Mededeling

Collapse
No announcement yet.

Windows security alert

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Windows security alert

    Sinds kort heb ik last van een windows security alert
    die zegt dat mijn pc is geinfecteerd en dat ik iets moet klikken om
    het te downloaden.. helaas is dit er net opgekomen nadat de virusscanner
    verwijderd is.. nu kan ik niets meer installeren wat met een virusscanner te maken heeft... hier meteen mij hijackthis log.

    Logfile of HijackThis v1.99.1
    Scan saved at 20:37:21, on 30-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\CTFMON.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\NewsLeecher\newsLeecher.exe
    C:\Program Files\NewsLeecher\newsLeecher.exe
    C:\WINDOWS\avp.exe
    C:\WINDOWS\mgrs.exe
    C:\DOCUME~1\ELISE&~1\LOCALS~1\Temp\1632.exe
    C:\DOCUME~1\ELISE&~1\LOCALS~1\Temp\sysserver.exe
    C:\DOCUME~1\ELISE&~1\LOCALS~1\Temp\hostsys.exe
    C:\WINDOWS\lsass.exe
    C:\DOCUME~1\ELISE&~1\LOCALS~1\Temp\serverhost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Documents and Settings\Elise & Kieran\Application Data\printer.exe
    C:\DOCUME~1\ELISE&~1\LOCALS~1\Temp\powerserver.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
    F3 - REG:win.ini: load=C:\WINDOWS\system32\mljgg.exe
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvdaj.dll,startup
    O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass.exe
    O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
    O4 - Startup: findfast.exe
    O4 - Global Startup: autorun.exe
    O4 - Global Startup: msn_0712_upd292315.exe
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5195/mcfscan.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    Bij voorbaat dank..

    MvG Mister No Style
    Labels: Geen
    • Citaat
  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht tesamen met een nieuw logje van HijackThis.
    • Citaat

    Comment

    • #3
      Gaat niet goed?

      Smeenk,

      Ik heb het bestand gedownload en geopend.. nu is het zo dat hij bij niet een paar bestanden niet kan vinden maar een heleboel.. en op het einde van het programma zegt hij dat het systeem het opgegeven pad niet kan vinden.. mijn computer starte niet zelf opnieuw op en nadat ik dit zelf had gedaan starte het programma zichzelf ook niet op... tijdens het zoeken naar het logfiletje zag ik dat er meerdere mappen op de c schijf licht waren (het leek alsof ze geknipt waren) hier het logje...

      ----------------RVAXO.exe first run-------------

      Files found:


      Uninstallers Rogue scanners:

      [COLOR="Black"]en hier het nieuwe Hijackthis logfile[/COLOR]

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:50:42, on 31-12-2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      F3 - REG:win.ini: load=C:\WINDOWS\system32\mljgg.exe
      O2 - BHO: (no name) - {00DC0058-A87E-4D19-9C26-F1AAC98AD4D7} - C:\WINDOWS\system32\urqnmkh.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {B2454300-AEB1-488F-8D31-EC745163326C} - (no file)
      O2 - BHO: (no name) - {F38E0824-4633-4C5C-BF33-5E4C805EF73D} - C:\WINDOWS\system32\cmcfg3.dll
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
      O4 - HKLM\..\RunOnce: [RVAXO] RVAXO.bat
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5195/mcfscan.cab
      O20 - Winlogon Notify: urqnmkh - C:\WINDOWS\SYSTEM32\urqnmkh.dll
      O20 - Winlogon Notify: winkvs32 - winkvs32.dll (file missing)
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

      --
      End of file - 4586 bytes

      Hopenlijk help dit meer...
      Bijgevoegde Bestanden
      • Citaat

      Comment

      • #4
        Toch ziet het er al beter uit, ondanks het mislukken van het logje.

        Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
        F3 - REG:win.ini: load=C:\WINDOWS\system32\mljgg.exe
        O2 - BHO: (no name) - {00DC0058-A87E-4D19-9C26-F1AAC98AD4D7} - C:\WINDOWS\system32\urqnmkh.dll
        O2 - BHO: (no name) - {B2454300-AEB1-488F-8D31-EC745163326C} - (no file)
        O2 - BHO: (no name) - {F38E0824-4633-4C5C-BF33-5E4C805EF73D} - C:\WINDOWS\system32\cmcfg3.dll
        O4 - HKLM\..\RunOnce: [RVAXO] RVAXO.bat
        O20 - Winlogon Notify: urqnmkh - C:\WINDOWS\SYSTEM32\urqnmkh.dll
        O20 - Winlogon Notify: winkvs32 - winkvs32.dll (file missing)
        Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

        Download Combofix naar je Bureaublad.
        Dubbelklik op Combofix.exe
        Kies voor "Continue" door 1 te typen gevolgd door ENTER.
        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
        Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
        Plaats deze log in je volgende post.

        NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
        • Citaat

        Comment

        • #5
          Combofix

          Hier het logje van combofix

          ComboFix 07-12-31.4 - Elise & Kieran 2007-12-31 18:12:25.1 - NTFSx86
          Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.1215 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Elise & Kieran\Bureaublad\ComboFix.exe
          * Nieuw herstelpunt werd aangemaakt
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\Documents and Settings\Elise & Kieran\Menu Start\Programma's\Outerinfo
          C:\Documents and Settings\Elise & Kieran\Menu Start\Programma's\Outerinfo\Terms.lnk
          C:\Program Files\eliteprotector
          C:\Program Files\Helper
          C:\Program Files\outerinfo
          C:\Program Files\outerinfo\outerinfo.ico
          C:\Program Files\outerinfo\Terms.rtf
          C:\WINDOWS\system32\drvdajr.dll
          C:\WINDOWS\system32\urqnmkh.dll

          .
          (((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-31 ))))))))))))))))))))))))))))))
          .

