Mededeling

Collapse
No announcement yet.

last van popups of adsites

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • last van popups of adsites

    Willen jullie deze log aub nakijken? Ik heb last van popups.
    Alvast bedankt

    Wimb

    Logfile of HijackThis v1.99.1
    Scan saved at 20:23:06, on 7-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\lxcrcoms.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\Rundll32.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\WimB\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: rightonads optimizer - {7D9362F8-77D8-4b29-97B5-621D550890C0} - C:\WINDOWS\system32\gzmrt.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsc7F.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,[email protected]
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
    O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://193.172.34.4/dana-cached/setup/NeoterisSetup.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://10.0.0.150/tsweb/msrdp.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      last van popups

      ComboFix 08-02.05.3 - WimB 2008-02-07 23:09:15.1 - NTFSx86
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.561 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\WimB\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
      C:\WINDOWS\system32\nsc7F.dll

      ----- BITS: Mogelijk geïnfecteerde sites -----

      hxxp://www.download.windowsupdate.com
      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-07 to 2008-02-07 ))))))))))))))))))))))))))))))
      .

      2008-02-07 22:59 . 2008-02-07 22:59 <DIR> d-------- C:\RVAXO
      2008-02-07 22:56 . 2008-02-07 19:10 674,195 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-02-07 22:56 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
      2008-02-07 20:01 . 2008-02-07 20:01 <DIR> d-------- C:\Program Files\Lavasoft
      2008-02-07 20:01 . 2008-02-07 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-02-07 19:49 . 2008-02-07 19:50 21,364,592 --a------ C:\Program Files\aaw2007.exe
      2008-01-19 16:33 . 2008-01-19 16:33 <DIR> d-------- C:\Neoteris
      2008-01-19 16:30 . 2008-01-19 18:36 <DIR> d-------- C:\Documents and Settings\Dagmar\Application Data\SPAMfighter
      2008-01-19 10:10 . 2008-02-07 23:02 <DIR> d-------- C:\Program Files\SPAMfighter
      2008-01-19 10:10 . 2008-01-19 10:10 <DIR> d-------- C:\Program Files\Common Files\Application
      2008-01-19 10:10 . 2008-01-19 10:10 <DIR> d-------- C:\Program Files\Common Files\Ankiro
      2008-01-19 10:10 . 2008-01-19 10:10 <DIR> d-------- C:\Documents and Settings\WimB\Application Data\SPAMfighter
      2008-01-18 23:08 . 2008-01-18 23:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
      2008-01-18 23:08 . 2008-01-18 23:08 1,409 --a------ C:\WINDOWS\QTFont.for
      2008-01-09 23:13 . 2008-02-07 20:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-07 22:01 --------- d-----w C:\Program Files\lx_cats
      2008-02-06 22:50 6,878 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
      2008-02-05 20:23 --------- d-----w C:\Documents and Settings\WimB\Application Data\AVG7
      2008-02-05 20:17 2,560 ----a-w C:\WINDOWS\system32\drivers\mchInjDrv.sys
      2008-01-27 07:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
      2007-12-29 18:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
      2007-12-26 10:39 --------- d-----w C:\Documents and Settings\WimB\Application Data\FileZilla
      2007-12-23 18:15 --------- d-----w C:\Program Files\BitComet
      2007-12-21 14:39 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
      2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
      2007-12-09 16:33 --------- d-----w C:\Program Files\Google
      2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
      2003-04-17 08:16 447,616 ----a-w C:\WINDOWS\inf\EL2K_N64.sys
      2003-04-17 08:15 147,328 ----a-w C:\WINDOWS\inf\EL2K_XP.sys
      2003-04-17 08:15 147,200 ----a-w C:\WINDOWS\inf\EL2K_2K.sys
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
      "msnmsgr"="C:\PROGRA~1\MSNMES~1\msnmsgr.exe" [2007-01-19 11:54 5674352]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 16:51 579072]
      "LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2005-12-01 19:38 65536]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
      "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]
      "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-26 10:46 219136]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoBandCustomize"= 0 (0x0)

