer\Mijn documenten\Hijack THis\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {3156E68C-65C7-45E9-8D0F-A5809B044081} - C:\Program Files\Windows Media Player\meqocaf4444.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: 0 - {DCFD162A-E6B1-4F2F-C6A6-F509685C490D} - C:\Program Files\MSN Gaming Zone\qucavogab.dll
    O2 - BHO: (no name) - {FC1C8B9D-F7B2-4BFC-94B0-2C945C0BC031} - C:\Program Files\Windows Media Player\meqocaf83122.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000140.exe 61A847B5BBF72813329B385776F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
    O4 - HKLM\..\Run: [winlog] winlog.exe
    O4 - HKLM\..\RunServices: [winlog] winlog.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O20 - Winlogon Notify: fccbabb - C:\WINDOWS\SYSTEM32\fccbabb.dll
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VG9pbmUgTGVpZGVsbWVpamVy\command.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
    O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

    --
    End of file - 6053 bytes
    Last edited by Toine123; 22-12-07, 19:01.
    Labels: Geen
    • Citaat
  • #2
    Start HijackThis nog een keer, kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
    O2 - BHO: (no name) - {3156E68C-65C7-45E9-8D0F-A5809B044081} - C:\Program Files\Windows Media Player\meqocaf4444.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: 0 - {DCFD162A-E6B1-4F2F-C6A6-F509685C490D} - C:\Program Files\MSN Gaming Zone\qucavogab.dll
    O2 - BHO: (no name) - {FC1C8B9D-F7B2-4BFC-94B0-2C945C0BC031} - C:\Program Files\Windows Media Player\meqocaf83122.dll
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000140.exe 61A847B5BBF72813329B385776F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
    O4 - HKLM\..\Run: [winlog] winlog.exe
    O4 - HKLM\..\RunServices: [winlog] winlog.exe
    O20 - Winlogon Notify: fccbabb - C:\WINDOWS\SYSTEM32\fccbabb.dll
    Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
    • Citaat

    Comment

    • #3
      hoi Smeek daar ben ik weer, ik denk dat het een gevaarlijk virus was want combofix heeft zofeel verwijdert, maar hier de log:

      RVAXO:
      ----------------RVAXO.exe first run-------------

      Files found:

      C:\WINDOWS\system32\_000003_.tmp.dll
      C:\WINDOWS\system32\_000005_.tmp.dll
      C:\WINDOWS\system32\_000006_.tmp.dll
      C:\WINDOWS\system32\_000007_.tmp.dll
      C:\WINDOWS\system32\_000008_.tmp.dll
      C:\WINDOWS\system32\_000009_.tmp.dll
      C:\WINDOWS\system32\_000010_.tmp.dll
      C:\WINDOWS\system32\_000011_.tmp.dll
      C:\WINDOWS\system32\_000012_.tmp.dll
      C:\WINDOWS\system32\_000013_.tmp.dll
      C:\WINDOWS\system32\mlnmp.ini2
      C:\WINDOWS\system32\vbzip10.dll
      C:\WINDOWS\b122.exe
      C:\WINDOWS\Fonts\svchost.exe
      C:\WINDOWS\Fonts\a.zip
      C:\WINDOWS\Fonts\Setup.exe
      C:\WINDOWS\mrofinu1000106.exe
      C:\WINDOWS\mrofinu1000140.exe
      C:\WINDOWS\mrofinu1188.exe
      C:\WINDOWS\mrofinu1188.exe.tmp
      ----------------RVAXO.exe first run-------------

      Files found:

      C:\WINDOWS\system32\mlnmp.ini2
      C:\WINDOWS\mrofinu1000106.exe
      C:\WINDOWS\mrofinu1000140.exe
      C:\WINDOWS\mrofinu1188.exe
      C:\WINDOWS\mrofinu1188.exe.tmp
      C:\WINDOWS\system32\pac.txt
      C:\WINDOWS\system32\winlogo.exe
      C:\install.exe
      C:\n.bat
      C:\winlogon.exe
      C:\WINDOWS\system32\7995.bat
      C:\z.dat
      C:\x.dat

      Uninstallers Rogue scanners:


      Folders Found:

      C:\Program Files\outlook
      C:\Program Files\Outerinfo
      C:\Program Files\Temporary
      C:\Program Files\WinAble
      C:\Program Files\Inetget2
      C:\Temp\1cb

      Hosts-file was reset, If you use a custom hosts file please replace it...