          2007-12-31 18:11 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
          2007-12-31 17:44 . 2007-12-31 18:16 <DIR> d-------- C:\RVAXO
          2007-12-31 17:38 . 2007-12-30 23:22 580,216 --a------ C:\WINDOWS\system32\RVAXO.bat
          2007-12-31 17:38 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
          2007-12-31 17:38 . 2007-12-13 16:46 7,048 --a------ C:\WINDOWS\system32\fixp.bat
          2007-12-31 17:16 . 2007-12-31 17:20 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
          2007-12-31 17:16 . 2007-12-31 18:02 30,590 --a------ C:\WINDOWS\system32\pavas.ico
          2007-12-31 17:16 . 2007-12-31 18:02 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
          2007-12-31 17:16 . 2007-12-31 18:02 1,406 --a------ C:\WINDOWS\system32\Help.ico
          2007-12-31 15:46 . 2007-12-31 17:54 <DIR> dr-h----- C:\Documents and Settings\Elise & Kieran\Onlangs geopend
          2007-12-31 15:29 . 2007-12-31 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
          2007-12-30 22:48 . 2007-12-30 22:48 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
          2007-12-30 22:48 . 2007-12-30 22:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
          2007-12-30 22:34 . 2007-12-31 16:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2007-12-30 22:24 . 2007-12-30 22:24 <DIR> d-------- C:\Program Files\Trend Micro
          2007-12-30 22:18 . 2007-12-31 15:30 <DIR> d-------- C:\Documents and Settings\Elise & Kieran\Application Data\AVG7
          2007-12-30 22:17 . 2007-12-30 22:17 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
          2007-12-30 22:17 . 2007-12-30 22:17 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
          2007-12-30 22:17 . 2007-12-30 22:17 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
          2007-12-30 22:16 . 2007-12-31 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
          2007-12-30 22:12 . 2007-12-30 22:12 18,684,536 --a------ C:\WINDOWS\system32\MRT .exe
          2007-12-30 22:05 . 2007-10-11 00:53 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
          2007-12-30 22:05 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
          2007-12-30 22:05 . 2007-07-01 04:36 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
          2007-12-30 22:05 . 2007-10-11 00:53 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
          2007-12-30 22:05 . 2007-10-11 00:53 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
          2007-12-30 22:05 . 2007-10-11 00:53 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
          2007-12-30 22:05 . 2007-10-11 00:53 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
          2007-12-30 22:05 . 2007-10-11 00:53 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
          2007-12-30 22:05 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
          2007-12-30 22:03 . 2007-12-30 22:05 <DIR> d-------- C:\WINDOWS\system32\nl-nl
          2007-12-30 21:41 . 2007-12-30 21:49 118 --a------ C:\WINDOWS\system32\MRT.INI
          2007-12-30 21:35 . 2007-12-30 21:35 <DIR> d-------- C:\Program Files\Lavasoft
          2007-12-30 21:35 . 2007-12-30 21:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
          2007-12-30 21:35 . 2007-12-30 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
          2007-12-30 21:26 . 2007-12-31 15:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
          2007-12-30 21:01 . 2007-12-30 21:01 7,075 --a------ C:\WINDOWS\backup.reg
          2007-12-30 20:59 . 2007-12-30 21:00 <DIR> d-------- C:\Program Files\CCleaner
          2007-12-30 20:59 . 2007-12-30 20:59 2,560 --a------ C:\WINDOWS\system32\settings.aaw
          2007-12-30 20:59 . 2007-12-30 20:59 1,744 --a------ C:\WINDOWS\system32\history.aaw
          2007-12-30 20:58 . 2007-12-30 20:58 <DIR> d-------- C:\Program Files\GV_Cleaner
          2007-12-30 20:58 . 2005-04-15 18:58 1,071,088 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
          2007-12-30 20:51 . 2007-12-30 20:51 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
          2007-12-30 20:48 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
          2007-12-30 20:04 . 2007-12-30 20:04 1,158 --a------ C:\WINDOWS\mozver.dat

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2007-12-30 18:59 --------- d-----w C:\Program Files\QuickPar
          2007-12-30 18:57 --------- d-----w C:\Documents and Settings\Elise & Kieran\Application Data\Talkback
          2007-12-30 18:52 19,456 ----a-w C:\WINDOWS\system32\drivers\axbsgsrg.dat
          2007-12-30 18:13 --------- d-----w C:\Program Files\NewsLeecher
          2007-12-30 17:52 --------- d-----w C:\Program Files\microsoft frontpage
          2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
          .
          Code:
          ----a-w            15,360 2007-12-30 19:51:46  C:\WINDOWS\system32\ctfmon .exe
----a-w        18,684,536 2007-12-30 21:12:37  C:\WINDOWS\system32\MRT .exe

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F38E0824-4633-4C5C-BF33-5E4C805EF73D}]
          2006-03-02 13:00 84992 --a------ C:\WINDOWS\system32\cmcfg3.dll

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-31 15:29 579072]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
          "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-31 15:29 219136]

          [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
          SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

          R0 ahyuubzh;ahyuubzh;C:\WINDOWS\system32\drivers\axbsgsrg.dat

          .
          **************************************************************************

          catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2007-12-31 18:16:46
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          Voltooingstijd: 2007-12-31 18:17:39 - machine was rebooted
          C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 17:17:22
          .
          2007-12-31 16:45:33 --- E O F ---

          Ik heb ook last van een trojan horse ik stuur de screenshot mee...

