Mededeling

Collapse
No announcement yet.

HiJackThis log

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    HiJackThis log

    Sinds kort heb ik problemen met het opstarten van mijn laptop. Eerste keer dat ik inlog met mijn gebruikersnaam krijg ik alleen mijn desktop te zien zonder icoontjes of startbalk. Ik moet dan eerst weer uitloggen en opnieuw inloggen voordat deze verschijnen. Eenmaal aan het opstarten krijg ik de volgende foutmeldingen:
    -RegSvr32
    LoadLibrary ("C\Documents and Settings\All Users\Application ata\stszudsv.dll") failed - The specified module could not be found.

    -RegSvr32
    LoadLibrary ("C\Documents and Settings\All Users\Application ata\glwbcnull.dll") failed - The specified module could not be found.

    -Veel Trojan Horse meldingen van mijn anti-virus, maar als ik opdracht geef deze te verwijderen en 'm opnieuw opstart, krijg ik weer precies dezelfde meldingen.

    Verder heb ik de volgende aanbevolen programma's erop staan
    -ZoneAlarm Security
    -Spybot - Search & Destroy
    -Ad-Aware SE professional
    -SpyWareGuard
    -SpyWareBlaster
    -ACG Anti-Spyware 7.5

    Hier mijn logje:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:55, on 2008-01-08
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lenovo\System Update\SUService.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\System32\TPHDEXLG.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
    C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Last.fm\LastFMHelper.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\Wellnomics WorkPace\workpace.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Documents and Settings\s071003\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: {76f8f8b7-409e-b8bb-7684-e482c6041f5c} - {c5f1406c-284e-4867-bb8b-e9047b8f8f67} - C:\WINDOWS\system32\ncvpveiu.dll (file missing)
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [glwbcnul] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\glwbcnul.dll"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [stszudsv] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\stszudsv.dll"
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: Workpace.lnk = C:\Program Files\Wellnomics WorkPace\workpace.cmd (User 'Default user')
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Startup: Workpace.lnk = C:\Program Files\Wellnomics WorkPace\workpace.cmd
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
    O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182432142984
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = campus.tue.nl
    O17 - HKLM\Software\..\Telephony: DomainName = campus.tue.nl
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = campus.tue.nl
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = campus.tue.nl
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = campus.tue.nl
    O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = campus.tue.nl
    O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 13394 bytes
    Labels: Geen
    • Citaat
  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
    • Citaat

    Comment

    • #3
      logjes

      RVAXO-results logje:

      ---RVAXO.exe Updated: 2008-01-16---first run---
      Files found:
      C:\WINDOWS\system32\rtstv.ini2
      C:\WINDOWS\system32\mcrh.tmp
      C:\WINDOWS\Fonts\a.zip

      Uninstallers Rogue scanners:


      Folders Found:

      C:\WINDOWS\system32\njprckha
      C:\Program Files\SecCenter
      C:\WINDOWS\ppqvmpqr

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------





      ComboFix logje:

      ComboFix 08-01-17.5 - s071003 2008-01-17 10:51:35.5 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1257 [GMT 1:00]
      Running from: C:\Documents and Settings\s071003\Desktop\ComboFix.exe
      * Created a new restore point

      WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Program Files\Qryxizsm
      C:\Program Files\Qryxizsm\urojujgd.dll
      C:\WINDOWS\PerfInfo
      C:\WINDOWS\PerfInfo\8fO0JfLnuVuc.exe.bak
      C:\WINDOWS\system32\nuinopsd
      C:\WINDOWS\system32\nuinopsd\bg1.gif
      C:\WINDOWS\system32\nuinopsd\bgtop.gif
      C:\WINDOWS\system32\nuinopsd\bottom1.gif
      C:\WINDOWS\system32\nuinopsd\essentials.gif
      C:\WINDOWS\system32\nuinopsd\icon1.ico
      C:\WINDOWS\system32\nuinopsd\install1.gif
      C:\WINDOWS\system32\nuinopsd\left1.gif
      C:\WINDOWS\system32\nuinopsd\li.gif
      C:\WINDOWS\system32\nuinopsd\logo.gif
      C:\WINDOWS\system32\nuinopsd\main.htm
      C:\WINDOWS\system32\nuinopsd\mainframe.htm
      C:\WINDOWS\system32\nuinopsd\reinstall1.gif
      C:\WINDOWS\system32\nuinopsd\right1.gif
      C:\WINDOWS\system32\nuinopsd\s1.htm
      C:\WINDOWS\system32\nuinopsd\s2.htm
      C:\WINDOWS\system32\nuinopsd\s3.htm
      C:\WINDOWS\system32\nuinopsd\SMTop1.gif
      C:\WINDOWS\system32\nuinopsd\SMTop2.gif
      C:\WINDOWS\system32\nuinopsd\SMTop3.gif
      C:\WINDOWS\system32\nuinopsd\SMTop4.gif
      C:\WINDOWS\system32\nuinopsd\soft1_off.gif
      C:\WINDOWS\system32\nuinopsd\soft1_off_ext.gif
      C:\WINDOWS\system32\nuinopsd\soft1_on.gif
      C:\WINDOWS\system32\nuinopsd\soft1_on_ext.gif
      C:\WINDOWS\system32\nuinopsd\soft2_off.gif
      C:\WINDOWS\system32\nuinopsd\soft2_off_ext.gif
      C:\WINDOWS\system32\nuinopsd\soft2_on.gif
      C:\WINDOWS\system32\nuinopsd\soft2_on_ext.gif
      C:\WINDOWS\system32\nuinopsd\soft3_off.gif
      C:\WINDOWS\system32\nuinopsd\soft3_off_ext.gif
      C:\WINDOWS\system32\nuinopsd\soft3_on.gif
      C:\WINDOWS\system32\nuinopsd\soft3_on_ext.gif
      C:\WINDOWS\system32\nuinopsd\softbottom_off.gif
      C:\WINDOWS\system32\nuinopsd\softbottom_on.gif
      C:\WINDOWS\system32\nuinopsd\softleft_off.gif
      C:\WINDOWS\system32\nuinopsd\softleft_on.gif
      C:\WINDOWS\system32\nuinopsd\top1.gif
      C:\WINDOWS\system32\nuinopsd\top2.gif
      C:\WINDOWS\system32\nuinopsd\turnoff1.gif
      C:\WINDOWS\system32\nuinopsd\turnon1.gif
      C:\WINDOWS\system32\rtstv.ini
      C:\WINDOWS\Fonts\'

      .
      ((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
      .

      2008-01-17 10:41 . 2008-01-17 10:42 <DIR> d-------- C:\RVAXO
      2008-01-17 10:37 . 2008-01-17 00:36 609,484 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-01-17 10:37 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
      2008-01-17 09:56 . 2008-01-17 09:56 <DIR> d-------- C:\Program Files\iPod
      2008-01-14 19:39 . 2008-01-14 19:39 <DIR> d-------- C:\Documents and Settings\s071003\Application Data\Ahead
      2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
      2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
      2007-12-31 15:36 . 2007-12-31 15:36 <DIR> d-------- C:\Documents and Settings\s071003\Incomplete
      2007-12-31 15:34 . 2008-01-15 11:35 <DIR> d-------- C:\Documents and Settings\s071003\Application Data\LimeWirePlus
      2007-12-31 11:27 . 2007-12-31 11:27 <DIR> d-------- C:\Program Files\LimeWire Plus
      2007-12-24 16:15 . 2007-12-24 16:15 <DIR> d-------- C:\Program Files\ZoneAlarmSB
      2007-12-20 22:00 . 2007-12-20 22:00 2,359,350 --a------ C:\WINDOWS\s071003.bmp