      Combofix:
      ComboFix 07-12-23.2 - Toine's computer 2007-12-23 16:05:47.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.703 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Toine's computer\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\NetMon
      C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\NetMon\domains.txt
      C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\NetMon\log.txt
      C:\Program Files\Common Files\fnts~1
      C:\Program Files\Common Files\fnts~1\?serinit.exe
      C:\Program Files\Common Files\Yazzle1560OinAdmin.exe
      C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
      C:\Program Files\Windows Media Player\meqocaf4444.dll
      C:\Program Files\Windows Media Player\meqocaf83122.dll
      C:\WINDOWS\b128.exe
      C:\WINDOWS\b151.exe
      C:\WINDOWS\crosof~1
      C:\WINDOWS\crosof~1\??crosoft\
      C:\WINDOWS\crosof~1\javaw .exe
      C:\WINDOWS\crosof~1\javaw.exe
      C:\WINDOWS\system32\fccbabb.dll
      C:\WINDOWS\system32\iifebxy.dll
      C:\WINDOWS\system32\mlnmp.ini
      C:\WINDOWS\system32\mlnmp.ini2
      C:\WINDOWS\system32\pmnlm.dll
      C:\WINDOWS\system32\pskill.exe
      C:\WINDOWS\system32\qflnoa.dll
      C:\WINDOWS\system32\wnsintisv.exe
      C:\WINDOWS\system32\wvutuvw.dll
      C:\WINDOWS\TTC-4444.exe
      C:\WINDOWS\uninstall_nmon.vbs
      C:\WINDOWS\Fonts\'

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

      .
      -------\LEGACY_CMDSERVICE
      -------\LEGACY_NETWORK_MONITOR


      (((((((((((((((((((( Bestanden Gemaakt van 2007-11-23 to 2007-12-23 ))))))))))))))))))))))))))))))
      .

