Mededeling

Collapse
No announcement yet.

search daily

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • search daily

    Ik heb geprobeerd alles volgens de regels te doen en dat dit bericht op de juiste plaats staat. Wie kan me helpen?

    Logfile of HijackThis v1.99.1
    Scan saved at 14:23:22, on 5/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = proxy.pandora.be
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: MySidesearch Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
    O2 - BHO: (no name) - {4F4896E0-E449-41E9-857E-893725D5C75E} - C:\WINDOWS\system32\avica.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nsa10A.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: superiorads - {79F562E5-768C-4494-8E6C-824ADA4A9C2C} - C:\WINDOWS\system32\sprt_ads.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_SAF.tmp" /EF "HKLM"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://194.78.112.62/Rawflow.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jozfient.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161256918578
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game08.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5222/mcfscan.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      search daily

      dit komt eruit.
      alvast bedankt.

      ---RVAXO.exe Updated: 2008-02-05---first run---
      Files found:
      C:\Documents and Settings\user\err.log
      C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
      C:\WINDOWS\system32\mysidesearch_sidebar.dll
      C:\WINDOWS\system32\dcads-remove.exe
      C:\WINDOWS\system32\superiorads-uninst.exe
      C:\WINDOWS\system32\Dcads_sidebar_uninstall.exe
      C:\Documents and Settings\user\Emails.dat

      Uninstallers:


      Folders Found:

      C:\Program Files\Dcads Games Collection

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------

      ComboFix 08-02.05.3 - user 2008-02-05 15:01:41.1 - NTFSx86
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.583 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\user\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
      C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\4ZSSN3TZ\iforex.com
      C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\4ZSSN3TZ\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
      C:\Documents and Settings\user\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
      C:\Documents and Settings\user\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
      C:\WINDOWS\Downloaded Program Files\UDC6M_0001_D19M0709NetInstaller.exe
      C:\WINDOWS\system32\nsa10A.dll

      ----- BITS: Mogelijk geïnfecteerde sites -----

      hxxp://www.download.windowsupdate.com
      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-05 to 2008-02-05 ))))))))))))))))))))))))))))))
      .

