Mededeling

Collapse
No announcement yet.

essa voce precisa VER

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    essa voce precisa VER

    Open een spaanstalige mail en vervolgens is mijnhele adressenbestand geinfecteerd, hoe kom ik van deze worm af??

    Logfile of HijackThis v1.99.1
    Scan saved at 13:18:03, on 27-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20696)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\soundman.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\Media\LTaskup.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Lea\Mijn documenten\Mijn ontvangen bestanden\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ati.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLime.dll
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLime.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: LimewirePlus Toolbar - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLime.dll
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SoundMan] soundman.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [wTask] C:\WINDOWS\Media\LTaskup.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://www.hyves.nl/cab/outlookaddressbook.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195682105256
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    Labels: Geen
    • Citaat
  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
    • Citaat

    Comment

    • #3
      essa voce precisa VER

      probeer nu de logfiles te sturen
      ComboFix 07-12-27.1 - Lea 2007-12-27 13:48:16.1 - NTFSx86
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.228 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Lea\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      D:\Autorun.inf

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2007-11-27 to 2007-12-27 ))))))))))))))))))))))))))))))
      .

      2007-12-27 13:40 . 2007-12-27 13:40 <DIR> d-------- C:\RVAXO
      2007-12-27 13:37 . 2007-12-27 12:15 572,339 --a------ C:\WINDOWS\system32\RVAXO.bat
      2007-12-27 13:37 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
      2007-12-27 11:30 . 2007-12-27 13:19 <DIR> dr-h----- C:\Documents and Settings\Lea\Onlangs geopend
      2007-12-17 20:17 . 2007-12-17 20:17 <DIR> dr-h----- C:\Documents and Settings\Erwin\Onlangs geopend
      2007-12-15 22:48 . 2007-12-15 22:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SpinTop Games
      2007-12-15 21:15 . 2007-12-15 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
      2007-12-11 23:30 . 2007-12-11 23:30 <DIR> dr-h----- C:\Documents and Settings\Sara\Onlangs geopend
      2007-12-11 23:30 . 2007-12-11 23:30 268 --ah----- C:\sqmdata19.sqm
      2007-12-11 23:26 . 2007-12-11 23:26 268 --ah----- C:\sqmdata18.sqm
      2007-12-11 23:26 . 2007-12-11 23:26 244 --ah----- C:\sqmnoopt19.sqm
      2007-12-11 23:19 . 2007-12-11 23:19 268 --ah----- C:\sqmdata17.sqm
      2007-12-11 23:19 . 2007-12-11 23:19 244 --ah----- C:\sqmnoopt18.sqm
      2007-12-11 22:08 . 2007-12-11 22:08 268 --ah----- C:\sqmdata16.sqm
      2007-12-11 22:08 . 2007-12-11 22:08 244 --ah----- C:\sqmnoopt17.sqm
      2007-12-08 19:52 . 2007-12-08 19:52 <DIR> dr-h----- C:\Documents and Settings\Amber\Onlangs geopend
      2007-12-07 19:47 . 2007-12-07 19:47 <DIR> d-------- C:\WINDOWS\Sun
      2007-12-07 19:40 . 2007-12-07 19:40 268 --ah----- C:\sqmdata15.sqm
      2007-12-07 19:40 . 2007-12-07 19:40 244 --ah----- C:\sqmnoopt16.sqm
