Mededeling

Collapse
No announcement yet.

mijn pc geinfecteerd door malafide antispyware

Collapse
X
  •  
  • Tijd
  • Show
Clear All
new posts

  • mijn pc geinfecteerd door malafide antispyware

    mijn pc is geinfecteerd dor een malafide antispyware. Hij heeft mijn computer overgenomen. Onderstaan plaats ik mijn hijack this log.


    Logfile of HijackThis v1.99.1
    Scan saved at 18:48:53, on 27-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\WebCam\M1000\M1000Mnt.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\VoipCheapCom\VoipCheapCom.exe
    C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe
    C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Amankwah\Mijn documenten\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1034
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: CRnPluginSite Object - {0050A87F-CF26-41AE-9C0A-C32307C941CB} - C:\WINDOWS\system32\rnieplug.dll
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: BDEX System - {87EF7048-8905-4E82-862E-65004D4DFA80} - C:\WINDOWS\domnftwwrn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: The emlkdvo - {13EDA0D4-F00D-43B9-8EF2-6313909D3143} - C:\WINDOWS\emlkdvo.dll
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [VoipBuster] "C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [VoipStunt] "C:\program files\voipstunt.com\voipstunt\voipstunt.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
    O4 - Startup: AdSubtract.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?2daa262f84a544549f59daf32fcfd0f4
    O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?2daa262f84a544549f59daf32fcfd0f4
    O9 - Extra button: ReadNotify - {0050A87F-CF26-41AE-9C0A-C32307C941CB} - C:\WINDOWS\system32\rnieplug.dll
    O9 - Extra 'Tools' menuitem: ReadNotify - {0050A87F-CF26-41AE-9C0A-C32307C941CB} - C:\WINDOWS\system32\rnieplug.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - http://scripts.downloadv3.com/binaries/P2EClient/EGAUTH_1049_EN_XP.cab
    O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: alxvdvm - {A5FE45FA-CBA5-44CA-BD0F-6F9AFB5AF277} - C:\WINDOWS\alxvdvm.dll
    O21 - SSODL: bvtqfvx - {A4738489-0F8F-4C40-B74E-2E9D7DE7C17F} - C:\WINDOWS\bvtqfvx.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht tesamen met een nieuw logje van HijackThis.

    Comment


    • #3
      Bedankt voor uw snel reactie.

      Ik kan de RVAXO.cmd niet vinden, hoewel ik de RVAXO bestand heb. Hij opent in RVAXO 1 t/m 5

      Comment


      • #4
        Probeer deze dan maar RemoveVideoActiveXObject.exe

        Comment


        • #5
          het is gelukt. Ik heb nu wel last van andere namelijk XP Antivirus 2008. Ik weet niet wat het is. hoe kan ik deze XP Antivirus 2008 verwijderen. Ik kan hem niet via software verwijderen. Hieronder staat de scan raport




          XP Antivirus 2008 system scan report.
          Report generated 27.12.2007 22:06:09