      2007-12-23 16:23 . 2007-12-23 16:23 323,072 --------- C:\WINDOWS\system32\pmnlm.dll
      2007-12-23 15:49 . 2007-12-23 15:49 106,189 --a------ C:\RVAXO.reg
      2007-12-23 15:47 . 2007-12-23 15:52 <DIR> d-------- C:\RVAXO
      2007-12-23 10:38 . 2007-12-23 10:21 560,714 --a------ C:\WINDOWS\system32\RVAXO.bat
      2007-12-23 10:38 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
      2007-12-23 10:38 . 2007-12-13 16:46 7,048 --a------ C:\WINDOWS\system32\fixp.bat
      2007-12-23 10:33 . 2007-12-23 15:53 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
      2007-12-22 19:22 . 2007-12-22 19:22 <DIR> d-------- C:\Program Files\Lavasoft
      2007-12-22 19:22 . 2007-12-22 19:22 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
      2007-12-22 19:21 . 2007-12-22 19:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2007-12-22 19:13 . 2007-12-23 16:23 326,656 --a------ C:\WINDOWS\system32\pmnlm.exe
      2007-12-22 19:09 . 2007-12-23 10:32 <DIR> d--hs---- C:\WINDOWS\VG9pbmUgTGVpZGVsbWVpamVy
      2007-12-22 19:09 . 2007-12-22 19:09 <DIR> d-------- C:\WINDOWS\system32\wdr
      2007-12-22 19:09 . 2007-12-22 19:49 <DIR> d-------- C:\WINDOWS\system32\rf1
      2007-12-22 19:09 . 2007-12-22 19:09 <DIR> d-------- C:\WINDOWS\system32\ey2
      2007-12-22 19:09 . 2007-12-22 19:09 <DIR> d-------- C:\WINDOWS\system32\ardCo07
      2007-12-22 19:09 . 2007-12-22 19:09 <DIR> d-------- C:\temp\cEeer12
      2007-12-22 18:52 . 2007-12-22 18:52 <DIR> d-------- C:\Documents and Settings\Toine's computer\Incomplete
      2007-12-22 18:52 . 2007-12-22 19:10 <DIR> d-------- C:\Documents and Settings\Toine's computer\Application Data\LimeWirePlus
      2007-12-21 19:30 . 2007-12-22 10:01 24 --a------ C:\WINDOWS\LogonStudio.ini
      2007-12-21 19:29 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
      2007-12-20 19:01 . 2007-12-20 19:01 <DIR> d-------- C:\Program Files\Windows Live
      2007-12-20 19:01 . 2003-11-10 20:20 266,240 --a------ C:\WINDOWS\system32\hpdj3600
      2007-12-17 19:06 . 2007-12-17 19:06 <DIR> d-------- C:\Program Files\HP
      2007-12-17 19:06 . 2007-12-21 17:03 <DIR> d-------- C:\Program Files\Hewlett-Packard
      2007-12-17 19:06 . 2007-12-17 19:06 <DIR> d-------- C:\Program Files\3600
      2007-12-17 18:53 . 2007-12-17 18:58 48,134 --a------ C:\WINDOWS\hpdj3600.hi2
      2007-12-17 18:53 . 2007-12-17 18:58 4,629 --a------ C:\WINDOWS\hpdj3600.bu2
      2007-12-17 14:03 . 2007-12-17 14:03 <DIR> d-------- C:\Program Files\MSXML 4.0
      2007-12-17 13:57 . 1998-10-09 15:36 327,168 --a------ C:\WINDOWS\IsUn0413.exe
      2007-12-16 15:37 . 2007-12-16 15:37 <DIR> dr------- C:\Documents and Settings\Toine's computer\Menu Start
      2007-12-16 11:41 . 2003-09-24 09:43 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
      2007-12-16 11:41 . 2003-09-24 09:43 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
      2007-12-16 11:41 . 2003-09-24 09:43 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
      2007-12-16 11:41 . 2003-09-24 09:44 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll
      2007-12-16 11:41 . 2003-09-24 09:44 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
      2007-12-16 11:36 . 2007-12-21 16:58 212,637 --a------ C:\WINDOWS\hpdj3600.hi1
      2007-12-16 11:36 . 2007-12-21 16:58 9,402 --a------ C:\WINDOWS\hpdj3600.bu1
      2007-12-16 11:35 . 2003-11-10 20:20 266,240 --a------ C:\WINDOWS\system32\hpdj
      2007-12-16 11:25 . 2007-12-16 11:25 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
      2007-12-16 11:19 . 2007-12-21 17:04 195,074 --a------ C:\WINDOWS\hpdj3600.his
      2007-12-16 11:19 . 2007-12-21 17:04 10,541 --a------ C:\WINDOWS\hpdj3600.ini
      2007-12-15 10:04 . 2007-12-15 10:04 <DIR> d-------- C:\WINDOWS\system32\VIRepair
      2007-12-14 17:09 . 2007-12-23 15:55 <DIR> d---s---- C:\Documents and Settings\Toine's computer\Onlangs geopend
      2007-12-14 16:44 . 2007-12-14 16:44 <DIR> d-------- C:\Documents and Settings\Toine's computer\Application Data\Styler
      2007-12-14 16:40 . 2007-12-15 10:05 <DIR> d-------- C:\WINDOWS\system32\VITrans
      2007-12-14 16:40 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
      2007-12-14 16:40 . 2007-12-14 16:40 78,942 --a------ C:\WINDOWS\Icon_1.ico
      2007-12-14 16:40 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe
      2007-12-14 16:40 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
      2007-12-13 17:37 . 2007-12-14 16:46 <DIR> d-------- C:\Documents and Settings\Toine's computer\Application Data\ViStart
      2007-12-13 16:17 . 2007-12-13 17:41 <DIR> d-------- C:\VAIO
      2007-12-10 15:20 . 2007-12-10 15:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SwiftSwitch
      2007-12-10 15:19 . 2007-12-22 18:52 <DIR> d-------- C:\Games
      2007-12-08 17:03 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
      2007-12-08 17:03 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
      2007-12-08 17:03 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
      2007-12-08 12:45 . 2007-12-14 17:13 292 --a------ C:\WINDOWS\system\cmicnfg.ini
      2007-12-07 21:38 . 2007-12-16 15:37 <DIR> d-------- C:\Documents and Settings\Toine's computer\Contacts
      2007-12-07 21:27 . 2007-12-07 21:27 <DIR> d-------- C:\Documents and Settings\Toine's computer\Application Data\Lavasoft
      2007-12-07 21:18 . 2007-12-07 21:21 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
      2007-12-07 21:18 . 2007-12-07 21:18 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
      2007-12-07 21:15 . 2007-12-07 21:15 232 --ah----- C:\sqmdata19.sqm
      2007-12-07 21:15 . 2007-12-07 21:15 232 --ah----- C:\sqmdata18.sqm
      2007-12-07 21:15 . 2007-12-07 21:15 232 --ah----- C:\sqmdata17.sqm
      2007-12-07 21:15 . 2007-12-07 21:15 232 --ah----- C:\sqmdata16.sqm
      2007-12-07 21:15 . 2007-12-07 21:15 232 --ah----- C:\sqmdata15.sqm
      2007-12-07 21:15 . 2007-12-07 21:15 232 --ah----- C:\sqmdata14.sqm
      2007-12-07 21:15 . 2007-12-07 21:15 232 --ah----- C:\sqmdata13.sqm
      2007-12-07 21:06 . 2007-12-07 21:06 244 --ah----- C:\sqmnoopt15.sqm
      2007-12-07 21:06 . 2007-12-07 21:06 232 --ah----- C:\sqmdata03.sqm
      2007-12-07 20:45 . 2004-08-04 10:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
      2007-12-07 20:44 . 2007-12-07 21:38 268 --ah----- C:\sqmdata01.sqm
      2007-12-07 20:44 . 2007-12-07 20:44 244 --ah----- C:\sqmnoopt14.sqm
      2007-12-07 20:44 . 2007-12-07 21:38 244 --ah----- C:\sqmnoopt13.sqm
      2007-12-07 20:44 . 2007-12-07 20:44 232 --ah----- C:\sqmdata02.sqm
      2007-12-07 20:43 . 2006-08-21 10:14 128,896 --a--c--- C:\WINDOWS\system32\dllcache\SETD7.tmp
      2007-12-07 20:43 . 2006-08-21 10:14 23,040 --a------ C:\WINDOWS\system32\SETD5.tmp
      2007-12-07 20:43 . 2006-08-21 10:14 23,040 --a--c--- C:\WINDOWS\system32\dllcache\SETD8.tmp
      2007-12-07 20:43 . 2006-08-21 13:28 16,896 --a------ C:\WINDOWS\system32\SETD6.tmp
      2007-12-07 20:43 . 2006-08-21 13:28 16,896 --a--c--- C:\WINDOWS\system32\dllcache\SETD9.tmp
      2007-12-07 20:42 . 2007-12-07 21:16 244 --ah----- C:\sqmnoopt12.sqm
      2007-12-07 20:42 . 2007-12-07 21:16 232 --ah----- C:\sqmdata00.sqm
      2007-12-07 20:19 . 2007-12-07 20:19 <DIR> d-------- C:\Program Files\Java
      2007-12-07 20:19 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
      2007-12-07 20:14 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
      2007-12-07 20:14 . 2001-08-17 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
      2007-12-07 20:13 . 2004-08-04 02:03 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
      2007-12-07 20:13 . 2004-08-04 02:03 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
      2007-12-07 20:13 . 2004-08-04 01:54 701,440 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
      2007-12-07 20:13 . 2004-08-04 02:03 516,768 --a------ C:\WINDOWS\system32\ativvaxx.dll
      2007-12-07 20:13 . 2004-08-04 02:03 229,376 --a------ C:\WINDOWS\system32\ati2cqag.dll
      2007-12-07 20:13 . 2004-08-04 02:03 201,728 --a------ C:\WINDOWS\system32\ati2dvag.dll
      2007-12-07 20:13 . 2004-08-04 01:54 57,856 --a------ C:\WINDOWS\system32\drivers\redbook.sys
      2007-12-07 20:12 . 2004-08-04 02:03 76,288 --a------ C:\WINDOWS\system32\usbui.dll
      2007-12-07 20:12 . 2004-08-04 00:07 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS
      2007-12-07 20:12 . 2001-08-17 21:13 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
      2007-12-07 20:12 . 2004-08-04 00:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
      2007-12-07 20:09 . 2007-12-07 19:20 <DIR> d--h----- C:\Documents and Settings\Default User.WINDOWS\Sjablonen
      2007-12-07 20:09 . 2007-12-07 20:09 <DIR> d--h----- C:\Documents and Settings\Default User.WINDOWS\Onlangs geopend