      2007-12-06 22:34 . 2007-12-06 22:34 244 --ah----- C:\sqmnoopt15.sqm
      2007-12-06 19:52 . 2007-12-06 19:52 <DIR> d-------- C:\Documents and Settings\Sara\Application Data\Apple Computer
      2007-12-06 18:41 . 2007-12-06 18:41 <DIR> d-------- C:\Documents and Settings\Lea\Application Data\Apple Computer
      2007-12-06 18:41 . 2002-10-28 15:11 86,016 --a------ C:\WINDOWS\unvise32qt.exe
      2007-12-06 18:40 . 2007-12-06 18:41 <DIR> d-------- C:\WINDOWS\system32\QuickTime
      2007-12-06 18:40 . 2007-12-06 18:41 <DIR> d-------- C:\Program Files\QuickTime
      2007-12-06 18:40 . 2007-12-06 18:40 <DIR> d-------- C:\Program Files\iTunes
      2007-12-06 18:40 . 2007-12-06 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
      2007-12-06 18:40 . 2007-12-06 18:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
      2007-12-06 18:39 . 2007-12-06 22:06 <DIR> d-------- C:\WINDOWS\Downloaded Installations
      2007-12-06 18:37 . 2007-12-06 22:03 <DIR> d-------- C:\Program Files\iPod
      2007-12-06 18:22 . 2007-12-06 18:22 268 --ah----- C:\sqmdata14.sqm
      2007-12-06 18:22 . 2007-12-06 18:22 244 --ah----- C:\sqmnoopt14.sqm
      2007-12-04 09:43 . 2004-08-04 01:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
      2007-12-04 09:43 . 2001-09-06 21:27 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
      2007-12-03 21:50 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
      2007-12-03 20:24 . 2007-12-03 20:24 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
      2007-12-03 20:24 . 2003-12-11 11:15 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
      2007-12-03 20:24 . 2003-12-11 11:15 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
      2007-12-03 20:24 . 2003-12-11 11:15 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
      2007-12-03 20:24 . 2003-12-11 11:15 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
      2007-12-03 20:19 . 2007-12-03 20:19 <DIR> d-------- C:\Program Files\Common Files\HP
      2007-12-03 20:19 . 2007-12-03 20:19 43,488 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
      2007-12-03 20:13 . 2004-01-05 11:44 51,056 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys
      2007-12-03 20:13 . 2004-01-05 11:44 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
      2007-12-03 20:12 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
      2007-12-03 20:12 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
      2007-12-03 20:12 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
      2007-12-03 20:12 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
      2007-12-03 20:12 . 2004-01-05 11:44 21,488 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
      2007-12-03 20:12 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
      2007-12-03 20:12 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
      2007-12-03 19:50 . 2004-01-05 11:44 38,879 --------- C:\WINDOWS\hpomdl03.dat
      2007-12-03 19:31 . 2007-12-03 20:27 29,244 --a------ C:\WINDOWS\hpoins03.dat
      2007-12-03 19:30 . 2007-12-03 19:31 <DIR> d-------- C:\WINDOWS\system32\NtmsData
      2007-12-03 19:30 . 2004-01-05 11:44 38,879 --------- C:\WINDOWS\hpomdl03.dat.temp
      2007-12-03 19:30 . 2007-12-03 19:31 35 --------- C:\WINDOWS\hpoins03.dat.temp
      2007-12-03 18:55 . 2007-12-03 20:24 <DIR> d-------- C:\Program Files\HP
      2007-12-02 21:57 . 2007-12-02 21:57 <DIR> d-------- C:\Program Files\Common Files\Adobe