          Type Run type Name Details
          Trojan C://windows/system32/wwin32.dll Worm.Win32.Womble.a Steals all ***** passwords from this computer and send it to the grabber.
          Trojan C://windows/system32/syst032.exel Trojan.Win32.Agent.brk Trojan program that can compromise your private information stored on the hard drive.
          Spyware autorun Spy.HTML.Paylap.bg #Uses the Windows hosts file to redirect your browser to a malicious site when you try to access a valid site.
          Trojan autorun Worm.Win32.NetSky #Replacing computers background with red screen and blocking some computers features.
          Backdoor C://windows/system32/svchost.exe Win32.Rbot.fm An IRC controlled backdoor that can be used to gain unauthorized access to a victim's machine.
          Trojan C://windows/system32/explorer.exe Trojan.MailGrabber.s Trojan horse that gets access to e-mail accounts on the infected computer.
          Spyware C://windows/system32/iesetup.dll Spyware.IEMonster.d "Steals passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs."
          Adware autorun Zlob.PornAdvertiser.ba Adware that displays pop-up/pop-under advertisements of pornographic or online gambling Web sites.
          Spyware autorun Spyware.IMMonitor program that can be used to monitor and record conversations in popular instant messaging applications.
          Trojan autorun Infostealer.Banker.E Steals sensitive information from the infected computer (e.g. logins and passwords from online banking sessions)
          Dialer C://windows/system32/cmdial32.dll Dialer.Xpehbam.biz_dialer A Dialer that loads pornographic material. The url information shows Hardcore Pornographic pages.
          Spyware autorun Spyware.KnownBadSites Uses the Windows hosts file to redirect your browser to a malicious site when you try to access a valid site.
          Trojan autorun Trojan.Tooso Trojan.Tooso is a trojan which attempts to terminate and delete security related applications.
          Trojan C://windows/system32/alg.exe Trojan.Alg.t Trojan program that can compromise your private information stored on the hard drive.
          Rogue C://Program Files/TrustedAntivirus TrustedAntivirus A corrupt and misleading anti-virus program that may be usually installed with the help of malcous Trojans and other malware
          Rogue C://Program Files/SecurePCCleaner SecurePCCleaner Rogue Security Software: fake Security software that uses deceptive means for installation and purpose.
          Rogue C://Program Files/AVSystemCare AVSystemCare Rogue Security Software: fake Security software that uses deceptive means for installation and purpose.
          Rogue C://Program Files/UltimateCleaner UltimateCleaner The program is considered malware due to its difficult uninstallation and deceptive operation.
          Rogue C://Program Files/UltimateDefender UltimateDefender The program is considered malware due to its difficult uninstallation and deceptive operation.
          Rogue C://Program Files/Advanced Cleaner AdvancedCleaner "A rogue anti-spyware program that uses altered desktop backgrounds, fake security alerts, and other malware to advertise and install itself."
          Trojan C://windows/system32/ Trojan.BAT.Adduser.t This Trojan has a malicious payload. It is a BAT file. It is 1129 bytes in size.
          Spyware C://windows/system32/ Spyware.007SpySoftware Program designed to monitor user activity. May be used with or without consent.
          Trojan C://windows/hidden/ Trojan.Clicker.EC Trojan.Clicker.EC is an information stealing Trojan that masquerades as a legitimate system file so as to avoid detection and subsequent removal.
          Dialer C://windows/hidden/ Dialer.Trafficjam.a Dialer.Trafficjam.a is a premium-rate phone dialer that automatically invokes paid access to various porn-related Web sites.
          Trojan hidden autorun Trojan.Poison.J Trojan.Poison.J is a key-logging Trojan for the Windows platform.
          Adware Registry Adware.eXact.BargainBuddy A browser helper object that monitors internet browsing sessions in an attempt to redirect search queries and distribute unsolicited advertisements.
          Worm C://windows/system32/ Win32.Delbot.AI Win32.Delbot.AI is a worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
          Worm C://windows/temp/ Win32.Sdbot.ADN A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
          Trojan C://windows/ Trojan-Dropper.Win32.Agent.bot This Trojan is designed to install and launch other malicious programs on the victim machine without the knowledge or consent of the user. It is a Windows PE EXE file. It is 70656 bytes in size.
          Worm C://windows/temp/ Win32.Rbot.CBX A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
          Spyware autorun Win32.PerFiler Win32.PerFiler is designed to retrieve and install files when executed. Win32.PerFiler is configured to download from either a designated web or FTP site.
          Worm hidden autorun Win32.Miewer.a A Trojan Downloader that masquerades as a legitimate system file. Associated processes connect to the Internet to download additional components that may jeopardize system security.
          Trojan C://windows/ Trojan-Downloader.VBS.Small.dc This Trojan downloads other files via the FTP protocol and launches them for execution on the victim machine without the user’s knowledge or consent.
          Worm autorun Win32.Peacomm.dam A Trojan Downloader that is spread as an attachment to emails with news headlines as the subject lines which downloads additional security threats.
          Trojan C://windows/system/drivers/ Win32.Spamta.KG.worm A multi-component mass-mailing worm that downloads and executes files from the Internet.
          Trojan C://windows/system/drivers/etc/ Trojan.IRCBot.d a worm that opens an IRC back door on the compromised host. It spreads by exploiting the Microsoft Windows Server Service Remote Buffer Overflow Vulnerability.
          Trojan C://windows/system/mui/ Trojan.Dropper.MSWord.j A Microsoft Word macro virus that drops a trojan onto the infected host.
          Trojan C://windows/system/mui/ Win32.Clagger.C This is small Trojan downloader that downloads files and lowers security settings. It is spreading as an email attachment.
          Worm C://windows/system/ Worm.Bagle.CP "This is a ""Bagle"" mass-mailer which demonstrates typical ""Bagle"" behavior: it has a .ZIP file attachment, it contains a simple message subject/body, and it spreads to others."
          Worm C://windows/ Win32.BlackMail.xx "This dangerous worm will destroy certain data files on an infected user's machine on February 3, 2008."
          Trojan hidden autorun Trojan.Win32.Agent.ado Trojan downloader that is spread as an attachment to a spam email and tries to download a password stealer.
          Trojan hidden autorun Win32.Outsbot.u A backdoor Trojan that is remotely controlled via Internet Relay Chat (IRC). It exploits Sony BMG Digital Rights Management (DRM) software to hide its presence.
          Worm hidden autorun Win32.Sober.P This is a mass-mailing worm that uses its own SMTP engine to spread. It sends itself as an email attachment that mimics an image file.
          Worm C://windows/temp/ Win32.Sdbot.ADN A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
          Trojan C://windows/ Trojan-Dropper.Win32.Agent.bot This Trojan is designed to install and launch other malicious programs on the victim machine without the knowledge or consent of the user. It is a Windows PE EXE file. It is 70656 bytes in size.
          Worm C://windows/temp/ Win32.Rbot.CBX A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
          Spyware autorun Win32.PerFiler Win32.PerFiler is designed to retrieve and install files when executed. Win32.PerFiler is configured to download from either a designated web or FTP site.
          Worm hidden autorun Win32.Miewer.a A Trojan Downloader that masquerades as a legitimate system file. Associated processes connect to the Internet to download additional components that may jeopardize system security.
          Trojan C://windows/ Trojan-Downloader.VBS.Small.dc This Trojan downloads other files via the FTP protocol and launches them for execution on the victim machine without the user’s knowledge or consent.
          Worm autorun Win32.Peacomm.dam A Trojan Downloader that is spread as an attachment to emails with news headlines as the subject lines which downloads additional security threats.
          Trojan C://windows/system/drivers/ Win32.Spamta.KG.worm A multi-component mass-mailing worm that downloads and executes files from the Internet.
