Mededeling

Collapse
No announcement yet.

Win-spy shareware icoontje ?

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Win-spy shareware icoontje ?

    Ik heb sinds een " film " wat iemand zei dus ik gedownload en gerunt ineens ging mijn pc helemaal traag en kwam er een win-spy icoontje bij klokje en ik heb opgezocht wat het inhoud en daar werd ik niet vrolijk van. Ik heb ook gezocht hoe ik het weg kon krijgen maar dat is me niet gelukt. Dus ik heb een HJT log gemaakt hopen dat jullie er misschien wel kunnen uitkomen.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:53:12, on 4-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
    C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Documents and Settings\Gangster-134\Bureaublad\Snow.exe
    C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
    C:\WINDOWS\system32\hphmon04.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\WINDOWS\vzones\services.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Launchy\Launchy.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    C:\WINDOWS\vzones\smss.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\W32BRG55.EXE
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\HJT\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Sneeuw] "C:\Documents and Settings\Gangster-134\Bureaublad\Snow.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
    O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [ccAppRemXP] C:\WINDOWS\msn64.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
    O4 - Global Startup: Super Turbo Tango Patcher Reloader.lnk = C:\WINDOWS\Super Turbo Tango Patcher\Reloader.exe
    O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197572070812
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

    --
    End of file - 7740 bytes
    Labels: Geen
    • Citaat
  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
    • Citaat

    Comment

    • #3
      Hier heb je hem tevens het win-spy icoontje ofzo is al weg alleen ik weet niet of alles weg is ik denk dat jij het wel kan zien

      ----------------RVAXO.exe first run-------------

      Files found:

      C:\WINDOWS\msn64.exe

      Uninstallers Rogue scanners:


      Folders Found:

      C:\WINDOWS\vzones

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------
      ComboFix 08-01-05.1 - Gangster-134 2008-01-04 18:41:25.1 - NTFSx86
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.547 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Gangster-134\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt
      .

      (((((((((((((((((((( Bestanden Gemaakt van 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))
      .