      2007-12-01 17:17 . 2007-01-20 12:05 30,208 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
      2007-12-01 17:17 . 2007-01-20 12:05 30,208 --a--c--- C:\WINDOWS\system32\dllcache\usbehci.sys
      2007-12-01 17:17 . 2007-01-20 12:05 17,152 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
      2007-12-01 17:17 . 2007-01-20 12:05 17,152 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys
      2007-12-01 17:17 . 2004-08-04 01:03 7,168 --a------ C:\WINDOWS\system32\hccoin.dll
      2007-12-01 17:17 . 2004-08-04 01:03 7,168 --a--c--- C:\WINDOWS\system32\dllcache\hccoin.dll
      2007-11-30 19:29 . 2007-11-30 19:29 268 --ah----- C:\sqmdata13.sqm
      2007-11-30 19:29 . 2007-11-30 19:29 244 --ah----- C:\sqmnoopt13.sqm
      2007-11-30 17:12 . 2007-11-30 17:12 268 --ah----- C:\sqmdata12.sqm
      2007-11-30 17:12 . 2007-11-30 17:12 244 --ah----- C:\sqmnoopt12.sqm
      2007-11-30 16:21 . 2007-11-30 16:21 <DIR> d-------- C:\Documents and Settings\Lea\Contacts
      2007-11-30 16:20 . 2007-11-30 16:20 268 --ah----- C:\sqmdata11.sqm
      2007-11-30 16:20 . 2007-11-30 16:20 244 --ah----- C:\sqmnoopt11.sqm
      2007-11-29 00:45 . 2007-11-29 00:45 268 --ah----- C:\sqmdata10.sqm
      2007-11-29 00:45 . 2007-11-29 00:45 244 --ah----- C:\sqmnoopt10.sqm
      2007-11-28 19:52 . 2007-11-28 19:52 268 --ah----- C:\sqmdata09.sqm
      2007-11-28 19:52 . 2007-11-28 19:52 244 --ah----- C:\sqmnoopt09.sqm
      2007-11-28 19:42 . 2007-11-28 19:42 268 --ah----- C:\sqmdata08.sqm
      2007-11-28 19:42 . 2007-11-28 19:42 244 --ah----- C:\sqmnoopt08.sqm
      2007-11-28 19:40 . 2007-11-28 19:40 <DIR> d-------- C:\Documents and Settings\Lea\Incomplete
      2007-11-28 19:40 . 2007-12-19 18:58 <DIR> d-------- C:\Documents and Settings\Lea\Application Data\LimeWirePlus
      2007-11-28 19:39 . 2007-11-28 19:39 <DIR> d-------- C:\Program Files\Java
      2007-11-28 19:39 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
      2007-11-28 19:38 . 2007-11-28 19:38 <DIR> d-------- C:\Program Files\Common Files\Java
      2007-11-28 19:35 . 2007-11-28 19:35 <DIR> d-------- C:\Program Files\LimewirePlus
      2007-11-28 19:35 . 2007-12-11 00:02 <DIR> d-------- C:\Program Files\LimeWire Plus
      2007-11-28 18:45 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
      2007-11-28 18:45 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
      2007-11-28 04:19 . 2007-11-28 04:19 268 --ah----- C:\sqmdata07.sqm
      2007-11-28 04:19 . 2007-11-28 04:19 244 --ah----- C:\sqmnoopt07.sqm
      2007-11-28 04:10 . 2007-11-28 04:10 268 --ah----- C:\sqmdata06.sqm
      2007-11-28 04:10 . 2007-11-28 04:10 244 --ah----- C:\sqmnoopt06.sqm
      2007-11-28 04:06 . 2007-11-28 04:06 <DIR> d-------- C:\Program Files\Nero
      2007-11-28 04:06 . 2007-11-28 04:07 <DIR> d-------- C:\Program Files\Common Files\Nero
      2007-11-28 04:06 . 2007-11-28 04:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
      2007-11-28 03:44 . 2007-11-28 03:45 <DIR> d-------- C:\Program Files\RALINK
      2007-11-28 03:44 . 2007-11-28 03:44 <DIR> d-------- C:\Documents and Settings\Lea\Application Data\InstallShield
      2007-11-28 03:41 . 2007-11-28 03:41 268 --ah----- C:\sqmdata05.sqm
      2007-11-28 03:41 . 2007-11-28 03:41 244 --ah----- C:\sqmnoopt05.sqm
      2007-11-28 02:56 . 2007-11-28 02:56 268 --ah----- C:\sqmdata04.sqm
      2007-11-28 02:56 . 2007-11-28 02:56 244 --ah----- C:\sqmnoopt04.sqm