          Trojan C://windows/system/drivers/etc/ Trojan.IRCBot.d a worm that opens an IRC back door on the compromised host. It spreads by exploiting the Microsoft Windows Server Service Remote Buffer Overflow Vulnerability.
          Trojan C://windows/system/mui/ Trojan.Dropper.MSWord.j A Microsoft Word macro virus that drops a trojan onto the infected host.
          Trojan C://windows/system/mui/ Win32.Clagger.C This is small Trojan downloader that downloads files and lowers security settings. It is spreading as an email attachment.
          Worm C://windows/system/ Worm.Bagle.CP "This is a ""Bagle"" mass-mailer which demonstrates typical ""Bagle"" behavior: it has a .ZIP file attachment, it contains a simple message subject/body, and it spreads to others."
          Worm C://windows/ Win32.BlackMail.xx "This dangerous worm will destroy certain data files on an infected user's machine on February 3, 2008."
          Trojan hidden autorun Trojan.Win32.Agent.ado Trojan downloader that is spread as an attachment to a spam email and tries to download a password stealer.
          Trojan hidden autorun Win32.Outsbot.u A backdoor Trojan that is remotely controlled via Internet Relay Chat (IRC). It exploits Sony BMG Digital Rights Management (DRM) software to hide its presence.
          Worm hidden autorun Win32.Sober.P This is a mass-mailing worm that uses its own SMTP engine to spread. It sends itself as an email attachment that mimics an image file.
          Trojan C://windows/system32/ Trojan.BAT.Adduser.t This Trojan has a malicious payload. It is a BAT file. It is 1129 bytes in size.
          Spyware C://windows/system32/ Spyware.007SpySoftware Program designed to monitor user activity. May be used with or without consent.
          Trojan C://windows/hidden/ Trojan.Clicker.EC Trojan.Clicker.EC is an information stealing Trojan that masquerades as a legitimate system file so as to avoid detection and subsequent removal.
          Dialer C://windows/hidden/ Dialer.Trafficjam.a Dialer.Trafficjam.a is a premium-rate phone dialer that automatically invokes paid access to various porn-related Web sites.
          Trojan hidden autorun Trojan.Poison.J Trojan.Poison.J is a key-logging Trojan for the Windows platform.
          Adware Registry Adware.eXact.BargainBuddy A browser helper object that monitors internet browsing sessions in an attempt to redirect search queries and distribute unsolicited advertisements.
          Worm C://windows/system32/ Win32.Delbot.AI Win32.Delbot.AI is a worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
          Worm C://windows/temp/ Win32.Sdbot.ADN A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
          Trojan C://windows/ Trojan-Dropper.Win32.Agent.bot This Trojan is designed to install and launch other malicious programs on the victim machine without the knowledge or consent of the user. It is a Windows PE EXE file. It is 70656 bytes in size.
          Worm C://windows/temp/ Win32.Rbot.CBX A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
          Spyware autorun Win32.PerFiler Win32.PerFiler is designed to retrieve and install files when executed. Win32.PerFiler is configured to download from either a designated web or FTP site.
          Worm hidden autorun Win32.Miewer.a A Trojan Downloader that masquerades as a legitimate system file. Associated processes connect to the Internet to download additional components that may jeopardize system security.
          Trojan C://windows/ Trojan-Downloader.VBS.Small.dc This Trojan downloads other files via the FTP protocol and launches them for execution on the victim machine without the user’s knowledge or consent.
          Spyware C://windows/system32/ W97M/Spirocheta A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ W97M/Smac.B A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ W97M/Satan.A A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ W97M/Sandula-B A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ W97M/Renegade A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Forbot.h A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Forbot.gen A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Foobot A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.a A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.awe A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.wqa A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.aer A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.da A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.ssa A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.dfa A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.awq A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.eaf A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.aee A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.wqa A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.ba A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.ca A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.da A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.aoy A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.arr A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.ag A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.b A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.bwe A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.wqb A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.ber A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.db A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.ssb A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.dfb A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.abb A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.ebf A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.bbe A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.wqb A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.bb A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.cb A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.db A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.boy A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.brr A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.bg A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.bgr A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.brd A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.ccb A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.agt A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Spyware C://windows/system32/ Backdoor.Flyagent.art A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
          Tracking Cookie Web browser ad.yieldmanager C:\Documents and Settings\Amankwah\Cookies\[email protected][2].txt
          Tracking Cookie Web browser ad.zanox C:\Documents and Settings\Amankwah\Cookies\[email protected][1].txt
          Tracking Cookie Web browser advancedcleaner C:\Documents and Settings\Amankwah\Cookies\amankwah@advancedcleaner[2].txt
          Tracking Cookie Web browser alfaantivirus C:\Documents and Settings\Amankwah\Cookies\amankwah@alfaantivirus[2].txt
          Tracking Cookie Web browser b2adz C:\Documents and Settings\Amankwah\Cookies\amankwah@b2adz[1].txt
          Tracking Cookie Web browser gomyhit C:\Documents and Settings\Amankwah\Cookies\amankwah@gomyhit[2].txt
          Tracking Cookie Web browser gomyhit C:\Documents and Settings\Amankwah\Cookies\amankwah@gomyhit[3].txt
          Tracking Cookie Web browser hitmanpro C:\Documents and Settings\Amankwah\Cookies\amankwah@hitmanpro[1].txt
          Tracking Cookie Web browser login.live C:\Documents and Settings\Amankwah\Cookies\[email protected][2].txt
          Tracking Cookie Web browser protect.trustedantivirus C:\Documents and Settings\Amankwah\Cookies\[email protected][1].txt
          Tracking Cookie Web browser protect.trustedantivirus C:\Documents and Settings\Amankwah\Cookies\[email protected][3].txt
          Tracking Cookie Web browser rad.msn C:\Documents and Settings\Amankwah\Cookies\[email protected][2].txt
          Tracking Cookie Web browser sale.trustedantivirus C:\Documents and Settings\Amankwah\Cookies\[email protected][1].txt
          Tracking Cookie Web browser salf.alfaantivirus C:\Documents and Settings\Amankwah\Cookies\[email protected][1].txt
          Tracking Cookie Web browser secure.advancedcleaner C:\Documents and Settings\Amankwah\Cookies\[email protected][1].txt
          Tracking Cookie Web browser trustedantivirus C:\Documents and Settings\Amankwah\Cookies\amankwah@trustedantivirus[1].txt
          Tracking Cookie Web browser www.antispywareoffensief C:\Documents and Settings\Amankwah\Cookies\[email protected][2].txt
          Tracking Cookie Web browser www.hitmanpro C:\Documents and Settings\Amankwah\Cookies\[email protected][2].txt

