Mededeling

Collapse
No announcement yet.

Virus op msn, verstuurt ebay mail

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Virus op msn, verstuurt ebay mail

    Van dit virus/spyware heb ik de volgende problemen gekregen

    hotmail stuur een mailtje met als onderwerp "ebay" naar al mijn contact personen.
    in dit mailtje stonden 3 linkjes die het virus/spyware verspreiden

    meteen nadat mensen me dit vertelden heb ik mn computer gescanned met AVG free, Spybot Search & Destroy en AdAware SE

    daarna hijackthis

    logje:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:04:55, on 5-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20696)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O1 - Hosts: 66.98.148.65 auto.search.msn.com
    O1 - Hosts: 66.98.148.65 auto.search.msn.es
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [anvshell] anvshell.exe
    O4 - HKLM\..\Run: [LiveNote] livenote.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SchijfBewaker\strpmon.exe" dm=http://schijfbewaker.com ad=http://schijfbewaker.com sd=http://inlog.schijfbewaker.com
    O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\Tjalling Canrinus\Bureaublad\backup\Crack 2\muBlinder.exe -startup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/dataFiles_64916/heartbeat.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

    --
    End of file - 8663 bytes

    hopelijk kunnen jullie mij helpen
    Labels: Geen
    • Citaat
  • #2
    1. Download: RVAXO.exe
    Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.
    Je kunt het programma laten uitpakken naar je bureaublad.
    Open nu de map RVAXO op je bureaublad en dubbelklik RVAXO.cmd
    Er zal een schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze zijn werk doen.
    Daarna zal je PC herstarten, na de herstart opent het venster van RVAXO opnieuw.
    Laat deze lopen en wacht tot er een logfile opent.
    Deze is eventueel ook hier te vinden: C:\RVAXO-results.log
    Post de inhoud in je volgende bericht tesamen met een nieuw logje van HijackThis.

    Herstarte je PC niet?

    Laat RVAXO nog een keer lopen en post dan het nieuwe logje: C:\rvaxo-results.log

    2. Download Combofix naar je bureaublad

    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    Dubbelklik op combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats in je volgende antwoord het logje van combofix (combofix.txt) tesamen met een vers Hijackthis log.

    Post het logje van RVAXO, Combofix en een nieuw Hijackthis logfile in je volgende bericht
    Last edited by Pimmerd; 07-01-08, 20:24.
    Groet,
    Pimmerd
    • Citaat

    Comment

    • #3
      RVAXO log

      ----------------RVAXO.exe first run-------------

      Files found:


      Uninstallers Rogue scanners:


      Folders Found:

      C:\Documents and Settings\Tjalling Canrinus\Application Data\ShoppingReport
      C:\Program Files\SchijfBewaker
      C:\Program Files\Common Files\SchijfBewaker
      C:\Documents and Settings\Tjalling Canrinus\Application Data\SchijfBewaker
      C:\Documents and Settings\All Users\Application Data\SchijfBewaker
      C:\Documents and Settings\All Users\Application Data\SalesMonitor

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------

      Combofix log

      ComboFix 08-01-08.4 - Tjalling Canrinus 2008-01-08 14:21:44.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.159 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Tjalling Canrinus\Local Settings\Temporary Internet Files\Content.IE5\WDFQ6KYB\ComboFix[1].exe
      * Nieuw herstelpunt werd aangemaakt
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\Tjalling Canrinus\Application Data\setup_nl[1].exe

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2007-12-08 to 2008-01-08 ))))))))))))))))))))))))))))))
      .

