Mededeling

Collapse
No announcement yet.

blauw scherm

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • blauw scherm

    hoi kan iemand naar dit logje kijken
    ik heb een blauw scherm en de pc is traag

    bvd frank

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:51:17, on 14-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\system32\inetsrv\inetinfo.exe
    D:\WINDOWS\system32\HPZipm12.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Common Files\ACD Systems\NL\DevDetect.exe
    D:\Program Files\Winamp\winampa.exe
    D:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\WINDOWS\Explorer.exe
    D:\Program Files\internet explorer\iexplore.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\shell.exe
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Printer] D:\WINDOWS\system32\printer.exe
    O4 - HKLM\..\Run: [BluetoothAuthorizationAgent] D:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
    O4 - HKLM\..\Run: [AntiVirusPro] D:\Program Files\AntiVirusPro\AntiVirusPro.exe
    O4 - HKCU\..\Run: [Spoolsv] D:\WINDOWS\system32\spoolvs.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
    O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://dafotoservice.da.nl/DA/UserControls/Part/Upload/ImageUploader4.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O21 - SSODL: zip - {79dcdbf0-32ca-4c88-88da-99a3bae6abc9} - D:\WINDOWS\Installer\{79dcdbf0-32ca-4c88-88da-99a3bae6abc9}\zip.dll
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 3589 bytes

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen(je kan hem ook hier vinden: C:\Combofix.txt)
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      hier de logjes

      ---RVAXO.exe Updated: 2008-02-15---first run---
      Files found:
      D:\WINDOWS\system32\krboitiq.dllbox
      D:\WINDOWS\system32\kjmoq.ini2
      D:\Program Files\ucleaner_setup.exe
      D:\Documents and Settings\frank en miriam\Application Data\printer.exe
      D:\WINDOWS\system32\winupdate.exe
      D:\Documents and Settings\frank en miriam\Mijn documenten\pos???.tmp

      Uninstallers:


      Folders Found:

      D:\Program Files\AntiVirusPro
      D:\Program Files\SystemDefender
      D:\Documents and Settings\frank en miriam\Application Data\Anti-Virus-Pro.com
      D:\Documents and Settings\frank en miriam\Application Data\ultra

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      D:\WINDOWS\system32\winupdate.exe
      D:\Program Files\ucleaner_setup.exe
      D:\Documents and Settings\frank en miriam\Application Data\printer.exe
      Folders Found:

      D:\Documents and Settings\frank en miriam\Application Data\Anti-Virus-Pro.com
      D:\Documents and Settings\frank en miriam\Application Data\ultra
      --------------RVAXO.exe finished----------------


      ComboFix 08-02-15.2 - frank en miriam 2008-02-15 18:36:00.3 - FAT32x86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.150 [GMT 1:00]
      Gestart vanuit: D:\Documents and Settings\frank en miriam\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      D:\WINDOWS\system32\qomjk.dll
      D:\Documents and Settings\frank en miriam\Application Data\printer.exe
      D:\Documents and Settings\frank en miriam\Application Data\ultra
      D:\Documents and Settings\frank en miriam\Application Data\ultra\uninstall.bat
      D:\Program Files\ucleaner_setup.exe
      D:\WINDOWS\Fonts\acrsecB.fon
      D:\WINDOWS\inf\ultra.inf
      D:\WINDOWS\system32\bxuqxxlu.dll
      D:\WINDOWS\system32\dwjtydgu.ini
      D:\WINDOWS\system32\fptwppck.dll
      D:\WINDOWS\system32\kcppwtpf.ini
      D:\WINDOWS\system32\kjmoq.ini
      D:\WINDOWS\system32\kjmoq.ini2
      D:\WINDOWS\system32\krboitiq.dll
      D:\WINDOWS\system32\krboitiq.dll . . . . konden niet verwijderd worden
      D:\WINDOWS\system32\krboitiq.dllbox
      D:\WINDOWS\system32\kynyluyn.dll
      D:\WINDOWS\system32\qomjk.dll
      D:\WINDOWS\system32\ugdytjwd.dll
      D:\WINDOWS\system32\vturpop.dll
      D:\WINDOWS\system32\winupdate.exe
      D:\WINDOWS\system32\xbnkyifk.dll

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

      .
      -------\LEGACY_NTLOAD


      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-15 to 2008-02-15 ))))))))))))))))))))))))))))))
      .