      2008-02-05 14:57 . 2008-02-05 14:57 <DIR> d-------- C:\RVAXO
      2008-02-05 14:55 . 2008-02-05 09:39 670,699 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-02-05 14:55 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
      2008-02-05 14:22 . 2008-02-05 14:25 <DIR> d-------- C:\HijackThis
      2008-02-05 13:53 . 2008-02-05 13:53 <DIR> d-------- C:\WINDOWS\McAfee.com
      2008-01-19 19:50 . 2008-01-22 18:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
      2008-01-19 19:50 . 2008-01-19 19:50 1,409 --a------ C:\WINDOWS\QTFont.for
      2008-01-19 14:21 . 2008-01-19 14:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-01-20 15:42 --------- d-----w C:\Program Files\LimeWire
      2008-01-20 13:45 --------- d-----w C:\Program Files\Incomplete
      2008-01-20 10:55 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire
      2008-01-20 08:44 --------- d-----w C:\Program Files\Cygwin
      2008-01-19 13:21 --------- d-----w C:\Program Files\Apple Software Update
      2008-01-17 15:24 119,168 ----a-w C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
      2008-01-06 15:03 --------- d-----w C:\Documents and Settings\user\Application Data\HouseCall 6.6
      2008-01-05 10:49 --------- d-----w C:\Documents and Settings\user\Application Data\U3
      2008-01-04 09:50 --------- d-----w C:\Program Files\Sibelius Software
      2008-01-04 09:50 --------- d-----w C:\Documents and Settings\user\Application Data\Sibelius Software
      2008-01-01 14:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
      2008-01-01 14:34 --------- d-----w C:\Program Files\Yahoo!
      2007-12-26 15:39 --------- d-----w C:\Program Files\Winamp
      2007-12-25 20:20 19,456 ----a-w C:\WINDOWS\system32\drivers\hnkmwhuw.dat
      2007-12-20 19:18 --------- d-----w C:\Program Files\Kruidvat - Fotoservice
      2007-12-13 20:07 --------- d-----w C:\Program Files\MediaCoder
      2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
      2007-11-02 14:25 2,293,712 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
      2007-11-02 14:24 3,655,488 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
      2007-11-02 14:23 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
      2007-08-29 15:06 506 ----a-w C:\Documents and Settings\user\Application Data\wklnhst.dat
      2007-01-11 10:45 1,514 ----a-w C:\Documents and Settings\user\Application Data\WWB7_32.DAT
      2007-01-05 09:09 6,566,912 ----a-w C:\Program Files\winamp532_full.exe
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F4896E0-E449-41E9-857E-893725D5C75E}]
      2004-08-04 13:00 84992 --a------ C:\WINDOWS\system32\avica.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
      "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
      "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 16:51 57344]
      "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SoundMan"="SOUNDMAN.EXE" [2006-08-03 04:12 577536 C:\WINDOWS\soundman.exe]
      "VTTimer"="VTTimer.exe"
      "VTTrayp"="VTtrayp.exe"
      "OFFICEKB"="C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe" [2006-11-03 15:08 387584]
      "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168]
      "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168]
      "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
      "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
      "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
      backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Synchronizer.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Synchronizer.lnk
      backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
      backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programma's^Opstarten^wkcalrem.LNK]
      path=C:\Documents and Settings\user\Menu Start\Programma's\Opstarten\wkcalrem.LNK
      backup=C:\WINDOWS\pss\wkcalrem.LNKStartup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
      --a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
      --a------ 2006-05-10 10:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
      --a------ 2006-10-09 10:28 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullGuard]
      C:\Program Files\BullGuard Software\BullGuard\bullguard.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
      --a------ 2006-11-03 15:08 958464 C:\Program Files\Labtec\Desktop\V5.1\moffice.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
      --a------ 2001-09-07 13:00 44032 C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
      --a------ 2004-08-04 13:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      C:\Program Files\iTunes\iTunesHelper.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
      --a------ 2006-05-18 10:29 49152 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
      --a------ 2004-08-04 13:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
      --a------ 2007-04-05 15:29 684118 C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
      --a------ 2006-05-16 16:50 40960 C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
      --a------ 2007-01-20 08:09 200704 C:\Documents and Settings\user\Mijn documenten\PowerISO\PWRISOVM.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      --a------ 2007-04-27 08:41 282624 C:\Program Files\QuickTime\qttask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
      --a------ 2005-12-07 21:57 30208 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]
      C:\WINDOWS\system32\sprt_ads.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
      --a------ 2007-10-10 06:28 36352 C:\Program Files\Winamp\winampa.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
      --------- 2006-11-02 22:53 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wTask]
      C:\WINDOWS\Media\LTaskup.exe

      R0 abpxsxrm;abpxsxrm;C:\WINDOWS\system32\drivers\hnkmwhuw.dat
      R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 10:38]
      R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 10:39]
      R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00]
      S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]

      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-01-30 19:56:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2008-02-04 16:00:15 C:\WINDOWS\Tasks\User_Feed_Synchronization-{17122860-3512-4B77-A9B1-65C857B7FA7B}.job"
      - C:\WINDOWS\system32\msfeedssync.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-05 15:03:24
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-02-05 15:03:47
      ComboFix-quarantined-files.txt 2008-02-05 14:03:45
      .
      2008-01-09 16:57:36 --- E O F ---

      Comment


      • #4
        Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
        Dit zal alles van RVAXO verwijderen.

        Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:


        Driver::
        abpxsxrm

        File::
        C:\WINDOWS\system32\drivers\hnkmwhuw.dat
        C:\WINDOWS\system32\avica.dll

        Registry::
        [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F4896E0-E449-41E9-857E-893725D5C75E}]
        [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]
        [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wTask]


        Sla dit op op je Bureaublad als CFScript.txt

        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



        Dit zal ComboFix doen herstarten.
        Start opnieuw op als daarom gevraagd wordt,
        en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje

        Comment


        • #5
          search daily

          ik weet niet of het het juiste log bestand is... dit is de log die open ging bij het opnieuw opstarten, maar hij noemt dus niet combofix.txt

