Mededeling

Collapse
No announcement yet.

trojaans paard

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • trojaans paard

    Ook ik heb last van trojaanse paarden niet normaal om de zoveel tijd krijg ik een alarm dat er weer 1 binnen komt word er niet goed van. Ik heb ook maar weer even een logje gemaakt en hoop dat jullie mij weer kunnen helpen.

    Groetjes agnes

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:12:19, on 3-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
    C:\Program Files\SurfRight\Caretaker\AntispamService.exe
    C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe
    C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\SurfRight\Caretaker\Notifier.exe
    C:\WINDOWS\mrofinu572.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.home.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {98663E21-9CCE-4CF6-863C-911A9523A66F} - C:\WINDOWS\system32\pmnkhec.dll
    O2 - BHO: (no name) - {FBE50C7A-73D9-467A-ABA3-CD096395495C} - C:\Program Files\Messenger\hopebenuC:\WINDOWS\system32\fee9\lenamd83122.exe.dll (file missing)
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Synchronization Manager] "C:\WINDOWS\system32\mobsync.exe" /logon
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
    O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\TrustedAntivirus\bm.exe" dm=http://trustedantivirus.com ad=http://trustedantivirus.com sd=http://ykeeper.trustedantivirus.com
    O4 - HKLM\..\Run: [ptask] C:\Program Files\TrustedAntivirus\ptask.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
    O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
    O15 - Trusted Zone: *.amaena.com
    O15 - Trusted Zone: *.onerateld.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Jigsaw Puzzle Platinum\Images\stg_drm.ocx
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dolfijntje361.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {6E727CF0-2786-444E-B507-AE5081CBF123} (PCCtrl Class) - https://diensten.vwe.nl/HEN/code/cab/PCatl.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://dolfijntje361.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
    O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Mysteryville\Images\armhelper.ocx
    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp08.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab
    O20 - Winlogon Notify: pmnkhec - C:\WINDOWS\SYSTEM32\pmnkhec.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Caretaker Antispam Service (CaretakerAntispam) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\AntispamService.exe
    O23 - Service: Caretaker Proxy (CaretakerProxy) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe
    O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
    O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

    --
    End of file - 8064 bytes

  • #2
    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      na eindelijk weer op internet te hebben gekund hier mijn log:
      ComboFix 08-02.03.1 - x 2008-02-04 10:51:33.4 - NTFSx86
      Gestart vanuit: C:\DOCUME~1\x\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\RSU4P3M6\ComboFix[1].exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\pmnkhec.dll
      C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
      C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
      C:\Program Files\inetget2
      C:\Program Files\Insider
      C:\Program Files\Temporary
      C:\Program Files\Temporary\kernInst.exe
      C:\Temp\1cb
      C:\Temp\1cb\syscheck.log
      C:\WINDOWS\b122.exe
      C:\WINDOWS\b128.exe
      C:\WINDOWS\b147.exe
      C:\WINDOWS\mrofinu1000106.exe
      C:\WINDOWS\mrofinu572.exe
      C:\WINDOWS\system32\gebbawx.dll
      C:\WINDOWS\system32\mljighg.dll
      C:\WINDOWS\system32\nnnnljk.dll
      C:\WINDOWS\system32\pac.txt
      C:\WINDOWS\system32\pmnkhec.dll
      C:\WINDOWS\system32\rqrsttt.dll
      C:\WINDOWS\system32\ruvut.ini

      ----- BITS: Mogelijk ge‹nfecteerde sites -----

      hxxp://www.download.windowsupdate.com

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))
      .