          Bedankt alvast voor je hulp!!!

          MvG Mister No Style
          Bijgevoegde Bestanden
          Last edited by MisterNoStyle; 31-12-07, 17:23.
          • Citaat

          Comment

          • #6
            1. Open Kladblok, kopi&#235;er en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
            • Driver::
              ahyuubzh

              File::
              C:\WINDOWS\system32\drivers\axbsgsrg.dat
              C:\WINDOWS\system32\cmcfg3.dll

              Registry::
              [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F38E0824-4633-4C5C-BF33-5E4C805EF73D}]
              [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
              "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
            Sla dit op op je Bureaublad als CFScript.txt.

            Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



            Dit zal ComboFix doen herstarten.
            Start opnieuw op als daarom gevraagd wordt.

            2. Download RenV.exe naar je Bureaublad.

            Open Kladblok, kopi&#235;er en plak het volgende (ENKEL de INHOUD van het code-venster) in een leeg venster:
            • Code:
              ----a-w            15,360 2007-12-30 19:51:46  C:\WINDOWS\system32\ctfmon .exe
----a-w        18,684,536 2007-12-30 21:12:37  C:\WINDOWS\system32\MRT .exe
            Sla dit op op je Bureaublad als Log.txt.

            Sleep Log.txt in RenV.exe zoals getoond in onderstaand voorbeeld :



            3. Ga naar Kaspersky Online Scanner en klik onderaan op Accept.
            Deze scanner werkt uitsluitend met Internet Explorer 6 en hoger !!
            Het zou kunnen dat je aan de bovenkant van je scherm op een gele balk moet klikken om ActiveX bestanden die Kaspersky nodig heeft om te kunnen scannen te downloaden. Sta dit toe.
            • Het programma begint nu met het downloaden van de laatste definitie files. Hierna klik je op Next.
            • Klik vervolgens op de toets Scan Settings.
              Onder de tekst Scan using the following antivirus database: kies je de tweede mogelijkheid: extended - protect your .....
              Onder de tekst Scan options: zet je de twee vinkjes: Scan Archives .... en Scan Mail Bases ....
            • Klik dan op de toets OK.
            • Start nu het scannen door op de tekst My Computer te klikken.


              Hou er rekening mee dat deze scan een tijdje in beslag neemt.
            • Eenmaal de scan volledig is krijg je de gelegenheid om het scanrapport op te slaan.
              Klik op de toets Save Report As te klikken. Sla het rapport op je Bureaublad op met als naam kavscan.txt

            Post dit rapport, samen met een vers ComboFix logje in je volgende bericht.[/quote]
            • Citaat

            Comment

            • #7
              Combofix + Kaspersky

              Hier het logje

              ComboFix 07-12-31.4 - Elise & Kieran 2007-12-31 19:05:28.2 - NTFSx86
              Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.1175 [GMT 1:00]
              Gestart vanuit: C:\Documents and Settings\Elise & Kieran\Bureaublad\Anti Spyware\ComboFix.exe
              Command switches used :: C:\Documents and Settings\Elise & Kieran\Bureaublad\Anti Spyware\CFScript.txt
              * Nieuw herstelpunt werd aangemaakt

              FILE
              C:\WINDOWS\system32\cmcfg3.dll
              C:\WINDOWS\system32\drivers\axbsgsrg.dat
              .

              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
              .

              C:\WINDOWS\system32\cmcfg3.dll
              C:\WINDOWS\system32\drivers\axbsgsrg.dat

              .
              ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

              .
              -------\LEGACY_AHYUUBZH
              -------\ahyuubzh


              (((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-31 ))))))))))))))))))))))))))))))
              .

