Mededeling

Collapse
No announcement yet.

Smitfraud-C, zlob.downlaoder.vcd en esse voce precisa VER

Collapse
X
Collapse
  •  
  • Page of 1
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Smitfraud-C, zlob.downlaoder.vcd en esse voce precisa VER

    Hoi,
    Mijn problemen begonnen met dat via Internet Explorer automatisch sites zoals system-defender.com, securepccleaner.com, advancedcleaner.com, viruswebprotect.com (deze sites heb ik nu geblokkeerd) enz. worden geopend, ook als ik IE niet open heb staan. Daarnaast wordt telkens geprobeerd registersleutels, bijvoorbeeld hkey_local_machine\software\classes\clsid\{896F4076-F780-4FD2-93C7-6A8C9DAPD1B} te wijzigen (ik heb dit mbv Spybot S&D geblokkeerd).
    Ik heb in november/december ook divers mailtjes met Esse voce precisa VER ontvangen. ik heb er dacht ik 1 geopend, verder weggegooid.
    Ik heb Norton Internet Security: die geeft geen meldingen. Adaware ook niet. Spybot S&D geeft: een melding van Smitfraud-C en zlob.downloader.com.

    Spybot kan zlob en smitfraud niet verwijderen, althans ze keren telekens terug. Ik heb Smitfraudfix gedraaid, maar nog steeds geeft Spybot aan dat Smitfraud-C en zlob.downloader.vcd aanwezig zijn en er wordt nog steeds geprobeerd registersleutels te wijzigen en wordt IE 'uit zichzelf' geopend.

    Graag uw advies. Bij voorbaat mijn dank.
    Hieronder mijn hijackthis-logfile:

    Logfile of HijackThis v1.99.1
    Scan saved at 20:50:49, on 1-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Jabra\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Dell Network Assistant\hnm_svc.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Jabra\Bluetooth Software\BTTray.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
    C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Monica R\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: The emlkdvo - {3FD92B49-9C06-4EBA-9580-056159561908} - C:\WINDOWS\emlkdvo.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Dell Network Assistant.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Jabra\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
    O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Jabra\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Jabra\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
    O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: alxvdvm - {A8B0F6C5-1B02-4AEF-B63C-5A638D002A23} - C:\WINDOWS\alxvdvm.dll
    O21 - SSODL: bvtqfvx - {BF7ABED4-0509-4CFD-8268-E0FB735B23A2} - C:\WINDOWS\bvtqfvx.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Jabra\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    Labels: Geen
      • Citaat
    • #2
      Download: RVAXO.exe
      • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
      • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
        Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
      • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
      • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
        Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
      • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
      • Post de inhoud van de logfile in je volgende bericht tesamen met een nieuw logje van HijackThis.
        • Citaat

        Comment

        • #3
          Smitfraud-C, zlob.downloader.vcd en Esse voce...

          Hi,

          Ik heb RVAXO gedraaid + HijackThis: zie hieronder.
          Ik heb alle registerwijzigingen maar toegestaan...

          PS. Gisteren (dom) vergeten te melden, maar ik heb IE door Norton laten blokkeren en de problemen treden alleen op als je inlogt als administrator. Bij een account met beperkte rechten treden geen 'rare' meldingen op.

          groet, Moon91

          ----------------RVAXO.exe first run-------------

          Files found:

          C:\WINDOWS\domnftwqkt.dll
          C:\WINDOWS\alxvdvm.dll
          C:\WINDOWS\fvkwdrt.exe
          C:\WINDOWS\rs.txt
          C:\WINDOWS\search_res.txt

          Uninstallers Rogue scanners:


          Folders Found:


          Hosts-file was reset, If you use a custom hosts file please replace it...