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2007-12-23 19:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2007-12-06 21:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2007-11-28 02:45 21,419 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
      2007-11-28 02:41 --------- d-----w C:\Program Files\Sitecom
      2007-11-22 20:03 --------- d-----w C:\Documents and Settings\Lea\Application Data\atitray
      2007-11-22 19:56 --------- d-----w C:\Program Files\MultiRes
      2007-11-22 19:55 451,072 ----a-w C:\WINDOWS\Radeon Omega Drivers v3.8.252 Uninstall.exe
      2007-11-22 19:55 --------- d-----w C:\Program Files\Radeon Omega Drivers
      2007-11-22 00:22 --------- d-----w C:\Program Files\Windows Live
      2007-11-22 00:21 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
      2007-11-22 00:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2007-11-22 00:06 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
      2007-11-21 23:57 --------- d-----w C:\Program Files\Common Files\InstallShield
      2007-11-21 23:35 --------- d-----w C:\Program Files\Microsoft Works
      2007-11-21 23:34 --------- d-----w C:\Program Files\MSBuild
      2007-11-21 23:31 --------- d-----w C:\Program Files\Microsoft.NET
      2007-11-21 23:26 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
      2007-11-21 23:18 --------- d-----w C:\Documents and Settings\Lea\Application Data\Nero
      2007-11-21 22:45 --------- d-----w C:\Program Files\CCleaner
      2007-11-21 22:20 --------- d-----w C:\Program Files\AvRack
      2007-11-21 22:20 --------- d-----w C:\Program Files\Avance Sound Manager
      2007-11-21 22:06 --------- d-----w C:\Program Files\MSXML 6.0
      2007-11-21 22:06 --------- d-----w C:\Program Files\MSXML 4.0
      2007-11-21 21:28 --------- d-----w C:\Program Files\Synaptics
      2007-11-21 20:38 --------- d-----w C:\Program Files\microsoft frontpage
      2007-11-21 20:26 --------- d-----w C:\Program Files\Reference Assemblies
      2007-11-21 20:14 --------- d-----w C:\Program Files\Windows Media Connect 2
      2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
      2007-11-09 00:32 999,936 ----a-w C:\WINDOWS\system32\setupapi.dll
      2007-11-09 00:32 999,424 ----a-w C:\WINDOWS\system32\msgina.dll
      2007-11-09 00:32 994,304 ----a-w C:\WINDOWS\system32\syssetup.dll
      2007-11-09 00:32 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
      2007-11-09 00:32 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
      2007-11-09 00:32 99,840 ----a-w C:\WINDOWS\system32\winscard.dll
      2007-11-09 00:32 99,840 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.exe
      2007-11-09 00:32 99,328 ----a-w C:\WINDOWS\system32\loadperf.dll
      2007-11-09 00:32 981,760 ----a-w C:\WINDOWS\system32\mfc42u.dll
      2007-11-09 00:32 98,304 ----a-w C:\WINDOWS\system32\slbiop.dll
      2007-11-09 00:32 98,304 ----a-w C:\WINDOWS\system32\scardsvr.exe
      2007-11-09 00:32 98,304 ----a-w C:\WINDOWS\system32\rtm.dll
      2007-11-09 00:32 98,304 ----a-w C:\WINDOWS\system32\psbase.dll
      2007-11-09 00:32 98,304 ----a-w C:\WINDOWS\system32\odbcint.dll
      2007-11-09 00:32 98,304 ----a-w C:\WINDOWS\system32\cscript.exe
      2007-11-09 00:32 98,304 ----a-w C:\WINDOWS\system32\ahui.exe
      2007-11-09 00:32 97,792 ----a-w C:\WINDOWS\system32\dpcdll.dll
      2007-11-09 00:32 97,792 ----a-w C:\WINDOWS\system32\comrepl.dll
      2007-11-09 00:32 96,792 ----a-w C:\WINDOWS\system32\basecsp.dll
      2007-11-09 00:32 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
      2007-11-09 00:32 96,256 ----a-w C:\WINDOWS\system32\drivers\scsiport.sys
      2007-11-09 00:32 956,416 ----a-w C:\WINDOWS\system32\msdtctm.dll