      2008-01-04 18:40 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
      2008-01-04 18:07 . 2008-01-04 18:08 <DIR> d-------- C:\RVAXO
      2008-01-04 18:05 . 2008-01-04 18:04 588,256 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-01-04 18:05 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
      2008-01-04 16:52 . 2008-01-04 16:53 <DIR> d-------- C:\HJT
      2008-01-04 16:25 . 2008-01-04 16:40 325,713,920 --a------ C:\2A8.tmp
      2008-01-04 16:19 . 2008-01-04 17:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-01-04 16:09 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
      2008-01-04 15:56 . 2008-01-04 16:10 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
      2008-01-04 15:56 . 2008-01-04 15:57 30,590 --a------ C:\WINDOWS\system32\pavas.ico
      2008-01-04 15:56 . 2008-01-04 15:57 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
      2008-01-04 15:56 . 2008-01-04 15:57 1,406 --a------ C:\WINDOWS\system32\Help.ico
      2008-01-04 15:10 . 2008-01-04 15:10 <DIR> d-------- C:\Documents and Settings\Gangster-134\Application Data\Grisoft
      2008-01-04 15:09 . 2008-01-04 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-01-04 15:09 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
      2008-01-04 14:59 . 2008-01-04 14:59 <DIR> d-------- C:\Program Files\Accessories
      2008-01-04 14:59 . 1999-08-18 08:54 180,224 ---h----- C:\WINDOWS\hreg.dll
      2008-01-04 14:59 . 2008-01-03 16:50 40,960 --a------ C:\WINDOWS\ruto32.exe
      2008-01-04 14:59 . 2008-01-03 16:50 26 --a------ C:\WINDOWS\refsdm.dll
      2007-12-31 17:34 . 2007-12-31 17:34 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
      2007-12-31 17:31 . 2007-12-31 17:31 10 --a------ C:\WINDOWS\WININIT.INI
      2007-12-31 16:23 . 2003-07-20 19:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
      2007-12-31 16:23 . 2005-01-04 10:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
      2007-12-31 16:21 . 2008-01-01 12:37 <DIR> d-------- C:\Nexon
      2007-12-31 16:21 . 2001-09-06 21:26 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
      2007-12-31 16:21 . 2001-09-06 21:26 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
      2007-12-31 16:21 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
      2007-12-31 16:21 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
      2007-12-31 16:21 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
      2007-12-31 16:21 . 2001-08-17 22:55 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
      2007-12-31 16:20 . 2007-12-31 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NexonUS
      2007-12-30 22:50 . 2004-06-17 15:19 688,128 --a------ C:\WINDOWS\system32\libeay32.dll
      2007-12-30 22:50 . 2004-06-17 15:19 688,128 --a------ C:\WINDOWS\system\libeay32.dll
      2007-12-30 22:50 . 2004-06-17 15:19 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
      2007-12-30 22:50 . 2004-06-17 15:19 155,648 --a------ C:\WINDOWS\system\ssleay32.dll
      2007-12-26 18:55 . 2007-12-26 20:51 <DIR> d-------- C:\WINDOWS\ShellNew
      2007-12-26 11:25 . 2007-12-26 11:25 <DIR> d-------- C:\Documents and Settings\Gangster-134\Application Data\iScreensaver
      2007-12-26 11:25 . 2007-12-26 11:25 3,146,183 --a------ C:\WINDOWS\win_habbo_screensaver.SCR
      2007-12-26 11:25 . 2007-12-26 11:25 471 --a------ C:\WINDOWS\iScreensaver.ini
      2007-12-25 19:48 . 2007-12-25 19:48 <DIR> d-------- C:\Documents and Settings\Gangster-134\Application Data\Sierra Entertainment
      2007-12-25 16:04 . 2007-12-25 16:04 <DIR> d-------- C:\Program Files\MagicDisc
      2007-12-25 16:04 . 2007-09-05 01:46 92,544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
      2007-12-24 23:13 . 2008-01-04 17:11 <DIR> dr-h----- C:\Documents and Settings\Gangster-134\Onlangs geopend
      2007-12-24 15:31 . 2007-12-24 15:31 <DIR> d-------- C:\Program Files\SystemRequirementsLab
      2007-12-24 15:31 . 2007-12-24 15:31 <DIR> d-------- C:\Documents and Settings\Gangster-134\Application Data\SystemRequirementsLab
      2007-12-24 10:56 . 2006-11-30 10:55 9,011,200 --a------ C:\WINDOWS\system32\Christmas Eve 3D Screensaver.scr.BAK
      2007-12-24 10:23 . 2007-12-24 10:23 <DIR> d-------- C:\Documents and Settings\Gangster-134\Application Data\Verzendmap van Share-to-Web
      2007-12-23 23:07 . 2007-12-23 23:08 <DIR> d-------- C:\Program Files\Hewlett-Packard
      2007-12-23 23:07 . 2007-12-23 23:07 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
      2007-12-23 23:07 . 2007-12-23 23:07 34 --a------ C:\WINDOWS\hpfsched.ini
      2007-12-23 23:04 . 2007-12-23 23:05 <DIR> d-------- C:\Program Files\HP Photosmart 11
      2007-12-23 22:55 . 2007-12-23 22:55 <DIR> d-------- C:\WINDOWS\system32\NtmsData
      2007-12-23 22:40 . 2007-12-23 22:40 <DIR> d-------- C:\Documents and Settings\Gangster-134\Application Data\Nero
      2007-12-23 22:36 . 2007-12-23 22:36 <DIR> d-------- C:\Program Files\Nero
      2007-12-23 22:36 . 2007-12-23 22:36 <DIR> d-------- C:\Program Files\Common Files\Nero
      2007-12-23 22:36 . 2007-12-23 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
      2007-12-23 22:36 . 2006-03-17 11:45 1,757,184 --a------ C:\WINDOWS\system32\imagX7.dll
      2007-12-23 22:36 . 2006-03-17 11:45 802,816 --a------ C:\WINDOWS\system32\imagXRA7.dll
      2007-12-23 22:36 . 2006-03-17 11:45 497,296 --a------ C:\WINDOWS\system32\imagXpr7.dll
      2007-12-23 22:36 . 2006-03-17 14:49 368,640 --a------ C:\WINDOWS\system32\TwnLib4.dll
      2007-12-23 22:36 . 2006-03-17 11:45 258,048 --a------ C:\WINDOWS\system32\imagXR7.dll
      2007-12-23 22:32 . 2007-12-23 22:41 <DIR> d-------- C:\temp\photosmart
      2007-12-23 22:32 . 2007-12-23 22:32 <DIR> d-------- C:\temp
      2007-12-21 01:04 . 2007-12-21 01:04 7,168 --ahs---- C:\WINDOWS\Thumbs.db
      2007-12-21 01:04 . 2007-12-21 01:04 5,632 --ahs---- C:\WINDOWS\system32\Thumbs.db
      2007-12-21 00:30 . 2008-01-04 16:11 <DIR> d-------- C:\Program Files\Launchy
      2007-12-21 00:30 . 2007-12-21 00:30 <DIR> d-------- C:\Documents and Settings\Gangster-134\Application Data\Launchy
      2007-12-21 00:22 . 2007-12-21 00:22 <DIR> d-------- C:\Program Files\IconTweaker
      2007-12-21 00:22 . 2007-12-21 00:22 <DIR> d-------- C:\Documents and Settings\Gangster-134\Application Data\IconTweaker
      2007-12-21 00:22 . 2007-12-21 00:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IconTweaker
      2007-12-21 00:12 . 2007-12-22 17:02 <DIR> d----c--- C:\WINDOWS\Super Turbo Tango Patcher
      2007-12-20 19:15 . 2007-12-20 19:15 <DIR> d-------- C:\WINDOWS\system32\QuickTime
      2007-12-20 19:15 . 2007-12-20 19:15 <DIR> d-------- C:\Program Files\TechSmith
      2007-12-20 19:15 . 2007-12-20 19:15 <DIR> d-------- C:\Program Files\Common Files\TechSmith Shared
      2007-12-20 19:15 . 2007-12-20 19:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
      2007-12-20 19:15 . 2007-08-27 10:53 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
      2007-12-20 19:10 . 2007-12-20 19:10 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
      2007-12-18 19:56 . 2007-12-18 19:56 <DIR> d-------- C:\Program Files\ZyDAS Technology Corporation
      2007-12-18 19:56 . 2007-12-18 19:56 <DIR> d-------- C:\Program Files\Datel
      2007-12-18 19:56 . 2005-08-17 14:43 330,240 --a------ C:\WINDOWS\system32\drivers\ZD1211BU.sys
      2007-12-18 19:56 . 2004-01-14 11:25 81,920 --a------ C:\WINDOWS\system32\ZDPN50.DLL
      2007-12-18 19:56 . 2005-03-18 15:35 31,744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
      2007-12-18 19:56 . 2005-06-08 18:44 29,184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys
      2007-12-18 19:56 . 2004-03-23 16:38 28,672 --a------ C:\WINDOWS\system32\InsDrvZD.dll
      2007-12-18 19:56 . 2003-03-14 12:24 24,576 --a------ C:\WINDOWS\system32\ZyDelReg.exe
      2007-12-18 19:56 . 2005-06-08 18:44 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
      2007-12-18 19:56 . 2004-10-25 13:40 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
      2007-12-18 19:56 . 2004-01-14 11:30 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.SYS
      2007-12-18 19:56 . 2005-07-12 14:44 15,872 --a------ C:\WINDOWS\system32\InsDrvZD64.DLL
      2007-12-18 18:28 . 1998-10-09 15:36 327,168 --a------ C:\WINDOWS\IsUn0413.exe
      2007-12-15 13:08 . 2007-12-15 13:08 <DIR> d-------- C:\WINDOWS\Sun
      2007-12-15 13:08 . 2007-12-15 13:09 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
      2007-12-15 13:08 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
      2007-12-15 13:07 . 2007-12-15 13:08 <DIR> d-------- C:\Program Files\Java
      2007-12-15 13:07 . 2007-12-15 13:07 <DIR> d-------- C:\Program Files\Common Files\Java
      2007-12-15 12:02 . 2007-09-23 23:13 <DIR> d-a------ C:\xampp
      2007-12-14 20:23 . 2007-12-14 20:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
      2007-12-14 20:22 . 2007-12-14 20:22 <DIR> d-------- C:\Program Files\GIF Movie Gear
      2007-12-14 20:07 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
      2007-12-14 20:07 . 2007-11-07 04:55 17,248 --a------ C:\WINDOWS\system32\msinet.ocx

