Mededeling

Collapse
No announcement yet.

routing.exe

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • routing.exe

    Hallo ik zet hier mijn hyjacklog neer omdat ik van nod32 telkens melding kwam van win32 delf.dsx.trojan.
    Hij stopte hem in quarantine maar het kwam om de seconde terug.
    Nu kwam ik erachter(denk ik)dat het routing.exe het probleem was in windows system32.

    Ik deed telkens bij nod32 in quarantine maar routing.exe kwam er weer ,ook kan ik hem niet handmatig verwijderen.
    Toen heb ik combofix gedaan en kwam de meldingen niet meer maar routing.exe zit er nog steeds, in ook met trendmicro online scan kan hij hem niet verwijderen.

    Hoe los ik dit op?

    Mijn logje:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:28:57, on 12-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\Marieke\Mijn documenten\progjes\adaware\aawservice.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\htpatch.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\Dit.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\WINDOWS\DitExp.exe
    C:\Program Files\Creative Home\Hallmark Card Studio 2008 Deluxe\Planner\PLNRnote.exe
    C:\Program Files\Mio Technology\MioSync\mioSync.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\REALTEK Semiconductor Corp\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Documents and Settings\Marieke\Mijn documenten\isomagic\Nieuwe map\MagicDisc\MagicDisc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Documents and Settings\Marieke\Mijn documenten\widget\Widgets\YahooWidgetEngine.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\routing.exe
    C:\Documents and Settings\Marieke\Mijn documenten\widget\Widgets\YahooWidgetEngine.exe
    C:\Documents and Settings\Marieke\Mijn documenten\widget\Widgets\YahooWidgetEngine.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\WinProxy\WinProxy.exe
    C:\Documents and Settings\Marieke\Mijn documenten\widget\Widgets\YahooWidgetEngine.exe
    C:\Documents and Settings\Marieke\Mijn documenten\widget\Widgets\YahooWidgetEngine.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ESET\nod32kui.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Documents and Settings\Marieke\Mijn documenten\cleaner\hyjack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O1 - Hosts: 82.98.86.165 worday.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: WebPrint hulpprogramma - {3E558823-0ED3-41E4-8DC6-15F055ABF468} - C:\PROGRA~1\Okidata\WEBPRI~1\wpbase.dll
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MagicDisc.lnk = C:\Documents and Settings\Marieke\Mijn documenten\isomagic\Nieuwe map\MagicDisc\MagicDisc.exe
    O4 - Startup: Yahoo! Widget Engine.lnk = C:\Documents and Settings\Marieke\Mijn documenten\widget\Widgets\YahooWidgetEngine.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Event Planner Reminder 2008.lnk = ?
    O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
    O4 - Global Startup: RtlWake.lnk = ?
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184011938515
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184011932093
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1708543E-CFA4-4504-9344-135F7D664408}: NameServer = 213.227.141.10,213.227.130.5
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1708543E-CFA4-4504-9344-135F7D664408}: NameServer = 213.227.141.10,213.227.130.5
    O20 - AppInit_DLLs: acaptuser32.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Documents and Settings\Marieke\Mijn documenten\progjes\adaware\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Neth - Unknown owner - C:\WINDOWS\system32\netid.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
    O23 - Service: Windows sharing object - Unknown owner - C:\WINDOWS\system32\winvercp.exe (file missing)
    O23 - Service: WinProxy - M&M hist - C:\WinProxy\WinProxy.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 11557 bytes




    En heb ik met combofix iets goeds gedaan of iets fouts


    Gr Gipskruit

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      Hallo Smeenk,
      Hier mijn log van rvako:

      ---RVAXO.exe Updated: 2008-01-12---first run---
      Files found:
      C:\WINDOWS\system32\ndt2.sys
      C:\WINDOWS\system32\Indt2.sys
      C:\WINDOWS\system32\drmgs.sys
      C:\WINDOWS\system32\perfs.exe
      C:\WINDOWS\system32\routing.exe

      Uninstallers Rogue scanners:


      Folders Found:


      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------


      Bij combofix vroeg hij niet om 1 in te vullen hij begon gewoon en hij zei 2 keer er bevind zich geen schijf ik heb toen op doorgaan gedrukt .ook moest ik na die tijd opnieuw opstarten omdat ik anders niet op internet kon hier mijn log van combofix:

      ComboFix 08-01-11.3 - Marieke 2008-01-13 13:42:45.2 - NTFSx86
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.91 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Marieke\Bureaublad\ComboFix.exe
      .