          Comment


          • #6
            Post de gevraagde logjes: C:\RVAXO-results.log en een nieuw logje van Hijackthis.

            Comment


            • #7
              het lukt mij niet om de RVAXO results te krijgen. Ik kan het bestand niet open maken

              Comment


              • #8
                Bestand openen met Wordpad of Word

                Hijackthis lukt ook niet meer?

                Comment


                • #9
                  hier de hijack this log

                  Logfile of HijackThis v1.99.1
                  Scan saved at 8:59:29, on 28-12-2007
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v7.00 (7.00.6000.16574)

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\LEXBCES.EXE
                  C:\WINDOWS\system32\LEXPPS.EXE
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\WINDOWS\System32\CTsvcCDA.EXE
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\WINDOWS\system32\wscntfy.exe
                  C:\WINDOWS\System32\LXSUPMON.EXE
                  C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
                  C:\WINDOWS\WebCam\M1000\M1000Mnt.exe
                  C:\WINDOWS\system32\VTTimer.exe
                  C:\WINDOWS\system32\VTtrayp.exe
                  C:\WINDOWS\SOUNDMAN.EXE
                  C:\Program Files\QuickTime\qttask.exe
                  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
                  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                  C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
                  C:\Program Files\Spyware Doctor\SDTrayApp.exe
                  C:\Program Files\Common Files\SecurePCCleaner\mc.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\Program Files\Messenger\msmsgs.exe
                  C:\Program Files\VoipCheapCom\VoipCheapCom.exe
                  C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe
                  C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
                  C:\Program Files\XP Antivirus\xpantivirus.exe
                  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
                  C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
                  C:\WINDOWS\system32\wuauclt.exe
                  C:\Program Files\Common Files\Teleca Shared\Generic.exe
                  C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
                  C:\Program Files\MSN Messenger\msnmsgr.exe
                  C:\Program Files\MSN Messenger\usnsvc.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\Documents and Settings\Amankwah\Bureaublad\hijackthis.exe