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-01-04 15:10 --------- d-----w C:\Program Files\Messenger Plus! Live
      2007-12-31 21:39 --------- d-----w C:\Program Files\Windows Media Connect 2
      2007-12-20 23:14 2,355,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
      2007-12-20 23:14 2,232,576 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
      2007-12-13 20:21 219,136 ----a-w C:\WINDOWS\system32\uxtheme.dll
      2007-12-13 17:18 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
      2007-12-13 17:18 --------- d-----w C:\Program Files\Windows Live
      2007-12-13 17:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2007-12-13 17:04 --------- d-----w C:\Program Files\microsoft frontpage
      2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
      2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
      2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
      2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
      2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
      2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
      2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
      2007-11-26 15:39 10,192 ----a-w C:\WINDOWS\system32\ramirr2.dll
      2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
      2007-11-02 04:24 176,128 ------w C:\WINDOWS\system32\atiok3x2.dll
      2007-11-02 04:09 268,288 ------w C:\WINDOWS\system32\ati2dvag.dll
      2007-11-02 04:01 143,360 ------w C:\WINDOWS\system32\atipdlxx.dll
      2007-11-02 04:01 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
      2007-11-02 04:00 43,520 ------w C:\WINDOWS\system32\ati2edxx.dll
      2007-11-02 04:00 122,880 ------w C:\WINDOWS\system32\ati2evxx.dll
      2007-11-02 03:59 495,616 ------w C:\WINDOWS\system32\ati2evxx.exe
      2007-11-02 03:50 3,133,728 ------w C:\WINDOWS\system32\ati3duag.dll
      2007-11-02 03:39 1,602,176 ------w C:\WINDOWS\system32\ativvaxx.dll
      2007-11-02 03:24 376,832 ------w C:\WINDOWS\system32\atikvmag.dll
      2007-11-02 03:16 499,712 ------w C:\WINDOWS\system32\ati2cqag.dll
      2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
      2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
      2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
      2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
      2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
      2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
      2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe]
      "Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2007-04-26 16:54 774168]
      "Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-26 17:22 1132056]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
      "Sneeuw"="C:\Documents and Settings\Gangster-134\Bureaublad\Snow.exe" [2007-12-20 18:52 86016]
      "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 13:31 188416]
      "HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2002-06-20 19:51 339968]
      "HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-05-24 13:47 49152]
      "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-18 18:34:22]
      Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [2007-12-21 00:30:52]
      Super Turbo Tango Patcher Reloader.lnk - C:\WINDOWS\Super Turbo Tango Patcher\Reloader.exe [2007-12-05 08:18:50]
      ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2007-12-18 19:56:45]