      2007-11-09 00:32 95,360 ----a-w C:\WINDOWS\system32\drivers\atapi.sys
      2007-11-09 00:32 95,344 ----a-w C:\WINDOWS\system32\wudfcoinstaller.dll
      2007-11-09 00:32 94,784 ----a-w C:\WINDOWS\twain.dll
      2007-11-09 00:32 94,282 ----a-w C:\WINDOWS\system32\msencode.dll
      2007-11-09 00:32 94,208 ----a-w C:\WINDOWS\system32\tscfgwmi.dll
      2007-11-09 00:32 937,984 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
      2007-11-09 00:32 937,984 ----a-w C:\WINDOWS\system32\winbrand.dll
      2007-11-09 00:32 93,696 ----a-w C:\WINDOWS\system32\wlnotify.dll
      2007-11-09 00:32 93,184 ----a-w C:\WINDOWS\system32\dskquota.dll
      2007-11-09 00:32 927,504 ----a-w C:\WINDOWS\system32\mfc40u.dll
      2007-11-09 00:32 924,432 ----a-w C:\WINDOWS\system32\mfc40.dll
      2007-11-09 00:32 92,384 ----a-w C:\WINDOWS\system32\krnl386.exe
      2007-11-09 00:32 92,168 ----a-w C:\WINDOWS\system32\rdpdd.dll
      2007-11-09 00:32 92,160 ----a-w C:\WINDOWS\system32\smlogsvc.exe
      2007-11-09 00:32 92,160 ----a-w C:\WINDOWS\system32\ntprint.dll
      2007-11-09 00:32 92,032 ----a-w C:\WINDOWS\system32\drivers\ksecdd.sys
      2007-11-09 00:32 91,776 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
      2007-11-09 00:32 91,648 ----a-w C:\WINDOWS\system32\xactsrv.dll
      2007-11-09 00:32 91,136 ----a-w C:\WINDOWS\system32\mydocs.dll
      2007-11-09 00:32 91,136 ----a-w C:\WINDOWS\system32\mtxoci.dll
      2007-11-09 00:32 90,624 ----a-w C:\WINDOWS\system32\trkwks.dll
      2007-11-09 00:32 90,112 ----a-w C:\WINDOWS\system32\rsvpsp.dll
      2007-11-09 00:32 90,112 ----a-w C:\WINDOWS\system32\mycomput.dll
      2007-11-09 00:32 9,936 ----a-w C:\WINDOWS\system32\lzexpand.dll
      2007-11-09 00:32 9,728 ----a-w C:\WINDOWS\system32\sprestrt.exe
      2007-11-09 00:32 9,728 ----a-w C:\WINDOWS\system32\rsvpperf.dll
      2007-11-09 00:32 9,728 ----a-w C:\WINDOWS\system32\reset.exe
      2007-11-09 00:32 9,728 ----a-w C:\WINDOWS\system32\proxycfg.exe
      2007-11-09 00:32 9,728 ----a-w C:\WINDOWS\system32\label.exe
      2007-11-09 00:32 9,728 ----a-w C:\WINDOWS\system32\finger.exe
      2007-11-09 00:32 9,600 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
      2007-11-09 00:32 9,344 ----a-w C:\WINDOWS\system32\vga.dll
      2007-11-09 00:32 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
      2007-11-09 00:32 9,216 ----a-w C:\WINDOWS\system32\wshatm.dll
      2007-11-09 00:32 9,216 ----a-w C:\WINDOWS\system32\winfax.dll
      2007-11-09 00:32 9,216 ----a-w C:\WINDOWS\system32\wifeman.dll
      2007-11-09 00:32 9,216 ----a-w C:\WINDOWS\system32\subst.exe
      2007-11-09 00:32 9,216 ----a-w C:\WINDOWS\system32\scrnsave.scr
      2007-11-09 00:32 9,216 ----a-w C:\WINDOWS\system32\print.exe
      2007-11-09 00:32 9,216 ----a-w C:\WINDOWS\system32\lprmonui.dll
      2007-11-09 00:32 9,216 ----a-w C:\WINDOWS\system32\find.exe
      2007-11-09 00:32 9,216 ----a-w C:\WINDOWS\system32\eventvwr.exe
      2007-11-09 00:32 9,216 ----a-w C:\WINDOWS\system32\diskcomp.com
      2007-11-09 00:32 9,040 ----a-w C:\WINDOWS\system32\ver.dll
      2007-11-09 00:32 9,029 ----a-w C:\WINDOWS\system32\ansi.sys
      2007-11-09 00:32 89,600 ----a-w C:\WINDOWS\system32\langwrbk.dll
      2007-11-09 00:32 89,088 ----a-w C:\WINDOWS\system32\rasauto.dll
      2007-11-09 00:32 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
      2007-11-09 00:32 881,152 ----a-w C:\WINDOWS\system32\netplwiz.dll
      2007-11-09 00:32 88,576 ----a-w C:\WINDOWS\system32\netsh.exe
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]
      2007-11-08 12:11 1502232 --a------ C:\Program Files\LimewirePlus\tbLime.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      {47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}

