Mededeling

Collapse
No announcement yet.

zlob downloader + smitfraud

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • zlob downloader + smitfraud

    Hallo,

    Ik zit al een ruime tijd met irritante spyware,adware genaamd zlob en smitfraud.
    Ik heb spybot search en destroy geinstalleerd die dit herkent en kan verwijderen. Maar even later zijn de popups en dergelijke toch weer terug.

    Hieronder volgt mijn hijackthis logje:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:40:00, on 29-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Norman\Npm\bin\ELOGSVC.EXE
    C:\Norman\Npm\Bin\Zanda.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\xampp\apache\bin\apache.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    C:\xampp\mysql\bin\mysqld-nt.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\xampp\apache\bin\apache.exe
    C:\Norman\Npm\bin\NJEEVES.EXE
    C:\Norman\Nvc\BIN\NVCSCHED.EXE
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
    C:\Program Files\UltraMon\UltraMon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Norman\Npm\bin\ZLH.EXE
    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    C:\WINDOWS\system32\UltraMonIndDisp.exe
    C:\Norman\Nvc\BIN\NIP.EXE
    C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
    C:\Program Files\UltraMon\UltraMonTaskbar.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Macromedia\Flash 8\Flash.exe
    C:\Program Files\Macromedia\Flash 8\Players\SAFlashPlayer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
    O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll
    O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174035320140
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TwenteMM.local
    O17 - HKLM\Software\..\Telephony: DomainName = TwenteMM.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = TwenteMM.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = TwenteMM.local
    O20 - Winlogon Notify: c_iscii32 - C:\WINDOWS\SYSTEM32\c_iscii32.dll
    O21 - SSODL: bmlvqkn - {37688EB3-20CF-4CFF-A669-C029CBDEE292} - C:\WINDOWS\bmlvqkn.dll (file missing)
    O21 - SSODL: agrlmvp - {E2E4E284-598B-4774-A130-50A9171E491E} - C:\WINDOWS\agrlmvp.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

    --
    End of file - 9404 bytes

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Post ook een nieuw logje van Hijackthis

    Comment


    • #3
      Hierbij de RVAXO log:

      ---RVAXO.exe Updated: 2008-01-29---first run---
      Files found:
      C:\WINDOWS\fxtqdrl.exe
      C:\WINDOWS\agrlmvp.dll

      Uninstallers Rogue scanners:


      Folders Found:

      C:\Program Files\mediastarcodec

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      C:\Documents and Settings\a.kiffen\Mijn documenten\Mijn ontvangen bestanden\07-6-12 - Wienese_banners(1).zip
      C:\Documents and Settings\a.kiffen\Mijn documenten\Mijn ontvangen bestanden\07-6-12 - Wienese_banners.zip
      C:\Documents and Settings\a.kiffen\Mijn documenten\Mijn ontvangen bestanden\07-6-5 leaderboard Dearom.zip
      C:\Documents and Settings\a.kiffen\Mijn documenten\Mijn ontvangen bestanden\7501 GREEN BP Target Neutral.zip
      C:\Documents and Settings\a.kiffen\Mijn documenten\Mijn ontvangen bestanden\Action Script Viewer v4.01.[W][email protected][K]e[Y]-g3n-ECLiPSE.zip
      C:\Documents and Settings\a.kiffen\Mijn documenten\Mijn ontvangen bestanden\beamkit.zip
      C:\Documents and Settings\a.kiffen\Mijn documenten\Mijn ontvangen bestanden\colibri_new_preview.zip
      C:\Documents and Settings\a.kiffen\Mijn documenten\Mijn ontvangen bestanden\concept9_new_new.zip
      C:\Documents and Settings\a.kiffen\Mijn documenten\Mijn ontvangen bestanden\de.zip
      C:\Documents and Settings\a.kiffen\Mijn documenten\Mijn ontvangen bestanden\desenseo_02.zip
      C:\Documents and Settings\a.kiffen\Mijn documenten\Mijn ontvangen bestanden\Fullsize.zip
      C:\Documents and Settings\a.kiffen\Mijn documenten\Mijn ontvangen bestanden\hetnet skyscraper.zip
      C:\Documents and Settings\a.kiffen\Mijn documenten\Mijn ontvangen bestanden\index.zip
      C:\Documents and Settings\a.kiffen\Mijn documenten\Mijn ontvangen bestanden\logestiek.zip
      C:\Documents and Settings\a.kiffen\Mijn documenten\Mijn ontvangen bestanden\MyriadPro.zip
      C:\Documents and Settings\a.kiffen\Mijn documenten\Mijn ontvangen bestanden\package_derith_03.zip
      C:\Documents and Settings\a.kiffen\Mijn documenten\Mijn ontvangen bestanden\package_derith_04.zip
      C:\Documents and Settings\a.kiffen\Mijn documenten\Mijn ontvangen bestanden\package_derith_05.zip
      C:\Documents and Settings\a.kiffen\Mijn documenten\Mijn ontvangen bestanden\Volmer rectangle package.zip
      C:\Documents and Settings\a.kiffen\Mijn documenten\Mijn ontvangen bestanden\Yahtzee banners.zip
      C:\Documents and Settings\a.kiffen\Mijn documenten\Mijn ontvangen bestanden\zetes_opzet.zip
      Folders Found:

      --------------RVAXO.exe finished----------------



      EN DE HIJACKTHIS LOG:


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 13:25:48, on 29-1-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Norman\Npm\bin\ELOGSVC.EXE
      C:\Norman\Npm\Bin\Zanda.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\xampp\apache\bin\apache.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
      C:\WINDOWS\system32\CTsvcCDA.exe
      C:\Program Files\Creative\Shared Files\CTDevSrv.exe
      C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
      C:\xampp\mysql\bin\mysqld-nt.exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\xampp\apache\bin\apache.exe
      C:\Norman\Npm\bin\NJEEVES.EXE
      C:\Norman\Nvc\BIN\NVCSCHED.EXE
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
      C:\Program Files\UltraMon\UltraMon.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\system32\UltraMonIndDisp.exe
      C:\Norman\Npm\bin\ZLH.EXE
      C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
      C:\Program Files\UltraMon\UltraMonTaskbar.exe
      C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
      C:\Norman\Nvc\BIN\NIP.EXE
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
      O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
      O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
      O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
      O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll
      O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
      O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174035320140
      O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TwenteMM.local
      O17 - HKLM\Software\..\Telephony: DomainName = TwenteMM.local
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = TwenteMM.local
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = TwenteMM.local
      O20 - Winlogon Notify: c_iscii32 - C:\WINDOWS\SYSTEM32\c_iscii32.dll
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
      O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
      O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
      O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
      O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
      O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
      O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
      O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
      O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
      O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

      --
      End of file - 8748 bytes

      Comment


      • #4
        Zou je het volgende bestand:
        C:\WINDOWS\SYSTEM32\c_iscii32.dll

        eens willen uploaden bij VirusTotal of Jotti om te laten scannen op infecties?

        Kopieer na afloop van de scan het resultaat in je volgende post

        Comment


        • #5
          Scan taken on 29 Jan 2008 13:08:10 (GMT)
          A-Squared - Found nothing
          AntiVir - Found TR/Hijacker.Gen
          ArcaVir - Found nothing
          Avast - Found nothing
          AVG Antivirus - Found nothing
          BitDefender - Found nothing
          ClamAV - Found nothing
          CPsecure - Found nothing
          Dr.Web - Found nothing
          F-Prot Antivirus - Found nothing
          F-Secure Anti-Virus - Found nothing
          Fortinet - Found nothing
          Ikarus - Found nothing
          Kaspersky Anti-Virus - Found nothing
          NOD32 - Found nothing
          Norman Virus Control - Found nothing
          Panda Antivirus - Found nothing
          Rising Antivirus - Found nothing
          Sophos Antivirus - Found nothing
          VirusBuster - Found nothing
          VBA32 - Found nothing




          en de andere site gaf dit:

          Antivirus Versie Laatst geüpdatet Resultaat
          AhnLab-V3 2008.1.29.11 2008.01.29 -
          AntiVir 7.6.0.57 2008.01.29 TR/Hijacker.Gen
          Authentium 4.93.8 2008.01.29 -
          Avast 4.7.1098.0 2008.01.28 -
          AVG 7.5.0.516 2008.01.29 -
          BitDefender 7.2 2008.01.29 -
          CAT-QuickHeal 9.00 2008.01.28 -
          ClamAV 0.91.2 2008.01.29 -
          DrWeb 4.44.0.09170 2008.01.29 -
          eSafe 7.0.15.0 2008.01.28 -
          eTrust-Vet 31.3.5494 2008.01.29 -
          Ewido 4.0 2008.01.29 -
          FileAdvisor 1 2008.01.29 -
          Fortinet 3.14.0.0 2008.01.29 -
          F-Prot 4.4.2.54 2008.01.28 W32/Heuristic-KPP!Eldorado
          F-Secure 6.70.13260.0 2008.01.29 -
          Ikarus T3.1.1.20 2008.01.29 -
          Kaspersky 7.0.0.125 2008.01.29 -
          McAfee 5217 2008.01.28 -
          Microsoft 1.3109 2008.01.28 -
          NOD32v2 2831 2008.01.29 -
          Norman 5.80.02 2008.01.29 -
          Panda 9.0.0.4 2008.01.28 -
          Prevx1 V2 2008.01.29 -
          Rising 20.29.12.00 2008.01.29 -
          Sophos 4.25.0 2008.01.29 -
          Sunbelt 2.2.907.0 2008.01.29 -
          Symantec 10 2008.01.29 -
          TheHacker 6.2.9.201 2008.01.28 -
          VBA32 3.12.2.5 2008.01.21 -
          VirusBuster 4.3.26:9 2008.01.28 -
          Webwasher-Gateway 6.6.2 2008.01.29 Trojan.Hijacker.Gen
          Last edited by gizmo01; 29-01-08, 14:26.

          Comment


          • #6
            Het is blijkbaar malware en gezien het aantal scanners dat het herkent, bijna nieuw

            Open hijackthis, klik 'config' (rechts onderaan)
            Kies de tab 'misc Tools' bovenaan.
            Kies 'delete a file on reboot'
            In het veld, kopieer en plak het volgend lijntje:

            C:\WINDOWS\SYSTEM32\c_iscii32.dll


            Klik open.
            Hijackthis zal je zeggen dat dit bestand zal verwijderen worden na volgende reboot en of je nu wilt rebooten.
            Klik ja/ok

            Je pc zal nu rebooten.

            Post na de herstart van je PC een nieuw logje van Hijackthis

            Comment


            • #7
              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 14:45:48, on 29-1-2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16574)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\csrss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Norman\Npm\bin\ELOGSVC.EXE
              C:\Norman\Npm\Bin\Zanda.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\xampp\apache\bin\apache.exe
              C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\WINDOWS\system32\CTsvcCDA.exe
              C:\Program Files\Creative\Shared Files\CTDevSrv.exe
              C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
              C:\xampp\mysql\bin\mysqld-nt.exe
              C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
              C:\WINDOWS\system32\svchost.exe
              C:\xampp\apache\bin\apache.exe
              C:\Norman\Npm\bin\NJEEVES.EXE
              C:\Norman\Nvc\BIN\NVCSCHED.EXE
              C:\WINDOWS\System32\alg.exe
              C:\WINDOWS\system32\wbem\wmiprvse.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
              C:\Program Files\UltraMon\UltraMon.exe
              C:\Program Files\QuickTime\qttask.exe
              C:\Norman\Npm\bin\ZLH.EXE
              C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
              C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
              C:\Program Files\MSN Messenger\msnmsgr.exe
              C:\WINDOWS\system32\UltraMonIndDisp.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
              C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              C:\Norman\Nvc\BIN\NIP.EXE
              C:\Program Files\UltraMon\UltraMonTaskbar.exe
              C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\wuauclt.exe
              C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
              C:\Program Files\MSN Messenger\usnsvc.exe
              C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
              C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

              R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
              O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
              O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
              O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
              O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
              O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
              O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
              O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
              O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
              O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
              O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
              O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
              O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
              O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
              O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
              O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
              O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
              O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll (file missing)
              O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll (file missing)
              O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
              O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
              O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174035320140
              O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
              O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TwenteMM.local
              O17 - HKLM\Software\..\Telephony: DomainName = TwenteMM.local
              O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = TwenteMM.local
              O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = TwenteMM.local
              O20 - Winlogon Notify: c_iscii32 - c_iscii32.dll (file missing)
              O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
              O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
              O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
              O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
              O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
              O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
              O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
              O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
              O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
              O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
              O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
              O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
              O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
              O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
              O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

              --
              End of file - 8872 bytes

              Comment


              • #8
                Perfect, het bestandje is weg

                Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regel:
                O20 - Winlogon Notify: c_iscii32 - c_iscii32.dll (file missing)
                Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

                Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
                Dit zal alles van RVAXO doen verwijderen.