      2008-02-01 15:43 . 2008-02-01 15:43 <DIR> d--hs---- C:\TrustedAntivirus
      2008-02-01 15:41 . 2008-02-01 23:28 <DIR> d-------- C:\Documents and Settings\x\Application Data\TrustedAntivirus
      2008-02-01 15:41 . 2008-02-01 15:41 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
      2008-02-01 15:16 . 2008-02-01 15:17 <DIR> d-------- C:\Program Files\Dot1XCfg
      2008-02-01 15:12 . 2008-02-01 15:12 <DIR> d-------- C:\WINDOWS\system32\fee9
      2008-02-01 15:12 . 2008-02-01 15:12 <DIR> d-------- C:\WINDOWS\system32\dep1
      2008-02-01 15:12 . 2008-02-01 15:12 <DIR> d-------- C:\Temp\gTiis19
      2008-02-01 15:12 . 2008-02-01 15:12 224,799 --a------ C:\Temp\hKKsb1910.exe
      2008-02-01 15:12 . 2008-02-01 15:12 36,864 --a------ C:\WINDOWS\mrofinu572.exe.tmp
      2008-02-01 15:11 . 2008-02-01 15:11 <DIR> d-------- C:\WINDOWS\system32\nGpxx01
      2008-02-01 15:11 . 2008-02-01 15:11 <DIR> d-------- C:\Temp\cXzz9
      2008-01-27 15:08 . 2008-01-27 15:07 38,212 --a------ C:\sammy9.jpg
      2008-01-26 23:20 . 2008-02-03 22:30 <DIR> dr-h----- C:\Documents and Settings\x\Onlangs geopend
      2008-01-24 20:14 . 2008-01-24 20:15 <DIR> d-------- C:\Program Files\Dream Day First Home
      2008-01-23 18:24 . 2008-01-23 18:24 <DIR> d-------- C:\Documents and Settings\x\Application Data\Big Fish Games
      2008-01-23 18:13 . 2008-01-23 18:14 <DIR> d-------- C:\Program Files\Mystery In London
      2008-01-19 23:05 . 2008-01-19 23:09 <DIR> d-------- C:\Documents and Settings\87E0~1\MessengerCache
      2008-01-10 00:38 . 2008-01-10 00:38 118 --a------ C:\WINDOWS\system32\MRT.INI

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2007-12-23 12:14 --------- d-----w C:\Program Files\Picasa2
      2007-12-23 11:18 --------- d-----w C:\Program Files\PhotoFiltre
      2007-12-20 23:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
      2007-12-20 23:07 --------- d-----w C:\Program Files\Hitman Pro
      2007-12-20 23:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2007-12-16 12:52 --------- d-----w C:\Program Files\Mystery PI The Lottery Ticket
      2007-12-16 10:02 --------- d-----w C:\Program Files\Hawaiian Explorer Pearl Harbor
      2007-12-15 19:41 --------- d-----w C:\Program Files\GameHouse
      2007-12-15 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
      2007-12-15 19:40 --------- d-----w C:\Documents and Settings\x\Application Data\GameHouse
      2007-12-15 19:32 --------- d-----w C:\Program Files\Private Eye Greatest Unsolved Mysteries
      2007-12-15 16:07 --------- d-----w C:\Program Files\Stone Of Destiny
      2007-12-15 16:06 --------- d-----w C:\Program Files\Zylom Games
      2007-12-15 11:59 --------- d-----w C:\Documents and Settings\x\Application Data\Zylom
      2007-12-14 14:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\NeptunesAdve
      2007-12-14 09:08 --------- d-----w C:\Documents and Settings\x\Application Data\Abra Academy2
      2007-12-13 22:13 --------- d-----w C:\Documents and Settings\x\Application Data\ForgottenRiddles
      2007-12-12 17:54 --------- d-----w C:\Program Files\Common Files\Teleca Shared
      2007-12-12 17:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\My Pictures
      2007-12-12 09:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
      2007-12-11 18:11 --------- d-----w C:\Documents and Settings\x\Application Data\Teleca
      2007-12-11 17:56 --------- d-----w C:\Documents and Settings\x\Application Data\Sony Ericsson
      2007-12-11 17:46 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
      2007-12-11 17:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
      2007-12-11 17:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
      2007-12-11 17:43 --------- d-----w C:\Program Files\Sony Ericsson
      2007-12-11 14:51 --------- d-----w C:\Program Files\Common Files\InstallShield
      2007-12-10 22:01 --------- d-----w C:\Program Files\Trend Micro
      2007-12-10 19:21 --------- d-----w C:\Program Files\Hijack This
      2007-12-10 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
      2007-12-10 09:33 164 ----a-w C:\install.dat
      2007-12-10 09:18 --------- d-----w C:\Program Files\SurfRight
      2007-12-10 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\SurfRight
      2007-12-09 09:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Reflexive
      2007-12-08 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Christmasville
      2007-12-08 21:18 --------- d-----w C:\Documents and Settings\x\Application Data\Flood Light Games
      2007-12-08 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flood Light Games
      2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
      2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
      2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
      2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
      2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
      2007-08-27 17:50 472,656 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FBE50C7A-73D9-467A-ABA3-CD096395495C}]
      C:\Program Files\Messenger\hopebenuC:\WINDOWS\system32\fee9\lenamd83122.exe.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
      "Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
      "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 00:03 144384]
      "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-03-29 14:38 26112]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
      "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-04-26 09:45 401408]
      "CaretakerNotifier"="C:\Program Files\SurfRight\Caretaker\Notifier.exe" [2008-01-10 19:48 492792]
      "bm"="C:\Program Files\Common Files\TrustedAntivirus\bm.exe" [ ]
      "ptask"="C:\Program Files\TrustedAntivirus\ptask.exe" [ ]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]
      "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