              2007-12-31 18:45 . 2007-12-31 18:45 <DIR> d-------- C:\WINDOWS\system32\PDesk
              2007-12-31 18:37 . 2007-12-31 18:45 <DIR> d-------- C:\Program Files\DriverGuide Toolkit
              2007-12-31 18:11 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
              2007-12-31 17:44 . 2007-12-31 18:16 <DIR> d-------- C:\RVAXO
              2007-12-31 17:38 . 2007-12-30 23:22 580,216 --a------ C:\WINDOWS\system32\RVAXO.bat
              2007-12-31 17:38 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
              2007-12-31 17:38 . 2007-12-13 16:46 7,048 --a------ C:\WINDOWS\system32\fixp.bat
              2007-12-31 17:16 . 2007-12-31 17:20 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
              2007-12-31 17:16 . 2007-12-31 18:02 30,590 --a------ C:\WINDOWS\system32\pavas.ico
              2007-12-31 17:16 . 2007-12-31 18:02 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
              2007-12-31 17:16 . 2007-12-31 18:02 1,406 --a------ C:\WINDOWS\system32\Help.ico
              2007-12-31 15:46 . 2007-12-31 19:04 <DIR> dr-h----- C:\Documents and Settings\Elise & Kieran\Onlangs geopend
              2007-12-31 15:29 . 2007-12-31 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
              2007-12-30 22:48 . 2007-12-30 22:48 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
              2007-12-30 22:48 . 2007-12-30 22:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
              2007-12-30 22:34 . 2007-12-31 16:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
              2007-12-30 22:24 . 2007-12-30 22:24 <DIR> d-------- C:\Program Files\Trend Micro
              2007-12-30 22:18 . 2007-12-31 15:30 <DIR> d-------- C:\Documents and Settings\Elise & Kieran\Application Data\AVG7
              2007-12-30 22:17 . 2007-12-30 22:17 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
              2007-12-30 22:17 . 2007-12-30 22:17 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
              2007-12-30 22:17 . 2007-12-30 22:17 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
              2007-12-30 22:16 . 2007-12-31 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
              2007-12-30 22:12 . 2007-12-30 22:12 18,684,536 --a------ C:\WINDOWS\system32\MRT .exe
              2007-12-30 22:05 . 2007-10-11 00:53 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
              2007-12-30 22:05 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
              2007-12-30 22:05 . 2007-07-01 04:36 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
              2007-12-30 22:05 . 2007-10-11 00:53 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
              2007-12-30 22:05 . 2007-10-11 00:53 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
              2007-12-30 22:05 . 2007-10-11 00:53 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
              2007-12-30 22:05 . 2007-10-11 00:53 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
              2007-12-30 22:05 . 2007-10-11 00:53 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
              2007-12-30 22:05 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
              2007-12-30 22:03 . 2007-12-30 22:05 <DIR> d-------- C:\WINDOWS\system32\nl-nl
              2007-12-30 21:41 . 2007-12-30 21:49 118 --a------ C:\WINDOWS\system32\MRT.INI
              2007-12-30 21:35 . 2007-12-30 21:35 <DIR> d-------- C:\Program Files\Lavasoft
              2007-12-30 21:35 . 2007-12-30 21:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
              2007-12-30 21:35 . 2007-12-30 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
              2007-12-30 21:26 . 2007-12-31 15:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
              2007-12-30 21:01 . 2007-12-30 21:01 7,075 --a------ C:\WINDOWS\backup.reg
              2007-12-30 20:59 . 2007-12-30 21:00 <DIR> d-------- C:\Program Files\CCleaner
              2007-12-30 20:59 . 2007-12-30 20:59 2,560 --a------ C:\WINDOWS\system32\settings.aaw
              2007-12-30 20:59 . 2007-12-30 20:59 1,744 --a------ C:\WINDOWS\system32\history.aaw
              2007-12-30 20:58 . 2007-12-30 20:58 <DIR> d-------- C:\Program Files\GV_Cleaner
              2007-12-30 20:51 . 2007-12-30 20:51 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
              2007-12-30 20:48 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
              2007-12-30 20:04 . 2007-12-30 20:04 1,158 --a------ C:\WINDOWS\mozver.dat

              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2007-12-30 18:59 --------- d-----w C:\Program Files\QuickPar
              2007-12-30 18:57 --------- d-----w C:\Documents and Settings\Elise & Kieran\Application Data\Talkback
              2007-12-30 18:13 --------- d-----w C:\Program Files\NewsLeecher
              2007-12-30 17:52 --------- d-----w C:\Program Files\microsoft frontpage
              2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
              .
              Code:
              ----a-w            15,360 2007-12-30 19:51:46  C:\WINDOWS\system32\ctfmon .exe
----a-w        18,684,536 2007-12-30 21:12:37  C:\WINDOWS\system32\MRT .exe

              ((((((((((((((((((((((((((((( [email protected]_18.17.09.73 )))))))))))))))))))))))))))))))))))))))))
              .
              - 2007-12-30 17:51:51 8,738 ----a-w C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
              + 2007-12-31 17:59:08 8,972 ----a-w C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
              - 2007-12-30 17:51:48 76,487 ----a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
              + 2007-12-31 17:59:49 76,487 ----a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
              + 2001-09-28 13:13:30 324,747 ----a-w C:\WINDOWS\system32\drivers\g550dhm.sys
              + 2001-03-08 12:22:16 5,500 ----a-w C:\WINDOWS\system32\drivers\mgabg.sys
              + 2001-08-30 11:15:28 933,888 ----a-w C:\WINDOWS\system32\g400icd.dll
              + 2001-09-28 13:09:22 2,982,005 ----a-w C:\WINDOWS\system32\g550dhd.dll
              + 2001-03-08 12:22:48 81,920 ----a-w C:\WINDOWS\system32\mgabg.exe
              - 2006-03-02 12:00:00 1,392,671 ----a-w C:\WINDOWS\system32\msvbvm60.dll
              + 2004-02-23 08:00:00 1,386,496 ----a-w C:\WINDOWS\system32\msvbvm60.dll
              + 2001-09-21 11:35:24 622,592 ----a-w C:\WINDOWS\system32\PDesk\pdesk.exe
              + 2001-09-21 11:43:42 196,608 ----a-w C:\WINDOWS\system32\PDesk\pdeskcmd.exe
              + 2001-09-21 11:36:34 122,880 ----a-w C:\WINDOWS\system32\PDesk\pdkernel.dll
              + 2001-09-06 14:48:00 49,152 ----a-w C:\WINDOWS\system32\PDesk\pdmmd.dll
              + 2001-09-06 14:49:02 172,032 ----a-w C:\WINDOWS\system32\PDesk\pdmmd.exe
              + 2001-09-06 14:48:02 163,840 ----a-w C:\WINDOWS\system32\PDesk\pdmmdres.dll
              + 2001-09-21 11:40:12 561,152 ----a-w C:\WINDOWS\system32\PDesk\pdpages.dll
              + 2001-09-21 11:46:20 155,648 ----a-w C:\WINDOWS\system32\PDesk\PDResEng.dll
              + 2001-09-21 11:46:40 176,128 ----a-w C:\WINDOWS\system32\PDesk\PDResFre.dll
              + 2001-09-21 11:46:52 172,032 ----a-w C:\WINDOWS\system32\PDesk\PDResGer.dll
              + 2001-09-21 11:47:02 176,128 ----a-w C:\WINDOWS\system32\PDesk\PDResIta.dll
              + 2001-09-21 11:48:08 172,032 ----a-w C:\WINDOWS\system32\PDesk\PDResSpa.dll
              + 2001-09-21 11:31:28 135,168 ----a-w C:\WINDOWS\system32\PDesk\pdshell.dll
              + 2001-09-21 11:42:14 188,416 ----a-w C:\WINDOWS\system32\PDesk\pdtools.dll
              + 2001-07-26 10:33:00 462,848 ----a-w C:\WINDOWS\system32\PDesk\pduninst.exe
              .
              -- Snapshot reset to current date --
              .
              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              REGEDIT4
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-31 15:29 579072]
              "Matrox Powerdesk"="C:\WINDOWS\system32\PDesk\PDesk.exe" [2001-09-21 12:35 622592]