      2008-01-08 14:21 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
      2008-01-08 14:17 . 2008-01-08 14:17 <DIR> d-------- C:\RVAXO
      2008-01-08 14:15 . 2008-01-08 13:14 592,924 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-01-08 14:15 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
      2008-01-05 15:39 . 2008-01-05 15:39 <DIR> d-------- C:\Program Files\Trend Micro
      2008-01-05 15:08 . 2008-01-05 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-01-05 15:03 . 2008-01-05 15:03 <DIR> d-------- C:\Program Files\Lavasoft
      2008-01-05 15:03 . 2008-01-05 15:03 <DIR> d-------- C:\Documents and Settings\Tjalling Canrinus\Application Data\Lavasoft
      2008-01-02 22:42 . 2008-01-02 22:42 <DIR> d-------- C:\Program Files\directx
      2008-01-02 22:38 . 2008-01-03 10:18 <DIR> d-------- C:\Program Files\Deus Ex - Invisible War
      2008-01-01 13:20 . 2008-01-01 13:22 <DIR> d-------- C:\DeusEx
      2007-12-30 20:39 . 2007-12-30 20:39 <DIR> d-------- C:\OUT_MEDIA_FILES
      2007-12-30 20:34 . 2007-12-30 20:41 <DIR> d-------- C:\Program Files\Webteh
      2007-12-30 20:34 . 2007-12-30 20:34 <DIR> d-------- C:\Documents and Settings\Tjalling Canrinus\Application Data\BSplayer Pro
      2007-12-30 20:34 . 2007-12-30 20:41 <DIR> d-------- C:\Documents and Settings\Tjalling Canrinus\Application Data\BSplayer
      2007-12-29 16:48 . 2008-01-01 11:54 23 --a------ C:\WINDOWS\popcinfot.dat
      2007-12-27 11:31 . 2007-12-27 11:31 <DIR> d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
      2007-12-27 11:31 . 2004-04-23 22:43 374,752 --a------ C:\WINDOWS\system32\WUSBGXP.sys
      2007-12-27 11:31 . 2004-01-07 17:04 339,488 --a------ C:\WINDOWS\system32\WUSB20XP.sys
      2007-12-27 11:31 . 2005-01-07 17:05 147,328 --a------ C:\WINDOWS\system32\rt2500usb.sys
      2007-12-27 11:31 . 2007-12-27 11:31 17,119 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
      2007-12-27 11:31 . 2004-02-03 19:13 8,090 --a------ C:\WINDOWS\system32\WUSB54G.cat
      2007-12-27 11:31 . 2005-03-11 14:01 8,014 --a------ C:\WINDOWS\system32\rt2500usb.cat
      2007-12-27 11:31 . 2004-04-28 13:22 7,846 --a------ C:\WINDOWS\system32\WUSB54GV2.cat
      2007-12-27 11:31 . 2007-12-27 11:31 1,723 --a------ C:\WINDOWS\system32\WLAN.INI
      2007-12-21 19:20 . 2007-12-21 19:30 <DIR> d-------- C:\Program Files\GCFScape
      2007-12-15 18:51 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
      2007-12-11 14:19 . 2007-12-11 14:19 1,158 --a------ C:\WINDOWS\mozver.dat
      2007-12-11 14:18 . 2007-12-11 14:18 <DIR> d-------- C:\Documents and Settings\Tjalling Canrinus\Application Data\Talkback
      2007-12-11 14:17 . 2007-12-11 14:17 0 --a------ C:\WINDOWS\nsreg.dat