      R1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\drivers\ctredrv.sys [2007-09-19 13:06]
      R2 CaretakerAntispam;Caretaker Antispam Service;"C:\Program Files\SurfRight\Caretaker\AntispamService.exe" [2008-01-10 19:48]
      R2 CaretakerProxy;Caretaker Proxy;"C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe" [2008-01-10 19:47]
      R2 CaretakerSvc;Caretaker Service;"C:\Program Files\SurfRight\Caretaker\CaretakerService.exe" [2008-01-10 19:47]
      R2 CaretakerUpdate;Caretaker Updater;"C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe" [2008-01-10 19:48]
      S0 xakekisx;xakekisx;C:\WINDOWS\system32\drivers\hsjpzuyf.dat
      S3 v800bus;Sony Ericsson V800-Vodafone 802SE driver (WDM);C:\WINDOWS\system32\DRIVERS\v800bus.sys [2004-08-09 13:51]
      S3 v800mdfl;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\v800mdfl.sys [2004-08-09 13:52]
      S3 v800mdm;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\v800mdm.sys [2004-08-09 13:53]
      S3 v800mgmt;Sony Ericsson V800-Vodafone 802SE USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\v800mgmt.sys [2004-08-09 13:54]
      S3 v800obex;Sony Ericsson V800-Vodafone 802SE USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\v800obex.sys [2004-08-09 13:55]

      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-04 11:03:33
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\PSIService.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\WgaTray.exe
      C:\Program Files\Common Files\Teleca Shared\Generic.exe
      C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
      .
      **************************************************************************
      .
      Voltooingstijd: 2008-02-04 11:09:23 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-02-04 10:09:16
      ComboFix2.txt 2007-12-10 16:57:32
      .
      2008-01-09 23:38:21 --- E O F ---

      Comment


      • #4
        Ga naar Start - Uitvoeren en geef daar het volgende in:
        sc delete xakekisx
        Druk daarna op OK.

        Download: RVAXO.exe
        • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
        • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
          Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
        • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
        • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
          Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
        • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
        • Post de inhoud van de logfile in je volgende bericht.
        Maak ook even een nieuw logje met Combofix en post dat ook

        Comment


        • #5
          Hierbij mijn eerste logje die van combofix moet ik nog even doen

          ---RVAXO.exe Updated: 2008-02-04---first run---
          Files found:
          C:\WINDOWS\mrofinu572.exe.tmp
          C:\WINDOWS\Prefetch\MROFINU572.EXE-16B9FCA5.pf
          C:\Temp\hKKsb1910.exe

          Uninstallers:


          Folders Found:

          C:\Documents and Settings\All Users\Application Data\SalesMon
          C:\Documents and Settings\x\Application Data\TrustedAntivirus
          C:\Program Files\Dot1XCfg
          C:\WINDOWS\system32\fee9
          C:\WINDOWS\system32\dep1
          C:\WINDOWS\system32\nGpxx01
          C:\Temp\cXzz9
          C:\Temp\gTiis19
          C:\TrustedAntivirus

          Hosts-file was reset, If you use a custom hosts file please replace it...