              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
              "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-31 15:29 219136]

              R3 G550DH;G550DH;C:\WINDOWS\system32\DRIVERS\g550dhm.sys [2001-09-28 14:13]
              S3 mgabg;mgabg;C:\WINDOWS\system32\drivers\mgabg.sys [2001-03-08 13:22]

              .
              **************************************************************************

              catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2007-12-31 19:08:19
              Windows 5.1.2600 Service Pack 2 NTFS

              scannen van verborgen processen ...

              scannen van verborgen autostart items ...

              scannen van verborgen bestanden ...

              Scan succesvol afgerond
              verborgen bestanden: 0

              **************************************************************************
              .
              Voltooingstijd: 2007-12-31 19:09:05 - machine was rebooted
              C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 18:08:56
              C:\qoobox\ComboFix2.txt 2007-12-31 17:17:39
              .
              2007-12-31 16:45:33 --- E O F ---


              **************************************************************************
              -------------------------------------------------------------------------------
              KASPERSKY ONLINE SCANNER REPORT
              Monday, December 31, 2007 7:34:31 PM
              Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
              Kaspersky Online Scanner version: 5.0.98.0
              Kaspersky Anti-Virus database last update: 31/12/2007
              Kaspersky Anti-Virus database records: 500816
              -------------------------------------------------------------------------------

              Scan Settings:
              Scan using the following antivirus database: extended
              Scan Archives: true
              Scan Mail Bases: true

              Scan Target - My Computer:
              C:\
              D:\

              Scan Statistics:
              Total number of scanned objects: 20876
              Number of viruses found: 9
              Number of infected objects: 36
              Number of suspicious objects: 0
              Duration of the scan process: 00:22:19