                Download ATF cleaner (mirror)(gemaakt door Atribune)

                Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                Dubbelklik op ATF cleaner om het programma te starten.
                Op het tabblad "Main", plaats je een vinkje bij Select All.
                Klik op de knop Empty Selected.

                Het volgende doen als je ook FireFox als browser hebt:
                Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                Klik op de knop Empty Selected.

                Het volgende doen als je ook Opera als browser hebt:
                Klik op tabblad "Opera", plaats een vinkje bij Select All.
                Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                Klik op de knop Empty Selected.
                Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                Kijk hier hoe je je systeemherstel moet uitschakelen.
                Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                Als er geen problemen meer zijn, denk ik dat we klaar zijn

                Comment


                • #9
                  Heb alles uitgevoerd.

                  Bij deze nog eens een logje, maar volgens mij moet het werken zo. Zo niet, dan hoor je dat vanzelf

                  thanks!

                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 15:58:06, on 29-1-2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\csrss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Norman\Npm\bin\ELOGSVC.EXE
                  C:\Norman\Npm\Bin\Zanda.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\xampp\apache\bin\apache.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
                  C:\WINDOWS\system32\CTsvcCDA.exe
                  C:\Program Files\Creative\Shared Files\CTDevSrv.exe
                  C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
                  C:\xampp\mysql\bin\mysqld-nt.exe
                  C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\xampp\apache\bin\apache.exe
                  C:\Norman\Npm\bin\NJEEVES.EXE
                  C:\Norman\Nvc\BIN\NVCSCHED.EXE
                  C:\WINDOWS\System32\alg.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
                  C:\Program Files\UltraMon\UltraMon.exe
                  C:\Program Files\QuickTime\qttask.exe
                  C:\Norman\Npm\bin\ZLH.EXE
                  C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
                  C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
                  C:\Program Files\MSN Messenger\msnmsgr.exe
                  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\Norman\Nvc\BIN\NIP.EXE
                  C:\WINDOWS\system32\UltraMonIndDisp.exe
                  C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                  C:\Program Files\UltraMon\UltraMonTaskbar.exe
                  C:\WINDOWS\system32\net.exe
                  C:\WINDOWS\system32\net1.exe
                  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
                  C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
                  C:\Program Files\MSN Messenger\usnsvc.exe
                  C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
                  C:\Program Files\Mozilla Firefox\firefox.exe
                  C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
                  C:\Program Files\Macromedia\Flash 8\Flash.exe
                  C:\DOCUME~1\A1AFB~1.KIF\LOCALS~1\Temp\Adobelm_Cleanup.0001
                  C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                  C:\DOCUME~1\A1AFB~1.KIF\LOCALS~1\Temp\Adobelm_Cleanup.0001
                  C:\Program Files\Adobe\Adobe Photoshop CS2\ImageReady.exe
                  C:\Program Files\FileZilla\FileZilla.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
                  C:\WINDOWS\system32\wbem\wmiprvse.exe

                  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
                  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                  O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
                  O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
                  O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
                  O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                  O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
                  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                  O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
                  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
                  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                  O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
                  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
                  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
                  O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
                  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
                  O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                  O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll (file missing)
                  O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll (file missing)
                  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
                  O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
                  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174035320140
                  O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
                  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TwenteMM.local
                  O17 - HKLM\Software\..\Telephony: DomainName = TwenteMM.local
                  O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = TwenteMM.local
                  O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = TwenteMM.local
                  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                  O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
                  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                  O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
                  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
                  O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
                  O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
                  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                  O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
                  O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
                  O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
                  O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
                  O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
                  O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
                  O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
                  O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

                  --
                  End of file - 9224 bytes

                  Comment


                  • #10
                    Graag gedaan hoor, je logje ziet er ook weer schoon uit

                    Comment

                    Sorry, you are not authorized to view this page
                    Working...
                    X