      (((((((((((((((((((( Bestanden Gemaakt van 2007-12-13 to 2008-01-13 ))))))))))))))))))))))))))))))
      .

      2008-01-13 13:38 . 2008-01-13 13:38 <DIR> d-------- C:\RVAXO
      2008-01-13 13:36 . 2008-01-12 14:17 603,407 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-01-13 13:36 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
      2008-01-13 03:01 . 2008-01-13 03:01 252,288 --a------ C:\WINDOWS\system32\tmp4_28690666167.bk
      2008-01-12 23:07 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
      2008-01-12 20:22 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
      2008-01-12 20:05 . 2008-01-12 22:10 <DIR> d-------- C:\Documents and Settings\Marieke\.housecall6.6
      2008-01-12 01:19 . 2008-01-12 01:19 28,909 --a------ C:\WINDOWS\system32\tmp0_176227191186.bk
      2008-01-11 21:34 . 2007-09-05 01:46 92,544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
      2008-01-11 17:51 . 2008-01-12 01:18 <DIR> d-------- C:\Documents and Settings\Marieke\Application Data\uTorrent
      2008-01-11 12:45 . 2008-01-11 12:45 36,209 --a------ C:\WINDOWS\system32\tmp5_812693294852.bk
      2008-01-11 12:44 . 2008-01-11 12:44 36,209 --a------ C:\WINDOWS\system32\tmp4_78415827221.bk
      2008-01-10 23:43 . 2008-01-10 23:43 11,389 --a------ C:\WINDOWS\system32\tmp0_650556426371.bk
      2008-01-08 13:35 . 2008-01-13 01:03 69 --a------ C:\WINDOWS\NeroDigital.ini
      2008-01-08 12:44 . 2008-01-08 19:39 <DIR> d-------- C:\Documents and Settings\Marieke\Application Data\Ahead
      2008-01-08 12:43 . 2008-01-08 12:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
      2008-01-08 12:29 . 2008-01-08 12:29 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
      2008-01-07 21:07 . 2008-01-07 21:07 <DIR> d-------- C:\Documents and Settings\Marieke\Application Data\LEAPS
      2008-01-05 01:55 . 2008-01-05 01:55 268 --ah----- C:\sqmdata02.sqm
      2008-01-05 01:55 . 2008-01-05 01:55 244 --ah----- C:\sqmnoopt02.sqm
      2008-01-04 19:16 . 2007-09-26 13:30 996,648 --a------ C:\WINDOWS\system32\ShellManager10E2D762.dll
      2008-01-04 19:16 . 2007-09-13 16:26 641,024 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
      2008-01-04 13:58 . 2002-08-20 01:41 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
      2008-01-04 13:58 . 2001-09-17 13:20 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
      2008-01-04 12:36 . 2008-01-04 12:36 249,856 --------- C:\WINDOWS\Setup1.exe
      2008-01-04 12:36 . 2008-01-04 12:36 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
      2008-01-03 19:02 . 2008-01-03 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
      2008-01-03 18:55 . 2008-01-03 18:55 <DIR> d-------- C:\Program Files\Common Files\LightScribe
      2008-01-03 18:24 . 2008-01-08 12:37 <DIR> d-------- C:\Program Files\Nero
      2008-01-03 17:21 . 2008-01-13 01:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Philips Intelligent Agent
      2008-01-03 17:19 . 2008-01-03 17:19 <DIR> d-------- C:\Program Files\Philips
      2007-12-30 21:25 . 2007-12-30 21:25 <DIR> d-------- C:\Program Files\Alcohol Soft
      2007-12-30 21:22 . 2007-12-30 21:22 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
      2007-12-28 12:45 . 2007-12-28 12:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative Home
      2007-12-28 12:33 . 2007-12-28 12:33 <DIR> d-------- C:\Program Files\Common Files\Nova Development
      2007-12-28 12:30 . 2007-12-28 12:30 <DIR> d-------- C:\Program Files\Creative Home
      2007-12-27 19:10 . 2007-12-27 19:10 1,024 --a------ C:\.rnd
      2007-12-27 19:05 . 2007-12-27 19:05 <DIR> d-------- C:\Documents and Settings\Marieke\Application Data\demoxi
      2007-12-27 19:03 . 2007-12-27 19:03 <DIR> d-------- C:\Program Files\demoxi
      2007-12-26 15:36 . 2007-12-28 12:57 106,448 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
      2007-12-26 15:33 . 2007-12-26 15:33 <DIR> d-------- C:\Documents and Settings\Marieke\Application Data\Hallmark
      2007-12-20 18:32 . 2008-01-08 13:49 <DIR> d-------- C:\Program Files\Common Files\Ahead
      2007-12-19 17:39 . 2007-12-19 17:39 <DIR> d-------- C:\Program Files\Okidata