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-01-08 13:18 --------- d-----w C:\Program Files\Steam
      2008-01-07 18:07 --------- d-----w C:\Program Files\PokerStars
      2008-01-07 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
      2008-01-07 15:32 --------- d-----w C:\Documents and Settings\Tjalling Canrinus\Application Data\teamspeak2
      2008-01-03 17:00 --------- d-----w C:\Documents and Settings\Tjalling Canrinus\Application Data\AVG7
      2008-01-03 16:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
      2008-01-02 21:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-01-01 11:44 --------- d-----w C:\Program Files\Flagship Studios
      2008-01-01 11:43 --------- d-----w C:\Program Files\Ubisoft
      2007-12-30 19:30 --------- d-----w C:\Program Files\Windows Live Safety Center
      2007-12-21 18:14 --------- d-----w C:\Program Files\DivX
      2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
      2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
      2007-12-11 13:17 --------- d-----w C:\Program Files\Google
      2007-12-09 10:00 --------- d-----w C:\Program Files\Valve Hammer Editor
      2007-12-07 18:24 --------- d-----w C:\Program Files\thriXXX
      2007-12-06 14:35 --------- d-----w C:\Program Files\Marble Arena
      2007-12-03 16:47 --------- d-----w C:\Program Files\FableTLCMod
      2007-11-25 15:36 --------- d-----w C:\Program Files\Microsoft Games
      2007-11-25 15:34 --------- d-----w C:\Program Files\Common Files\InstallShield
      2007-11-24 21:41 --------- d-----w C:\Program Files\BitLord
      2007-11-18 13:52 --------- d-----w C:\Program Files\4Musics OGG to MP3 Converter
      2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
      2007-11-05 16:15 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
      2007-10-29 22:41 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
      2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
      2007-10-20 00:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
      2007-10-20 00:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
      2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
      2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
      2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
      2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
      2007-10-20 00:54 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
      2007-10-20 00:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
      2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
      2007-10-18 09:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
      2007-10-18 09:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
      2007-10-18 09:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
      2007-10-18 09:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
      2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
      2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
      2007-10-18 09:02 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
      2007-10-03 14:24 17,144 ----a-w C:\Documents and Settings\Tjalling Canrinus\Application Data\GDIPFONTCACHEV1.DAT
      2007-09-13 14:25 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
      2007-09-13 14:25 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
      2007-09-13 14:25 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012007091320070914\index.dat
      2007-09-13 14:25 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]
      "Steam"="c:\program files\steam\steam.exe" [2007-12-02 12:34 1266936]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-13 16:47 68856]
      "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 16:09 171464]
      "igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 22:57 1103480]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 10:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
      "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112]
      "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 00:00 28672]
      "CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 00:00 28672]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432]
      "nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe]
      "anvshell"="anvshell.exe" [2003-05-15 04:15 348160 C:\WINDOWS\anvshell.exe]
      "LiveNote"="livenote.exe" [2002-07-11 14:31 40960 C:\WINDOWS\livenote.exe]
      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-22 16:58 579072]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920]
      "CmUsbSound"="cmcnfgu.cpl"
      "muBlinder"="C:\Documents and Settings\Tjalling Canrinus\Bureaublad\backup\Crack 2\muBlinder.exe" [2007-05-13 03:43 1433600]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]
      "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 15:03 219136]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "ShowDeskFix"="regsvr32 /s /n /i:u shell32"

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-22 17:53:30]
      Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-13 16:47:24]
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
      SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

      R1 ANVIOCTL;ANVIOCTL;C:\WINDOWS\system32\DRIVERS\anvioctl.sys [2003-04-01 08:30]
      R2 WUSB54Gv4SVC;WUSB54Gv4SVC;"C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe"
      R3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\system32\drivers\cmudau.sys [2005-03-24 13:36]
      R3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-01-07 16:05]
      S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]

      *Newly Created Service* - PROCEXP90
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-08 14:25:48
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???<????&2?????\??? ??? ???\???\???????????E?9~u?9~\???\?????????`[email protected]?\???\??????s<???\??????s\????&2?A??s?&[email protected]?x???` |?w\[email protected]

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-01-08 14:26:48
      ComboFix-quarantined-files.txt 2008-01-08 13:26:39
      .
      2007-12-12 19:41:10 --- E O F ---

      Hijackthis log

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 14:27:17, on 8-1-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.20696)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
      C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
      C:\WINDOWS\system32\CTHELPER.EXE
      C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\DAEMON Tools\daemon.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\MSN Messenger\livecall.exe
      C:\WINDOWS\system32\cmd.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\notepad.exe
      C:\ComboFix\nircmd.cfexe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
      O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
      O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
      O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [anvshell] anvshell.exe
      O4 - HKLM\..\Run: [LiveNote] livenote.exe
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\Tjalling Canrinus\Bureaublad\backup\Crack 2\muBlinder.exe -startup
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/dataFiles_64916/heartbeat.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