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\InterVideo WinCinema Manager.lnk
      backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^WimB^Menu Start^Programma's^Opstarten^Algemene Share toevoegen.bat]
      path=C:\Documents and Settings\WimB\Menu Start\Programma's\Opstarten\Algemene Share toevoegen.bat
      backup=C:\WINDOWS\pss\Algemene Share toevoegen.batStartup

      [HKLM\~\startupfolder\C:^Documents and Settings^WimB^Menu Start^Programma's^Opstarten^TomTom HOME.lnk]
      path=C:\Documents and Settings\WimB\Menu Start\Programma's\Opstarten\TomTom HOME.lnk
      backup=C:\WINDOWS\pss\TomTom HOME.lnkStartup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
      --a------ 2005-02-22 20:05 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
      --a------ 2005-11-24 14:38 94208 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
      --a------ 2003-01-21 14:19 40960 C:\WINDOWS\VM_STI.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Check Version]
      --a------ 2002-08-06 04:20 45106 C:\Program Files\IBM\Client Access\cwbckver.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Express Welcome]
      --a------ 2002-08-06 04:20 20480 C:\Program Files\IBM\Client Access\cwbwlwiz.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Help Update]
      --a------ 2002-08-06 04:20 24576 C:\Program Files\IBM\Client Access\cwbinhlp.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Service]
      --a------ 2002-08-06 04:20 20530 C:\Program Files\IBM\Client Access\cwbsvstr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmugm.exe]
      C:\WINDOWS\system32\dmugm.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
      --a------ 2006-02-07 06:10 98304 C:\Program Files\Lexmark 2400 Series\ezprint.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
      --a------ 2006-02-02 09:11 290816 C:\Program Files\Lexmark Fax Solutions\fm3032.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      C:\Program Files\iTunes\iTunesHelper.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe]
      --a------ 2006-01-22 18:45 286720 C:\Program Files\Lexmark 2400 Series\lxcrmon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPTBox]
      C:\Program Files\Canon\MultiPASS4\MPTBox.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
      --a------ 2007-01-19 11:54 5674352 C:\PROGRA~1\MSNMES~1\msnmsgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\postSetupCheck]
      C:\WINDOWS\system32\gzmrt.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
      --a------ 2006-05-20 11:13 188416 C:\Program Files\PowerISO\PWRISOVM.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      --a------ 2007-06-29 05:24 286720 C:\Program Files\QuickTime\qttask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
      --a------ 2004-11-02 19:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
      --a------ 2007-11-12 23:03 1065800 C:\Program Files\Spyware Doctor\SDTrayApp.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
      --a------ 2003-04-04 13:56 577536 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
      --a------ 2003-04-04 13:38 774144 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spamihilator]
      C:\Program Files\Spamihilator\spamihilator.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      --a------ 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
      C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCASUTIEXE]
      --a------ 2003-02-12 10:55 1334784 C:\WINDOWS\system32\TCAUDIAG.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
      --a------ 2007-03-14 15:52 3770024 D:\Program Files\TomTom HOME\TomTomHOME.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
      --a------ 2006-11-21 18:38 35328 C:\Program Files\Winamp\winampa.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "NOD32krn"=2 (0x2)
      "iPodService"=3 (0x3)

      R1 mchInjDrv;madCodeHook DLL injection driver;C:\WINDOWS\system32\Drivers\mchInjDrv.sys [2008-02-05 21:17]
      R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-01-02 17:03]
      R2 tcaicchg;tcaicchg;C:\WINDOWS\System32\tcaicchg.sys [2000-06-06 19:08]
      R2 TCAITDI;TCAITDI Protocol;C:\WINDOWS\system32\DRIVERS\TCAITDI.sys [2001-09-04 12:22]
      S3 dwusbdnt;dwusbdnt;C:\WINDOWS\system32\DRIVERS\dwusbdnt.sys [2002-05-24 10:52]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23aeb936-3a26-11dc-8b43-000c6e470066}]
      \Shell\AutoRun\command - L:\InstallTomTomHOME.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fb315e8-c43e-11db-96b9-000c6e470066}]
      \Shell\AutoRun\command - L:\InstallTomTomHOME.exe