          --------------RVAXO.exe last run---------------

          Files found:

          Folders Found:

          --------------RVAXO.exe finished----------------

          Comment


          • #6
            en hier mijn log van combofix

            ComboFix 08-02.03.1 - x 2008-02-04 16:27:51.5 - NTFSx86
            Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.43 [GMT 1:00]
            Gestart vanuit: C:\Documents and Settings\x\Bureaublad\ComboFix.exe

            WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
            .

            (((((((((((((((((((( Bestanden Gemaakt van 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))
            .

            2008-02-04 16:12 . 2008-02-04 16:13 <DIR> d-------- C:\RVAXO
            2008-02-04 16:05 . 2008-02-04 15:06 662,645 --a------ C:\WINDOWS\system32\RVAXO.bat
            2008-02-04 16:05 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
            2008-01-27 15:08 . 2008-01-27 15:07 38,212 --a------ C:\sammy9.jpg
            2008-01-26 23:20 . 2008-02-03 22:30 <DIR> dr-h----- C:\Documents and Settings\x\Onlangs geopend
            2008-01-24 20:14 . 2008-01-24 20:15 <DIR> d-------- C:\Program Files\Dream Day First Home
            2008-01-23 18:24 . 2008-01-23 18:24 <DIR> d-------- C:\Documents and Settings\x\Application Data\Big Fish Games
            2008-01-23 18:13 . 2008-01-23 18:14 <DIR> d-------- C:\Program Files\Mystery In London
            2008-01-19 23:05 . 2008-01-19 23:09 <DIR> d-------- C:\Documents and Settings\87E0~1\MessengerCache
            2008-01-10 00:38 . 2008-01-10 00:38 118 --a------ C:\WINDOWS\system32\MRT.INI

            .
            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2007-12-23 12:14 --------- d-----w C:\Program Files\Picasa2
            2007-12-23 11:18 --------- d-----w C:\Program Files\PhotoFiltre
            2007-12-20 23:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
            2007-12-20 23:07 --------- d-----w C:\Program Files\Hitman Pro
            2007-12-20 23:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
            2007-12-16 12:52 --------- d-----w C:\Program Files\Mystery PI The Lottery Ticket
            2007-12-16 10:02 --------- d-----w C:\Program Files\Hawaiian Explorer Pearl Harbor
            2007-12-15 19:41 --------- d-----w C:\Program Files\GameHouse
            2007-12-15 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
            2007-12-15 19:40 --------- d-----w C:\Documents and Settings\x\Application Data\GameHouse
            2007-12-15 19:32 --------- d-----w C:\Program Files\Private Eye Greatest Unsolved Mysteries
            2007-12-15 16:07 --------- d-----w C:\Program Files\Stone Of Destiny
            2007-12-15 16:06 --------- d-----w C:\Program Files\Zylom Games
            2007-12-15 11:59 --------- d-----w C:\Documents and Settings\x\Application Data\Zylom
            2007-12-14 14:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\NeptunesAdve
            2007-12-14 09:08 --------- d-----w C:\Documents and Settings\x\Application Data\Abra Academy2
            2007-12-13 22:13 --------- d-----w C:\Documents and Settings\x\Application Data\ForgottenRiddles
            2007-12-12 17:54 --------- d-----w C:\Program Files\Common Files\Teleca Shared
            2007-12-12 17:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\My Pictures
            2007-12-12 09:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
            2007-12-11 18:11 --------- d-----w C:\Documents and Settings\x\Application Data\Teleca
            2007-12-11 17:56 --------- d-----w C:\Documents and Settings\x\Application Data\Sony Ericsson
            2007-12-11 17:46 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
            2007-12-11 17:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
            2007-12-11 17:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
            2007-12-11 17:43 --------- d-----w C:\Program Files\Sony Ericsson
            2007-12-11 14:51 --------- d-----w C:\Program Files\Common Files\InstallShield
            2007-12-10 22:01 --------- d-----w C:\Program Files\Trend Micro
            2007-12-10 19:21 --------- d-----w C:\Program Files\Hijack This
            2007-12-10 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
            2007-12-10 09:33 164 ----a-w C:\install.dat
            2007-12-10 09:18 --------- d-----w C:\Program Files\SurfRight
            2007-12-10 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\SurfRight
            2007-12-09 09:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Reflexive
            2007-12-08 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Christmasville
            2007-12-08 21:18 --------- d-----w C:\Documents and Settings\x\Application Data\Flood Light Games
            2007-12-08 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flood Light Games
            2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
            2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
            2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
            2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
            2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
            2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
            2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
            2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
            2007-08-27 17:50 472,656 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
            .

