Mededeling

Collapse
No announcement yet.

Probelmen emt ongevraagde vensters die open en virusprobleem win32 adware.ezula application

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Probelmen emt ongevraagde vensters die open en virusprobleem win32 adware.ezula application

    Ezula fix van Norton krijgt hem niet weg! Zie log file:
    Symantec Adware.Ezula Removal Tool 1.0.3
    process: iexplore.exe (terminated)
    process: iexplore.exe (terminated)


    Adware.Ezula has been successfully removed from your computer!

    Here is the report:

    The total number of the scanned files: 414364
    The number of deleted threat files: 0
    The number of threat processes terminated: 2
    The number of registry entries fixed: 0

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:10:43, on 21-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
    C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    C:\WINDOWS\system32\gearsec.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [PRONoMgr.exe] "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ScanSoft PDF Professional 3.0-reminder] "C:\Program Files\ScanSoft\PDF Professional 3.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft\PDF Professional\3\Ereg\ereg.ini"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [b0a689fd] rundll32.exe "C:\WINDOWS\system32\dtuboiyy.dll",b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135873713312
    O23 - Service: ABBYY FineReader 9.0 Licentieservice (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

    --
    End of file - 6723 bytes

    Kunnen jullie alsjeblieft helpen want dit is geen doen zo.
    En ik snap niet waar het vandaan is gekomen want ik heb geen vreemde sites bezocht alleen 2 torrent zoekmachines.
    Dus graag hulp...

    Mvg,

    Gudo

  • #2
    Download VirtumundoBegone (mirror)
    Sla dit op op je bureaublad.

    Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
    Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
    Als de fix klaar is, start je de pc opnieuw op.
    Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.


    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      Hoi, alvast bedankt voor alle hulp.

      Hier komen alle log resultaten:

      VGB.txt:

      [01/21/2008, 9:46:05] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\guido\Local Settings\Temporary Internet Files\Content.IE5\O3V2V544\VirtumundoBeGone[1].exe" )
      [01/21/2008, 9:46:09] - Detected System Information:
      [01/21/2008, 9:46:09] - Windows Version: 5.1.2600, Service Pack 2
      [01/21/2008, 9:46:09] - Current Username: guido (Admin)
      [01/21/2008, 9:46:09] - Windows is in NORMAL mode.
      [01/21/2008, 9:46:09] - Searching for Browser Helper Objects:
      [01/21/2008, 9:46:09] - BHO 1: {00C6482D-C502-44C8-8409-FCE54AD9C208} (SnagIt Toolbar Loader)
      [01/21/2008, 9:46:09] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
      [01/21/2008, 9:46:09] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
      [01/21/2008, 9:46:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [01/21/2008, 9:46:09] - Checking for HKLM\...\Winlogon\Notify\SDHelper
      [01/21/2008, 9:46:09] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
      [01/21/2008, 9:46:09] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
      [01/21/2008, 9:46:09] - BHO 5: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
      [01/21/2008, 9:46:09] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
      [01/21/2008, 9:46:09] - Finished Searching Browser Helper Objects
      [01/21/2008, 9:46:09] - Finishing up...
      [01/21/2008, 9:46:09] - Nothing found! Exiting...

      RVAXO:
      ---RVAXO.exe Updated: 2008-01-20---first run---
      Files found:
      C:\WINDOWS\pics09.zip
      C:\WINDOWS\pics10.zip
      C:\WINDOWS\pics14.zip
      C:\WINDOWS\system32\NTSpool.exe

      Uninstallers Rogue scanners:


      Folders Found:


      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------


      ComboFix log.

      ComboFix 08-01-20.1 - guido 2008-01-21 9:55:18.4 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.570 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\guido\Bureaublad\ComboFix.exe

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((( Bestanden Gemaakt van 2007-12-21 to 2008-01-21 ))))))))))))))))))))))))))))))
      .

      2008-01-21 09:49 . 2008-01-21 09:49 <DIR> d-------- C:\RVAXO
      2008-01-21 09:48 . 2008-01-20 20:44 617,567 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-01-21 09:48 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
      2008-01-20 00:32 . 2008-01-21 09:30 <DIR> dr-h----- C:\Documents and Settings\guido\Onlangs geopend