      R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2005-03-03 00:14]
      R3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
      R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2005-03-03 00:14]
      R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-08-17 14:43]
      S3 ramirr;ramirr;C:\WINDOWS\system32\DRIVERS\ramirr.sys

      *Newly Created Service* - PROCEXP90
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-05 18:43:24
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-01-05 18:44:02
      .
      2007-12-14 19:29:07 --- E O F ---
      • Citaat

      Comment

      • #4
        Zou je de volgende bestanden eens met VirusTotal willen scannen( http://www.virustotal.com/ )
        C:\WINDOWS\hreg.dll
        C:\WINDOWS\ruto32.exe
        C:\WINDOWS\refsdm.dll

        Kopieer de scanresultaten naar je volgende bericht
        • Citaat

        Comment

        • #5
          Bestand hreg.dll ontvangen op 2008.01.04 19:49:40 (CET)
          Huidig status: Laden ... In wachtrij Wachtende Aan het scannen Einde NIET GEVONDEN GESTOPT
          Resultaat: 0/32 (0%)
          .

          http://www.virustotal.com/nl/analisis/a773426502c78c8bcc901747562ec0dd
          Bestand ruto32.exe ontvangen op 2008.01.04 19:56:53 (CET)
          Huidig status: Laden ... In wachtrij Wachtende Aan het scannen Einde NIET GEVONDEN GESTOPT
          Resultaat: 6/32 (18.75%)
          Bestand refsdm.dll ontvangen op 2008.01.04 20:01:04 (CET)
          Huidig status: Laden ... In wachtrij Wachtende Aan het scannen Einde NIET GEVONDEN GESTOPT
          Resultaat: 0/32 (0%)
          • Citaat

          Comment

          • #6
            Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd

            Download de bijlage: CFScript.txt

            Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



            Dit zal ComboFix doen herstarten.
            Start opnieuw op als daarom gevraagd wordt,
            en post de inhoud van de Combofix.txt in je volgende antwoord.
            Bijgevoegde Bestanden
            • Citaat