              Infected Object Name / Virus Name / Last Action
              C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
              C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
              C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
              C:\Documents and Settings\Elise & Kieran\Application Data\Mozilla\Firefox\Profiles\zio962m1.default\cert8.db Object is locked skipped
              C:\Documents and Settings\Elise & Kieran\Application Data\Mozilla\Firefox\Profiles\zio962m1.default\formhistory.dat Object is locked skipped
              C:\Documents and Settings\Elise & Kieran\Application Data\Mozilla\Firefox\Profiles\zio962m1.default\history.dat Object is locked skipped
              C:\Documents and Settings\Elise & Kieran\Application Data\Mozilla\Firefox\Profiles\zio962m1.default\key3.db Object is locked skipped
              C:\Documents and Settings\Elise & Kieran\Application Data\Mozilla\Firefox\Profiles\zio962m1.default\parent.lock Object is locked skipped
              C:\Documents and Settings\Elise & Kieran\Application Data\Mozilla\Firefox\Profiles\zio962m1.default\search.sqlite Object is locked skipped
              C:\Documents and Settings\Elise & Kieran\Application Data\Mozilla\Firefox\Profiles\zio962m1.default\urlclassifier2.sqlite Object is locked skipped
              C:\Documents and Settings\Elise & Kieran\Cookies\index.dat Object is locked skipped
              C:\Documents and Settings\Elise & Kieran\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
              C:\Documents and Settings\Elise & Kieran\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
              C:\Documents and Settings\Elise & Kieran\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
              C:\Documents and Settings\Elise & Kieran\Local Settings\Application Data\Mozilla\Firefox\Profiles\zio962m1.default\Cache\_CACHE_001_ Object is locked skipped
              C:\Documents and Settings\Elise & Kieran\Local Settings\Application Data\Mozilla\Firefox\Profiles\zio962m1.default\Cache\_CACHE_002_ Object is locked skipped
              C:\Documents and Settings\Elise & Kieran\Local Settings\Application Data\Mozilla\Firefox\Profiles\zio962m1.default\Cache\_CACHE_003_ Object is locked skipped
              C:\Documents and Settings\Elise & Kieran\Local Settings\Application Data\Mozilla\Firefox\Profiles\zio962m1.default\Cache\_CACHE_MAP_ Object is locked skipped
              C:\Documents and Settings\Elise & Kieran\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
              C:\Documents and Settings\Elise & Kieran\Local Settings\Geschiedenis\History.IE5\MSHist012007123120080101\index.dat Object is locked skipped
              C:\Documents and Settings\Elise & Kieran\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
              C:\Documents and Settings\Elise & Kieran\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
              C:\Documents and Settings\Elise & Kieran\NTUSER.DAT Object is locked skipped
              C:\Documents and Settings\Elise & Kieran\NTUSER.DAT.LOG Object is locked skipped
              C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
              C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
              C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
              C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
              C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
              C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
              C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
              C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
              C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
              C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
              C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
              C:\Program Files\Trend Micro\HijackThis\backups\backup-20071231-181033-990.dll Infected: Trojan-Downloader.Win32.Small.hlf skipped
              C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\axbsgsrg.dat.vir Object is locked skipped
              C:\QooBox\Quarantine\catchme2007-12-31_181641.70.zip/urqnmkh.dll Infected: Trojan-Downloader.Win32.Small.hlf skipped
              C:\QooBox\Quarantine\catchme2007-12-31_181641.70.zip ZIP: infected - 1 skipped
              C:\QooBox\Quarantine\catchme2007-12-31_190813.70.zip/cmcfg3.dll Infected: Trojan.Win32.BHO.agz skipped
              C:\QooBox\Quarantine\catchme2007-12-31_190813.70.zip/axbsgsrg.dat Infected: Rootkit.Win32.Agent.ql skipped
              C:\QooBox\Quarantine\catchme2007-12-31_190813.70.zip ZIP: infected - 2 skipped
              C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP14\A0008512.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP16\A0008535.dll Infected: Trojan-Downloader.Win32.Small.hlf skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP17\change.log Object is locked skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP3\snapshot\MFEX-2.DAT Infected: Trojan.Win32.Qhost.abh skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP3\snapshot\MFEX-3.DAT Infected: Trojan.Win32.Qhost.abh skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP3\snapshot\MFEX-5.DAT Infected: Trojan.Win32.Qhost.abh skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP3\snapshot\MFEX-6.DAT Infected: Trojan.Win32.Qhost.abh skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP3\snapshot\MFEX-7.DAT Infected: Trojan.Win32.Qhost.abh skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP3\snapshot\MFEX-8.DAT Infected: Trojan.Win32.Qhost.abh skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP4\A0000081.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP4\A0000083.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.gn skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP4\A0000083.exe NSIS: infected - 1 skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP4\A0000097.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cpb skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP4\snapshot\MFEX-2.DAT Infected: Trojan.Win32.Qhost.abh skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP4\snapshot\MFEX-3.DAT Infected: Trojan.Win32.Qhost.abh skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP4\snapshot\MFEX-5.DAT Infected: Trojan.Win32.Qhost.abh skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP4\snapshot\MFEX-6.DAT Infected: Trojan.Win32.Qhost.abh skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP4\snapshot\MFEX-7.DAT Infected: Trojan.Win32.Qhost.abh skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP4\snapshot\MFEX-8.DAT Infected: Trojan.Win32.Qhost.abh skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP4\snapshot\MFEX-9.DAT Infected: Trojan.Win32.Qhost.abh skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP5\snapshot\MFEX-10.DAT Infected: Trojan.Win32.Qhost.abh skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP5\snapshot\MFEX-11.DAT Infected: Trojan.Win32.Qhost.abh skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP5\snapshot\MFEX-12.DAT Infected: Trojan.Win32.Qhost.abh skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP5\snapshot\MFEX-2.DAT Infected: Trojan.Win32.Qhost.abh skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP5\snapshot\MFEX-3.DAT Infected: Trojan.Win32.Qhost.abh skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP5\snapshot\MFEX-5.DAT Infected: Trojan.Win32.Qhost.abh skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP5\snapshot\MFEX-6.DAT Infected: Trojan.Win32.Qhost.abh skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP5\snapshot\MFEX-7.DAT Infected: Trojan.Win32.Qhost.abh skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP5\snapshot\MFEX-8.DAT Infected: Trojan.Win32.Qhost.abh skipped
              C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP5\snapshot\MFEX-9.DAT Infected: Trojan.Win32.Qhost.abh skipped
              C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
              C:\WINDOWS\SchedLgU.Txt Object is locked skipped
              C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
              C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
              C:\WINDOWS\system32\config\default Object is locked skipped
              C:\WINDOWS\system32\config\default.LOG Object is locked skipped
              C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
              C:\WINDOWS\system32\config\SAM Object is locked skipped
              C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
              C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
              C:\WINDOWS\system32\config\SECURITY Object is locked skipped
              C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
              C:\WINDOWS\system32\config\software Object is locked skipped
              C:\WINDOWS\system32\config\software.LOG Object is locked skipped
              C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
              C:\WINDOWS\system32\config\system Object is locked skipped
              C:\WINDOWS\system32\config\system.LOG Object is locked skipped
              C:\WINDOWS\system32\drvdaj.dll Infected: Trojan.Win32.Dialer.yz skipped
              C:\WINDOWS\system32\h323log.txt Object is locked skipped
              C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
              C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
              C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
              C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
              C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
              C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
              C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
              C:\WINDOWS\WindowsUpdate.log Object is locked skipped

              Scan process completed.

              Nogmaals Alvast bedankt en een Gezond 2008!!!
              • Citaat

              Comment

              • #8
                Ook de beste wensen voor 2008

                Nog even een vraagje: was je niet echt tevreden met mijn hulp?
                Je ging het immers hier ook nog posten: http://www.multidesk.be/forums/onderwerp/10683/
                • Citaat

                Comment

                • #9
                  Juist wel tevreden!!