          --------------RVAXO.exe last run---------------

          Files found:

          Folders Found:

          --------------RVAXO.exe finished----------------


          Logfile of HijackThis v1.99.1
          Scan saved at 14:41:44, on 2-1-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16574)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Jabra\Bluetooth Software\bin\btwdins.exe
          C:\Program Files\Dell Network Assistant\hnm_svc.exe
          C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
          C:\WINDOWS\stsystra.exe
          C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
          C:\Program Files\Dell\Media Experience\DMXLauncher.exe
          C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
          C:\WINDOWS\System32\DLA\DLACTRLW.EXE
          C:\WINDOWS\system32\rundll32.exe
          C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
          C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
          C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
          C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
          C:\Program Files\Jabra\Bluetooth Software\BTTray.exe
          C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
          C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
          C:\Program Files\Mozilla Firefox\firefox.exe
          C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
          C:\Program Files\Common Files\Teleca Shared\Generic.exe
          C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
          C:\Documents and Settings\Monica R\Bureaublad\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
          O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
          O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
          O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
          O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
          O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
          O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
          O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
          O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
          O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
          O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
          O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
          O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
          O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
          O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
          O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
          O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
          O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
          O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
          O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
          O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
          O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
          O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
          O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
          O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          O4 - Global Startup: BTTray.lnk = ?
          O4 - Global Startup: Dell Network Assistant.lnk = ?
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
          O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Jabra\Bluetooth Software\btsendto_ie_ctx.htm
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
          O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
          O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
          O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Jabra\Bluetooth Software\btsendto_ie.htm
          O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Jabra\Bluetooth Software\btsendto_ie.htm
          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O11 - Options group: [INTERNATIONAL] International*
          O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
          O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
          O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
          O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
          O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
          O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Jabra\Bluetooth Software\bin\btwdins.exe
          O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
          O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
          O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
          O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
          O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
          O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
          O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
          O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
          O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
          O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
          O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
          O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
          O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
          O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
            • Citaat

            Comment

            • #4
              Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
              Dit zal alles van RVAXO doen verwijderen.

              Download Combofix naar je Bureaublad.
              Dubbelklik op Combofix.exe
              Kies voor "Continue" door 1 te typen gevolgd door ENTER.
              Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
              Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
              Plaats deze log in je volgende post.

              NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
                • Citaat

                Comment

                • #5
                  Smitfraud-C, zlob.downloader en Esse voce..

                  Dag Smeenk,
                  Hierbij de log van Combofix.

                  ComboFix 08-01-02.1 - Monica R 2008-01-02 18:00:46.1 - NTFSx86
                  Gestart vanuit: C:\Documents and Settings\Monica R\Bureaublad\ComboFix.exe
                  * Nieuw herstelpunt werd aangemaakt
                  .

                  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                  .

                  C:\Documents and Settings\Benedict\Favorieten\Privacy Protector.url
                  C:\Documents and Settings\Benedict\Favorieten\Spyware&Malware Protection.url
                  C:\Documents and Settings\Willem\Favorieten\Error Cleaner.url
                  C:\Documents and Settings\Willem\Favorieten\Privacy Protector.url
                  C:\Documents and Settings\Willem\Favorieten\Spyware&Malware Protection.url
                  C:\WINDOWS\s32.txt
                  C:\WINDOWS\ws386.ini

                  .
                  (((((((((((((((((((( Bestanden Gemaakt van 2007-12-02 to 2008-01-02 ))))))))))))))))))))))))))))))
                  .

                  2008-01-02 18:00 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
                  2008-01-01 14:00 . 2008-01-01 20:12 5,034 --a------ C:\WINDOWS\system32\tmp.reg
                  2007-12-29 21:26 . 2007-12-29 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                  2007-12-29 17:35 . 2007-12-29 17:35 <DIR> d-------- C:\Program Files\Lavasoft
                  2007-12-29 17:35 . 2007-12-29 17:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
                  2007-12-29 17:34 . 2007-12-29 17:34 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
                  2007-12-28 19:44 . 2007-12-28 19:44 <DIR> d-------- C:\Program Files\MediaSupplyCodec
                  2007-12-22 22:54 . 2007-12-22 22:54 268 --ah----- C:\sqmdata02.sqm
                  2007-12-22 22:54 . 2007-12-22 22:54 244 --ah----- C:\sqmnoopt02.sqm
                  2007-12-13 17:52 . 2007-12-13 17:52 <DIR> d-------- C:\Documents and Settings\Anne-Marie\Application Data\Sonic
                  2007-12-05 17:56 . 2007-12-05 17:56 <DIR> d-------- C:\Documents and Settings\Willem\Application Data\Nokia Multimedia Player
                  2007-12-02 19:36 . 2007-12-02 19:36 <DIR> d-------- C:\Documents and Settings\Anne-Marie\Application Data\AdobeUM