                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hitmanpro.nl/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
                  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1034
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: CRnPluginSite Object - {0050A87F-CF26-41AE-9C0A-C32307C941CB} - C:\WINDOWS\system32\rnieplug.dll
                  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
                  O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
                  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                  O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
                  O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
                  O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
                  O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
                  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
                  O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
                  O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
                  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                  O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
                  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                  O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
                  O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
                  O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
                  O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SecurePCCleaner\mc.exe" dm=http://securepccleaner.com ad=http://securepccleaner.com sd=http://ilp.securepccleaner.com
                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                  O4 - HKCU\..\Run: [VoipBuster] "C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
                  O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
                  O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
                  O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
                  O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
                  O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
                  O4 - HKCU\..\Run: [VoipStunt] "C:\program files\voipstunt.com\voipstunt\voipstunt.exe" -nosplash -minimized
                  O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
                  O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpantivirus.exe
                  O4 - Startup: AdSubtract.lnk = ?
                  O4 - Global Startup: hpoddt01.exe.lnk = ?
                  O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
                  O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
                  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                  O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?2daa262f84a544549f59daf32fcfd0f4
                  O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?2daa262f84a544549f59daf32fcfd0f4
                  O9 - Extra button: ReadNotify - {0050A87F-CF26-41AE-9C0A-C32307C941CB} - C:\WINDOWS\system32\rnieplug.dll
                  O9 - Extra 'Tools' menuitem: ReadNotify - {0050A87F-CF26-41AE-9C0A-C32307C941CB} - C:\WINDOWS\system32\rnieplug.dll
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
                  O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
                  O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
                  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O11 - Options group: [INTERNATIONAL] International*
                  O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - http://scripts.downloadv3.com/binaries/P2EClient/EGAUTH_1049_EN_XP.cab
                  O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
                  O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
                  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
                  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
                  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
                  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
                  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                  O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
                  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
                  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
                  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

                  Comment


                  • #10
                    Probeer het volgende:
                    Start - Uitvoeren geef hier het volgende in:
                    start notepad C:\rvaxo-results.log
                    Druk op OK.
                    Als het logje opent post je de inhoud hier

                    Comment


                    • #11
                      hieronder de logje




                      Logfile of HijackThis v1.99.1
                      Scan saved at 8:59:29, on 28-12-2007
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v7.00 (7.00.6000.16574)

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\system32\LEXBCES.EXE
                      C:\WINDOWS\system32\LEXPPS.EXE
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\WINDOWS\System32\CTsvcCDA.EXE
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\Explorer.EXE
                      C:\WINDOWS\system32\wscntfy.exe
                      C:\WINDOWS\System32\LXSUPMON.EXE
                      C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
                      C:\WINDOWS\WebCam\M1000\M1000Mnt.exe
                      C:\WINDOWS\system32\VTTimer.exe
                      C:\WINDOWS\system32\VTtrayp.exe
                      C:\WINDOWS\SOUNDMAN.EXE
                      C:\Program Files\QuickTime\qttask.exe
                      C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
                      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                      C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
                      C:\Program Files\Spyware Doctor\SDTrayApp.exe
                      C:\Program Files\Common Files\SecurePCCleaner\mc.exe
                      C:\WINDOWS\system32\ctfmon.exe
                      C:\Program Files\Messenger\msmsgs.exe
                      C:\Program Files\VoipCheapCom\VoipCheapCom.exe
                      C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe
                      C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
                      C:\Program Files\XP Antivirus\xpantivirus.exe
                      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
                      C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
                      C:\WINDOWS\system32\wuauclt.exe
                      C:\Program Files\Common Files\Teleca Shared\Generic.exe
                      C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
                      C:\Program Files\MSN Messenger\msnmsgr.exe
                      C:\Program Files\MSN Messenger\usnsvc.exe
                      C:\Program Files\Internet Explorer\iexplore.exe
                      C:\Documents and Settings\Amankwah\Bureaublad\hijackthis.exe