      --
      End of file - 7584 bytes
      • Citaat

      Comment

      • #4
        Open de map RVAXO op je Bureaublad en dubbelklik op Uninstall.bat
        Dit zal RVAXO doen verwijderen

        1. Teatimer van Spybot is actief, deze kan de fix hinderen dus schakelen we deze tijdelijk uit.
        - Start Spybot
        - Ga naar Mode > selecteer Advanced Mode
        - Ga naar Tools en klik op het Resident-icoon in de lijst
        - Haal het vinkje weg bij Resident TeaTimer en klik OK
        - Herstart de computer
        - Download vervolgens ResetTeaTimer.bat naar je Bureaublad.
        Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen.

        2. Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:

        O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\Tjalling Canrinus\Bureaublad\backup\Crack 2\muBlinder.exe -startup

        Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.

        3.Open Kladblok, kopi&#235;er en plak het volgende (vetgedrukte tekst) in een leeg venster:

        File::
        C:\WINDOWS\popcinfot.dat

        Sla dit op op je Bureaublad als CFScript.txt

        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



        Dit zal ComboFix doen herstarten.
        Start opnieuw op als daarom gevraagd wordt,
        en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

        Hoe is het met je problemen?
        Groet,
        Pimmerd
        • Citaat

        Comment

        • #5
          comboFix log:

          ComboFix 08-01-09.2 - Tjalling Canrinus 2008-01-13 14:16:12.2 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.194 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Tjalling Canrinus\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\Tjalling Canrinus\Bureaublad\CFScript.txt
          * Nieuw herstelpunt werd aangemaakt

          FILE
          C:\WINDOWS\popcinfot.dat
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\WINDOWS\popcinfot.dat

          .
          (((((((((((((((((((( Bestanden Gemaakt van 2007-12-13 to 2008-01-13 ))))))))))))))))))))))))))))))
          .