                  .
                  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  2008-01-02 17:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
                  2008-01-02 16:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
                  2008-01-02 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
                  2007-12-30 16:06 --------- d-----w C:\Program Files\Norton Internet Security
                  2007-12-30 16:03 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
                  2007-12-30 16:03 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
                  2007-12-30 16:03 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
                  2007-12-30 16:03 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
                  2007-12-30 16:03 --------- d-----w C:\Program Files\Symantec
                  2007-12-19 16:32 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
                  2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
                  2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
                  2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
                  2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
                  2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
                  2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
                  2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
                  2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
                  2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
                  2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
                  2007-11-03 16:59 --------- d-----w C:\Documents and Settings\Benedict\Application Data\Nokia
                  2007-10-30 23:27 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
                  2007-10-30 18:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
                  2007-10-30 18:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
                  2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
                  2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
                  2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
                  2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
                  2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
                  2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
                  2007-10-10 23:53 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
                  2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
                  2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
                  2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
                  2007-10-10 23:53 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
                  2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
                  2007-10-10 23:53 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
                  2007-10-10 23:53 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
                  2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
                  2007-10-10 23:53 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
                  2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
                  2007-10-10 23:53 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
                  2007-10-10 23:53 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
                  2007-10-10 23:53 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
                  2007-10-10 23:53 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
                  2007-10-10 23:53 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
                  2007-10-10 23:53 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
                  2007-10-10 23:53 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
                  2007-10-10 23:53 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
                  2007-10-10 23:53 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
                  2007-10-10 23:53 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
                  2007-10-10 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
                  2007-10-10 11:02 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
                  2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
                  2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
                  .

                  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  REGEDIT4
                  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
                  "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
                  "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 20:51 7323648]
                  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
                  "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 23:20 339968 C:\WINDOWS\stsystra.exe]
                  "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 07:56 139264]
                  "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12 94208]
                  "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
                  "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
                  "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
                  "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [ ]
                  "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [ ]
                  "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [ ]
                  "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [ ]
                  "MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [ ]
                  "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [ ]
                  "VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [ ]
                  "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [ ]
                  "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 12:00 110592 C:\WINDOWS\system32\bthprops.cpl]
                  "Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 23:34 106496]
                  "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
                  "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 18:22 26248]
                  "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10 271360]
                  "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
                  "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 00:06 487424]

                  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                  "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
                  "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]

                  *Newly Created Service* - COMHOST
                  *Newly Created Service* - PROCEXP90
                  .
                  Inhoud van de 'Gedeelde Taken' map
                  "2007-12-28 19:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan - Monica R.job"
                  - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
                  .
                  **************************************************************************

                  catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                  Rootkit scan 2008-01-02 18:06:53
                  Windows 5.1.2600 Service Pack 2 NTFS

                  scannen van verborgen processen ...

                  scannen van verborgen autostart items ...

                  scannen van verborgen bestanden ...

                  Scan succesvol afgerond
                  verborgen bestanden: 0

                  **************************************************************************
                  .
                  Voltooingstijd: 2008-01-02 18:07:42
                  ComboFix-quarantined-files.txt 2008-01-02 17:07:34
                  .
                  2007-12-12 11:26:43 --- E O F ---
                    • Citaat

                    Comment

                    • #6
                      Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
                      Dit zal alles van RVAXO doen verwijderen.

                      Verwijder de volgende mappen:
                      C:\Program Files\MediaSupplyCodec
                      C:\Qoobox

                      Maak dan je prullenbak leeg.

                      Je Java software is verouderd. oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                      Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                      • Download Java Runtime Environment (JRE) 6.3 en bewaar het naar je Bureaublad.
                      • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                      • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                      • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                      • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                      • Herhaal dit tot alle oudere versies verdwenen zijn.
                      • Na het verwijderen van alle oudere versies, herstart je pc.
                      • Dubbelklik vervolgens op jre-6u3-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                      Download ATF cleaner (mirror)(gemaakt door Atribune)

                      Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                      Dubbelklik op ATF cleaner om het programma te starten.
                      Op het tabblad "Main", plaats je een vinkje bij Select All.
                      Klik op de knop Empty Selected.