          Bedankt, Elleen

          ComboFix 08-02.05.3 - user 2008-02-05 15:40:03.2 - NTFSx86
          Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.577 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\user\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\user\Bureaublad\CFScript.txt
          * Nieuw herstelpunt werd aangemaakt

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

          FILE
          C:\WINDOWS\system32\avica.dll
          C:\WINDOWS\system32\drivers\hnkmwhuw.dat
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\WINDOWS\system32\avica.dll
          C:\WINDOWS\system32\drivers\hnkmwhuw.dat

          .
          ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

          .
          -------\LEGACY_ABPXSXRM
          -------\abpxsxrm


          (((((((((((((((((((( Bestanden Gemaakt van 2008-01-05 to 2008-02-05 ))))))))))))))))))))))))))))))
          .

          2008-02-05 15:00 . 2004-08-04 13:00 399,360 --a------ C:\kmd.exe
          2008-02-05 14:22 . 2008-02-05 14:25 <DIR> d-------- C:\HijackThis
          2008-02-05 13:53 . 2008-02-05 13:53 <DIR> d-------- C:\WINDOWS\McAfee.com
          2008-01-19 19:50 . 2008-01-22 18:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
          2008-01-19 19:50 . 2008-01-19 19:50 1,409 --a------ C:\WINDOWS\QTFont.for
          2008-01-19 14:21 . 2008-01-19 14:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-01-20 15:42 --------- d-----w C:\Program Files\LimeWire
          2008-01-20 13:45 --------- d-----w C:\Program Files\Incomplete
          2008-01-20 10:55 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire
          2008-01-20 08:44 --------- d-----w C:\Program Files\Cygwin
          2008-01-19 13:21 --------- d-----w C:\Program Files\Apple Software Update
          2008-01-17 15:24 119,168 ----a-w C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
          2008-01-06 15:03 --------- d-----w C:\Documents and Settings\user\Application Data\HouseCall 6.6
          2008-01-05 10:49 --------- d-----w C:\Documents and Settings\user\Application Data\U3
          2008-01-04 09:50 --------- d-----w C:\Program Files\Sibelius Software
          2008-01-04 09:50 --------- d-----w C:\Documents and Settings\user\Application Data\Sibelius Software
          2008-01-01 14:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
          2008-01-01 14:34 --------- d-----w C:\Program Files\Yahoo!
          2007-12-26 15:39 --------- d-----w C:\Program Files\Winamp
          2007-12-20 19:18 --------- d-----w C:\Program Files\Kruidvat - Fotoservice
          2007-12-13 20:07 --------- d-----w C:\Program Files\MediaCoder
          2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
          2007-11-02 14:25 2,293,712 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
          2007-11-02 14:24 3,655,488 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
          2007-11-02 14:23 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
          2007-08-29 15:06 506 ----a-w C:\Documents and Settings\user\Application Data\wklnhst.dat
          2007-01-11 10:45 1,514 ----a-w C:\Documents and Settings\user\Application Data\WWB7_32.DAT
          2007-01-05 09:09 6,566,912 ----a-w C:\Program Files\winamp532_full.exe
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
          "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
          "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 16:51 57344]
          "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "SoundMan"="SOUNDMAN.EXE" [2006-08-03 04:12 577536 C:\WINDOWS\soundman.exe]
          "VTTimer"="VTTimer.exe"
          "VTTrayp"="VTtrayp.exe"
          "OFFICEKB"="C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe" [2006-11-03 15:08 387584]
          "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168]
          "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168]
          "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
          "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
          "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
          "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
          backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Synchronizer.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Synchronizer.lnk
          backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
          backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programma's^Opstarten^wkcalrem.LNK]
          path=C:\Documents and Settings\user\Menu Start\Programma's\Opstarten\wkcalrem.LNK
          backup=C:\WINDOWS\pss\wkcalrem.LNKStartup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
          --a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
          --a------ 2006-05-10 10:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
          --a------ 2006-10-09 10:28 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullGuard]
          C:\Program Files\BullGuard Software\BullGuard\bullguard.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
          --a------ 2006-11-03 15:08 958464 C:\Program Files\Labtec\Desktop\V5.1\moffice.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
          --a------ 2001-09-07 13:00 44032 C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
          --a------ 2004-08-04 13:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
          C:\Program Files\iTunes\iTunesHelper.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
          --a------ 2006-05-18 10:29 49152 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
          --a------ 2004-08-04 13:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
          --a------ 2007-04-05 15:29 684118 C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
          --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
          --a------ 2006-05-16 16:50 40960 C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
          --a------ 2007-01-20 08:09 200704 C:\Documents and Settings\user\Mijn documenten\PowerISO\PWRISOVM.EXE