                      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
                      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hitmanpro.nl/
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
                      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
                      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1034
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                      O2 - BHO: CRnPluginSite Object - {0050A87F-CF26-41AE-9C0A-C32307C941CB} - C:\WINDOWS\system32\rnieplug.dll
                      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
                      O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
                      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
                      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
                      O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
                      O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
                      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
                      O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
                      O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
                      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
                      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                      O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
                      O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
                      O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
                      O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SecurePCCleaner\mc.exe" dm=http://securepccleaner.com ad=http://securepccleaner.com sd=http://ilp.securepccleaner.com
                      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                      O4 - HKCU\..\Run: [VoipBuster] "C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
                      O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
                      O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
                      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
                      O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
                      O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
                      O4 - HKCU\..\Run: [VoipStunt] "C:\program files\voipstunt.com\voipstunt\voipstunt.exe" -nosplash -minimized
                      O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
                      O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpantivirus.exe
                      O4 - Startup: AdSubtract.lnk = ?
                      O4 - Global Startup: hpoddt01.exe.lnk = ?
                      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
                      O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
                      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                      O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?2daa262f84a544549f59daf32fcfd0f4
                      O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?2daa262f84a544549f59daf32fcfd0f4
                      O9 - Extra button: ReadNotify - {0050A87F-CF26-41AE-9C0A-C32307C941CB} - C:\WINDOWS\system32\rnieplug.dll
                      O9 - Extra 'Tools' menuitem: ReadNotify - {0050A87F-CF26-41AE-9C0A-C32307C941CB} - C:\WINDOWS\system32\rnieplug.dll
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
                      O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
                      O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
                      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O11 - Options group: [INTERNATIONAL] International*
                      O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - http://scripts.downloadv3.com/binaries/P2EClient/EGAUTH_1049_EN_XP.cab
                      O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
                      O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
                      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
                      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
                      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
                      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
                      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
                      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
                      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
                      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

                      Comment


                      • #12
                        Ik wist wel dat je het kon

                        Download Combofix naar je Bureaublad.
                        Dubbelklik op Combofix.exe
                        Kies voor "Continue" door 1 te typen gevolgd door ENTER.
                        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
                        Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
                        Plaats deze log in je volgende post.

                        NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

                        Comment


                        • #13
                          hieronder mijn combofix log. ik hoor graag van u


                          ComboFix 08-01-06.4 - Amankwah 2008-01-05 23:13:04.1 - NTFSx86
                          Gestart vanuit: C:\Documents and Settings\Amankwah\Bureaublad\ComboFix.exe
                          .
                          ADS - system32: deleted 12 bytes in 1 streams.

                          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                          .

                          C:\Documents and Settings\All Users\Application Data.\salesmonitor
                          C:\Documents and Settings\Amankwah\Application Data\installer_en[1].exe
                          C:\Documents and Settings\Amankwah\Favorieten\Error Cleaner.url
                          C:\Documents and Settings\Amankwah\Favorieten\Privacy Protector.url
                          C:\Documents and Settings\Amankwah\Favorieten\Spyware&Malware Protection.url
                          C:\Documents and Settings\Amankwah\Mijn documenten\installer_en.exe
                          C:\Program Files\iMeshBar
                          C:\Program Files\iMeshBar\bar\History\search
                          C:\Program Files\myglobalsearch
                          C:\WINDOWS\alxvdvm.dll
                          C:\WINDOWS\Downloaded Program Files.\egauth.inf
                          C:\WINDOWS\Fonts\acrsecB.fon
                          C:\WINDOWS\Fonts\acrsecI.fon
                          C:\WINDOWS\fvkwdrt.exe
                          C:\WINDOWS\rs.txt
                          C:\WINDOWS\search_res.txt
                          C:\WINDOWS\system32\bcgfoye.dat
                          C:\WINDOWS\system32\bcgfoye_nav.dat
                          C:\WINDOWS\system32\ppkosmyaf.dat
                          c:\windows\system32\ppkosmyaf.exe
                          c:\WINDOWS\system32\ppkosmyaf_nav.dat
                          C:\WINDOWS\tmlpcert2007

                          .
                          (((((((((((((((((((( Bestanden Gemaakt van 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))
                          .