                  Ik ben juist wel tevreden met jullie hulp!!
                  zonder jullie zou ik er helemaal niet uitkomen..
                  Ik had het daar ook gepost omdat ik totaal niet meer wist wat
                  ik moest doen omdat ik geen virus scanner meer kon installeren.. en zodoende
                  zo snel mogelijk antwoord zou willen hebben op mijn post...
                  Nu was het zo dat jullie allebei heel erg snel reageerde en ik dus dacht dat het niet zo erg was als jullie allebei mij zouden helpen..
                  Maar daar dacht Multidesk.be dus anders over.. (begrijpelijk maar ok)

                  Ik weet dat jullie mij en anderen gratis en voor niets helpen, Dit waardeer ik enorm.
                  Als ik het zelf zou kunnen zou ik ook mensen willen helpen die er minder verstand van hebben. zodat die mensen weer blij zijn als ze van hun virussen spyware malware en wat dan ook vanaf zijn..

                  vraagje, Hoe weten jullie allemaal precies wat je bij een Hijackthis logje moet aanvinken,
                  en welke programma's je moet aanbieden? is dit per virus/spyware/malware bestand anders?

                  Ik hoop dat ik je wat meer duidelijkheid heb gegeven en dat je begrijpt dat het heel erg goed vind wat jij en de andere moderators en anderen die advies geven doen.. om ons als leken te helpen in jullie eigen tijd

                  Met vriendlijke groet,

                  Mister No Style

                  Oja nog een vraag,

                  Is mijn pc ontsmet of zitten er nog steeds beestjes?
                  • Citaat

                  Comment

                  • #10
                    Het is gewoon heel erg druk in de Hijackthis secties, zowel hier als ook bij Multidesk.be.
                    Wanneer iedereen logjes op meerdere fora tegelijk gaan posten wordt het nog drukker, we kunnen de grote stroom logjes nu al amper aan.
                    Dat is de reden dat we het niet fijn vinden wanneer je logjes dubbel post.
                    Voor jezelf kan het toch ook niet echt handig zijn

                    Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
                    Dit zal alles van RVAXO doen verwijderen.

                    Verwijder de volgende map:
                    C:\Qoobox

                    Maak dan je prullenbak leeg.

                    Download ATF cleaner (mirror)(gemaakt door Atribune)

                    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                    Dubbelklik op ATF cleaner om het programma te starten.
                    Op het tabblad "Main", plaats je een vinkje bij Select All.
                    Klik op de knop Empty Selected.

                    Het volgende doen als je ook FireFox als browser hebt:
                    Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                    (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                    Klik op de knop Empty Selected.

                    Het volgende doen als je ook Opera als browser hebt:
                    Klik op tabblad "Opera", plaats een vinkje bij Select All.
                    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                    Klik op de knop Empty Selected.
                    Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                    Ga naar Start - Uitvoeren en geef hier het volgende in:
                    Combofix /U
                    Druk daarna op OK.
                    Let op: Er moet een spatie tussen Combofix en /U zitten.

                    Dit zal Combofix deïnstalleren.

                    Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                    Kijk hier hoe je je systeemherstel moet uitschakelen.
                    Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                    Post als laatste nog een nieuw logje van Hijackthis ter controle
                    • Citaat

                    Comment

                    • #11
                      Hijackthis

                      Ik begrijp het...

                      ik heb online nog een scan laten doen
                      hier het logje..

                      -------------------------------------------------------------------------------
                      KASPERSKY ONLINE SCANNER REPORT
                      Tuesday, January 01, 2008 7:18:25 PM
                      Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
                      Kaspersky Online Scanner version: 5.0.98.0
                      Kaspersky Anti-Virus database last update: 1/01/2008
                      Kaspersky Anti-Virus database records: 501070
                      -------------------------------------------------------------------------------

                      Scan Settings:
                      Scan using the following antivirus database: extended
                      Scan Archives: true
                      Scan Mail Bases: true

                      Scan Target - My Computer:
                      C:\
                      D:\

                      Scan Statistics:
                      Total number of scanned objects: 17544
                      Number of viruses found: 1
                      Number of infected objects: 1
                      Number of suspicious objects: 0
                      Duration of the scan process: 00:14:23