          2008-01-09 17:40 . 2008-01-09 17:40 281 --a------ C:\WINDOWS\vtmb.ini
          2008-01-09 17:31 . 2008-01-10 12:26 <DIR> d-------- C:\Program Files\Vampire - Bloodlines
          2008-01-09 16:57 . 2008-01-09 16:57 <DIR> d-------- C:\Program Files\GameVicio
          2008-01-09 16:55 . 2004-12-23 15:16 5,152,208 --a------ C:\CrackNoCD.exe
          2008-01-08 22:55 . 2006-08-26 15:03 5,145,361 --a------ C:\VampireBloodLines(crackNoCD).ZIP
          2008-01-08 14:21 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
          2008-01-05 15:39 . 2008-01-05 15:39 <DIR> d-------- C:\Program Files\Trend Micro
          2008-01-05 15:08 . 2008-01-05 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2008-01-05 15:03 . 2008-01-05 15:03 <DIR> d-------- C:\Program Files\Lavasoft
          2008-01-05 15:03 . 2008-01-05 15:03 <DIR> d-------- C:\Documents and Settings\Tjalling Canrinus\Application Data\Lavasoft
          2008-01-02 22:42 . 2008-01-02 22:42 <DIR> d-------- C:\Program Files\directx
          2008-01-02 22:38 . 2008-01-03 10:18 <DIR> d-------- C:\Program Files\Deus Ex - Invisible War
          2008-01-01 13:20 . 2008-01-01 13:22 <DIR> d-------- C:\DeusEx
          2007-12-30 20:39 . 2007-12-30 20:39 <DIR> d-------- C:\OUT_MEDIA_FILES
          2007-12-30 20:34 . 2007-12-30 20:41 <DIR> d-------- C:\Program Files\Webteh
          2007-12-30 20:34 . 2007-12-30 20:34 <DIR> d-------- C:\Documents and Settings\Tjalling Canrinus\Application Data\BSplayer Pro
          2007-12-30 20:34 . 2007-12-30 20:41 <DIR> d-------- C:\Documents and Settings\Tjalling Canrinus\Application Data\BSplayer
          2007-12-27 11:31 . 2007-12-27 11:31 <DIR> d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
          2007-12-27 11:31 . 2004-04-23 22:43 374,752 --a------ C:\WINDOWS\system32\WUSBGXP.sys
          2007-12-27 11:31 . 2004-01-07 17:04 339,488 --a------ C:\WINDOWS\system32\WUSB20XP.sys
          2007-12-27 11:31 . 2005-01-07 17:05 147,328 --a------ C:\WINDOWS\system32\rt2500usb.sys
          2007-12-27 11:31 . 2007-12-27 11:31 17,119 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
          2007-12-27 11:31 . 2004-02-03 19:13 8,090 --a------ C:\WINDOWS\system32\WUSB54G.cat
          2007-12-27 11:31 . 2005-03-11 14:01 8,014 --a------ C:\WINDOWS\system32\rt2500usb.cat
          2007-12-27 11:31 . 2004-04-28 13:22 7,846 --a------ C:\WINDOWS\system32\WUSB54GV2.cat
          2007-12-27 11:31 . 2007-12-27 11:31 1,723 --a------ C:\WINDOWS\system32\WLAN.INI
          2007-12-21 19:20 . 2007-12-21 19:30 <DIR> d-------- C:\Program Files\GCFScape
          2007-12-15 18:51 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-01-13 13:06 --------- d-----w C:\Program Files\Steam
          2008-01-12 14:30 --------- d-----w C:\Documents and Settings\Tjalling Canrinus\Application Data\teamspeak2
          2008-01-12 14:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
          2008-01-09 18:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2008-01-07 18:07 --------- d-----w C:\Program Files\PokerStars
          2008-01-03 17:00 --------- d-----w C:\Documents and Settings\Tjalling Canrinus\Application Data\AVG7
          2008-01-03 16:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
          2008-01-01 11:44 --------- d-----w C:\Program Files\Flagship Studios
          2008-01-01 11:43 --------- d-----w C:\Program Files\Ubisoft
          2007-12-30 19:30 --------- d-----w C:\Program Files\Windows Live Safety Center
          2007-12-21 18:14 --------- d-----w C:\Program Files\DivX
          2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
          2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
          2007-12-11 13:18 --------- d-----w C:\Documents and Settings\Tjalling Canrinus\Application Data\Talkback
          2007-12-11 13:17 --------- d-----w C:\Program Files\Google
          2007-12-09 10:00 --------- d-----w C:\Program Files\Valve Hammer Editor
          2007-12-07 18:24 --------- d-----w C:\Program Files\thriXXX
          2007-12-06 14:35 --------- d-----w C:\Program Files\Marble Arena
          2007-12-03 16:47 --------- d-----w C:\Program Files\FableTLCMod
          2007-11-25 15:36 --------- d-----w C:\Program Files\Microsoft Games
          2007-11-25 15:34 --------- d-----w C:\Program Files\Common Files\InstallShield
          2007-11-24 21:41 --------- d-----w C:\Program Files\BitLord
          2007-11-18 13:52 --------- d-----w C:\Program Files\4Musics OGG to MP3 Converter
          2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
          2007-11-07 09:51 732,160 ----a-w C:\WINDOWS\system32\lsasrv.dll
          2007-11-05 16:15 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
          2007-10-29 22:41 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
          2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
          2007-10-20 00:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
          2007-10-20 00:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
          2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
          2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
          2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
          2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
          2007-10-20 00:54 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
          2007-10-20 00:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
          2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
          2007-10-18 09:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
          2007-10-18 09:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
          2007-10-18 09:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
          2007-10-18 09:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
          2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
          2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
          2007-10-18 09:02 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
          2007-10-03 14:24 17,144 ----a-w C:\Documents and Settings\Tjalling Canrinus\Application Data\GDIPFONTCACHEV1.DAT
          2007-09-13 14:25 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
          2007-09-13 14:25 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
          2007-09-13 14:25 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012007091320070914\index.dat
          2007-09-13 14:25 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
          .