            Comment

            • #7
              ComboFix 08-01-05.1 - Gangster-134 2008-01-06 10:56:02.2 - NTFSx86
              Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.483 [GMT 1:00]
              Gestart vanuit: C:\Documents and Settings\Gangster-134\Bureaublad\ComboFix.exe
              Command switches used :: C:\Documents and Settings\Gangster-134\Bureaublad\cfscript.txt
              * Nieuw herstelpunt werd aangemaakt

              FILE
              C:\2A8.tmp
              C:\WINDOWS\hreg.dll
              C:\WINDOWS\refsdm.dll
              C:\WINDOWS\ruto32.exe
              .

              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
              .

              C:\2A8.tmp
              C:\WINDOWS\hreg.dll
              C:\WINDOWS\refsdm.dll
              C:\WINDOWS\ruto32.exe

              .
              (((((((((((((((((((( Bestanden Gemaakt van 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))
              .

              2008-01-04 18:40 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
              2008-01-04 16:52 . 2008-01-04 16:53 <DIR> d-------- C:\HJT
              2008-01-04 16:19 . 2008-01-04 17:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
              2008-01-04 16:09 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
              2008-01-04 15:56 . 2008-01-04 16:10 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
              2008-01-04 15:56 . 2008-01-04 15:57 30,590 --a------ C:\WINDOWS\system32\pavas.ico
              2008-01-04 15:56 . 2008-01-04 15:57 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
              2008-01-04 15:56 . 2008-01-04 15:57 1,406 --a------ C:\WINDOWS\system32\Help.ico
              2008-01-04 15:10 . 2008-01-04 15:10 <DIR> d-------- C:\Documents and Settings\Gangster-134\Application Data\Grisoft
              2008-01-04 15:09 . 2008-01-04 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
              2008-01-04 15:09 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
              2008-01-04 14:59 . 2008-01-04 14:59 <DIR> d-------- C:\Program Files\Accessories
              2007-12-31 17:34 . 2007-12-31 17:34 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
              2007-12-31 17:31 . 2007-12-31 17:31 10 --a------ C:\WINDOWS\WININIT.INI
              2007-12-31 16:23 . 2003-07-20 19:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
              2007-12-31 16:23 . 2005-01-04 10:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
              2007-12-31 16:21 . 2008-01-05 18:55 <DIR> d-------- C:\Nexon
              2007-12-31 16:21 . 2001-09-06 21:26 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
              2007-12-31 16:21 . 2001-09-06 21:26 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
              2007-12-31 16:21 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
              2007-12-31 16:21 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
              2007-12-31 16:21 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
              2007-12-31 16:21 . 2001-08-17 22:55 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
              2007-12-31 16:20 . 2007-12-31 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NexonUS
              2007-12-30 22:50 . 2004-06-17 15:19 688,128 --a------ C:\WINDOWS\system32\libeay32.dll
              2007-12-30 22:50 . 2004-06-17 15:19 688,128 --a------ C:\WINDOWS\system\libeay32.dll
              2007-12-30 22:50 . 2004-06-17 15:19 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
              2007-12-30 22:50 . 2004-06-17 15:19 155,648 --a------ C:\WINDOWS\system\ssleay32.dll
              2007-12-26 18:55 . 2007-12-26 20:51 <DIR> d-------- C:\WINDOWS\ShellNew
              2007-12-26 11:25 . 2007-12-26 11:25 <DIR> d-------- C:\Documents and Settings\Gangster-134\Application Data\iScreensaver
              2007-12-26 11:25 . 2007-12-26 11:25 3,146,183 --a------ C:\WINDOWS\win_habbo_screensaver.SCR
              2007-12-26 11:25 . 2007-12-26 11:25 471 --a------ C:\WINDOWS\iScreensaver.ini
              2007-12-25 19:48 . 2007-12-25 19:48 <DIR> d-------- C:\Documents and Settings\Gangster-134\Application Data\Sierra Entertainment
              2007-12-25 16:04 . 2007-12-25 16:04 <DIR> d-------- C:\Program Files\MagicDisc
              2007-12-25 16:04 . 2007-09-05 01:46 92,544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
              2007-12-24 23:13 . 2008-01-06 10:54 <DIR> dr-h----- C:\Documents and Settings\Gangster-134\Onlangs geopend
              2007-12-24 15:31 . 2007-12-24 15:31 <DIR> d-------- C:\Program Files\SystemRequirementsLab
              2007-12-24 15:31 . 2007-12-24 15:31 <DIR> d-------- C:\Documents and Settings\Gangster-134\Application Data\SystemRequirementsLab
              2007-12-24 10:56 . 2006-11-30 10:55 9,011,200 --a------ C:\WINDOWS\system32\Christmas Eve 3D Screensaver.scr.BAK
              2007-12-24 10:23 . 2007-12-24 10:23 <DIR> d-------- C:\Documents and Settings\Gangster-134\Application Data\Verzendmap van Share-to-Web
              2007-12-23 23:07 . 2007-12-23 23:08 <DIR> d-------- C:\Program Files\Hewlett-Packard
              2007-12-23 23:07 . 2007-12-23 23:07 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
              2007-12-23 23:07 . 2007-12-23 23:07 34 --a------ C:\WINDOWS\hpfsched.ini
              2007-12-23 23:04 . 2007-12-23 23:05 <DIR> d-------- C:\Program Files\HP Photosmart 11
              2007-12-23 22:55 . 2007-12-23 22:55 <DIR> d-------- C:\WINDOWS\system32\NtmsData