                          2008-01-05 23:11 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
                          2008-01-05 22:41 . 2008-01-05 22:41 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
                          2008-01-05 22:36 . 2008-01-05 22:36 <DIR> d-------- C:\Program Files\Webroot
                          2008-01-05 22:36 . 2008-01-05 22:36 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
                          2008-01-05 22:36 . 2008-01-05 22:36 <DIR> d-------- C:\Documents and Settings\Amankwah\Application Data\Webroot
                          2008-01-05 22:36 . 2008-01-05 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
                          2008-01-05 22:36 . 2006-08-03 19:33 117,248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
                          2008-01-05 22:36 . 2006-08-03 19:33 15,360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
                          2008-01-05 22:36 . 2006-08-03 19:33 13,824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
                          2007-12-27 22:36 . 2007-12-27 22:36 <DIR> d-------- C:\Documents and Settings\Amankwah\Application Data\SecurePCCleaner
                          2007-12-27 22:31 . 2007-12-28 09:27 <DIR> d-------- C:\Program Files\Common Files\SecurePCCleaner
                          2007-12-27 22:31 . 2007-12-27 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecurePCCleaner
                          2007-12-27 20:41 . 2007-12-27 20:41 <DIR> d-------- C:\Program Files\XP Antivirus
                          2007-12-27 18:00 . 2007-12-28 11:58 <DIR> d-------- C:\Program Files\Spyware Doctor
                          2007-12-27 18:00 . 2007-12-27 18:00 <DIR> d-------- C:\Documents and Settings\Amankwah\Application Data\PC Tools
                          2007-12-27 18:00 . 2007-12-27 18:04 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
                          2007-12-27 18:00 . 2007-12-27 18:04 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
                          2007-12-27 18:00 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
                          2007-12-27 18:00 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
                          2007-12-27 17:53 . 2007-12-27 17:53 <DIR> d-------- C:\Program Files\Lavasoft
                          2007-12-27 17:50 . 2007-12-28 09:32 <DIR> d-------- C:\Program Files\SpywareBlaster
                          2007-12-27 15:50 . 2007-12-27 15:50 <DIR> d-------- C:\Program Files\SurfRight
                          2007-12-27 15:50 . 2007-12-27 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SurfRight
                          2007-12-27 14:01 . 2007-12-27 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
                          2007-12-27 10:08 . 2007-12-27 10:08 <DIR> d-------- C:\Program Files\MediaSupplyCodec
                          2007-12-18 11:48 . 2007-12-17 17:43 19,575 --------- C:\WINDOWS\hpoins01.dat.temp
                          2007-12-18 11:48 . 2003-04-22 10:24 16,606 --------- C:\WINDOWS\hpomdl01.dat.temp
                          2007-12-18 11:26 . 2007-12-18 11:26 <DIR> d-------- C:\Temp\FixEngine
                          2007-12-18 11:25 . 2007-12-18 11:25 <DIR> d-------- C:\Program Files\Hp
                          2007-12-17 17:39 . 2007-12-17 17:43 19,575 --------- C:\WINDOWS\hpoins01.dat
                          2007-12-17 17:39 . 2003-04-22 10:24 16,606 --------- C:\WINDOWS\hpomdl01.dat
                          2007-12-16 22:40 . 2007-02-08 20:00 1,079,808 -ra------ C:\WINDOWS\system32\mfc80u.dll
                          2007-12-16 22:40 . 2007-02-08 20:00 548,864 -ra------ C:\WINDOWS\system32\msvcp80.dll
                          2007-12-16 22:40 . 2007-02-08 20:00 95,744 -ra------ C:\WINDOWS\system32\atl80.dll
                          2007-12-16 22:37 . 2007-12-16 22:37 <DIR> d-------- C:\Program Files\OLYMPUS
                          2007-12-15 19:50 . 2003-11-14 10:19 1,044,480 -ra------ C:\WINDOWS\system32\Roboex32.dll
                          2007-12-15 19:50 . 2003-11-14 10:19 40,960 -ra------ C:\WINDOWS\system32\wh2robo.dll
                          2007-12-15 19:47 . 2007-12-15 19:50 <DIR> d-------- C:\Program Files\Watchtower

                          .
                          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          2007-12-28 16:48 --------- d-----w C:\Program Files\Windows Live Toolbar
                          2007-12-28 16:44 --------- d-----w C:\Documents and Settings\Amankwah\Application Data\Yahoo!
                          2007-12-28 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
                          2007-12-28 11:02 --------- d-----w C:\Program Files\Hitman Pro
                          2007-12-28 10:52 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
                          2007-12-28 09:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                          2007-12-27 17:06 --------- d-----w C:\Documents and Settings\Amankwah\Application Data\Lavasoft
                          2007-12-21 21:55 --------- d-----w C:\Program Files\Yahoo!
                          2007-12-21 21:54 --------- d-----w C:\Program Files\VoipBuster.com
                          2007-12-18 22:21 --------- d-----w C:\Program Files\Opera
                          2007-12-16 21:41 --------- d-----w C:\Program Files\QuickTime
                          2007-12-16 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
                          2007-12-15 18:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
                          2007-12-02 06:39 --------- d-----w C:\Program Files\VoipCheapCom
                          2007-12-01 22:49 --------- d-----w C:\Program Files\Sony
                          2007-12-01 22:39 --------- d-----w C:\Program Files\Sony Setup
                          2007-12-01 22:39 --------- d-----w C:\Documents and Settings\Amankwah\Application Data\Sony Setup
                          2007-12-01 22:31 --------- d-----w C:\Program Files\Common Files\Teleca Shared
                          2007-12-01 22:29 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
                          2007-12-01 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
                          2007-12-01 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
                          2007-12-01 22:28 --------- d-----w C:\Program Files\Sony Ericsson
                          2007-11-21 12:28 --------- d-----w C:\Documents and Settings\Amankwah\Application Data\VoipDiscount
                          2007-11-15 17:32 --------- d-----w C:\Program Files\Winamp
                          2007-11-13 15:30 --------- d-----w C:\Program Files\Windows Media Connect 2
                          2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
                          2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
                          2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
                          2005-11-11 23:13 4,340 ----a-w C:\Program Files\Warez P2P ClientIPGUARD.LOG
                          2005-08-30 18:27 16,252,590 ----a-w C:\Program Files\setup.exe
                          .