      2008-02-15 18:44 . 2008-02-15 18:44 269,334 --a------ D:\WINDOWS\system32\fihkfalon.bmp
      2008-02-15 18:31 . 2008-02-15 18:31 269,334 --a------ D:\WINDOWS\system32\kneton.bmp
      2008-02-15 16:57 . 2008-02-15 18:39 163,904 --------- D:\WINDOWS\system32\krboitiq.dll
      2008-02-15 16:56 . 2008-02-15 16:56 269,334 --a------ D:\WINDOWS\system32\idgjip.bmp
      2008-02-14 22:46 . 19,584 D:\WINDOWS\system32\drivers\ezqcrzko.dat
      2008-02-14 22:45 . 2008-02-14 22:45 269,334 --a------ D:\WINDOWS\system32\srilsj.bmp
      2008-02-14 22:45 . 2001-09-07 12:00 84,992 --a------ D:\WINDOWS\system32\confms.dll
      2008-02-14 22:10 . 2008-02-14 22:10 <DIR> d-------- D:\Documents and Settings\frank en miriam\Application Data\Anti-Virus-Pro.com
      2008-02-14 22:08 . 2008-02-14 22:08 269,334 --a------ D:\WINDOWS\system32\pgrqtcfidknid.bmp
      2008-02-14 22:08 . 2008-02-14 22:08 29,436 --a------ D:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
      2008-02-14 21:54 . 2008-02-14 21:54 <DIR> d-------- D:\Documents and Settings\frank en miriam\DoctorWeb
      2008-02-14 21:51 . 2008-02-14 21:51 <DIR> d-------- D:\Program Files\SysCleaner
      2008-02-14 19:27 . 2008-02-14 19:27 <DIR> d--hs---- D:\FOUND.010
      2008-02-04 11:05 . 2008-02-04 11:05 <DIR> d-------- D:\Program Files\ACD Systems
      2008-02-02 15:15 . 2008-02-02 15:15 <DIR> d-------- D:\Documents and Settings\frank en miriam\Application Data\ACD Systems
      2008-02-02 15:13 . 2008-02-02 15:13 <DIR> d-------- D:\Program Files\Common Files\ACD Systems
      2008-02-02 15:13 . 2008-02-02 15:13 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\ACD Systems
      2008-02-01 11:20 . 2008-02-01 11:20 <DIR> d-------- D:\Program Files\Nero
      2008-02-01 11:20 . 2008-02-01 11:20 <DIR> d-------- D:\Program Files\Common Files\Nero
      2008-01-27 12:18 . 2008-01-27 12:18 <DIR> d--hs---- D:\FOUND.009
      2008-01-23 21:18 . 2008-01-23 21:18 <DIR> d-------- D:\Program Files\Project1
      2008-01-23 21:17 . 2008-01-23 21:17 249,856 --------- D:\WINDOWS\Setup1.exe
      2008-01-23 21:17 . 2008-01-23 21:17 73,216 --a------ D:\WINDOWS\ST6UNST.EXE

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-15 17:01 696,244 ----a-w D:\WINDOWS\system32\RVAXO.bat
      2008-01-14 17:24 --------- d-----w D:\Program Files\Cub Rummy
      2008-01-04 21:31 --------- d-----w D:\Program Files\Winamp Remote
      2008-01-04 21:31 --------- d-----w D:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks
      2008-01-03 21:40 --------- d-----w D:\Program Files\Uniblue
      2008-01-03 21:40 --------- d-----w D:\Documents and Settings\frank en miriam\Application Data\Uniblue
      2005-05-11 22:36 12,288 ----a-w D:\WINDOWS\Fonts\RandFont.dll
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{489A4798-3BC4-4B46-A52B-B67AA9A71E53}]
      D:\WINDOWS\system32\qomjk.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
      2008-02-15 18:39 163904 --------- D:\WINDOWS\system32\krboitiq.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e023bc13-d3c4-40ef-ae2c-db65c037e22d}]
      D:\WINDOWS\system32\kynyluyn.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC36DD04-4B64-4C3A-ACBE-E0EA3AFF7320}]
      2001-09-07 12:00 84992 --a------ D:\WINDOWS\system32\confms.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Device Detector"="DevDetect.exe"
      "WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2007-12-20 16:16 37376]
      "BluetoothAuthorizationAgent"="D:\WINDOWS\system32\BluetoothAuthorizationAgent.exe" [2008-02-14 22:08 29436]
      "AntiVirusPro"="D:\Program Files\AntiVirusPro\AntiVirusPro.exe" [ ]
      "bcf3b5a2"="D:\WINDOWS\system32\fptwppck.dll" [ ]
      "combofix"="D:\WINDOWS\system32\kmd.exe" [2004-08-03 23:03 399360]
      "KernelFaultCheck"="D:\WINDOWS\system32\dumprep 0 -k" [ ]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:03 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\krboitiq]
      krboitiq.dll 2008-02-15 18:39 163904 D:\WINDOWS\system32\krboitiq.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkgg32]
      winkgg32.dll