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-01-17 10:01 --------- d-----w C:\Program Files\Symantec AntiVirus
      2008-01-17 10:00 47,372 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
      2008-01-17 10:00 3,778,592 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
      2008-01-17 09:52 --------- d-----w C:\Program Files\Hofhnlpb
      2008-01-17 09:39 1,424,896 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
      2008-01-17 08:57 --------- d-----w C:\Program Files\iTunes
      2008-01-17 08:53 --------- d-----w C:\Program Files\QuickTime
      2008-01-09 17:52 --------- d-----w C:\Documents and Settings\s071003\Application Data\mIRC
      2008-01-09 17:15 --------- d-----w C:\Program Files\mIRC
      2008-01-08 20:57 --------- d-----w C:\Program Files\Messenger Plus! Live
      2008-01-08 11:40 --------- d-----w C:\Program Files\edwhaheb
      2007-12-24 20:32 --------- d-----w C:\Program Files\PartyGaming
      2007-12-21 13:08 82,432 ----a-w C:\WINDOWS\Internet Logs\xDB882.tmp
      2007-12-21 13:08 1,725,952 ----a-w C:\WINDOWS\Internet Logs\xDB883.tmp
      2007-12-20 18:56 2,688,512 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
      2007-12-20 18:56 1,720,320 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
      2007-12-13 18:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
      2007-12-13 18:24 --------- d-----w C:\Program Files\NCH Swift Sound
      2007-12-13 18:24 --------- d-----w C:\Documents and Settings\s071003\Application Data\NCH Swift Sound
      2007-12-07 09:26 --------- d-----w C:\Program Files\Common Files\Ahead
      2007-12-07 09:26 --------- d-----w C:\Program Files\Ahead
      2007-12-07 08:49 --------- d-----w C:\Program Files\DivX
      2007-12-04 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Last.fm
      2007-12-04 19:27 --------- d-----w C:\Program Files\Last.fm
      2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
      2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
      2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
      2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
      2007-12-03 16:36 --------- d-----w C:\Documents and Settings\s071003\Application Data\Apple Computer
      2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
      2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
      2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
      2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
      2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
      2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
      2007-11-29 18:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
      2007-11-29 18:18 --------- d-----w C:\Program Files\Apple Software Update
      2007-11-29 18:17 --------- d-----w C:\Program Files\Common Files\Apple
      2007-11-29 18:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
      2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
      2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
      2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
      2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
      2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
      2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
      2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
      2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
      2007-11-27 10:31 --------- d-----w C:\Documents and Settings\s071003\Application Data\BSplayer
      2007-11-27 10:28 --------- d-----w C:\Program Files\Webteh
      2007-11-25 18:03 1,065,428 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
      2007-11-23 06:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2007-11-21 09:30 1,562,624 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
      2007-11-20 20:39 --------- d-----w C:\Program Files\Samsung
      2007-11-19 17:49 --------- d-----w C:\Program Files\Activision Value
      2007-11-19 17:27 223,128 ----a-w C:\WINDOWS\system32\drivers\vaxscsi.sys
      2007-11-14 15:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
      2007-11-14 15:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
      2007-11-11 10:19 1,403,392 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
      2007-11-11 09:04 496,640 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
      2007-11-11 09:04 1,398,784 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
      2007-11-07 09:50 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
      2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
      2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
      2007-10-27 16:30 47,360 ----a-w C:\Documents and Settings\s071003\Application Data\pcouffin.sys
      2007-10-27 08:06 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
      2007-10-27 08:06 249,856 ------w C:\WINDOWS\Setup1.exe
      2007-07-12 08:31 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5f1406c-284e-4867-bb8b-e9047b8f8f67}]
      C:\WINDOWS\system32\ncvpveiu.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

      [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 18:26 52896]
      "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 19:33 125168]
      "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 01:11 925696]
      "TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-12-10 18:36 536576]
      "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 13:17 110592]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 13:16 512000]
      "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-04-13 00:15 196608]
      "BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-04-13 00:15 208896]
      "LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-03-23 01:02 120368]
      "ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-05-17 10:46 413696]
      "ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-05-17 10:41 126976]
      "TP4EX"="tp4ex.exe" [2005-10-17 00:11 65536 C:\WINDOWS\system32\TP4EX.exe]
      "TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-10 02:03 58416]
      "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 04:20 122940]
      "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]
      "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
      "EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-29 01:32 243248]
      "TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 15:28 868352]
      "TpShocks"="TpShocks.exe" [2007-03-29 17:40 181808 C:\WINDOWS\system32\TpShocks.exe]
      "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:56 110592 C:\WINDOWS\system32\bthprops.cpl]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
      "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

      C:\Documents and Settings\templateusr\Start Menu\Programs\Startup\
      Workpace.lnk - C:\Program Files\Wellnomics WorkPace\workpace.cmd [2007-06-25 15:37:51]

