Mededeling

Collapse
No announcement yet.

virusinfectie

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • virusinfectie

    Beste...,

    Kheb sinds enkele dagen last van een virus ( trojan downloader.zlob)
    Ik krijg deze niet weg met mijn viruscanner ( mcafee)


    Ik heb ondere andere last van pop ups, een langzaamwerkende computer en meldingen dat mijn computer geinfecteerd is.

    zie hier voor mijn hijack this logje

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:57:56, on 6-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\downloads\ad-aware\aawservice.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: STOPzilla Local Service - Unknown owner - D:\downloads\stopzilla\szntsvc.exe (file missing)

    --
    End of file - 5118 bytes

    bedankt alvast


    Kheb ondertussen nog een online scan met trendmicro gedaan dus hier volt het logje na deze scan:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:57:55, on 6-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    D:\downloads\PC Wizard 2008\PC Wizard.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\downloads\ad-aware\aawservice.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: STOPzilla Local Service - Unknown owner - D:\downloads\stopzilla\szntsvc.exe (file missing)

    --
    End of file - 5210 bytes
    Last edited by zjillbear; 06-02-08, 13:59.

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      okeej thnx


      de logjes :

      RVAXO

      ---RVAXO.exe Updated: 2008-02-06---first run---
      Files found:
      C:\WINDOWS\system32\jxdwdqvz.dllbox
      C:\WINDOWS\system32\klkkj.ini2
      C:\WINDOWS\system32\oqtwa.ini2
      C:\WINDOWS\system32\jkklk.dll_old
      C:\WINDOWS\system32\drivers\core.cache.dsk

      Uninstallers:


      Folders Found:


      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      C:\WINDOWS\system32\drivers\core.cache.dsk
      Folders Found:

      --------------RVAXO.exe finished----------------


      Combo
      ComboFix 08-02.05.3 - Stan 2008-02-06 15:15:08.2 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.637 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Stan\Bureaublad\ComboFix.exe

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\awtqo.dll
      C:\WINDOWS\system32\ddcywtu.dll
      C:\WINDOWS\system32\jxdwdqvz.dll
      C:\WINDOWS\system32\awtqo.dll
      C:\WINDOWS\system32\dapxiseb.ini
      C:\WINDOWS\system32\ddcywtu.dll
      C:\WINDOWS\system32\drivers\core.cache.dsk . . . . konden niet verwijderd worden
      C:\WINDOWS\system32\dyuiepjx.ini
      C:\WINDOWS\system32\jxdwdqvz.dll
      C:\WINDOWS\system32\jxdwdqvz.dllbox
      C:\WINDOWS\system32\klkkj.ini
      C:\WINDOWS\system32\opnommj.dll
      C:\WINDOWS\system32\oqtwa.ini
      C:\WINDOWS\system32\oqtwa.ini2
      C:\WINDOWS\system32\pnqqadbt.dll
      C:\WINDOWS\system32\urqroom.dll
      C:\WINDOWS\system32\yskykebk.dll
      C:\WINDOWS\system32\drivers\core.cache.dsk . . . . konden niet verwijderd worden

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-06 to 2008-02-06 ))))))))))))))))))))))))))))))
      .

      2008-02-06 15:12 . 2008-02-06 15:13 <DIR> d-------- C:\RVAXO
      2008-02-06 15:10 . 2008-02-06 01:35 671,789 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-02-06 15:10 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
      2008-02-06 14:46 . 2008-02-06 15:14 <DIR> dr-h----- C:\Documents and Settings\Stan\Onlangs geopend
      2008-02-06 14:13 . 2008-02-06 14:57 <DIR> d-------- C:\Documents and Settings\Stan\Application Data\AVG7
      2008-02-06 14:13 . 2008-02-06 14:13 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
      2008-02-06 14:13 . 2008-02-06 14:13 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
      2008-02-06 14:13 . 2008-02-06 14:13 86,144 --a------ C:\WINDOWS\system32\drivers\cdr4xxpp.sys
      2008-02-06 14:12 . 2008-02-06 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-02-06 14:12 . 2008-02-06 15:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
      2008-02-06 13:01 . 2008-02-06 13:54 <DIR> d-------- C:\Documents and Settings\Stan\.housecall6.6
      2008-02-06 12:57 . 2008-02-06 12:57 <DIR> d-------- C:\Program Files\Trend Micro
      2008-02-05 21:06 . 2008-02-05 21:09 589 --a------ C:\WINDOWS\wininit.ini
      2008-02-05 20:45 . 2008-02-05 20:45 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-02-05 20:45 . 2008-02-05 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-02-05 18:39 . 2008-02-05 18:39 <DIR> d-------- C:\Program Files\BillP Studios
      2008-02-05 14:32 . 2008-02-05 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
      2008-02-05 14:31 . 2008-02-05 14:31 <DIR> d-------- C:\Program Files\Common Files\iS3
      2008-02-05 14:31 . 2008-02-05 16:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
      2008-01-27 14:41 . 2008-01-27 15:07 <DIR> d-------- C:\Program Files\Postal2STP
      2008-01-27 14:25 . 1999-12-17 08:13 86,016 --------- C:\WINDOWS\unvise32.exe
      2008-01-27 13:37 . 1998-12-21 18:47 27,632 --a------ C:\WINDOWS\system\CTL3DV2.DLL
      2008-01-07 21:18 . 2002-12-10 09:11 6,852 --a------ C:\WINDOWS\system32\drivers\Vcs.sys