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
      SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll, xlibgfl254.dll

      [HKLM\~\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
      backup=D:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

      [HKLM\~\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk]
      backup=D:\WINDOWS\pss\Snelstart HP Image Zone.lnkCommon Startup

      [HKLM\~\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
      backup=D:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bcf3b5a2]
      D:\WINDOWS\system32\ugdytjwd.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
      --a------ 2007-09-20 15:35 202024 D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
      --a------ 2004-08-03 23:03 15360 D:\WINDOWS\system32\ctfmon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
      --a------ 2007-04-04 00:29 165784 D:\Program Files\DAEMON Tools\daemon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
      --a------ 2005-05-11 23:12 49152 D:\Program Files\HP\HP Software Update\HPWuSchd2.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipmon]


      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
      D:\WINDOWS\system32\dumprep 0 -k

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSDrive]
      D:\WINDOWS\system32\drvlug.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
      E:\Nero 8\Nero BackItUp\NBKeyScan.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]
      E:\PHOTOS~2\data\Xtras\mssysmgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      --a------ 2007-03-01 15:57 153136 D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
      --a------ 2007-12-18 02:02 471040 D:\Program Files\Winamp Remote\bin\OrbTray.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      E:\QTTask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
      D:\WINDOWS\system32\yhyaeaye.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
      --a------ 2007-12-05 15:51 1885464 D:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "wscsvc"=2 (0x2)
      "WebClient"=2 (0x2)
      "SENS"=2 (0x2)
      "RSVP"=3 (0x3)
      "NtLmSsp"=3 (0x3)
      "usnjsvc"=3 (0x3)
      "ose"=3 (0x3)
      "odserv"=3 (0x3)

      R0 zisajgsz;zisajgsz;D:\WINDOWS\system32\drivers\ezqcrzko.dat
      R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);D:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 00:03]
      S3 w89c940;Winbond W89C940 PCI Ethernet Adapter-stuurprogramma;D:\WINDOWS\system32\DRIVERS\w940nd.sys [2001-08-17 20:13]

      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-02-08 19:40:02 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - D:\Program Files\Apple Software Update\SoftwareUpdate.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-15 18:45:01
      Windows 5.1.2600 Service Pack 2 FAT NTAPI

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      --------------------- DLLs Geladen Onder Lopende Processen ---------------------

      PROCESS: D:\WINDOWS\system32\winlogon.exe
      -> D:\WINDOWS\system32\krboitiq.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      D:\WINDOWS\system32\savedump.exe
      D:\WINDOWS\system32\HPZipm12.exe
      D:\WINDOWS\system32\wdfmgr.exe
      D:\Program Files\Common Files\ACD Systems\NL\DevDetect.exe
      D:\WINDOWS\system32\dumprep.exe
      D:\WINDOWS\system32\dwwin.exe
      .
      **************************************************************************
      .
      Voltooingstijd: 2008-02-15 18:46:42 - machine was rebooted
      ComboFix2.txt 2007-12-18 15:49:14
      ComboFix-quarantined-files.txt 2008-02-15 17:46:38
      .
      2007-07-14 12:18:37 --- E O F ---

      Comment


      • #4
        Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
        Dit zal alles van RVAXO doen verwijderen.


        Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:


        Folder::
        D:\Documents and Settings\frank en miriam\Application Data\Anti-Virus-Pro.com
        D:\Program Files\SysCleaner
        D:\FOUND.010
        D:\FOUND.009
        D:\FOUND.008
        D:\FOUND.007
        D:\FOUND.006
        D:\FOUND.005
        D:\FOUND.004
        D:\FOUND.003
        D:\FOUND.002
        D:\FOUND.001
        D:\FOUND.000

        File::
        D:\WINDOWS\system32\fihkfalon.bmp
        D:\WINDOWS\system32\kneton.bmp
        D:\WINDOWS\system32\krboitiq.dll
        D:\WINDOWS\system32\idgjip.bmp
        D:\WINDOWS\system32\drivers\ezqcrzko.dat
        D:\WINDOWS\Installer\{79dcdbf0-32ca-4c88-88da-99a3bae6abc9}\zip.dll
        D:\WINDOWS\system32\srilsj.bmp
        D:\WINDOWS\system32\confms.dll
        D:\WINDOWS\system32\pgrqtcfidknid.bmp

        Driver::
        zisajgsz

        Registry::
        [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{489A4798-3BC4-4B46-A52B-B67AA9A71E53}]
        [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
        [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e023bc13-d3c4-40ef-ae2c-db65c037e22d}]
        [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC36DD04-4B64-4C3A-ACBE-E0EA3AFF7320}]
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "AntiVirusPro"=-
        "bcf3b5a2"=-
        "combofix"=-
        "KernelFaultCheck"=-
        [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\krboitiq]
        [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkgg32]
        [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
        "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
        [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bcf3b5a2]
        [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipmon]
        [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
        [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSDrive]
        [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]




        Sla dit op op je Bureaublad als CFScript.txt

        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



        Dit zal ComboFix doen herstarten.
        Start opnieuw op als daarom gevraagd wordt,
        en post de inhoud van de Combofix.txt in je volgende antwoord.

        Comment


        • #5
          hier een nieuwe log

          ComboFix 08-02-15.2 - frank en miriam 2008-02-15 19:49:51.4 - FAT32x86
          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.164 [GMT 1:00]
          Gestart vanuit: D:\Documents and Settings\frank en miriam\Bureaublad\ComboFix.exe
          Command switches used :: D:\Documents and Settings\frank en miriam\Bureaublad\CFScript.txt
          * Nieuw herstelpunt werd aangemaakt