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-01-10 13:16 --------- d-----w C:\Program Files\Lexmark X1100 Series
      2008-01-07 19:46 --------- d-----w C:\Program Files\Pegasys Inc
      2008-01-03 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
      2008-01-03 16:51 --------- d-----w C:\Documents and Settings\Marieke\Application Data\AdobeUM
      2007-12-27 19:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2007-12-27 19:04 --------- d-----w C:\Program Files\Mio Technology
      2007-12-26 16:09 3,506 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
      2007-12-26 16:09 --------- d-----w C:\Documents and Settings\Marieke\Application Data\Corel
      2007-12-23 16:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2007-12-23 16:54 --------- d-----w C:\Program Files\Google
      2007-12-19 16:59 --------- d-----w C:\Program Files\Common Files\Adobe
      2007-12-18 18:09 --------- d-----w C:\Program Files\MSN Messenger
      2007-12-18 18:09 --------- d-----w C:\Program Files\Messenger Plus! Live
      2007-12-04 16:29 --------- d-----w C:\Program Files\ABBYY FineReader 5.0 Sprint
      2007-11-30 18:51 --------- d-----w C:\Documents and Settings\Marieke\Application Data\Nero
      2007-11-26 13:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
      2007-11-25 15:05 --------- d-----w C:\Documents and Settings\Marieke\Application Data\Uniblue
      2007-11-25 14:54 --------- d-----w C:\Program Files\hp deskjet 970c series
      2007-11-25 14:53 --------- d-----w C:\Program Files\Hewlett-Packard
      2007-11-23 11:27 --------- d-----w C:\Program Files\Picasa2
      2007-11-20 19:00 502,368 ----a-w C:\WINDOWS\system32\drivers\amon.sys
      2007-11-20 19:00 274,432 ----a-w C:\WINDOWS\system32\imon.dll
      2007-11-20 14:57 --------- d-----w C:\Program Files\IncrediMail
      2007-11-20 12:48 --------- d-----w C:\Program Files\Windows Media Connect 2
      2007-11-16 16:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
      2007-11-16 12:57 --------- d-----w C:\Program Files\EsetOnlineScanner
      2005-07-14 18:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
      2007-09-18 16:21 88 --sh--r C:\WINDOWS\system32\D55B826817.sys
      .