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
          --a------ 2007-04-27 08:41 282624 C:\Program Files\QuickTime\qttask.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
          --a------ 2005-12-07 21:57 30208 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
          --a------ 2007-10-10 06:28 36352 C:\Program Files\Winamp\winampa.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
          --------- 2006-11-02 22:53 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

          R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 10:38]
          R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 10:39]
          R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00]
          S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]

          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-01-30 19:56:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          "2008-02-04 16:00:15 C:\WINDOWS\Tasks\User_Feed_Synchronization-{17122860-3512-4B77-A9B1-65C857B7FA7B}.job"
          - C:\WINDOWS\system32\msfeedssync.exe
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-02-05 15:44:22
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          ------------------------ Other Running Processes ------------------------
          .
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\bgsvcgen.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\Program Files\CyberLink\Shared files\RichVideo.exe
          C:\Program Files\Windows Media Player\WMPNetwk.exe
          C:\WINDOWS\system32\wscntfy.exe
          .
          **************************************************************************
          .
          Voltooingstijd: 2008-02-05 15:45:58 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-02-05 14:45:55
          ComboFix2.txt 2008-02-05 14:03:48
          .
          2008-01-09 16:57:36 --- E O F ---

          Comment


          • #6
            Download ATF cleaner (mirror)(gemaakt door Atribune)

            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Ga naar Start - Uitvoeren en geef hier het volgende in:
            Combofix /U
            Druk daarna op OK.
            Let op: Er moet een spatie tussen Combofix en /U zitten.

            Dit zal Combofix deïnstalleren.

            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
            Kijk hier hoe je je systeemherstel moet uitschakelen.
            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

            Post als laatste nog een nieuw logje van Hijackthis ter controle

            Comment


            • #7
              laatste log

              Logfile of HijackThis v1.99.1
              Scan saved at 16:14:29, on 5/02/2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16574)

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\WINDOWS\Explorer.EXE
              C:\WINDOWS\system32\bgsvcgen.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              C:\Program Files\CyberLink\Shared files\RichVideo.exe
              C:\WINDOWS\SOUNDMAN.EXE
              C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
              C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
              C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
              C:\Program Files\Messenger\msmsgs.exe
              C:\Program Files\Windows Media Player\WMPNSCFG.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\wscntfy.exe
              C:\Program Files\internet explorer\iexplore.exe
              C:\Program Files\MSN Messenger\msnmsgr.exe
              C:\Program Files\MSN Messenger\usnsvc.exe
              C:\HijackThis\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = proxy.pandora.be
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
              O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
              O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
              O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
              O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
              O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
              O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
              O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
              O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
              O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
              O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
              O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
              O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
              O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
              O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
              O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
              O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
              O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
              O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
              O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
              O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O11 - Options group: [INTERNATIONAL] International*
              O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://194.78.112.62/Rawflow.cab
              O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
              O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
              O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jozfient.spaces.live.com//PhotoUpload/MsnPUpld.cab
              O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
              O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
              O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161256918578
              O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
              O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
              O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
              O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
              O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game08.zylom.com/activex/zylomgamesplayer.cab
              O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
              O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5222/mcfscan.cab
              O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
              O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
              O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
              O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
              O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
              O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
              O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
              O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
              O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
              O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

              Comment


              • #8
                Logje ziet er goed uit

                Wil je wel overstappen op de nieuwste versie van Hijackthis als je nog een keer een logje posten wilt?:

                Comment


                • #9
                  Hartelijk dank!

                  Elleen

                  Comment


                  • #10
                    Graag gedaan hoor

                    Comment

                    Sorry, you are not authorized to view this page
                    Working...
                    X