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

          FILE
          D:\WINDOWS\Installer\{79dcdbf0-32ca-4c88-88da-99a3bae6abc9}\zip.dll
          D:\WINDOWS\system32\confms.dll
          D:\WINDOWS\system32\drivers\ezqcrzko.dat
          D:\WINDOWS\system32\fihkfalon.bmp
          D:\WINDOWS\system32\idgjip.bmp
          D:\WINDOWS\system32\kneton.bmp
          D:\WINDOWS\system32\krboitiq.dll
          D:\WINDOWS\system32\pgrqtcfidknid.bmp
          D:\WINDOWS\system32\srilsj.bmp
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          D:\WINDOWS\system32\krboitiq.dll
          D:\Documents and Settings\frank en miriam\Application Data\Anti-Virus-Pro.com
          D:\FOUND.000
          D:\FOUND.000\FILE0000.CHK
          D:\FOUND.000\FILE0001.CHK
          D:\FOUND.000\FILE0002.CHK
          D:\FOUND.001
          D:\FOUND.001\FILE0000.CHK
          D:\FOUND.001\FILE0001.CHK
          D:\FOUND.001\FILE0002.CHK
          D:\FOUND.001\FILE0003.CHK
          D:\FOUND.001\FILE0004.CHK
          D:\FOUND.001\FILE0005.CHK
          D:\FOUND.001\FILE0006.CHK
          D:\FOUND.001\FILE0007.CHK
          D:\FOUND.001\FILE0008.CHK
          D:\FOUND.001\FILE0009.CHK
          D:\FOUND.001\FILE0010.CHK
          D:\FOUND.001\FILE0011.CHK
          D:\FOUND.001\FILE0012.CHK
          D:\FOUND.001\FILE0013.CHK
          D:\FOUND.001\FILE0014.CHK
          D:\FOUND.002
          D:\FOUND.002\FILE0000.CHK
          D:\FOUND.003
          D:\FOUND.003\FILE0000.CHK
          D:\FOUND.003\FILE0001.CHK
          D:\FOUND.003\FILE0002.CHK
          D:\FOUND.003\FILE0003.CHK
          D:\FOUND.004
          D:\FOUND.004\FILE0000.CHK
          D:\FOUND.004\FILE0001.CHK
          D:\FOUND.004\FILE0002.CHK
          D:\FOUND.004\FILE0003.CHK
          D:\FOUND.004\FILE0004.CHK
          D:\FOUND.004\FILE0005.CHK
          D:\FOUND.004\FILE0006.CHK
          D:\FOUND.004\FILE0007.CHK
          D:\FOUND.004\FILE0008.CHK
          D:\FOUND.004\FILE0009.CHK
          D:\FOUND.004\FILE0010.CHK
          D:\FOUND.004\FILE0011.CHK
          D:\FOUND.004\FILE0012.CHK
          D:\FOUND.004\FILE0013.CHK
          D:\FOUND.004\FILE0014.CHK
          D:\FOUND.004\FILE0015.CHK
          D:\FOUND.004\FILE0016.CHK
          D:\FOUND.004\FILE0017.CHK
          D:\FOUND.004\FILE0018.CHK
          D:\FOUND.004\FILE0019.CHK
          D:\FOUND.004\FILE0020.CHK
          D:\FOUND.004\FILE0021.CHK
          D:\FOUND.004\FILE0022.CHK
          D:\FOUND.004\FILE0023.CHK
          D:\FOUND.004\FILE0024.CHK
          D:\FOUND.004\FILE0025.CHK
          D:\FOUND.004\FILE0026.CHK
          D:\FOUND.004\FILE0027.CHK
          D:\FOUND.004\FILE0028.CHK
          D:\FOUND.004\FILE0029.CHK
          D:\FOUND.004\FILE0030.CHK
          D:\FOUND.004\FILE0031.CHK
          D:\FOUND.004\FILE0032.CHK
          D:\FOUND.004\FILE0033.CHK
          D:\FOUND.004\FILE0034.CHK
          D:\FOUND.005
          D:\FOUND.005\FILE0000.CHK
          D:\FOUND.005\FILE0001.CHK
          D:\FOUND.006
          D:\FOUND.006\FILE0000.CHK
          D:\FOUND.006\FILE0001.CHK
          D:\FOUND.006\FILE0002.CHK
          D:\FOUND.006\FILE0003.CHK
          D:\FOUND.007
          D:\FOUND.007\FILE0000.CHK
          D:\FOUND.007\FILE0001.CHK
          D:\FOUND.007\FILE0002.CHK
          D:\FOUND.007\FILE0003.CHK
          D:\FOUND.007\FILE0004.CHK
          D:\FOUND.007\FILE0005.CHK
          D:\FOUND.007\FILE0006.CHK
          D:\FOUND.007\FILE0007.CHK
          D:\FOUND.007\FILE0008.CHK
          D:\FOUND.007\FILE0009.CHK
          D:\FOUND.007\FILE0010.CHK
          D:\FOUND.007\FILE0011.CHK
          D:\FOUND.007\FILE0012.CHK
          D:\FOUND.007\FILE0013.CHK
          D:\FOUND.007\FILE0014.CHK
          D:\FOUND.007\FILE0015.CHK
          D:\FOUND.007\FILE0016.CHK
          D:\FOUND.007\FILE0017.CHK
          D:\FOUND.007\FILE0018.CHK
          D:\FOUND.007\FILE0019.CHK
          D:\FOUND.007\FILE0020.CHK
          D:\FOUND.007\FILE0021.CHK
          D:\FOUND.007\FILE0022.CHK
          D:\FOUND.007\FILE0023.CHK
          D:\FOUND.007\FILE0024.CHK
          D:\FOUND.007\FILE0025.CHK
          D:\FOUND.007\FILE0026.CHK
          D:\FOUND.007\FILE0027.CHK
          D:\FOUND.007\FILE0028.CHK
          D:\FOUND.007\FILE0029.CHK
          D:\FOUND.007\FILE0030.CHK
          D:\FOUND.007\FILE0031.CHK
          D:\FOUND.007\FILE0032.CHK
          D:\FOUND.007\FILE0033.CHK
          D:\FOUND.007\FILE0034.CHK
          D:\FOUND.007\FILE0035.CHK
          D:\FOUND.007\FILE0036.CHK
          D:\FOUND.007\FILE0037.CHK
          D:\FOUND.007\FILE0038.CHK
          D:\FOUND.007\FILE0039.CHK
          D:\FOUND.007\FILE0040.CHK
          D:\FOUND.007\FILE0041.CHK
          D:\FOUND.007\FILE0042.CHK
          D:\FOUND.007\FILE0043.CHK
          D:\FOUND.007\FILE0044.CHK
          D:\FOUND.007\FILE0045.CHK
          D:\FOUND.007\FILE0046.CHK
          D:\FOUND.007\FILE0047.CHK
          D:\FOUND.007\FILE0048.CHK
          D:\FOUND.007\FILE0049.CHK
          D:\FOUND.007\FILE0050.CHK
          D:\FOUND.007\FILE0051.CHK
          D:\FOUND.007\FILE0052.CHK
          D:\FOUND.007\FILE0053.CHK
          D:\FOUND.007\FILE0054.CHK
          D:\FOUND.007\FILE0055.CHK
          D:\FOUND.007\FILE0056.CHK
          D:\FOUND.007\FILE0057.CHK
          D:\FOUND.007\FILE0058.CHK
          D:\FOUND.008
          D:\FOUND.008\FILE0000.CHK
          D:\FOUND.008\FILE0001.CHK
          D:\FOUND.008\FILE0002.CHK
          D:\FOUND.009
          D:\FOUND.009\FILE0000.CHK
          D:\FOUND.010
          D:\FOUND.010\FILE0000.CHK
          D:\FOUND.010\FILE0001.CHK
          D:\Program Files\SysCleaner
          D:\WINDOWS\Installer\{79dcdbf0-32ca-4c88-88da-99a3bae6abc9}\zip.dll
          D:\WINDOWS\system32\confms.dll
          D:\WINDOWS\system32\drivers\ezqcrzko.dat
          D:\WINDOWS\system32\fihkfalon.bmp
          D:\WINDOWS\system32\idgjip.bmp
          D:\WINDOWS\system32\kneton.bmp
          D:\WINDOWS\system32\krboitiq.dll
          D:\WINDOWS\system32\krboitiq.dllbox
          D:\WINDOWS\system32\pgrqtcfidknid.bmp
          D:\WINDOWS\system32\srilsj.bmp