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-06 13:20 --------- d-----w C:\Program Files\Google
      2008-02-05 20:06 --------- d-----w C:\Documents and Settings\Stan\Application Data\WeatherDPA
      2008-02-05 16:43 --------- d-----w C:\Program Files\GameSpy Arcade
      2008-02-05 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
      2008-02-05 13:29 --------- d-----w C:\Program Files\Common Files\Adobe
      2008-02-04 12:17 --------- d-----w C:\Documents and Settings\Stan\Application Data\LimeWire
      2008-01-30 16:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-01-19 17:24 299,008 ----a-w C:\WINDOWS\system32\miccyhook.dll
      2008-01-05 14:03 --------- d-----w C:\Program Files\Winamp
      2008-01-03 15:15 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
      2007-12-25 21:51 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
      2007-12-25 12:16 --------- d-----w C:\Documents and Settings\Stan\Application Data\Image Zone Express
      2007-12-25 12:11 --------- d-----w C:\Program Files\Common Files\HP
      2007-12-25 10:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2007-12-25 09:29 --------- d-----w C:\Program Files\Common Files\LogiShrd
      2007-12-25 09:28 --------- d-----w C:\Program Files\Logitech
      2007-12-25 09:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
      2007-12-25 09:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
      2007-12-24 18:02 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
      2007-12-24 18:02 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
      2007-12-23 12:05 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
      2007-12-22 17:16 --------- d-----w C:\Documents and Settings\Stan\Application Data\Winamp
      2007-12-15 21:15 --------- d-----w C:\Documents and Settings\Stan\Application Data\VoipBuster
      2007-12-15 21:13 --------- d-----w C:\Program Files\VoipBuster.com
      2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
      2007-11-06 20:23 1,683 ----a-w C:\Documents and Settings\Stan\snydoi.exe
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
      "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-06 14:12 219136]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "DisallowRun"= 1 (0x1)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lderjjol]
      lderjjol.dll

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
      backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
      backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
      backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^Stan^Menu Start^Programma's^Opstarten^Ubisoft register.lnk]
      path=C:\Documents and Settings\Stan\Menu Start\Programma's\Opstarten\Ubisoft register.lnk
      backup=C:\WINDOWS\pss\Ubisoft register.lnkStartup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\54013634]
      C:\WINDOWS\system32\xjpeiuyd.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
      --a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN]
      D:\downloads\panda\APVXDWIN.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
      --a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
      --a------ 2007-07-25 16:02 563984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
      --a------ 2007-07-25 16:06 2027792 C:\Program Files\Logitech\QuickCam\Quickcam.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
      --a------ 2006-11-17 12:39 136768 C:\Program Files\McAfee\Common Framework\UdaterUI.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
      --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
      --a------ 2007-10-18 11:34 5724184 C:\Documents and Settings\Stan\Bureaublad\msnmsgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
      --a------ 2003-10-31 18:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
      --a------ 2006-11-30 07:50 112216 C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      --a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
      --a------ 2007-06-21 12:26 7390512 C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
      --a------ 2007-12-20 16:16 37376 C:\Program Files\Winamp\winampa.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
      --a------ 2004-03-18 16:27 192512 C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe

      R1 cdr4xxpp;cdr4xxpp;C:\WINDOWS\system32\drivers\cdr4xxpp.sys [2008-02-06 14:13]
      R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11]
      S3 aaudstum;aaudstum;C:\DOCUME~1\Stan\LOCALS~1\Temp\aaudstum.sys
      S3 cpuz128;cpuz128;D:\downloads\PC Wizard 2008\pcwiz32.sys
      S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
      S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
      S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-06 15:22:44
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      C:\Program Files\McAfee\Common Framework\FrameworkService.exe
      C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
      C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
      C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      .
      **************************************************************************
      .
      Voltooingstijd: 2008-02-06 15:23:35 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-02-06 14:23:30
      .
      2008-02-05 14:29:09 --- E O F ---

      Comment


      • #4
        Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
        Dit zal alles van RVAXO verwijderen.

        Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:


        Driver::
        aaudstum
        cdr4xxpp

        File::
        C:\WINDOWS\system32\drivers\cdr4xxpp.sys
        C:\WINDOWS\wininit.ini
        C:\Documents and Settings\Stan\snydoi.exe

        Registry::
        [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lderjjol]
        [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\54013634]




        Sla dit op op je Bureaublad als CFScript.txt

        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



        Dit zal ComboFix doen herstarten.
        Start opnieuw op als daarom gevraagd wordt,
        en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje

        Comment


        • #5
          thnx


          ComboFix 08-02.05.3 - Stan 2008-02-06 15:43:42.3 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.621 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Stan\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\Stan\Bureaublad\CFScript.txt
          * Nieuw herstelpunt werd aangemaakt

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

          FILE
          C:\Documents and Settings\Stan\snydoi.exe
          C:\WINDOWS\system32\drivers\cdr4xxpp.sys
          C:\WINDOWS\wininit.ini
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\WINDOWS\system32\drivers\cdr4xxpp.sys
          C:\WINDOWS\system32\drivers\core.cache.dsk
          C:\Documents and Settings\Stan\snydoi.exe
          C:\WINDOWS\system32\drivers\cdr4xxpp.sys
          C:\WINDOWS\system32\drivers\core.cache.dsk
          C:\WINDOWS\wininit.ini

          .
          ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

          .
          -------\LEGACY_AAUDSTUM
          -------\LEGACY_CDR4XXPP
          -------\aaudstum
          -------\cdr4xxpp


          (((((((((((((((((((( Bestanden Gemaakt van 2008-01-06 to 2008-02-06 ))))))))))))))))))))))))))))))
          .

          2008-02-06 15:14 . 2004-08-04 13:00 399,360 --a------ C:\kmd.exe
          2008-02-06 14:46 . 2008-02-06 15:42 <DIR> dr-h----- C:\Documents and Settings\Stan\Onlangs geopend
          2008-02-06 14:13 . 2008-02-06 14:57 <DIR> d-------- C:\Documents and Settings\Stan\Application Data\AVG7
          2008-02-06 14:13 . 2008-02-06 14:13 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
          2008-02-06 14:12 . 2008-02-06 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
          2008-02-06 14:12 . 2008-02-06 15:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
          2008-02-06 13:01 . 2008-02-06 13:54 <DIR> d-------- C:\Documents and Settings\Stan\.housecall6.6
          2008-02-06 12:57 . 2008-02-06 12:57 <DIR> d-------- C:\Program Files\Trend Micro
          2008-02-05 20:45 . 2008-02-05 20:45 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
          2008-02-05 20:45 . 2008-02-05 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2008-02-05 18:39 . 2008-02-05 18:39 <DIR> d-------- C:\Program Files\BillP Studios
          2008-02-05 14:32 . 2008-02-05 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
          2008-02-05 14:31 . 2008-02-05 14:31 <DIR> d-------- C:\Program Files\Common Files\iS3
          2008-02-05 14:31 . 2008-02-05 16:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
          2008-01-27 14:41 . 2008-01-27 15:07 <DIR> d-------- C:\Program Files\Postal2STP
          2008-01-27 14:25 . 1999-12-17 08:13 86,016 --------- C:\WINDOWS\unvise32.exe
          2008-01-27 13:37 . 1998-12-21 18:47 27,632 --a------ C:\WINDOWS\system\CTL3DV2.DLL
          2008-01-07 21:18 . 2002-12-10 09:11 6,852 --a------ C:\WINDOWS\system32\drivers\Vcs.sys