      C:\Documents and Settings\s071003\Start Menu\Programs\Startup\
      SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]
      Workpace.lnk - C:\Program Files\Wellnomics WorkPace\workpace.cmd [2007-06-25 15:37:51]

      C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
      AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 13:43:54]
      Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-12-04 20:26:57]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "disablecad"= 0 (0x0)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
      "DisableRegistryTools"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winubg32]
      winubg32.dll

      R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-03-02 16:49]
      R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-03-02 16:47]
      R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 08:27]
      R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 10:24]
      R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2007-04-13 00:15]
      S3 btusbflt;Bluetooth USB Filter;C:\WINDOWS\system32\drivers\btusbflt.sys [2006-11-13 03:58]
      S3 csaudio;USB2.0 Audio Device Driver;C:\WINDOWS\system32\DRIVERS\CsAud.sys [2002-10-08 17:45]
      S3 DCamUSB20;Crescentec DC-1100;C:\WINDOWS\system32\Drivers\CsMini20.sys [2002-11-11 15:57]
      S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
      S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
      S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
      S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
      S3 tpflhlp;tpflhlp;C:\Program Files\Lenovo\System Update\session\7iuj06us\tpflhlp.sys [2007-04-23 16:10]
      S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 16:00]

      .
      Contents of the 'Scheduled Tasks' folder
      "2008-01-14 13:54:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2008-01-17 10:03:26 C:\WINDOWS\Tasks\PMTask.job"
      - C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-17 11:03:21
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
      -> C:\PROGRA~1\ThinkPad\UTILIT~1\US\PWRMGRRT.DLL
      -> C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL
      .
      Completion time: 2008-01-17 11:08:00 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-01-17 10:07:53
      .
      2008-01-09 14:55:26 --- E O F ---
      • Citaat

      Comment

      • #4
        Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
        Dit zal alles van RVAXO doen verwijderen.

        Verwijder de volgende mappen:
        C:\Qoobox
        C:\Program Files\Hofhnlpb
        C:\Program Files\edwhaheb

        Maak dan je prullenbak leeg.

        Je Java software is verouderd. oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
        Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
        • Download Java Runtime Environment (JRE) 6u4.
        • Scroll omlaag naar : "Java Runtime Environment (JRE) 6u4".
        • Klik op de "Download" knop aan de rechterkant.
        • In het uitklapmenu rechts naast Platform, selecteer Windows
        • Vink aan: "I agree to the Java SE Runtime Environment 6 License Agreement", en klik op Continue.
        • De pagina zal herladen.
        • Klik op de jre-6u4-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
        • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
        • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
        • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
        • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
        • Herhaal dit tot alle oudere versies verdwenen zijn.
        • Na het verwijderen van alle oudere versies, herstart je pc.
        • Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


        Download ATF cleaner (mirror)(gemaakt door Atribune)

        Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

        Dubbelklik op ATF cleaner om het programma te starten.
        Op het tabblad "Main", plaats je een vinkje bij Select All.
        Klik op de knop Empty Selected.

        Het volgende doen als je ook FireFox als browser hebt:
        Klik op tabblad "Firefox", plaats een vinkje bij Select All.
        Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        (dit haalt het vinkje weer weg bij "Firefox saved passwords")
        Klik op de knop Empty Selected.

        Het volgende doen als je ook Opera als browser hebt:
        Klik op tabblad "Opera", plaats een vinkje bij Select All.
        Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        Klik op de knop Empty Selected.
        Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

        Ga naar Start - Uitvoeren en geef hier het volgende in:
        Combofix /U
        Druk daarna op OK.
        Let op: Er moet een spatie tussen Combofix en /U zitten.

        Dit zal Combofix deïnstalleren.

        Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
        Kijk hier hoe je je systeemherstel moet uitschakelen.
        Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

        Post een nieuw logje van Hijackthis ter controle
        • Citaat

        Comment

        • #5
          logje

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 13:33, on 2008-01-17
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16574)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\ibmpmsvc.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\ZoneLabs\vsmon.exe
          C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
          C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
          C:\Program Files\Symantec AntiVirus\DefWatch.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Lenovo\System Update\SUService.exe
          C:\Program Files\Symantec AntiVirus\Rtvscan.exe
          C:\WINDOWS\System32\TPHDEXLG.exe
          C:\WINDOWS\system32\TpKmpSVC.exe
          C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
          C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
          C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
          C:\PROGRA~1\SYMANT~1\VPTray.exe
          C:\Program Files\Analog Devices\Core\smax4pnp.exe
          C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
          C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
          C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
          C:\WINDOWS\system32\rundll32.exe
          C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
          C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
          C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
          C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
          C:\WINDOWS\System32\DLA\DLACTRLW.EXE
          C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
          C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
          C:\WINDOWS\system32\TpShocks.exe
          C:\WINDOWS\system32\rundll32.exe
          C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
          C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
          C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
          C:\Program Files\iTunes\iTunesHelper.exe
          C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Last.fm\LastFMHelper.exe
          C:\Program Files\SpywareGuard\sgmain.exe
          C:\Program Files\Wellnomics WorkPace\workpace.exe
          C:\Program Files\SpywareGuard\sgbhp.exe
          C:\Program Files\iPod\bin\iPodService.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Mozilla Firefox\firefox.exe
          C:\Documents and Settings\s071003\Desktop\HiJackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
          O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
          O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O2 - BHO: {76f8f8b7-409e-b8bb-7684-e482c6041f5c} - {c5f1406c-284e-4867-bb8b-e9047b8f8f67} - C:\WINDOWS\system32\ncvpveiu.dll (file missing)
          O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
          O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
          O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
          O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
          O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
          O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
          O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
          O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
          O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
          O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
          O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
          O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
          O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
          O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
          O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
          O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
          O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
          O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
          O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
          O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
          O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
          O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
          O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
          O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
          O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - .DEFAULT User Startup: Workpace.lnk = C:\Program Files\Wellnomics WorkPace\workpace.cmd (User 'Default user')
          O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
          O4 - Startup: Workpace.lnk = C:\Program Files\Wellnomics WorkPace\workpace.cmd
          O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
          O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
          O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
          O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182432142984
          O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
          O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
          O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = campus.tue.nl
          O17 - HKLM\Software\..\Telephony: DomainName = campus.tue.nl
          O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = campus.tue.nl
          O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = campus.tue.nl
          O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = campus.tue.nl
          O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = campus.tue.nl
          O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)
          O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
          O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
          O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
          O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
          O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
          O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
          O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
          O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
          O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
          O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
          O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
          O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
          O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
          O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
          O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
          O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
          O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
          O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
          O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
          O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
          O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

          --
          End of file - 13013 bytes


          Nog een klein vraagje waar je me wellicht ook nog mee kan helpen: Ik heb een programma geinstalleerd, maar deze wil ik er van afhebben. Als ik deze via mijn softwarelijst wil verwijderen geeft ie aan dat ie het INSTALL.LOG bestand niet kan vinden, en verwijdert ie 'm ook niet? Hoe krijg ik dit programma toch verwijderd?
          • Citaat

          Comment

          • #6
            Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com...r/fix_homepage
            O2 - BHO: {76f8f8b7-409e-b8bb-7684-e482c6041f5c} - {c5f1406c-284e-4867-bb8b-e9047b8f8f67} - C:\WINDOWS\system32\ncvpveiu.dll (file missing)
            O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
            O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
            O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)
            Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

            De beste methode om een programma te deïnstalleren waarvan Uninstall niet meer werk is eerst proberen het programma opnieuw te installeren.
            Mogelijk werkt uninstall dan wel weer.

            Anders zul je alles handmatig weg moeten halen
            • Citaat

            Comment

            • #7
              Verwijderen van het programma is gelukt, thanks!

              Moet ik nog een logje van iets plaatsen of is het goed zo?
              Kan ik de gebruikte programma's gewoon verwijderen?

              Bedankt voor de hulp
              • Citaat

              Comment

              • #8
                Graag gedaan hoor

                Als alle regels weg zijn die ik je in mijn vorige post liet aanvinken, dan is wat mij betreft een nieuw logje niet meer nodig.
                Gebruikte programma's mag je dan verwijderen.

                Groeten smeenk
                • Citaat

                Comment

                Vorige template Volgende
                Sorry, you are not authorized to view this page
                Working...
                X