                      Het volgende doen als je ook FireFox als browser hebt:
                      Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                      Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                      (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                      Klik op de knop Empty Selected.

                      Het volgende doen als je ook Opera als browser hebt:
                      Klik op tabblad "Opera", plaats een vinkje bij Select All.
                      Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                      Klik op de knop Empty Selected.
                      Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                      Ga naar Start - Uitvoeren en geef hier het volgende in:
                      Combofix /U
                      Druk daarna op OK.
                      Let op: Er moet een spatie tussen Combofix en /U zitten.

                      Dit zal Combofix deïnstalleren.

                      Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                      Kijk hier hoe je je systeemherstel moet uitschakelen.
                      Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                      Post als laatste nog een nieuw logje van Hijackthis ter controle
                        • Citaat

                        Comment

                        • #7
                          Smitfraud-c, zlob.downloader en esse voce...

                          Hoi,
                          Zie hieronder voor het HijackThis logje.
                          Heel erg bedankt voor de zeer snelle en adequate hulp!!! Ik vind het fantastisch!
                          Groet, Moon91


                          Logfile of HijackThis v1.99.1
                          Scan saved at 20:16:06, on 2-1-2008
                          Platform: Windows XP SP2 (WinNT 5.01.2600)
                          MSIE: Internet Explorer v7.00 (7.00.6000.16574)

                          Running processes:
                          C:\WINDOWS\System32\smss.exe
                          C:\WINDOWS\system32\winlogon.exe
                          C:\WINDOWS\system32\services.exe
                          C:\WINDOWS\system32\lsass.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                          C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
                          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                          C:\WINDOWS\Explorer.EXE
                          C:\WINDOWS\system32\spoolsv.exe
                          C:\WINDOWS\stsystra.exe
                          C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
                          C:\Program Files\Dell\Media Experience\DMXLauncher.exe
                          C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                          C:\WINDOWS\System32\DLA\DLACTRLW.EXE
                          C:\WINDOWS\system32\rundll32.exe
                          C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
                          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                          C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
                          C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
                          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                          C:\WINDOWS\system32\ctfmon.exe
                          C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                          C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                          C:\Program Files\Jabra\Bluetooth Software\bin\btwdins.exe
                          C:\Program Files\Dell Network Assistant\hnm_svc.exe
                          C:\Program Files\Jabra\Bluetooth Software\BTTray.exe
                          C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
                          C:\WINDOWS\system32\nvsvc32.exe
                          C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                          C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                          C:\Program Files\Common Files\Teleca Shared\Generic.exe
                          C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
                          C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
                          C:\Documents and Settings\Monica R\Bureaublad\HijackThis.exe

                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                          O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
                          O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
                          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                          O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
                          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                          O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
                          O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
                          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                          O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
                          O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
                          O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
                          O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
                          O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                          O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
                          O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
                          O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
                          O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
                          O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
                          O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
                          O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
                          O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
                          O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
                          O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
                          O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
                          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                          O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
                          O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
                          O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
                          O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
                          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                          O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                          O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                          O4 - Global Startup: BTTray.lnk = ?
                          O4 - Global Startup: Dell Network Assistant.lnk = ?
                          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                          O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Jabra\Bluetooth Software\btsendto_ie_ctx.htm
                          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                          O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
                          O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
                          O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Jabra\Bluetooth Software\btsendto_ie.htm
                          O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Jabra\Bluetooth Software\btsendto_ie.htm
                          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                          O11 - Options group: [INTERNATIONAL] International*
                          O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
                          O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
                          O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
                          O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
                          O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
                          O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
                          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                          O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Jabra\Bluetooth Software\bin\btwdins.exe
                          O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
                          O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
                          O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
                          O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
                          O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
                          O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
                          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
                          O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
                          O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                          O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
                          O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
                          O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
                          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                          O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                          O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                          O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                          O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
                            • Citaat

                            Comment

                            • #8
                              Graag gedaan hoor, je logje ziet er ook weer prima uit
                                • Citaat

                                Comment

                                Vorige template Volgende
                                Sorry, you are not authorized to view this page
                                Working...
                                X
                                😀
                                🥰
                                🤢
                                😎
                                😡
                                👍
                                👎