Mededeling

Collapse
No announcement yet.

mt50.nl popups

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • mt50.nl popups

    Ik zit met een Heel vervelend probleem. De bekende pop-ups. die van mij zijn dus van onder andere mt50.nl enz. nu heb ik al een beetje rond gekeken op jullie forum en gezien dat ik de volgende dingen moet posten (hijackthis, RVAXO, ComboFix). dus bij deze, kunnen jullie mij helpen!???

    Hijack:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:49:04, on 19-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\HPQ\IAM\bin\asghost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
    C:\Program Files\HPQ\Shared\hpqwmi.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\hp\Bureaublad\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

    --
    End of file - 6461 bytes









    RVAXO:

    ---RVAXO.exe Updated: 2008-02-19---first run---
    Files found:
    C:\WINDOWS\system32\drivers\core.cache.dsk

    Uninstallers:


    Folders Found:


    Hosts-file was reset, If you use a custom hosts file please replace it...

    --------------RVAXO.exe last run---------------

    Files found:

    C:\WINDOWS\system32\drivers\core.cache.dsk
    Folders Found:

    --------------RVAXO.exe finished----------------









    COMBOFIX log:


    ComboFix 08-02-20.1 - hp 2008-02-19 18:59:49.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.737 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\hp\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt

    WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\WINDOWS\system32\drivers\core.cache.dsk . . . . konden niet verwijderd worden

    ----- BITS: Mogelijk ge‹nfecteerde sites -----

    hxxp://au.downloa
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))
    .

    2008-02-19 18:52 . 2008-02-19 18:52 <DIR> d-------- C:\RVAXO
    2008-02-19 18:50 . 2008-02-19 14:43 705,776 --a------ C:\WINDOWS\system32\RVAXO.bat
    2008-02-19 18:50 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
    2008-02-17 11:48 . 2008-02-17 11:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-02-17 11:48 . 2008-02-17 12:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-17 10:58 . 2008-02-17 10:58 <DIR> d-------- C:\Program Files\Hema Album Software Advanced
    2008-02-17 10:58 . 2008-02-17 10:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hema Album Software Advanced
    2008-02-16 20:36 . 2008-02-16 20:36 <DIR> d-------- C:\Program Files\Lavasoft
    2008-02-16 20:36 . 2008-02-16 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-16 20:35 . 2008-02-16 20:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-15 20:08 . 2008-02-15 20:08 <DIR> d-------- C:\Program Files\Webteh
    2008-02-15 20:08 . 2008-02-15 20:09 <DIR> d-------- C:\Documents and Settings\hp\Application Data\BSplayer PRO
    2008-02-15 20:08 . 2008-02-15 20:08 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
    2008-02-15 20:08 . 2008-02-15 20:08 86,144 --a------ C:\WINDOWS\system32\drivers\rndismpp.sys
    2008-02-15 20:05 . 2008-02-15 20:05 <DIR> d-------- C:\Documents and Settings\hp\Application Data\InterVideo
    2008-02-14 17:57 . 2008-02-14 17:56 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
    2008-02-14 17:57 . 2008-02-14 17:56 298,104 --a------ C:\WINDOWS\system32\imon.dll
    2008-02-14 17:57 . 2008-02-14 17:56 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
    2008-02-14 17:56 . 2008-02-16 20:30 <DIR> d-------- C:\Program Files\ESET
    2008-02-14 16:37 . 2008-02-14 16:37 <DIR> d-------- C:\WINDOWS\Sun
    2008-02-14 16:14 . 2008-02-14 16:23 <DIR> d-------- C:\Program Files\BitLord2
    2008-02-13 22:36 . 2008-02-13 22:37 <DIR> d-------- C:\Program Files\BitLord
    2008-02-13 18:12 . 2005-06-28 09:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2008-02-13 18:06 . 2008-02-13 18:06 1,167 --a------ C:\WINDOWS\mozver.dat
    2008-02-13 18:04 . 2008-02-13 18:04 <DIR> d-------- C:\Program Files\AuthenTec
    2008-02-13 17:57 . 2008-02-13 17:59 <DIR> d-------- C:\WINDOWS\system32\NtmsData
    2008-02-13 17:56 . 2008-02-13 17:56 <DIR> d---s---- C:\Documents and Settings\hp\UserData
    2008-02-13 17:54 . 2008-02-13 17:54 <DIR> d-------- C:\Documents and Settings\hp\Application Data\Talkback
    2008-02-13 17:53 . 2008-02-13 17:53 0 --a------ C:\WINDOWS\nsreg.dat
    2008-02-11 13:49 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-13 21:50 --------- d-----w C:\Program Files\Google
    2008-02-11 11:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-11 11:43 --------- d-----w C:\Program Files\HPQ
    2008-02-11 11:41 --------- d-----w C:\Program Files\InterVideo
    2008-02-11 11:40 --------- d-----w C:\Program Files\Fingerprint Sensor
    2008-02-11 11:38 --------- d-----w C:\Program Files\Windows Media Connect
    2008-02-11 11:37 --------- d-----w C:\Program Files\Java
    2008-02-11 11:37 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-02-11 11:36 --------- d-----w C:\Program Files\Sonic
    2008-02-11 11:36 --------- d-----w C:\Program Files\Common Files\Sonic
    2008-02-11 11:36 --------- d-----w C:\Program Files\Common Files\Java
    2008-02-11 11:36 --------- d-----w C:\Documents and Settings\hp\Application Data\Sonic
    2008-02-11 11:35 20,576 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
    2008-02-11 11:35 --------- d-----w C:\Program Files\Common Files\SureThing Shared
    2008-02-11 11:23 --------- d-----w C:\Program Files\ATI Technologies
    2008-02-11 11:21 --------- d-----w C:\Program Files\Synaptics
    2008-02-11 11:21 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-02-11 11:19 --------- d-----w C:\Program Files\WIDCOMM
    2008-02-11 11:19 --------- d-----w C:\Program Files\Broadcom
    2008-02-11 11:18 --------- d-----w C:\Program Files\CONEXANT
    2008-02-11 11:17 1,545 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Compaq nx6125 (EK157ET#ABH)_YN_0U_QCND60708DY_EU_46_I308B_SHP_VKBC Version 45.25_B68DTT Ver. F.0D_T051122_WXP2_L413_M1152_J60_7AMD_8Turion 64 ML-32_91.8_#080211_N_(EK157ET#ABH)_XMOBILE_CN10_Z_2F.0D.MRK
    2008-02-11 11:17 --------- d-----w C:\Program Files\AMD
    2008-02-11 11:03 --------- d-----w C:\Program Files\microsoft frontpage
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-13 17:52 171448]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2005-04-08 11:08 73728]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 12:50 729178]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-09 21:05 344064]
    "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-06-29 13:48 233534]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-31 05:20 122940]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 03:52 36975]
    "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-10-24 14:23 499712]
    "CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 19:12 17920]
    "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 08:57 405504]
    "WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2005-07-04 16:47 184320]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-02-14 17:56 949376]
    "Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2008-02-17 12:14 2476408]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-05-31 14:29:16 577597]
    DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-02-11 12:41:06 184320]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
    C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll 2005-07-25 19:41 40960 C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