            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            REGEDIT4
            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

            [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FBE50C7A-73D9-467A-ABA3-CD096395495C}]
            C:\Program Files\Messenger\hopebenuC:\WINDOWS\system32\fee9\lenamd83122.exe.dll

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
            "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 00:03 144384]
            "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-03-29 14:38 26112]
            "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
            "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-04-26 09:45 401408]
            "CaretakerNotifier"="C:\Program Files\SurfRight\Caretaker\Notifier.exe" [2008-01-10 19:48 492792]

            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
            "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]
            "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

            C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
            Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

            R1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\drivers\ctredrv.sys [2007-09-19 13:06]
            R2 CaretakerAntispam;Caretaker Antispam Service;"C:\Program Files\SurfRight\Caretaker\AntispamService.exe" [2008-01-10 19:48]
            R2 CaretakerProxy;Caretaker Proxy;"C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe" [2008-01-10 19:47]
            R2 CaretakerSvc;Caretaker Service;"C:\Program Files\SurfRight\Caretaker\CaretakerService.exe" [2008-01-10 19:47]
            R2 CaretakerUpdate;Caretaker Updater;"C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe" [2008-01-10 19:48]
            S3 v800bus;Sony Ericsson V800-Vodafone 802SE driver (WDM);C:\WINDOWS\system32\DRIVERS\v800bus.sys [2004-08-09 13:51]
            S3 v800mdfl;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\v800mdfl.sys [2004-08-09 13:52]
            S3 v800mdm;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\v800mdm.sys [2004-08-09 13:53]
            S3 v800mgmt;Sony Ericsson V800-Vodafone 802SE USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\v800mgmt.sys [2004-08-09 13:54]
            S3 v800obex;Sony Ericsson V800-Vodafone 802SE USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\v800obex.sys [2004-08-09 13:55]

            .
            **************************************************************************

            catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2008-02-04 16:32:27
            Windows 5.1.2600 Service Pack 2 NTFS

            scannen van verborgen processen ...

            scannen van verborgen autostart items ...

            scannen van verborgen bestanden ...

            Scan succesvol afgerond
            verborgen bestanden: 0

            **************************************************************************
            .
            Voltooingstijd: 2008-02-04 16:34:34
            ComboFix-quarantined-files.txt 2008-02-04 15:34:14
            ComboFix2.txt 2008-02-04 10:09:24
            ComboFix3.txt 2007-12-10 16:57:32
            .
            2008-01-09 23:38:21 --- E O F ---

            Comment


            • #7
              Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
              O2 - BHO: (no name) - {FBE50C7A-73D9-467A-ABA3-CD096395495C} - C:\Program Files\Messenger\hopebenuC:\WINDOWS\system32\fee9\lenamd83122.exe.dll (file missing)
              O15 - Trusted Zone: *.amaena.com
              O15 - Trusted Zone: *.onerateld.com

              Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

              Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
              Dit zal alles van RVAXO doen verwijderen.


              Download ATF cleaner (mirror)(gemaakt door Atribune)

              Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

              Dubbelklik op ATF cleaner om het programma te starten.
              Op het tabblad "Main", plaats je een vinkje bij Select All.
              Klik op de knop Empty Selected.

              Het volgende doen als je ook FireFox als browser hebt:
              Klik op tabblad "Firefox", plaats een vinkje bij Select All.
              Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
              (dit haalt het vinkje weer weg bij "Firefox saved passwords")
              Klik op de knop Empty Selected.