      [HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
      "{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02}"= C:\Program Files\LimewirePlus\tbLime.dll [2007-11-08 12:11 1502232]

      [HKEY_CLASSES_ROOT\clsid\{47e161a0-f4ba-41dd-a17b-d2eb26ad6a02}]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-11-09 01:32]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2005-02-16 22:07]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "AtiPTA"="atiptaxx.exe" [2006-02-22 02:05 C:\WINDOWS\system32\atiptaxx.exe]
      "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2001-08-02 11:52]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2001-08-02 11:51]
      "Cmaudio"="RunDll32 cmicnfg.cpl"
      "SoundMan"="soundman.exe" [2001-05-30 02:02 C:\WINDOWS\soundman.exe]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
      "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28]
      "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
      "DXDllRegExe"="dxdllreg.exe"
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-06-09 15:09]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-06 18:41]
      "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-11-09 01:32]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "nltide_3"="advpack.dll" [2007-10-11 00:42 C:\WINDOWS\system32\advpack.dll]
      "ShowDeskFix"="regsvr32 /s /n /i:u shell32"

      C:\Documents and Settings\Sara\Menu Start\Programma's\Opstarten\
      OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]
      OneNote-inhoudsopgave.onetoc2 [2007-12-11 22:06:52]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "DisableCAD"= 1 (0x1)
      "DisableStatusMessages"= 0 (0x0)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoResolveTrack"= 1 (0x1)
      "NoResolveSearch"= 1 (0x1)

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
      "NoResolveTrack"= 1 (0x1)
      "NoResolveSearch"= 1 (0x1)

      R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\atitray.sys [2006-02-28 22:55]
      R3 ham50;Creatix V.90 HAM Data Fax Modem;C:\WINDOWS\system32\DRIVERS\CTXH51.sys [2001-08-04 07:50]

      *Newly Created Service* - CATCHME
      *Newly Created Service* - PROCEXP90
      .
      **************************************************************************

      catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2007-12-27 13:50:54
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2007-12-27 13:51:46
      .
      2007-12-12 10:38:06 --- E O F ---


      ----------------RVAXO.exe first run-------------

      Files found:

      C:\WINDOWS\lnk_dados_2.dll
      C:\Documents and Settings\Lea\user.dat
      C:\Documents and Settings\Lea\Emails.dat
      C:\WINDOWS\Media\LTaskup.exe
      C:\start.bat

      Uninstallers Rogue scanners:


      Folders Found:


      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      C:\Documents and Settings\Lea\Mijn documenten\Mijn ontvangen bestanden\hijackthis.zip
      Folders Found:

      --------------RVAXO.exe finished----------------
      Last edited by leaxima; 27-12-07, 21:51. Reden: was nog niet compleet
      • Citaat

      Comment

      • #4
        Het ziet er schoon uit

        Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
        Dit zal alles van RVAXO doen verwijderen.

        Download ATF cleaner (mirror)(gemaakt door Atribune)

        Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

        Dubbelklik op ATF cleaner om het programma te starten.
        Op het tabblad "Main", plaats je een vinkje bij Select All.
        Klik op de knop Empty Selected.

        Het volgende doen als je ook FireFox als browser hebt:
        Klik op tabblad "Firefox", plaats een vinkje bij Select All.
        Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        (dit haalt het vinkje weer weg bij "Firefox saved passwords")
        Klik op de knop Empty Selected.

        Het volgende doen als je ook Opera als browser hebt:
        Klik op tabblad "Opera", plaats een vinkje bij Select All.
        Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        Klik op de knop Empty Selected.
        Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

        Ga naar Start - Uitvoeren en geef hier het volgende in:
        Combofix /U
        Druk daarna op OK.
        Let op: Er moet een spatie tussen Combofix en /U zitten.

        Dit zal Combofix deïnstalleren.

        Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
        Kijk hier hoe je je systeemherstel moet uitschakelen.
        Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

        Dan denk ik dat alles weer OK is
        • Citaat

        Comment

        • #5
          Beste Smeenk, hartelijk bedankt voor de uitgebreide uitleg. Alles is gelukt, hopelijk heb ik niet teveel mensen besmet,

          vr. gr en HAppy NewYear
          • Citaat

          Comment

          • #6
            Graag gedaan hoor
            • Citaat

            Comment

            Vorige template Volgende
            Sorry, you are not authorized to view this page
            Working...
            X