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-01-21 08:49 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
      2008-01-21 08:31 --------- d-----w C:\Documents and Settings\guido\Application Data\MailWasherPro
      2008-01-21 08:08 --------- d-----w C:\Documents and Settings\guido\Application Data\BitTorrent
      2008-01-21 08:05 --------- d-----w C:\Program Files\Hijack This
      2008-01-20 17:09 --------- d-----w C:\Program Files\Hitman Pro
      2008-01-20 17:07 --------- d-----w C:\Program Files\Spyware Doctor
      2008-01-20 15:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
      2008-01-20 14:20 --------- d-----w C:\Program Files\SpywareBlaster
      2008-01-19 20:11 --------- d-----w C:\Documents and Settings\guido\Application Data\Vso
      2008-01-19 13:22 --------- d-----w C:\Documents and Settings\guido\Application Data\AdobeUM
      2008-01-15 13:35 --------- d-----w C:\Documents and Settings\guido\Application Data\BitTorrent DNA
      2007-12-20 13:46 --------- d-----w C:\Program Files\DVD Profiler
      2007-12-20 13:46 --------- d-----w C:\Documents and Settings\guido\Application Data\DVD Profiler
      2007-12-19 20:05 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
      2007-12-16 14:37 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SlySoft
      2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
      2007-11-02 15:12 164 ----a-w C:\install.dat
      2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
      2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
      2007-09-27 06:50 260,336 -c--a-w C:\Documents and Settings\guido\Application Data\GDIPFONTCACHEV1.DAT
      2007-05-29 15:28 47,360 -c--a-w C:\Documents and Settings\guido\Application Data\pcouffin.sys
      2006-02-19 01:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
      .

      ((((((((((((((((((((((((((((( [email protected]_ 9.29.15.21 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2000-08-31 07:00:00 49,152 ----a-w C:\WINDOWS\system32\VFind.exe
      + 2008-01-03 18:47:58 49,152 ----a-w C:\WINDOWS\system32\VFind.exe
      + 2008-01-21 08:50:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_234.dat
      .
      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 07:03 68856]
      "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-12-21 13:34 1649600]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 15:24 86016]
      "SoundMan"="SOUNDMAN.EXE" [2004-05-14 08:47 67072 C:\WINDOWS\SOUNDMAN.EXE]
      "ScanSoft PDF Professional 3.0-reminder"="C:\Program Files\ScanSoft\PDF Professional 3.0\Ereg\Ereg.exe" [2005-03-30 16:10 729088]
      "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-05-02 17:55 949376]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:03 15360]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Acrobat Assistant.lnk]
      path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Acrobat Assistant.lnk
      backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^HP Photosmart Premier Snelstart.lnk]
      path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\HP Photosmart Premier Snelstart.lnk
      backup=C:\WINDOWS\pss\HP Photosmart Premier Snelstart.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
      path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk
      backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
      --a------ 2006-12-23 18:05 143360 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
      --a------ 2007-09-23 19:43 286016 C:\Program Files\BitTorrent_DNA\dna.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
      --------- 2004-08-04 00:03 110592 C:\WINDOWS\system32\bthprops.cpl

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
      --a------ 2006-09-28 20:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
      --a------ 2004-08-04 00:03 15360 C:\WINDOWS\system32\ctfmon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
      --a------ 2007-01-01 22:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
      --a------ 2006-02-19 01:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
      --a------ 2003-09-14 23:00 126976 C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
      C:\Program Files\Ahead\InCD\InCD.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
      --a------ 2003-05-16 00:41 163840 C:\Program Files\Microsoft IntelliPoint\point32.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
      --a------ 2004-07-27 16:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
      --a------ 2004-07-27 16:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      --a------ 2007-06-01 15:51 257088 C:\Program Files\iTunes\iTunesHelper.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
      --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      C:\WINDOWS\system32\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
      --a------ 2005-04-18 19:43 5562368 C:\WINDOWS\System32\NvCpl.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
      --a------ 2005-04-18 19:43 86016 C:\WINDOWS\system32\nvmctray.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
      --a------ 2005-04-18 19:43 1495040 C:\WINDOWS\system32\nwiz.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF3 Registry Controller]
      --a------ 2005-04-29 02:58 106496 C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
      --------- 2003-11-10 16:06 406016 C:\WINDOWS\system32\PSDrvCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
      --a------ 2005-07-06 11:22 61440 C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      --a------ 2007-04-27 08:41 282624 C:\Program Files\QuickTime\qttask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
      --a--c--- 2004-11-02 19:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
      -ra------ 2003-09-30 00:14 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      --a------ 2005-04-13 02:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW20]
      --a------ 2005-05-04 09:03 118784 C:\WINDOWS\System32\sw20.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
      --a------ 2007-07-23 07:03 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
      --a------ 2003-05-16 00:45 114688 C:\Program Files\Microsoft IntelliType Pro\type32.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
      --a------ 2007-10-10 06:28 36352 C:\Program Files\Winamp\winampa.exe

      R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 02:00]
      R1 NVHelper;NVHelper;C:\WINDOWS\system32\drivers\NVHelper.SYS [2004-02-24 16:37]
      R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licentieservice;"C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe" [2007-09-25 00:11]
      R3 3xHybrid;Pinnacle PCTV 110i service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 11:51]
      R3 pctvnet;Pinnacle PCTV Ethernet Driver;C:\WINDOWS\system32\DRIVERS\pctvnet.sys [2004-04-05 16:10]
      S3 DVxplore;NVTV;C:\WINDOWS\system32\DRIVERS\DVxplore.sys [2004-09-07 13:55]