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2007-12-23 09:33 278,541 ----a-w C:\WINDOWS\Fonts\svchost .exe
      2007-12-22 09:02 8,502,272 ----a-w C:\WINDOWS\system32\logonuiX.exe
      2007-12-16 12:48 --------- d-----w C:\Program Files\Windows Media Connect 2
      2007-12-05 15:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2007-11-15 19:46 --------- d-----w C:\Program Files\totalcmd
      2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
      2007-11-08 19:55 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
      2007-10-31 15:42 --------- d-----w C:\Program Files\Common Files\GraphBoard 2.50
      2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
      2007-10-29 14:58 --------- d-----w C:\Program Files\Common Files\Java
      2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
      2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
      2005-07-29 15:24 472 --sha-r C:\WINDOWS\VG9pbmUgTGVpZGVsbWVpamVy\p36DvAo0n3pDt3pPvqpDuApV.vbs
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76CD0D8C-9F12-4931-AEFD-B2FF9486EB5B}]
      2007-12-23 16:23 323072 --------- C:\WINDOWS\system32\pmnlm.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-12-23 16:06]
      "Tunc"="C:\WINDOWS\CROSOF~1\javaw.exe"
      "Ryfmko"="C:\Program Files\Common Files\F?nts\?serinit.exe"

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Cmaudio"="RunDll32 cmicnfg.cpl"
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-12-23 15:52]
      "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2007-12-23 15:52]
      "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2007-12-23 15:52]
      "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2007-12-23 15:52]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
      "UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

      [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
      "load"=C:\WINDOWS\system32\pmnlm.exe

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\pmnlm


      .
      **************************************************************************

      catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2007-12-23 16:23:56
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      C:\WINDOWS\system32\mlnmp.ini 6516 bytes

      Scan succesvol afgerond
      verborgen bestanden: 1

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
      -> C:\WINDOWS\system32\pmnlm.dll
      .
      Voltooingstijd: 2007-12-23 16:25:51 - machine was rebooted
      .
      2007-12-17 13:03:58 --- E O F ---

      Hijackthis (doe ik even want ik denk at je dat wel handig vind):

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:30:57, on 23-12-2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\HP\hpcoretech\hpcmpmgr .exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd .exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09 .exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\internet explorer\iexplore.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Documents and Settings\Toine's computer\Mijn documenten\Hijack THis\HiJackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      F3 - REG:win.ini: load=C:\WINDOWS\system32\pmnlm.exe
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
      O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Tunc] "C:\WINDOWS\CROSOF~1\javaw.exe" -vt yazb
      O4 - HKCU\..\Run: [Ryfmko] "C:\Program Files\Common Files\F?nts\?serinit.exe"
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
      O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