                          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          .
                          REGEDIT4
                          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
                          "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
                          "VoipBuster"="C:\program files\voipbuster.com\voipbuster\voipbuster.exe" [ ]
                          "VoipCheapCom"="C:\Program Files\VoipCheapCom\VoipCheapCom.exe" [2007-07-10 22:20 7202360]
                          "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [ ]
                          "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
                          "VoipDiscount"="C:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe" [2006-12-22 13:19 7558720]
                          "Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" [ ]
                          "VoipStunt"="C:\program files\voipstunt.com\voipstunt\voipstunt.exe" [ ]
                          "OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 20:43 95800]
                          "XP Antivirus"="C:\Program Files\XP Antivirus\xpantivirus.exe" [2007-12-27 20:41 493056]

                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "LXSUPMON"="C:\WINDOWS\System32\LXSUPMON.exe" [2002-01-28 13:48 885760]
                          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2004-12-06 21:31 36975]
                          "M1000Mnt"="M1000Rmv.exe"
                          "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [ ]
                          "VTTimer"="VTTimer.exe" [2005-03-07 20:33 53248 C:\WINDOWS\system32\VTTimer.exe]
                          "VTTrayp"="VTtrayp.exe" [2005-10-31 21:15 163840 C:\WINDOWS\system32\VTTrayp.exe]
                          "SoundMan"="SOUNDMAN.EXE" [2005-11-11 07:07 90112 C:\WINDOWS\soundman.exe]
                          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-12 17:48 155648]
                          "RegistryMechanic"=""
                          "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344]
                          "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-20 21:33 185896]
                          "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ ]
                          "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384]
                          "ppkosmyaf"="c:\windows\system32\ppkosmyaf.exe" [ ]
                          "Salestart"="C:\Program Files\Common Files\SecurePCCleaner\mc.exe" [ ]
                          "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-08-03 19:56 3871744]

                          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2Search]
                          C:\Program Files\2search\main.exe

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
                          C:\Program Files\BearShare\BearShare.exe

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMprocess]
                          C:\Program Files\IM Names\IM-svr.EXE

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternetCalls]
                          C:\program files\internetcalls.com\internetcalls\internetcalls.exe

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
                          C:\Program Files\Skype\Phone\Skype.exe

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
                          C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipCheapCom]
                          --a------ 2007-07-10 22:20 7202360 C:\program files\voipcheapcom\voipcheapcom.exe

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipDiscount]
                          --a------ 2006-12-22 13:19 7558720 C:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt]
                          C:\program files\voipstunt.com\voipstunt\voipstunt.exe

                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
                          C:\Program Files\Yahoo!\Messenger\ypager.exe

                          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69586a90-35c5-11db-8369-806d6172696f}]
                          \Shell\AutoRun\command - E:\setup.exe

                          *Newly Created Service* - PROCEXP90
                          .
                          Inhoud van de 'Gedeelde Taken' map
                          "2008-01-05 22:00:00 C:\WINDOWS\Tasks\ADE9FA0B91866D53.job"
                          - c:\progra~1\infomp~1\boobcdromflap.exe
                          "2008-01-05 22:00:00 C:\WINDOWS\Tasks\AE33ECB091849D9C.job"
                          - c:\docume~1\joseph~1\applic~1\infomp~1\boobcdromflap.exe
                          "2008-01-05 22:00:00 C:\WINDOWS\Tasks\AF5BE5D591849E69.job"
                          - c:\docume~1\amankwah\applic~1\infomp~1\boobcdromflap.exe
                          "2008-01-05 22:00:01 C:\WINDOWS\Tasks\BCD1AAF490BA5130.job"
                          - c:\docume~1\o0josi~1\applic~1\infomp~1\boobcdromflap.exe
                          .
                          **************************************************************************

                          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                          Rootkit scan 2008-01-06 23:22:21
                          Windows 5.1.2600 Service Pack 2 NTFS

                          scannen van verborgen processen ...

                          scannen van verborgen autostart items ...

                          scannen van verborgen bestanden ...

                          Scan succesvol afgerond
                          verborgen bestanden: 0

                          **************************************************************************
                          .
                          Voltooingstijd: 2008-01-06 23:23:39
                          ComboFix-quarantined-files.txt 2008-01-06 22:23:08
                          .
                          2007-12-29 08:48:26 --- E O F ---

                          Comment


                          • #14
                            graag wil ik de malafide spyware XP antivirus 2008 op mijn pc verwijderen. help aub

                            Comment


                            • #15
                              Download de bijlage: CFScript.txt

                              Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



                              Dit zal ComboFix doen herstarten.
                              Start opnieuw op als daarom gevraagd wordt,
                              en post de inhoud van de Combofix.txt in je volgende antwoord.
                              Post ook een nieuw logje van Hijackthis en vertel of je nog problemen ondervindt
                              Bijgevoegde Bestanden

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X
                              😀
                              🥰
                              🤢
                              😎
                              😡
                              👍
                              👎