              2007-12-23 22:40 . 2007-12-23 22:40 <DIR> d-------- C:\Documents and Settings\Gangster-134\Application Data\Nero
              2007-12-23 22:36 . 2007-12-23 22:36 <DIR> d-------- C:\Program Files\Nero
              2007-12-23 22:36 . 2007-12-23 22:36 <DIR> d-------- C:\Program Files\Common Files\Nero
              2007-12-23 22:36 . 2007-12-23 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
              2007-12-23 22:36 . 2006-03-17 11:45 1,757,184 --a------ C:\WINDOWS\system32\imagX7.dll
              2007-12-23 22:36 . 2006-03-17 11:45 802,816 --a------ C:\WINDOWS\system32\imagXRA7.dll
              2007-12-23 22:36 . 2006-03-17 11:45 497,296 --a------ C:\WINDOWS\system32\imagXpr7.dll
              2007-12-23 22:36 . 2006-03-17 14:49 368,640 --a------ C:\WINDOWS\system32\TwnLib4.dll
              2007-12-23 22:36 . 2006-03-17 11:45 258,048 --a------ C:\WINDOWS\system32\imagXR7.dll
              2007-12-23 22:32 . 2007-12-23 22:41 <DIR> d-------- C:\temp\photosmart
              2007-12-23 22:32 . 2007-12-23 22:32 <DIR> d-------- C:\temp
              2007-12-21 01:04 . 2007-12-21 01:04 7,168 --ahs---- C:\WINDOWS\Thumbs.db
              2007-12-21 01:04 . 2007-12-21 01:04 5,632 --ahs---- C:\WINDOWS\system32\Thumbs.db
              2007-12-21 00:30 . 2008-01-04 16:11 <DIR> d-------- C:\Program Files\Launchy
              2007-12-21 00:30 . 2007-12-21 00:30 <DIR> d-------- C:\Documents and Settings\Gangster-134\Application Data\Launchy
              2007-12-21 00:22 . 2007-12-21 00:22 <DIR> d-------- C:\Program Files\IconTweaker
              2007-12-21 00:22 . 2007-12-21 00:22 <DIR> d-------- C:\Documents and Settings\Gangster-134\Application Data\IconTweaker
              2007-12-21 00:22 . 2007-12-21 00:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IconTweaker
              2007-12-21 00:12 . 2007-12-22 17:02 <DIR> d----c--- C:\WINDOWS\Super Turbo Tango Patcher
              2007-12-20 19:15 . 2007-12-20 19:15 <DIR> d-------- C:\WINDOWS\system32\QuickTime
              2007-12-20 19:15 . 2007-12-20 19:15 <DIR> d-------- C:\Program Files\TechSmith
              2007-12-20 19:15 . 2007-12-20 19:15 <DIR> d-------- C:\Program Files\Common Files\TechSmith Shared
              2007-12-20 19:15 . 2007-12-20 19:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
              2007-12-20 19:15 . 2007-08-27 10:53 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
              2007-12-20 19:10 . 2007-12-20 19:10 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
              2007-12-18 19:56 . 2007-12-18 19:56 <DIR> d-------- C:\Program Files\ZyDAS Technology Corporation
              2007-12-18 19:56 . 2007-12-18 19:56 <DIR> d-------- C:\Program Files\Datel
              2007-12-18 19:56 . 2005-08-17 14:43 330,240 --a------ C:\WINDOWS\system32\drivers\ZD1211BU.sys
              2007-12-18 19:56 . 2004-01-14 11:25 81,920 --a------ C:\WINDOWS\system32\ZDPN50.DLL
              2007-12-18 19:56 . 2005-03-18 15:35 31,744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
              2007-12-18 19:56 . 2005-06-08 18:44 29,184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys
              2007-12-18 19:56 . 2004-03-23 16:38 28,672 --a------ C:\WINDOWS\system32\InsDrvZD.dll
              2007-12-18 19:56 . 2003-03-14 12:24 24,576 --a------ C:\WINDOWS\system32\ZyDelReg.exe
              2007-12-18 19:56 . 2005-06-08 18:44 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
              2007-12-18 19:56 . 2004-10-25 13:40 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
              2007-12-18 19:56 . 2004-01-14 11:30 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.SYS
              2007-12-18 19:56 . 2005-07-12 14:44 15,872 --a------ C:\WINDOWS\system32\InsDrvZD64.DLL
              2007-12-18 18:28 . 1998-10-09 15:36 327,168 --a------ C:\WINDOWS\IsUn0413.exe
              2007-12-15 13:08 . 2007-12-15 13:08 <DIR> d-------- C:\WINDOWS\Sun
              2007-12-15 13:08 . 2007-12-15 13:09 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
              2007-12-15 13:08 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
              2007-12-15 13:07 . 2007-12-15 13:08 <DIR> d-------- C:\Program Files\Java
              2007-12-15 13:07 . 2007-12-15 13:07 <DIR> d-------- C:\Program Files\Common Files\Java
              2007-12-15 12:02 . 2007-09-23 23:13 <DIR> d-a------ C:\xampp
              2007-12-14 20:23 . 2007-12-14 20:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
              2007-12-14 20:22 . 2007-12-14 20:22 <DIR> d-------- C:\Program Files\GIF Movie Gear
              2007-12-14 20:07 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
              2007-12-14 20:07 . 2007-11-07 04:55 17,248 --a------ C:\WINDOWS\system32\msinet.ocx
              2007-12-14 20:06 . 2008-01-04 16:12 <DIR> d-------- C:\Program Files\Bonjour
              2007-12-14 20:00 . 2007-12-14 20:00 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
              2007-12-14 20:00 . 2008-01-03 14:51 <DIR> d-------- C:\Program Files\Common Files\Adobe
              2007-12-14 19:46 . 2007-12-14 19:46 <DIR> d-------- C:\Program Files\Alwil Software
              2007-12-14 19:20 . 2007-12-14 19:20 <DIR> d-------- C:\Documents and Settings\Gangster-134\Application Data\DWMRCMSI
              2007-12-14 19:16 . 2007-12-14 19:17 <DIR> d-------- C:\Documents and Settings\Gangster-134\Application Data\DameWare Development
              2007-12-14 19:12 . 2005-03-03 00:14 6,016 --a------ C:\WINDOWS\system32\drivers\vnccom.SYS