      .
      Inhoud van de 'Gedeelde Taken' map
      "2007-06-06 04:51:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2008-01-20 14:00:39 C:\WINDOWS\Tasks\User_Feed_Synchronization-{46D030A2-9E3E-42B3-974D-7FEBB71DDC5A}.job"
      - C:\WINDOWS\system32\msfeedssync.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-21 09:56:41
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
      -> C:\Program Files\Eset\pr_imon.dll

      PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
      -> C:\Program Files\WS_FTP Pro\nsftpch.dll
      .
      Voltooingstijd: 2008-01-21 9:57:18
      ComboFix-quarantined-files.txt 2008-01-21 08:57:09
      ComboFix2.txt 2008-01-21 08:29:32
      ComboFix3.txt 2007-11-02 18:17:32
      ComboFix4.txt 2007-11-02 17:08:17
      .
      2008-01-20 19:23:18 --- E O F ---

      Hopelijk kun je wat vinden.
      In de tussentijd heeft Nod32 aangegeven dat er die virusbedreiging was en in que. geplaatst!

      Ik hoop dat je me kunt verlossen van deze rommel...

      Comment


      • #4
        Post ook maar even een nieuw logje van Hijackthis

        Comment


        • #5
          Logfile of Trend Micro HijackThis v2.0.2

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 12:06:59, on 21-1-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16574)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
          C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
          C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
          C:\Program Files\Eset\nod32krn.exe
          C:\WINDOWS\System32\nvsvc32.exe
          C:\WINDOWS\System32\svchost.exe
          c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
          C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
          C:\WINDOWS\SOUNDMAN.EXE
          C:\Program Files\Eset\nod32kui.exe
          C:\Program Files\QuickTime\qttask.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
          C:\Program Files\Outlook Express\msimn.exe
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\WINDOWS\explorer.exe
          C:\Program Files\BitTorrent\bittorrent.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
          O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
          O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
          O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
          O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
          O4 - HKLM\..\Run: [PRONoMgr.exe] "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
          O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
          O4 - HKLM\..\Run: [ScanSoft PDF Professional 3.0-reminder] "C:\Program Files\ScanSoft\PDF Professional 3.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft\PDF Professional\3\Ereg\ereg.ini"
          O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
          O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
          O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135873713312
          O23 - Service: ABBYY FineReader 9.0 Licentieservice (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
          O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
          O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
          O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
          O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
          O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
          O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
          O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

          --
          End of file - 7374 bytes

          En? Weet je een oplossing?

          Comment


          • #6
            Logje lijkt me schoon.

            Welke problemen heb je nu nog?

            Comment


            • #7
              Even niks...

              Hoi,

              Even niks! Kun jij aan de logjes zien of er iets weg is? En er een verandering heeft plaats gevonden.
              Indien hij morgen weer normaal opstart zonder virusmelding en popup vensters ben ik weer zeer goed geholpen.

              Comment


              • #8
                Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
                Dit zal alles van RVAXO doen verwijderen.

                Verwijder de volgende map:
                C:\Qoobox

                Maak dan je prullenbak leeg.

                Download ATF cleaner (mirror)(gemaakt door Atribune)

                Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                Dubbelklik op ATF cleaner om het programma te starten.
                Op het tabblad "Main", plaats je een vinkje bij Select All.
                Klik op de knop Empty Selected.

                Het volgende doen als je ook FireFox als browser hebt:
                Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                Klik op de knop Empty Selected.

                Het volgende doen als je ook Opera als browser hebt:
                Klik op tabblad "Opera", plaats een vinkje bij Select All.
                Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                Klik op de knop Empty Selected.
                Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                Ga naar Start - Uitvoeren en geef hier het volgende in:
                Combofix /U
                Druk daarna op OK.
                Let op: Er moet een spatie tussen Combofix en /U zitten.

                Dit zal Combofix deïnstalleren.

                Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                Kijk hier hoe je je systeemherstel moet uitschakelen.
                Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                Vertel of er nog problemen zijn

                Comment


                • #9
                  Geen problemen tot zover!

                  Alles gedaan zoals je hebt geschreven.
                  Tot op heden geen problemen meer ondervonden.
                  Ga er vanuit dat het zo goed is...

                  Anders neem ik weer contact op met jullie.
                  Hartelijk dank voor alle hulp!

                  Mvg,

                  Guido

                  Comment


                  • #10
                    Graag gedaan hoor Guido

                    Comment

                    Sorry, you are not authorized to view this page
                    Working...
                    X