              Het volgende doen als je ook Opera als browser hebt:
              Klik op tabblad "Opera", plaats een vinkje bij Select All.
              Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
              Klik op de knop Empty Selected.
              Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

              Ga naar Start - Uitvoeren en geef hier het volgende in:
              Combofix /U
              Druk daarna op OK.
              Let op: Er moet een spatie tussen Combofix en /U zitten.

              Dit zal Combofix deïnstalleren.

              Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
              Kijk hier hoe je je systeemherstel moet uitschakelen.
              Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

              Post als laatste nog een nieuw logje van Hijackthis ter controle

              Comment


              • #8
                en hier weer mij log:

                Logfile of Trend Micro HijackThis v2.0.2
                Scan saved at 18:23:11, on 4-2-2008
                Platform: Windows XP SP2 (WinNT 5.01.2600)
                MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                Boot mode: Normal

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
                C:\Program Files\SurfRight\Caretaker\AntispamService.exe
                C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe
                C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
                C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                C:\Program Files\Alwil Software\Avast4\ashServ.exe
                C:\WINDOWS\system32\spoolsv.exe
                C:\WINDOWS\system32\PSIService.exe
                C:\WINDOWS\system32\svchost.exe
                C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                C:\WINDOWS\system32\WgaTray.exe
                C:\WINDOWS\Explorer.EXE
                C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                C:\Program Files\Real\RealPlayer\RealPlay.exe
                C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
                C:\Program Files\SurfRight\Caretaker\Notifier.exe
                C:\Program Files\MSN Messenger\MsnMsgr.Exe
                C:\Program Files\Common Files\Teleca Shared\Generic.exe
                C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
                C:\Program Files\MSN Messenger\usnsvc.exe
                C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.home.nl/
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
                R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                O4 - HKLM\..\Run: [Synchronization Manager] "C:\WINDOWS\system32\mobsync.exe" /logon
                O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
                O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
                O4 - HKLM\..\Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe
                O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
                O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
                O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
                O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
                O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Jigsaw Puzzle Platinum\Images\stg_drm.ocx
                O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
                O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
                O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dolfijntje361.spaces.live.com//PhotoUpload/MsnPUpld.cab
                O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
                O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
                O16 - DPF: {6E727CF0-2786-444E-B507-AE5081CBF123} (PCCtrl Class) - https://diensten.vwe.nl/HEN/code/cab/PCatl.cab
                O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://dolfijntje361.spaces.live.com/PhotoUpload/MsnPUpld.cab
                O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
                O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
                O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
                O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Mysteryville\Images\armhelper.ocx
                O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp08.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab
                O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
                O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                O23 - Service: Caretaker Antispam Service (CaretakerAntispam) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\AntispamService.exe
                O23 - Service: Caretaker Proxy (CaretakerProxy) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe
                O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
                O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
                O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
                O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

                --
                End of file - 7132 bytes

                Comment


                • #9
                  Logje ziet er goed uit

                  Comment


                  • #10
                    Dank je wel weer

                    Comment


                    • #11
                      Graag gedaan hoor Agnes

                      Comment


                      • #12
                        Nou heb ik toch eens een vraagje. Hoe kom ik nou aan die trojaanse toestand??Is dat omdat ik dan mss een site bezoek waar die is of krijg ik die gewoon toegstuurd als cadeautje van iemand hahaBen ik dan niet blij mee haha.

                        Agnes
                        Last edited by agnes38; 05-02-08, 11:58.

                        Comment


                        • #13
                          Dergelijke infecties loop je meestal op door het gebruik van cracks om trialsoftware werkend te krijgen.
                          Maar het wordt soms ook wel geïnstalleerd als je een MSN-besmetting hebt of als je via een P2P-netwerk downloadt.
                          Voor mij is dat eigenlijk niet te achterhalen wat precies de oorzaak was

                          Comment


                          • #14
                            nou dan kan je beter niet meer surfen over het internet dan haha

                            agnes

                            Comment


                            • #15
                              Oorspronkelijk geplaatst door agnes38 Bekijk Berichten
                              nou dan kan je beter niet meer surfen over het internet dan haha

                              agnes
                              Hmmmm, een beetje oppassen en dan gaat het vast wel goed

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X