                      Infected Object Name / Virus Name / Last Action
                      C:\Documents and Settings\All Users\Application Data\sentinel\2.1\gwhashs.dat Object is locked skipped
                      C:\Documents and Settings\Elise & Kieran\Application Data\Mozilla\Firefox\Profiles\zio962m1.default\cert8.db Object is locked skipped
                      C:\Documents and Settings\Elise & Kieran\Application Data\Mozilla\Firefox\Profiles\zio962m1.default\formhistory.dat Object is locked skipped
                      C:\Documents and Settings\Elise & Kieran\Application Data\Mozilla\Firefox\Profiles\zio962m1.default\history.dat Object is locked skipped
                      C:\Documents and Settings\Elise & Kieran\Application Data\Mozilla\Firefox\Profiles\zio962m1.default\key3.db Object is locked skipped
                      C:\Documents and Settings\Elise & Kieran\Application Data\Mozilla\Firefox\Profiles\zio962m1.default\parent.lock Object is locked skipped
                      C:\Documents and Settings\Elise & Kieran\Application Data\Mozilla\Firefox\Profiles\zio962m1.default\search.sqlite Object is locked skipped
                      C:\Documents and Settings\Elise & Kieran\Application Data\Mozilla\Firefox\Profiles\zio962m1.default\urlclassifier2.sqlite Object is locked skipped
                      C:\Documents and Settings\Elise & Kieran\Cookies\index.dat Object is locked skipped
                      C:\Documents and Settings\Elise & Kieran\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
                      C:\Documents and Settings\Elise & Kieran\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
                      C:\Documents and Settings\Elise & Kieran\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
                      C:\Documents and Settings\Elise & Kieran\Local Settings\Application Data\Mozilla\Firefox\Profiles\zio962m1.default\Cache\_CACHE_001_ Object is locked skipped
                      C:\Documents and Settings\Elise & Kieran\Local Settings\Application Data\Mozilla\Firefox\Profiles\zio962m1.default\Cache\_CACHE_002_ Object is locked skipped
                      C:\Documents and Settings\Elise & Kieran\Local Settings\Application Data\Mozilla\Firefox\Profiles\zio962m1.default\Cache\_CACHE_003_ Object is locked skipped
                      C:\Documents and Settings\Elise & Kieran\Local Settings\Application Data\Mozilla\Firefox\Profiles\zio962m1.default\Cache\_CACHE_MAP_ Object is locked skipped
                      C:\Documents and Settings\Elise & Kieran\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
                      C:\Documents and Settings\Elise & Kieran\Local Settings\Geschiedenis\History.IE5\MSHist012008010120080102\index.dat Object is locked skipped
                      C:\Documents and Settings\Elise & Kieran\Local Settings\Temp\~DFDACE.tmp Object is locked skipped
                      C:\Documents and Settings\Elise & Kieran\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
                      C:\Documents and Settings\Elise & Kieran\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
                      C:\Documents and Settings\Elise & Kieran\NTUSER.DAT Object is locked skipped
                      C:\Documents and Settings\Elise & Kieran\NTUSER.DAT.LOG Object is locked skipped
                      C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
                      C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
                      C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
                      C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
                      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
                      C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
                      C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
                      C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
                      C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
                      C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
                      C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
                      C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\MshConf\scoffset.bin.incr Object is locked skipped
                      C:\Program Files\Panda Security\Panda Internet Security 2008\f4d4851e8935eebef0f2eb52b3212bc9PSK_NAMES Object is locked skipped
                      C:\Program Files\Panda Security\Panda Internet Security 2008\f4d4851e8935eebef0f2eb52b3212bc9PSK_NAMES2 Object is locked skipped
                      C:\Program Files\Trend Micro\HijackThis\backups\backup-20071231-181033-990.dll Infected: Trojan-Downloader.Win32.Small.hlf skipped
                      C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
                      C:\System Volume Information\_restore{2C0133CE-C8B0-4906-93D6-B5FDD7357EFC}\RP1\change.log Object is locked skipped
                      C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
                      C:\WINDOWS\SchedLgU.Txt Object is locked skipped
                      C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
                      C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
                      C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
                      C:\WINDOWS\SoftwareDistribution\EventCache\{88D921EF-DD38-4791-8D72-F3630434D332}.bin Object is locked skipped
                      C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
                      C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
                      C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
                      C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
                      C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
                      C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
                      C:\WINDOWS\system32\config\default Object is locked skipped
                      C:\WINDOWS\system32\config\default.LOG Object is locked skipped
                      C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
                      C:\WINDOWS\system32\config\SAM Object is locked skipped
                      C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
                      C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
                      C:\WINDOWS\system32\config\SECURITY Object is locked skipped
                      C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
                      C:\WINDOWS\system32\config\software Object is locked skipped
                      C:\WINDOWS\system32\config\software.LOG Object is locked skipped
                      C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
                      C:\WINDOWS\system32\config\system Object is locked skipped
                      C:\WINDOWS\system32\config\system.LOG Object is locked skipped
                      C:\WINDOWS\system32\h323log.txt Object is locked skipped
                      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
                      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
                      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
                      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
                      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
                      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
                      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
                      C:\WINDOWS\WindowsUpdate.log Object is locked skipped

                      Scan process completed.




                      hier het Hijackthis logje..

                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 18:48:22, on 1-1-2008
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                      Boot mode: Normal

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\SYSTEM32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
                      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\WINDOWS\Explorer.EXE
                      C:\WINDOWS\system32\mgabg.exe
                      C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
                      C:\WINDOWS\system32\PDesk\PDesk.exe
                      C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
                      C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
                      C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE
                      C:\WINDOWS\system32\ctfmon.exe
                      C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
                      C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
                      C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
                      C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
                      c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
                      C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
                      C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE
                      C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
                      C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
                      C:\WINDOWS\system32\wuauclt.exe
                      C:\Program Files\Mozilla Firefox\firefox.exe
                      C:\Program Files\Internet Explorer\iexplore.exe
                      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                      O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
                      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                      O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s
                      O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"
                      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
                      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
                      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
                      O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5195/mcfscan.cab
                      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
                      O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
                      O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
                      O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
                      O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
                      O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
                      O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
                      O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
                      O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

                      --
                      End of file - 6394 bytes

                      MvG Mister No Style
                      Last edited by MisterNoStyle; 01-01-08, 18:19.
                      • Citaat

                      Comment

                      • #12
                        Ziet er goed uit, laatste infectie is een backup van Hijackthis

                        Verwijder deze map maar:
                        C:\Program Files\Trend Micro\HijackThis\backups
                        • Citaat

                        Comment

                        • #13
                          Mijn dank is wederom groot!!

                          Mooi,

                          Mijn dank is groot dat je me geholpen hebt
                          en Keep up the GOOD work!!!

                          MvG

                          Mister No Style
                          • Citaat

                          Comment

                          • #14
                            Graag gedaan hoor, fijn dat het allemaal gelukt is
                            • Citaat

                            Comment

                            Vorige template Volgende
                            Sorry, you are not authorized to view this page
                            Working...
                            X