      ((((((((((((((((((((((((((((( [email protected]_20.29.33.51 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2000-08-31 07:00:00 49,152 ----a-w C:\WINDOWS\system32\VFind.exe
      + 2008-01-03 18:47:58 49,152 ----a-w C:\WINDOWS\system32\VFind.exe
      .
      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
      "IncrediMail"="C:\PROGRA~1\INCRED~1\bin\IncMail.exe" [2007-11-20 15:57 200747]
      "Philips Intelligent Agent"="C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" [2007-07-05 14:08 615320]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
      "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36 455968]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "HTpatch"="C:\WINDOWS\htpatch.exe" [2002-10-30 17:40 28672]
      "SoundMan"="SOUNDMAN.EXE" [2003-01-20 10:48 47104 C:\WINDOWS\SOUNDMAN.EXE]
      "Dit"="Dit.exe" [2002-08-28 13:43 73728 C:\WINDOWS\Dit.exe]
      "VOBRegCheck"="C:\WINDOWS\System32\VOBREGCheck.exe" [2003-01-08 15:55 153088]
      "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-25 06:20 28672]
      "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 19:52 483328]
      "PCMService"="C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe" [2003-02-17 19:35 57344]
      "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-20 20:00 921600]
      "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 21:02 196608]
      "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:41 57344]
      "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
      "SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-09-26 13:31 1629480]
      "InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-09-26 13:31 1057064]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
      "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
      "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-11-20 15:57 200747]

      C:\Documents and Settings\Marieke\Menu Start\Programma's\Opstarten\
      MagicDisc.lnk - C:\Documents and Settings\Marieke\Mijn documenten\isomagic\Nieuwe map\MagicDisc\MagicDisc.exe [2007-12-26 15:12:54]
      Yahoo! Widget Engine.lnk - C:\Documents and Settings\Marieke\Mijn documenten\widget\Widgets\YahooWidgetEngine.exe [2007-07-20 18:57:16]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-0000003D0002}\SC_Acrobat.exe [2007-07-11 17:08:08]
      Event Planner Reminder 2008.lnk - C:\WINDOWS\Installer\{747A6A10-DA58-48C2-A1F0-C15514419C8A}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe [2007-12-28 12:42:53]
      MioSync.lnk - C:\Program Files\Mio Technology\MioSync\mioSync.exe [2007-08-13 21:16:30]
      RtlWake.lnk - C:\Program Files\REALTEK Semiconductor Corp.\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe [2007-09-29 15:49:04]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= C:\WINDOWS\system32\ieframe.dll [2007-06-27 15:11 6058496]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=acaptuser32.dll

      R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2003-12-10 14:06]
      R2 ScanDrv;ScanDrv;C:\WINDOWS\system32\drivers\ScanDrv.sys [1998-09-17 09:33]
      R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2002-11-04 15:29]
      R3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys [2002-07-01 15:10]
      R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2002-11-04 15:32]
      R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2007-09-29 15:48]
      S2 Neth;Neth;C:\WINDOWS\system32\netid.exe
      S2 Windows sharing object;Windows sharing object;C:\WINDOWS\system32\winvercp.exe
      S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2005-02-16 08:06]
      S3 cirrus;cirrus;C:\WINDOWS\system32\DRIVERS\cirrus.sys [2001-08-17 20:57]
      S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 18:31]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
      \Shell\AutoRun\command - N:\empty.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]
      \Shell\AutoRun\command - O:\empty.exe


      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
      "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-01-13 12:33:39 C:\WINDOWS\Tasks\User_Feed_Synchronization-{C758D34B-6119-4A99-AC3E-597EB5E17037}.job"
      - C:\WINDOWS\system32\msfeedssync.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-13 13:44:43
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
      AppInit_DLLs = acaptuser32.dll??
      HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      HTpatch = C:\WINDOWS\htpatch.exe?ows\CurrentVersion\Run???\??????[????`??[???[`??[???????????????[???[???[???[$??????[???????????????[???????????[???w????(????3?w???w?????3?w ??w???[??????d???r??[1??[???[d??????[?-?[????z??w8h?[\2?[?1?[htinst.INI?[?u?[????d????????F?

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
      -> C:\Program Files\Eset\pr_imon.dll
      .
      Voltooingstijd: 2008-01-13 13:46:11
      ComboFix2.txt 2008-01-12 19:30:21
      .
      2007-12-26 02:43:58 --- E O F ---


      Gr Gipskruit

      Comment


      • #4
        Ga naar Start - Uitvoeren en geef daar het volgende in:
        sc delete Neth
        Druk daarna op OK.

        Doe hetzelfde met de volgende regel:
        sc delete "Windows sharing object"

        Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
        Dit zal alles van RVAXO doen verwijderen.