      --
      End of file - 4613 bytes

      tanx Geen pop ups meer en
      PC is veel sneller!! mischien zie je nog fouten
      • Citaat

      Comment

      • #4
        SMeek nog even een vraagje, ik heb sinds ik ad-aware heb geïstalleerd allemaal vaage bestandjes als ik op C schijf klik, ze zijn ook doorschijnend:

        zie hier:
        Click image for larger version Name: naamloos.JPG Views: 1 Size: 66,0 KB ID: 1059308
        • Citaat

        Comment

        • #5
          Download de bijlage: CFScript.txt

          Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



          Dit zal ComboFix doen herstarten.
          Start opnieuw op als daarom gevraagd wordt,
          en post de inhoud van de Combofix.txt in je volgende antwoord.
          Bijgevoegde Bestanden
          • Citaat

          Comment

          • #6
            hier het logje, combofix was snel klaar!

            ComboFix 07-12-23.2 - Toine's computer 2007-12-23 18:39:01.2 - NTFSx86
            Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.669 [GMT 1:00]
            Gestart vanuit: C:\Documents and Settings\Toine's computer\Bureaublad\ComboFix.exe
            Command switches used :: C:\Documents and Settings\Toine's computer\Bureaublad\cfscript.txt
            * Nieuw herstelpunt werd aangemaakt

            FILE
            C:\WINDOWS\Fonts\svchost .exe
            C:\WINDOWS\system32\fixp.bat
            C:\WINDOWS\system32\mlnmp.ini
            C:\WINDOWS\system32\modifype.exe
            C:\WINDOWS\system32\pmnlm.dll
            C:\WINDOWS\system32\pmnlm.exe
            C:\WINDOWS\system32\reico.exe
            C:\WINDOWS\system32\Uharc.exe
            .

            (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            C:\rvaxo
            C:\rvaxo\install.exe
            C:\rvaxo\n.bat
            C:\rvaxo\pac.txt
            C:\rvaxo\ssodl.reg
            C:\rvaxo\sts.reg
            C:\rvaxo\winlogo.exe
            C:\rvaxo\winlogon.dat
            C:\rvaxo\x.dat
            C:\rvaxo\z.dat
            C:\temp\cEeer12
            C:\temp\cEeer12\skAt.log
            C:\WINDOWS\Fonts\svchost .exe
            C:\WINDOWS\system32\ardCo07
            C:\WINDOWS\system32\ardCo07\ardCo071084.exe
            C:\WINDOWS\system32\ey2
            C:\WINDOWS\system32\ey2\parreo83122.exe
            C:\WINDOWS\system32\fixp.bat
            C:\WINDOWS\system32\mlnmp.ini
            C:\WINDOWS\system32\mlnmp.ini2
            C:\WINDOWS\system32\modifype.exe
            C:\WINDOWS\system32\pmnlm.dll
            C:\WINDOWS\system32\pmnlm.exe
            C:\WINDOWS\system32\reico.exe
            C:\WINDOWS\system32\rf1
            C:\WINDOWS\system32\Uharc.exe
            C:\WINDOWS\system32\wdr
            C:\WINDOWS\system32\wdr\brop22drvr.exe
            C:\WINDOWS\VG9pbmUgTGVpZGVsbWVpamVy
            C:\WINDOWS\VG9pbmUgTGVpZGVsbWVpamVy\p36DvAo0n3pDt3pPvqpDuApV.vbs

            .
            (((((((((((((((((((( Bestanden Gemaakt van 2007-11-23 to 2007-12-23 ))))))))))))))))))))))))))))))
            .