              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2008-01-04 15:10 --------- d-----w C:\Program Files\Messenger Plus! Live
              2007-12-31 21:39 --------- d-----w C:\Program Files\Windows Media Connect 2
              2007-12-20 23:14 2,355,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
              2007-12-20 23:14 2,232,576 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
              2007-12-13 20:21 219,136 ----a-w C:\WINDOWS\system32\uxtheme.dll
              2007-12-13 17:18 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
              2007-12-13 17:18 --------- d-----w C:\Program Files\Windows Live
              2007-12-13 17:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
              2007-12-13 17:04 --------- d-----w C:\Program Files\microsoft frontpage
              2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
              2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
              2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
              2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
              2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
              2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
              2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
              2007-11-26 15:39 10,192 ----a-w C:\WINDOWS\system32\ramirr2.dll
              2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
              2007-11-02 04:24 176,128 ------w C:\WINDOWS\system32\atiok3x2.dll
              2007-11-02 04:09 268,288 ------w C:\WINDOWS\system32\ati2dvag.dll
              2007-11-02 04:01 143,360 ------w C:\WINDOWS\system32\atipdlxx.dll
              2007-11-02 04:01 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
              2007-11-02 04:00 43,520 ------w C:\WINDOWS\system32\ati2edxx.dll
              2007-11-02 04:00 122,880 ------w C:\WINDOWS\system32\ati2evxx.dll
              2007-11-02 03:59 495,616 ------w C:\WINDOWS\system32\ati2evxx.exe
              2007-11-02 03:50 3,133,728 ------w C:\WINDOWS\system32\ati3duag.dll
              2007-11-02 03:39 1,602,176 ------w C:\WINDOWS\system32\ativvaxx.dll
              2007-11-02 03:24 376,832 ------w C:\WINDOWS\system32\atikvmag.dll
              2007-11-02 03:16 499,712 ------w C:\WINDOWS\system32\ati2cqag.dll
              2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
              2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
              2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
              2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
              2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
              2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
              2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
              .