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-02-06 14:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
          2008-02-06 13:20 --------- d-----w C:\Program Files\Google
          2008-02-05 20:06 --------- d-----w C:\Documents and Settings\Stan\Application Data\WeatherDPA
          2008-02-05 16:43 --------- d-----w C:\Program Files\GameSpy Arcade
          2008-02-05 13:29 --------- d-----w C:\Program Files\Common Files\Adobe
          2008-02-04 12:17 --------- d-----w C:\Documents and Settings\Stan\Application Data\LimeWire
          2008-01-30 16:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2008-01-05 14:03 --------- d-----w C:\Program Files\Winamp
          2008-01-03 15:15 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
          2007-12-25 21:51 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
          2007-12-25 12:16 --------- d-----w C:\Documents and Settings\Stan\Application Data\Image Zone Express
          2007-12-25 12:11 --------- d-----w C:\Program Files\Common Files\HP
          2007-12-25 10:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
          2007-12-25 09:29 --------- d-----w C:\Program Files\Common Files\LogiShrd
          2007-12-25 09:28 --------- d-----w C:\Program Files\Logitech
          2007-12-25 09:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
          2007-12-25 09:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
          2007-12-24 18:02 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
          2007-12-22 17:16 --------- d-----w C:\Documents and Settings\Stan\Application Data\Winamp
          2007-12-15 21:15 --------- d-----w C:\Documents and Settings\Stan\Application Data\VoipBuster
          2007-12-15 21:13 --------- d-----w C:\Program Files\VoipBuster.com
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
          "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-06 14:12 219136]

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
          "DisallowRun"= 1 (0x1)

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
          backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
          backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
          path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
          backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

          [HKLM\~\startupfolder\C:^Documents and Settings^Stan^Menu Start^Programma's^Opstarten^Ubisoft register.lnk]
          path=C:\Documents and Settings\Stan\Menu Start\Programma's\Opstarten\Ubisoft register.lnk
          backup=C:\WINDOWS\pss\Ubisoft register.lnkStartup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
          --a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN]
          D:\downloads\panda\APVXDWIN.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
          --a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
          --a------ 2007-07-25 16:02 563984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
          --a------ 2007-07-25 16:06 2027792 C:\Program Files\Logitech\QuickCam\Quickcam.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
          --a------ 2006-11-17 12:39 136768 C:\Program Files\McAfee\Common Framework\UdaterUI.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
          --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
          --a------ 2007-10-18 11:34 5724184 C:\Documents and Settings\Stan\Bureaublad\msnmsgr.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
          --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
          --a------ 2003-10-31 18:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
          --a------ 2006-11-30 07:50 112216 C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
          --a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
          --a------ 2007-06-21 12:26 7390512 C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
          --a------ 2007-12-20 16:16 37376 C:\Program Files\Winamp\winampa.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
          --a------ 2004-03-18 16:27 192512 C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe

          R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11]
          S3 cpuz128;cpuz128;D:\downloads\PC Wizard 2008\pcwiz32.sys
          S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
          S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
          S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-02-06 15:49:21
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          ------------------------ Other Running Processes ------------------------
          .
          C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
          C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
          C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
          C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
          C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
          C:\Program Files\McAfee\Common Framework\FrameworkService.exe
          C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
          C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\WINDOWS\system32\PnkBstrA.exe
          C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
          .
          **************************************************************************
          .
          Voltooingstijd: 2008-02-06 15:50:18 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-02-06 14:50:13
          ComboFix2.txt 2008-02-06 14:23:35
          .
          2008-02-05 14:29:09 --- E O F ---




          hijack

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 15:50:56, on 6-2-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16574)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\SYSTEM32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
          C:\WINDOWS\Explorer.EXE
          C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
          C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
          C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
          C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
          C:\Program Files\McAfee\Common Framework\FrameworkService.exe
          C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
          C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\WINDOWS\system32\nvsvc32.exe
          C:\WINDOWS\system32\PnkBstrA.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\WINDOWS\system32\notepad.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
          O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
          O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
          O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
          O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\downloads\ad-aware\aawservice.exe
          O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
          O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
          O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
          O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
          O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
          O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
          O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
          O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

          --
          End of file - 6209 bytes

          Comment


          • #6
            Het ziet er goed uit

            Download ATF cleaner (mirror)(gemaakt door Atribune)

            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Ga naar Start - Uitvoeren en geef hier het volgende in:
            Combofix /U
            Druk daarna op OK.
            Let op: Er moet een spatie tussen Combofix en /U zitten.

            Dit zal Combofix deïnstalleren.

            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
            Kijk hier hoe je je systeemherstel moet uitschakelen.
            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

            Dan denk ik dat we klaar zijn

            Comment


            • #7
              hoop ut ook


              thnx

              Comment


              • #8
                Graag gedaan hoor

                Comment

                Sorry, you are not authorized to view this page
                Working...
                X