          .
          ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

          .
          -------\LEGACY_ZISAJGSZ
          -------\zisajgsz


          (((((((((((((((((((( Bestanden Gemaakt van 2008-01-15 to 2008-02-15 ))))))))))))))))))))))))))))))
          .

          2008-02-14 22:08 . 2008-02-14 22:08 29,436 --a------ D:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
          2008-02-14 21:54 . 2008-02-14 21:54 <DIR> d-------- D:\Documents and Settings\frank en miriam\DoctorWeb
          2008-02-04 11:05 . 2008-02-04 11:05 <DIR> d-------- D:\Program Files\ACD Systems
          2008-02-02 15:15 . 2008-02-02 15:15 <DIR> d-------- D:\Documents and Settings\frank en miriam\Application Data\ACD Systems
          2008-02-02 15:13 . 2008-02-02 15:13 <DIR> d-------- D:\Program Files\Common Files\ACD Systems
          2008-02-02 15:13 . 2008-02-02 15:13 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\ACD Systems
          2008-02-01 11:20 . 2008-02-01 11:20 <DIR> d-------- D:\Program Files\Nero
          2008-02-01 11:20 . 2008-02-01 11:20 <DIR> d-------- D:\Program Files\Common Files\Nero
          2008-01-23 21:18 . 2008-01-23 21:18 <DIR> d-------- D:\Program Files\Project1
          2008-01-23 21:17 . 2008-01-23 21:17 249,856 --------- D:\WINDOWS\Setup1.exe
          2008-01-23 21:17 . 2008-01-23 21:17 73,216 --a------ D:\WINDOWS\ST6UNST.EXE

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-02-15 17:01 696,244 ----a-w D:\WINDOWS\system32\RVAXO.bat
          2008-01-14 17:24 --------- d-----w D:\Program Files\Cub Rummy
          2008-01-04 21:31 --------- d-----w D:\Program Files\Winamp Remote
          2008-01-04 21:31 --------- d-----w D:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks
          2008-01-03 21:40 --------- d-----w D:\Program Files\Uniblue
          2008-01-03 21:40 --------- d-----w D:\Documents and Settings\frank en miriam\Application Data\Uniblue
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "Device Detector"="DevDetect.exe"
          "WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2007-12-20 16:16 37376]
          "BluetoothAuthorizationAgent"="D:\WINDOWS\system32\BluetoothAuthorizationAgent.exe" [2008-02-14 22:08 29436]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:03 15360]