              ((((((((((((((((((((((((((((( [email protected]_18.43.35,53 )))))))))))))))))))))))))))))))))))))))))
              .
              + 2008-01-06 09:52:42 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_65c.dat
              .
              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              REGEDIT4
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe]
              "Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2007-04-26 16:54 774168]
              "Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-26 17:22 1132056]
              "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
              "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
              "Sneeuw"="C:\Documents and Settings\Gangster-134\Bureaublad\Snow.exe" [2007-12-20 18:52 86016]
              "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 13:31 188416]
              "HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2002-06-20 19:51 339968]
              "HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-05-24 13:47 49152]
              "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632]
              "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
              "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

              C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
              Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-18 18:34:22]
              Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [2007-12-21 00:30:52]
              Super Turbo Tango Patcher Reloader.lnk - C:\WINDOWS\Super Turbo Tango Patcher\Reloader.exe [2007-12-05 08:18:50]
              ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2007-12-18 19:56:45]

              R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2005-03-03 00:14]
              R3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
              R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2005-03-03 00:14]
              R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-08-17 14:43]
              S3 ramirr;ramirr;C:\WINDOWS\system32\DRIVERS\ramirr.sys

              .
              **************************************************************************

              catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2008-01-06 10:58:06
              Windows 5.1.2600 Service Pack 2 NTFS

              scannen van verborgen processen ...

              scannen van verborgen autostart items ...

              scannen van verborgen bestanden ...

              Scan succesvol afgerond
              verborgen bestanden: 0

              **************************************************************************
              .
              Voltooingstijd: 2008-01-06 10:58:41
              ComboFix-quarantined-files.txt 2008-01-06 09:58:33
              ComboFix2.txt 2008-01-05 17:44:02
              .
              2007-12-14 19:29:07 --- E O F ---
              • Citaat

              Comment

              • #8
                Verwijder de volgende map:
                C:\Qoobox

                Maak dan je prullenbak leeg.

                Download ATF cleaner (mirror)(gemaakt door Atribune)

                Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                Dubbelklik op ATF cleaner om het programma te starten.
                Op het tabblad "Main", plaats je een vinkje bij Select All.
                Klik op de knop Empty Selected.

                Het volgende doen als je ook FireFox als browser hebt:
                Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                Klik op de knop Empty Selected.

                Het volgende doen als je ook Opera als browser hebt:
                Klik op tabblad "Opera", plaats een vinkje bij Select All.
                Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                Klik op de knop Empty Selected.
                Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                Ga naar Start - Uitvoeren en geef hier het volgende in:
                Combofix /U
                Druk daarna op OK.
                Let op: Er moet een spatie tussen Combofix en /U zitten.

                Dit zal Combofix deïnstalleren.

                Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                Kijk hier hoe je je systeemherstel moet uitschakelen.
                Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                Dan denk ik dat alles weer schoon is
                • Citaat

                Comment

                • #9
                  Je zegt wel dat ik dit moet doen..

                  Verwijder de volgende map:
                  C:\Qoobox

                  Maar ik kan die map totaal niet vinden in C:\ .. dus ik kan hem niet verwijdere :P
                  Last edited by gangster-134; 05-01-08, 11:43.
                  • Citaat

                  Comment

                  • #10
                    Wat er niet is hoef je ook niet te verwijderen
                    • Citaat

                    Comment

                    Vorige template Volgende
                    Sorry, you are not authorized to view this page
                    Working...
                    X