          ((((((((((((((((((((((((((((( [email protected]_14.26.26,56 )))))))))))))))))))))))))))))))))))))))))
          .
          + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
          + 2008-01-13 13:16:00 241,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
          + 2008-01-13 13:16:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
          + 2008-01-13 13:16:00 53,248 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
          + 2008-01-13 13:16:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
          + 2008-01-13 13:16:00 5,058,560 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
          + 2008-01-13 13:16:01 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
          + 2008-01-09 18:45:11 10,134 ----a-r C:\WINDOWS\Installer\{08F8FD7C-44A5-4423-B87C-EBD3D94C9F87}\ARPPRODUCTICON.exe
          - 2006-11-18 09:01:06 731,648 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
          + 2007-11-07 09:51:06 732,160 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
          - 2006-06-17 19:19:34 360,576 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
          + 2007-10-30 16:53:32 360,832 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
          - 2006-06-17 19:19:34 360,576 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
          + 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
          - 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
          + 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
          .
          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]
          "Steam"="c:\program files\steam\steam.exe" [2007-12-02 12:34 1266936]
          "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-13 16:47 68856]
          "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 16:09 171464]
          "igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 22:57 1103480]
          "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 10:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
          "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112]
          "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 00:00 28672]
          "CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 00:00 28672]
          "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432]

          HijackThis log:

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 14:22:52, on 13-1-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.20696)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
          C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
          C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
          C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
          C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
          C:\WINDOWS\system32\CTHELPER.EXE
          C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\DAEMON Tools\daemon.exe
          C:\Program Files\Google\Google Updater\GoogleUpdater.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\MSN Messenger\msnmsgr.exe
          C:\Program Files\MSN Messenger\usnsvc.exe
          C:\Program Files\MSN Messenger\livecall.exe
          C:\WINDOWS\explorer.exe
          C:\WINDOWS\system32\notepad.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
          O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
          O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
          O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
          O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
          O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [anvshell] anvshell.exe
          O4 - HKLM\..\Run: [LiveNote] livenote.exe
          O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
          O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
          O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
          O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
          O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
          O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
          O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
          O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
          O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/dataFiles_64916/heartbeat.cab
          O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
          O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
          O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
          O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

          --
          End of file - 7488 bytes

          Nadat mn email adres zomaar een mailtje stuurde heb ik geen verdere problemen gehad.

          greetz
          • Citaat

          Comment

          • #6
            Ziet er weer goed uit hoor

            Teatimer mag je weer inschakelen, de gebruikte tools mag je weer verwijderen.

            Deinstalleer Combofix:
            Ga naar start --> uitvoeren en typ daar: combofix /u
            Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.

            Download ATF Cleaner (by Atribune)

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Dan kunnen we hem afsluiten denk ik
            Groet,
            Pimmerd
            • Citaat

            Comment

            • #7
              ok dat heb ik gedaan

              kan ik nu AdAware Se, Spybot S&D en HijackThis weer verwijderen?

              bedankt voor alle hulp

              greetz
              • Citaat

              Comment

              • #8
                Adaware en Spybot S&D zou ik laten staan en één keer in de zoveel tijd als controle laten draaien, niet tegelijk. Hijackthis kan je verwijderen. ATF Cleaner vind ik persoonlijk ook een handig programmaatje om af en toe te draaien voor een snelle opruiming.

                Lees hier nog meer over beveiligingstips:
                404 Not Found
                http://users.telenet.be/marcvn/spyware/1564073.htm
                Groet,
                Pimmerd
                • Citaat

                Comment

                Vorige template Volgende
                Sorry, you are not authorized to view this page
                Working...
                X