            2007-12-23 15:49 . 2007-12-23 15:49 106,189 --a------ C:\RVAXO.reg
            2007-12-23 10:38 . 2007-12-23 10:21 560,714 --a------ C:\WINDOWS\system32\RVAXO.bat
            2007-12-23 10:38 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
            2007-12-23 10:33 . 2007-12-23 15:53 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
            2007-12-22 19:22 . 2007-12-22 19:22 <DIR> d-------- C:\Program Files\Lavasoft
            2007-12-22 19:22 . 2007-12-22 19:22 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
            2007-12-22 19:21 . 2007-12-22 19:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
            2007-12-22 18:52 . 2007-12-22 18:52 <DIR> d-------- C:\Documents and Settings\Toine's computer\Incomplete
            2007-12-22 18:52 . 2007-12-23 17:39 <DIR> d-------- C:\Documents and Settings\Toine's computer\Application Data\LimeWirePlus
            2007-12-21 19:30 . 2007-12-22 10:01 24 --a------ C:\WINDOWS\LogonStudio.ini
            2007-12-21 19:29 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
            2007-12-20 19:01 . 2007-12-20 19:01 <DIR> d-------- C:\Program Files\Windows Live
            2007-12-20 19:01 . 2003-11-10 20:20 266,240 --a------ C:\WINDOWS\system32\hpdj3600
            2007-12-17 19:06 . 2007-12-17 19:06 <DIR> d-------- C:\Program Files\HP
            2007-12-17 19:06 . 2007-12-21 17:03 <DIR> d-------- C:\Program Files\Hewlett-Packard
            2007-12-17 19:06 . 2007-12-17 19:06 <DIR> d-------- C:\Program Files\3600
            2007-12-17 18:53 . 2007-12-17 18:58 48,134 --a------ C:\WINDOWS\hpdj3600.hi2
            2007-12-17 18:53 . 2007-12-17 18:58 4,629 --a------ C:\WINDOWS\hpdj3600.bu2
            2007-12-17 14:03 . 2007-12-17 14:03 <DIR> d-------- C:\Program Files\MSXML 4.0
            2007-12-17 13:57 . 1998-10-09 15:36 327,168 --a------ C:\WINDOWS\IsUn0413.exe
            2007-12-16 15:37 . 2007-12-16 15:37 <DIR> dr------- C:\Documents and Settings\Toine's computer\Menu Start
            2007-12-16 11:41 . 2003-09-24 09:43 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
            2007-12-16 11:41 . 2003-09-24 09:43 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
            2007-12-16 11:41 . 2003-09-24 09:43 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
            2007-12-16 11:41 . 2003-09-24 09:44 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll
            2007-12-16 11:41 . 2003-09-24 09:44 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
            2007-12-16 11:36 . 2007-12-21 16:58 212,637 --a------ C:\WINDOWS\hpdj3600.hi1
            2007-12-16 11:36 . 2007-12-21 16:58 9,402 --a------ C:\WINDOWS\hpdj3600.bu1
            2007-12-16 11:35 . 2003-11-10 20:20 266,240 --a------ C:\WINDOWS\system32\hpdj
            2007-12-16 11:25 . 2007-12-16 11:25 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
            2007-12-16 11:19 . 2007-12-21 17:04 195,074 --a------ C:\WINDOWS\hpdj3600.his
            2007-12-16 11:19 . 2007-12-21 17:04 10,541 --a------ C:\WINDOWS\hpdj3600.ini
            2007-12-15 10:04 . 2007-12-15 10:04 <DIR> d-------- C:\WINDOWS\system32\VIRepair
            2007-12-14 17:09 . 2007-12-23 18:37 <DIR> d---s---- C:\Documents and Settings\Toine's computer\Onlangs geopend
            2007-12-14 16:44 . 2007-12-14 16:44 <DIR> d-------- C:\Documents and Settings\Toine's computer\Application Data\Styler
            2007-12-14 16:40 . 2007-12-15 10:05 <DIR> d-------- C:\WINDOWS\system32\VITrans
            2007-12-14 16:40 . 2007-12-14 16:40 78,942 --a------ C:\WINDOWS\Icon_1.ico
            2007-12-13 17:37 . 2007-12-14 16:46 <DIR> d-------- C:\Documents and Settings\Toine's computer\Application Data\ViStart
            2007-12-13 16:17 . 2007-12-13 17:41 <DIR> d-------- C:\VAIO
            2007-12-10 15:20 . 2007-12-10 15:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SwiftSwitch
            2007-12-10 15:19 . 2007-12-22 18:52 <DIR> d-------- C:\Games
            2007-12-08 17:03 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
            2007-12-08 17:03 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
            2007-12-08 17:03 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
            2007-12-08 12:45 . 2007-12-14 17:13 292 --a------ C:\WINDOWS\system\cmicnfg.ini
            2007-12-07 21:38 . 2007-12-16 15:37 <DIR> d-------- C:\Documents and Settings\Toine's computer\Contacts
            2007-12-07 21:27 . 2007-12-07 21:27 <DIR> d-------- C:\Documents and Settings\Toine's computer\Application Data\Lavasoft
            2007-12-07 21:18 . 2007-12-07 21:21 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
            2007-12-07 21:18 . 2007-12-07 21:18 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
            2007-12-07 21:15 . 2007-12-07 21:15 232 --ah----- C:\sqmdata19.sqm