          [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
          SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

          [HKLM\~\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
          backup=D:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

          [HKLM\~\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk]
          backup=D:\WINDOWS\pss\Snelstart HP Image Zone.lnkCommon Startup

          [HKLM\~\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
          backup=D:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
          --a------ 2007-09-20 15:35 202024 D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
          --a------ 2004-08-03 23:03 15360 D:\WINDOWS\system32\ctfmon.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
          --a------ 2007-04-04 00:29 165784 D:\Program Files\DAEMON Tools\daemon.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
          --a------ 2005-05-11 23:12 49152 D:\Program Files\HP\HP Software Update\HPWuSchd2.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
          E:\Nero 8\Nero BackItUp\NBKeyScan.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]
          E:\PHOTOS~2\data\Xtras\mssysmgr.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
          --a------ 2007-03-01 15:57 153136 D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
          --a------ 2007-12-18 02:02 471040 D:\Program Files\Winamp Remote\bin\OrbTray.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
          E:\QTTask.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
          --a------ 2007-12-05 15:51 1885464 D:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
          "wscsvc"=2 (0x2)
          "WebClient"=2 (0x2)
          "SENS"=2 (0x2)
          "RSVP"=3 (0x3)
          "NtLmSsp"=3 (0x3)
          "usnjsvc"=3 (0x3)
          "ose"=3 (0x3)
          "odserv"=3 (0x3)

          R2 SMTPSVC;SMTP (Simple Mail Transfer Protocol);D:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 00:03]
          S3 w89c940;Winbond W89C940 PCI Ethernet Adapter-stuurprogramma;D:\WINDOWS\system32\DRIVERS\w940nd.sys [2001-08-17 20:13]

          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-02-08 19:40:02 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - D:\Program Files\Apple Software Update\SoftwareUpdate.exe
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-02-15 20:36:28
          Windows 5.1.2600 Service Pack 2 FAT NTAPI

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          ------------------------ Other Running Processes ------------------------
          .
          D:\WINDOWS\system32\HPZipm12.exe
          D:\WINDOWS\system32\wdfmgr.exe
          D:\Program Files\Common Files\ACD Systems\NL\DevDetect.exe
          .
          **************************************************************************
          .
          Voltooingstijd: 2008-02-15 20:37:46 - machine was rebooted
          ComboFix3.txt 2007-12-18 15:49:14
          ComboFix-quarantined-files.txt 2008-02-15 19:37:44
          ComboFix2.txt 2008-02-15 17:46:46
          .
          2007-07-14 12:18:37 --- E O F ---

          Comment


          • #6
            Je Java software is verouderd.
            Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
            Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
            • Download Java Runtime Environment (JRE) 6u4 en bewaar het naar je Bureaublad.
            • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
            • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
            • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
            • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
            • Herhaal dit tot alle oudere versies verdwenen zijn.
            • Na het verwijderen van alle oudere versies, herstart je pc.
            • Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


            Download ATF cleaner (mirror)(gemaakt door Atribune)

            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Ga naar Start - Uitvoeren en geef hier het volgende in:
            Combofix /U
            Druk daarna op OK.
            Let op: Er moet een spatie tussen Combofix en /U zitten.

            Dit zal Combofix deïnstalleren.

            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
            Kijk hier hoe je je systeemherstel moet uitschakelen.
            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

            Post als laatste nog een nieuw logje van Hijackthis ter controle en vertel of er nog problemen zijn

            Comment


            • #7
              nog een logje

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 22:10:56, on 15-2-2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
              Boot mode: Normal