        Download ATF cleaner (mirror)(gemaakt door Atribune)

        Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

        Dubbelklik op ATF cleaner om het programma te starten.
        Op het tabblad "Main", plaats je een vinkje bij Select All.
        Klik op de knop Empty Selected.

        Het volgende doen als je ook FireFox als browser hebt:
        Klik op tabblad "Firefox", plaats een vinkje bij Select All.
        Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        (dit haalt het vinkje weer weg bij "Firefox saved passwords")
        Klik op de knop Empty Selected.

        Het volgende doen als je ook Opera als browser hebt:
        Klik op tabblad "Opera", plaats een vinkje bij Select All.
        Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        Klik op de knop Empty Selected.
        Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

        Ga naar Start - Uitvoeren en geef hier het volgende in:
        Combofix /U
        Druk daarna op OK.
        Let op: Er moet een spatie tussen Combofix en /U zitten.

        Dit zal Combofix deïnstalleren.

        Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
        Kijk hier hoe je je systeemherstel moet uitschakelen.
        Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

        Post als laatste nog een nieuw logje van Hijackthis ter controle

        Comment


        • #5
          Hallo smeenk ik ben nu bij combifix/u in uitvoeren maar de comp.zegt hij kan het niet vinden als ik op ok klik als ik het kopieer en er inplak(dan zit er waarschijnlijk een spatie tussen dan start hij op een vraagt ie uitvoeren?

          Wat te doen?
          Of moet ik bladeren bij uitvoeren en combifix.exe zoeken?

          Gr Gipskruit

          Comment


          • #6
            Volgens mij moet je gewoon weer een 1 typen.

            Als het niet lukt dan download je Combofix gewoon opnieuw op je bureaublad.
            Daarna laat je het opnieuw lopen en vervolgens probeer je bnogmaals Combofix /U

            Comment


            • #7
              Hallo Smeenk,
              Ik krijg combofix er met geen mogelijkheid uit.
              Heb hem opnieuw gedownload en 3keer laten lopen maar hij doet het niet.

              ???
              Gr gipskruit

              Comment


              • #8
                OOOOOOOo Sorry wat ben ik toch een EI.

                Ik had gelezen geen spatie maar er moest wel een spatie sorysorry Ga nu systeem herstel uitschakelen .
                Moet ik daarna nog iets doen of niet kwam nog een routing.txt tegen in windows system32 weggooien? Die andere is weg.

                Sorry Wat een Ei

                Gr Gipskruit

                Comment


                • #9
                  O ja het hijack log:

                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 15:33:03, on 13-1-2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v7.00 (7.00.6000.16512)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\Documents and Settings\Marieke\Mijn documenten\progjes\adaware\aawservice.exe
                  C:\WINDOWS\system32\LEXBCES.EXE
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\WINDOWS\system32\LEXPPS.EXE
                  C:\WINDOWS\htpatch.exe
                  C:\WINDOWS\SOUNDMAN.EXE
                  C:\WINDOWS\Dit.exe
                  C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
                  C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
                  C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
                  C:\Program Files\Eset\nod32kui.exe
                  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
                  C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
                  C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
                  C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
                  C:\Program Files\Nero\Nero 7\InCD\InCD.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
                  C:\WINDOWS\DitExp.exe
                  C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
                  C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
                  C:\Program Files\Creative Home\Hallmark Card Studio 2008 Deluxe\Planner\PLNRnote.exe
                  C:\Program Files\Mio Technology\MioSync\mioSync.exe
                  C:\Program Files\REALTEK Semiconductor Corp\REALTEK RTL8180 Wireless LAN Driver and Utility\RtlWake.exe
                  C:\Documents and Settings\Marieke\Mijn documenten\isomagic\Nieuwe map\MagicDisc\MagicDisc.exe
                  C:\Documents and Settings\Marieke\Mijn documenten\widget\Widgets\YahooWidgetEngine.exe
                  C:\PROGRA~1\INCRED~1\bin\IMApp.exe
                  C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
                  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                  C:\Program Files\Eset\nod32krn.exe
                  C:\Documents and Settings\Marieke\Mijn documenten\widget\Widgets\YahooWidgetEngine.exe
                  C:\Documents and Settings\Marieke\Mijn documenten\widget\Widgets\YahooWidgetEngine.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\UStorSrv.exe
                  C:\WinProxy\WinProxy.exe
                  C:\Documents and Settings\Marieke\Mijn documenten\widget\Widgets\YahooWidgetEngine.exe
                  C:\Documents and Settings\Marieke\Mijn documenten\widget\Widgets\YahooWidgetEngine.exe
                  C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
                  C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
                  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
                  C:\WINDOWS\system32\wuauclt.exe
                  C:\WINDOWS\system32\wuauclt.exe
                  C:\Program Files\Internet Explorer\IEXPLORE.EXE
                  C:\Documents and Settings\Marieke\Mijn documenten\cleaner\hyjack\HijackThis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                  O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
                  O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
                  O3 - Toolbar: WebPrint hulpprogramma - {3E558823-0ED3-41E4-8DC6-15F055ABF468} - C:\PROGRA~1\Okidata\WEBPRI~1\wpbase.dll
                  O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
                  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                  O4 - HKLM\..\Run: [Dit] Dit.exe
                  O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
                  O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
                  O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
                  O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
                  O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
                  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
                  O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
                  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
                  O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
                  O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
                  O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
                  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                  O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                  O4 - Startup: MagicDisc.lnk = C:\Documents and Settings\Marieke\Mijn documenten\isomagic\Nieuwe map\MagicDisc\MagicDisc.exe
                  O4 - Startup: Yahoo! Widget Engine.lnk = C:\Documents and Settings\Marieke\Mijn documenten\widget\Widgets\YahooWidgetEngine.exe
                  O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
                  O4 - Global Startup: Event Planner Reminder 2008.lnk = ?
                  O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
                  O4 - Global Startup: RtlWake.lnk = ?
                  O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                  O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                  O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
                  O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
                  O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                  O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                  O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                  O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
                  O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
                  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
                  O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
                  O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
                  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184011938515
                  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184011932093
                  O17 - HKLM\System\CCS\Services\Tcpip\..\{1708543E-CFA4-4504-9344-135F7D664408}: NameServer = 213.227.141.10,213.227.130.5
                  O17 - HKLM\System\CS1\Services\Tcpip\..\{1708543E-CFA4-4504-9344-135F7D664408}: NameServer = 213.227.141.10,213.227.130.5
                  O20 - AppInit_DLLs: acaptuser32.dll
                  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Documents and Settings\Marieke\Mijn documenten\progjes\adaware\aawservice.exe
                  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                  O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
                  O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
                  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
                  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
                  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
                  O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
                  O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
                  O23 - Service: WinProxy - M&M hist - C:\WinProxy\WinProxy.exe
                  O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

                  --
                  End of file - 11224 bytes
                  Gr Gipskruit

                  Comment


                  • #10
                    Je logje ziet er weer prima uit, of dat bestandje routing.txt bij de infectie hoort durf ik niet met zekerheid te zeggen, laat deze voor de zekerheid maar gewoon staan.
                    Ondervind je nog problemen?

                    Comment


                    • #11
                      Nee ik denk dat het opgelost is Nod32 "zegt" ook niks meer.

                      Het gebeurde vaak als ik online ging en dat heb ik nu nog niet veel gedaan maar denk dat het wel opgelost is.
                      Nod staat de hele tijd aan dus denk dat hij dan wel een melding gemaakt had.

                      K~hoop dat ik vanaf ben.

                      In ieder geval heeel erg bedankt mijn angst was dat ik hem opnieuw moest installerenGelukkig niet.

                      Gr Gipskruit.

                      Ik kan nog een online scan ofzo doen maar denk dat het goed zit die routing.exe is weg

                      Comment


                      • #12
                        Graag gedaan hoor

                        Een paar (online)scanners laten lopen kan natuurlijk geen kwaad

                        Comment

                        Sorry, you are not authorized to view this page
                        Working...
                        X