            2007-12-07 21:15 . 2007-12-07 21:15 232 --ah----- C:\sqmdata18.sqm
            2007-12-07 21:15 . 2007-12-07 21:15 232 --ah----- C:\sqmdata17.sqm
            2007-12-07 21:15 . 2007-12-07 21:15 232 --ah----- C:\sqmdata16.sqm
            2007-12-07 21:15 . 2007-12-07 21:15 232 --ah----- C:\sqmdata15.sqm
            2007-12-07 21:15 . 2007-12-07 21:15 232 --ah----- C:\sqmdata14.sqm
            2007-12-07 21:15 . 2007-12-07 21:15 232 --ah----- C:\sqmdata13.sqm
            2007-12-07 21:06 . 2007-12-07 21:06 244 --ah----- C:\sqmnoopt15.sqm
            2007-12-07 21:06 . 2007-12-07 21:06 232 --ah----- C:\sqmdata03.sqm
            2007-12-07 20:45 . 2004-08-04 10:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
            2007-12-07 20:44 . 2007-12-07 21:38 268 --ah----- C:\sqmdata01.sqm
            2007-12-07 20:44 . 2007-12-07 20:44 244 --ah----- C:\sqmnoopt14.sqm
            2007-12-07 20:44 . 2007-12-07 21:38 244 --ah----- C:\sqmnoopt13.sqm
            2007-12-07 20:44 . 2007-12-07 20:44 232 --ah----- C:\sqmdata02.sqm
            2007-12-07 20:43 . 2006-08-21 10:14 128,896 --a--c--- C:\WINDOWS\system32\dllcache\SETD7.tmp
            2007-12-07 20:43 . 2006-08-21 10:14 23,040 --a------ C:\WINDOWS\system32\SETD5.tmp
            2007-12-07 20:43 . 2006-08-21 10:14 23,040 --a--c--- C:\WINDOWS\system32\dllcache\SETD8.tmp
            2007-12-07 20:43 . 2006-08-21 13:28 16,896 --a------ C:\WINDOWS\system32\SETD6.tmp
            2007-12-07 20:43 . 2006-08-21 13:28 16,896 --a--c--- C:\WINDOWS\system32\dllcache\SETD9.tmp
            2007-12-07 20:42 . 2007-12-07 21:16 244 --ah----- C:\sqmnoopt12.sqm
            2007-12-07 20:42 . 2007-12-07 21:16 232 --ah----- C:\sqmdata00.sqm
            2007-12-07 20:19 . 2007-12-07 20:19 <DIR> d-------- C:\Program Files\Java
            2007-12-07 20:19 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
            2007-12-07 20:14 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
            2007-12-07 20:14 . 2001-08-17 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
            2007-12-07 20:13 . 2004-08-04 02:03 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
            2007-12-07 20:13 . 2004-08-04 02:03 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
            2007-12-07 20:13 . 2004-08-04 01:54 701,440 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
            2007-12-07 20:13 . 2004-08-04 02:03 516,768 --a------ C:\WINDOWS\system32\ativvaxx.dll
            2007-12-07 20:13 . 2004-08-04 02:03 229,376 --a------ C:\WINDOWS\system32\ati2cqag.dll
            2007-12-07 20:13 . 2004-08-04 02:03 201,728 --a------ C:\WINDOWS\system32\ati2dvag.dll
            2007-12-07 20:13 . 2004-08-04 01:54 57,856 --a------ C:\WINDOWS\system32\drivers\redbook.sys
            2007-12-07 20:12 . 2004-08-04 02:03 76,288 --a------ C:\WINDOWS\system32\usbui.dll
            2007-12-07 20:12 . 2004-08-04 00:07 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS
            2007-12-07 20:12 . 2001-08-17 21:13 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
            2007-12-07 20:12 . 2004-08-04 00:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
            2007-12-07 20:09 . 2007-12-07 19:20 <DIR> d--h----- C:\Documents and Settings\Default User.WINDOWS\Sjablonen
            2007-12-07 20:09 . 2007-12-07 20:09 <DIR> d--h----- C:\Documents and Settings\Default User.WINDOWS\Onlangs geopend
            2007-12-07 20:09 . 2007-12-07 20:09 <DIR> d--h----- C:\Documents and Settings\Default User.WINDOWS\Netwerkprinteromgeving
            2007-12-07 20:09 . 2007-12-07 20:09 <DIR> d-------- C:\Documents and Settings\Default User.WINDOWS\Mijn documenten
            2007-12-07 20:09 . 2007-12-07 20:09 <DIR> dr------- C:\Documents and Settings\Default User.WINDOWS\Menu Start
            2007-12-07 20:09 . 2007-12-07 20:09 <DIR> d-------- C:\Documents and Settings\Default User.WINDOWS\Favorieten
            2007-12-07 20:09 . 2007-12-07 20:09 <DIR> d-------- C:\Documents and Settings\Default User.WINDOWS\Bureaublad
            2007-12-07 20:09 . 2007-12-07 20:09 <DIR> d--h----- C:\Documents and Settings\All Users.WINDOWS\Sjablonen
            2007-12-07 20:09 . 2007-12-14 16:55 <DIR> dr------- C:\Documents and Settings\All Users.WINDOWS\Menu Start
            2007-12-07 20:09 . 2007-12-07 20:09 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Favorieten
            2007-12-07 20:09 . 2007-12-07 19:22 <DIR> dr------- C:\Documents and Settings\All Users.WINDOWS\Documenten
            2007-12-07 20:09 . 2007-12-23 16:40 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Bureaublad
            2007-12-07 20:09 . 2004-08-04 00:51 1,896,400 --a--c--- C:\WINDOWS\system32\dllcache\NT5.CAT
            2007-12-07 20:08 . 2007-12-07 19:29 623 --a------ C:\WINDOWS\system32\$winnt$.inf
            2007-12-07 19:56 . 2007-10-25 17:44 8,507,392 --------- C:\WINDOWS\system32\SET22A.tmp