              Running processes:
              D:\WINDOWS\System32\smss.exe
              D:\WINDOWS\system32\winlogon.exe
              D:\WINDOWS\system32\services.exe
              D:\WINDOWS\system32\lsass.exe
              D:\WINDOWS\system32\svchost.exe
              D:\WINDOWS\System32\svchost.exe
              D:\WINDOWS\system32\spoolsv.exe
              D:\WINDOWS\Explorer.EXE
              D:\WINDOWS\system32\inetsrv\inetinfo.exe
              D:\WINDOWS\system32\HPZipm12.exe
              D:\WINDOWS\system32\svchost.exe
              D:\Program Files\Winamp\winampa.exe
              D:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
              D:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
              D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
              D:\Program Files\Outlook Express\msimn.exe
              D:\WINDOWS\system32\wuauclt.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
              O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
              O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
              O4 - HKLM\..\Run: [BluetoothAuthorizationAgent] D:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\OFFICE11\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
              O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
              O12 - Plugin for .pdf: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
              O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
              O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
              O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://dafotoservice.da.nl/DA/UserControls/Part/Upload/ImageUploader4.cab
              O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
              O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

              --
              End of file - 3427 bytes


              ik heb nog wel een blauw scherm en er draaid ook nog een progje van bluetooth wat mij niet bekend voor komt.

              Comment


              • #8
                Download Malwarebytes' Anti-Malware
                Dubbelklik mbam-setup.exe en kies voor "Next" om de tool te installeren.
                Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
                Druk daarna op "Finish".
                Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
                Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
                Druk dan op de knop "Start Scan".
                Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
                Zorg ervoor dat daar alles aangevinkt is, daarna klik: "Remove Selected".
                Daarna opent een logje(mbam-log-XX-XX-XXXX(getal).txt)
                Post deze log in je volgende bericht
                Last edited by smeenk; 16-02-08, 00:19.

                Comment


                • #9
                  hier het logje

                  Malwarebytes' Anti-Malware 1.03
                  Database versie: 365

                  Scan type: Volledige Scan (C:\|D:\|E:\|)
                  Objecten gescand: 78177
                  Verstreken tijd: 18 minute(s), 2 second(s)

                  Geheugenprocessen geïnfecteerd: 1
                  Geheugenmodulen geïnfecteerd: 0
                  Registersleutels geïnfecteerd: 6
                  Registerwaarden geïnfecteerd: 1
                  Registerdata bestanden geïnfecteerd: 0
                  Mappen geïnfecteerd: 0
                  Bestanden geïnfecteerd: 10

                  Geheugenprocessen geïnfecteerd:
                  D:\WINDOWS\system32\BluetoothAuthorizationAgent.exe (Trojan.Downloader) -> Unloaded process successfully.

                  Geheugenmodulen geïnfecteerd:
                  (Geen kwaadaardige items gevonden)

                  Registersleutels geïnfecteerd:
                  HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
                  HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
                  HKEY_LOCAL_MACHINE\SOFTWARE\AntiVirusPro (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.

                  Registerwaarden geïnfecteerd:
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BluetoothAuthorizationAgent (Trojan.Downloader) -> Quarantined and deleted successfully.

                  Registerdata bestanden geïnfecteerd:
                  (Geen kwaadaardige items gevonden)

                  Mappen geïnfecteerd:
                  (Geen kwaadaardige items gevonden)

                  Bestanden geïnfecteerd:
                  C:\xlibgfl254.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
                  D:\WINDOWS\system32\ahkjatsrqdcf.bmp (Malware.Trace) -> Quarantined and deleted successfully.
                  D:\WINDOWS\system32\pojqhsjidob.bmp (Malware.Trace) -> Quarantined and deleted successfully.
                  D:\WINDOWS\system32\orepkb.bmp (Malware.Trace) -> Quarantined and deleted successfully.
                  D:\WINDOWS\system32\krmdojapcn.bmp (Malware.Trace) -> Quarantined and deleted successfully.
                  D:\Documents and Settings\frank en miriam\DoctorWeb\Quarantine\shell.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
                  D:\Documents and Settings\frank en miriam\DoctorWeb\Quarantine\printer.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
                  D:\Documents and Settings\frank en miriam\DoctorWeb\Quarantine\spoolvs.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
                  D:\WINDOWS\system32\BluetoothAuthorizationAgent.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
                  D:\Documents and Settings\frank en miriam\Application Data\Microsoft\Internet Explorer\Quick Launch\Anti Virus Pro spyware remover.lnk (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.

                  Comment


                  • #10
                    Ziet er goed uit

                    Zijn alle problemen nu voorbij?

                    Comment


                    • #11
                      ja alles lijkt weer goed te werken.

                      bedankt voor de snelle hulp

                      frank

                      Comment


                      • #12
                        Graag gedaan hoor

                        Comment

                        Sorry, you are not authorized to view this page
                        Working...
                        X