      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-02-07 22:01:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
      - C:\Program Files\Windows Defender\MpCmdRun.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-07 23:10:14
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      LXCRCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,[email protected]????????????????????????????? ???????????????????????????????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-02-07 23:10:41
      ComboFix-quarantined-files.txt 2008-02-07 22:10:33
      .
      2008-02-06 11:34:46 --- E O F ---

      Comment


      • #4
        Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
        Dit zal alles van RVAXO doen verwijderen.

        Je Java software is verouderd.
        Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
        Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
        • Download Java Runtime Environment (JRE) 6u4 en bewaar het naar je Bureaublad.
        • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
        • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
        • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
        • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
        • Herhaal dit tot alle oudere versies verdwenen zijn.
        • Na het verwijderen van alle oudere versies, herstart je pc.
        • Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


        Download ATF cleaner (mirror)(gemaakt door Atribune)

        Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

        Dubbelklik op ATF cleaner om het programma te starten.
        Op het tabblad "Main", plaats je een vinkje bij Select All.
        Klik op de knop Empty Selected.

        Het volgende doen als je ook FireFox als browser hebt:
        Klik op tabblad "Firefox", plaats een vinkje bij Select All.
        Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        (dit haalt het vinkje weer weg bij "Firefox saved passwords")
        Klik op de knop Empty Selected.

        Het volgende doen als je ook Opera als browser hebt:
        Klik op tabblad "Opera", plaats een vinkje bij Select All.
        Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        Klik op de knop Empty Selected.
        Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

        Ga naar Start - Uitvoeren en geef hier het volgende in:
        Combofix /U
        Druk daarna op OK.
        Let op: Er moet een spatie tussen Combofix en /U zitten.

        Dit zal Combofix deïnstalleren.

        Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
        Kijk hier hoe je je systeemherstel moet uitschakelen.
        Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

        Post als laatste nog een nieuw logje van Hijackthis ter controle

        Comment


        • #5
          popups

          Hierdan mn log. Ik heb bij het verwijderen van de verouderde java tools wel per ongeluk mn service pack2 geloof ik weggegooid. Tja... dikke vingers.
          Bedankt voor de hulp.

          Logfile of HijackThis v1.99.1
          Scan saved at 19:53:01, on 8-2-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16574)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Windows Defender\MsMpEng.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
          C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
          C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
          C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\Explorer.EXE
          C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
          C:\Program Files\Windows Defender\MSASCui.exe
          C:\Program Files\SPAMfighter\SFAgent.exe
          C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\WINDOWS\system32\lxcrcoms.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\MSN Messenger\usnsvc.exe
          C:\Program Files\Outlook Express\msimn.exe
          C:\Documents and Settings\WimB\Bureaublad\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
          O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
          O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,[email protected]
          O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
          O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
          O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
          O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
          O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
          O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
          O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
          O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
          O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
          O11 - Options group: [INTERNATIONAL] International*
          O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
          O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://193.172.34.4/dana-cached/setup/NeoterisSetup.cab
          O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
          O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
          O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202491849265
          O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://10.0.0.150/tsweb/msrdp.cab
          O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
          O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
          O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
          O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
          O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
          O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
          O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
          O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
          O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
          O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
          O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
          O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
          O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
          O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

          Comment


          • #6
            Logje ziet er goed uit

            Ik weet niet wat je gedeïnstalleerd hebt, maar SP2 staat er nog steeds op.
            Ga maar eens naar de Windows Update Site en installeer alle updates die beschikbaar zijn.

            Vertel of er nog problemen zijn

            Comment


            • #7
              Oh, nou dan weet ik t ook niet. In ieder geval hardstikke bedankt.

              Wim

              Comment


              • #8
                Graag gedaan hoor Wim

                Comment

                Sorry, you are not authorized to view this page
                Working...
                X