            .
            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2007-12-22 09:02 8,502,272 ----a-w C:\WINDOWS\system32\logonuiX.exe
            2007-12-16 12:48 --------- d-----w C:\Program Files\Windows Media Connect 2
            2007-12-05 15:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
            2007-11-15 19:46 --------- d-----w C:\Program Files\totalcmd
            2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
            2007-11-08 19:55 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
            2007-10-31 15:42 --------- d-----w C:\Program Files\Common Files\GraphBoard 2.50
            2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
            2007-10-29 14:58 --------- d-----w C:\Program Files\Common Files\Java
            2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
            2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
            .

            ((((((((((((((((((((((((((((( [email protected]_16.24.40.85 )))))))))))))))))))))))))))))))))))))))))
            .
            - 2007-12-23 15:23:28 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09 .exe
            + 2007-12-23 17:42:37 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09 .exe
            - 2007-12-23 14:52:55 504,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
            + 2007-12-23 17:39:11 504,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
            .
            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            REGEDIT4
            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03]
            "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-12-23 18:39]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "Cmaudio"="RunDll32 cmicnfg.cpl"
            "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-12-23 15:52]
            "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2007-12-23 18:39]
            "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2007-12-23 15:52]
            "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2007-12-23 15:52]

            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
            "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
            "UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

            [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
            Authentication Packages REG_MULTI_SZ msv1_0 C:\\WINDOWS\\system32\\pmnlm


            .
            **************************************************************************

            catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2007-12-23 18:42:51
            Windows 5.1.2600 Service Pack 2 NTFS

            scannen van verborgen processen ...

            scannen van verborgen autostart items ...

            scannen van verborgen bestanden ...

            Scan succesvol afgerond
            verborgen bestanden: 0

            **************************************************************************
            .
            Voltooingstijd: 2007-12-23 18:43:38 - machine was rebooted
            C:\ComboFix2.txt ... 2007-12-23 16:25
            .
            2007-12-17 13:03:58 --- E O F ---
            • Citaat

            Comment

            • #7
              Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
              Dit zal alles van RVAXO doen verwijderen.

              Verwijder de volgende map:
              C:\Qoobox

              Maak dan je prullenbak leeg.

              Download ATF cleaner (mirror)(gemaakt door Atribune)

              Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

              Dubbelklik op ATF cleaner om het programma te starten.
              Op het tabblad "Main", plaats je een vinkje bij Select All.
              Klik op de knop Empty Selected.

              Het volgende doen als je ook FireFox als browser hebt:
              Klik op tabblad "Firefox", plaats een vinkje bij Select All.
              Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
              (dit haalt het vinkje weer weg bij "Firefox saved passwords")
              Klik op de knop Empty Selected.

              Het volgende doen als je ook Opera als browser hebt:
              Klik op tabblad "Opera", plaats een vinkje bij Select All.
              Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
              Klik op de knop Empty Selected.
              Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

              Ga naar Start - Uitvoeren en geef hier het volgende in:
              Combofix /U
              Druk daarna op OK.
              Let op: Er moet een spatie tussen Combofix en /U zitten.

              Dit zal Combofix deïnstalleren.

              Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
              Kijk hier hoe je je systeemherstel moet uitschakelen.
              Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

              Post als laatste nog een nieuw logje van Hijackthis ter controle
              • Citaat

              Comment

              • #8
                Logfile of Trend Micro HijackThis v2.0.2
                Scan saved at 19:33:58, on 23-12-2007
                Platform: Windows XP SP2 (WinNT 5.01.2600)
                MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                Boot mode: Normal

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                C:\WINDOWS\system32\spoolsv.exe
                C:\WINDOWS\Explorer.EXE
                C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
                C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
                C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
                C:\WINDOWS\system32\ctfmon.exe
                C:\Program Files\HP\hpcoretech\hpcmpmgr .exe
                C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09 .exe
                C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
                C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd .exe
                C:\WINDOWS\system32\rundll32.exe
                C:\Documents and Settings\Toine's computer\Mijn documenten\Hijack THis\HiJackThis.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                F3 - REG:win.ini: load=C:\WINDOWS\system32\pmnlm.exe
                O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
                O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
                O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
                O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
                O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
                O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
                O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
                O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

                --
                End of file - 4340 bytes

                tanx, er zijn geen problemen meer

                ik had alvast dezeverwijderingen gedaan:
                • O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
                  O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
                • Citaat

                Comment

                • #9
                  Graag gedaan hoor

                  Installeer wel een virusscanner, zonder ben je zo weer besmet.
                  Update deze virusscanner meteen en laat hem een volledige systeemscan doen.
                  Laat alles verwijderen dat gevonden wordt
                  • Citaat

                  Comment

                  • #10
                    oke zal ik doen
                    • Citaat

                    Comment

                    Vorige template Volgende
                    Sorry, you are not authorized to view this page
                    Working...
                    X