    R1 rndismpp;rndismpp;C:\WINDOWS\system32\drivers\rndismpp.sys [2008-02-15 20:08]
    R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2006-03-02 13:00]
    R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-04-18 02:00]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Cognizance REG_MULTI_SZ ASChannel

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-20 19:03:06
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????8?9?1?5??P???? ???B?????????????hLC? ??????

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\DllHost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\HPQ\IAM\bin\asghost.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
    C:\Program Files\HPQ\Shared\hpqwmi.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2008-02-20 19:04:26 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-20 18:04:08
    .
    2008-02-16 21:15:47 --- E O F ---






    Ik hoop dat dit voldoende is en zo niet, dan hoop ik dat iemand mij kan vertellen wat ik nog meer moet doen.

    Alvast bedankt,

    Daan (QuickSilver)

  • #2
    Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:



    File::
    C:\WINDOWS\system32\drivers\rndismpp.sys

    Driver::
    rndismpp




    Sla dit op op je Bureaublad als CFScript.txt

    Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



    Dit zal ComboFix doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de Combofix.txt in je volgende antwoord.

    Comment


    • #3
      Top ik denk dat ik dit goed heb gedaan!? ik hoop dat je er wat aan hebt.


      Thanx Daan


      ComboFix 08-02-20.1 - hp 2008-02-20 22:59:31.2 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.700 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\hp\Bureaublad\ComboFix.exe
      Command switches used :: C:\Documents and Settings\hp\Bureaublad\CFScript.txt
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

      FILE ::
      C:\WINDOWS\system32\drivers\rndismpp.sys
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\drivers\core.cache.dsk
      C:\WINDOWS\system32\drivers\rndismpp.sys
      C:\WINDOWS\system32\drivers\core.cache.dsk
      C:\WINDOWS\system32\drivers\rndismpp.sys

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

      .
      -------\LEGACY_RNDISMPP
      -------\rndismpp


      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))
      .

      2008-02-19 18:52 . 2008-02-19 18:52 <DIR> d-------- C:\RVAXO
      2008-02-19 18:50 . 2008-02-19 14:43 705,776 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-02-19 18:50 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
      2008-02-17 11:48 . 2008-02-17 11:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-02-17 11:48 . 2008-02-17 12:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-02-17 10:58 . 2008-02-17 10:58 <DIR> d-------- C:\Program Files\Hema Album Software Advanced
      2008-02-17 10:58 . 2008-02-17 10:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hema Album Software Advanced
      2008-02-16 20:36 . 2008-02-16 20:36 <DIR> d-------- C:\Program Files\Lavasoft
      2008-02-16 20:36 . 2008-02-16 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-02-16 20:35 . 2008-02-16 20:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2008-02-15 20:08 . 2008-02-15 20:08 <DIR> d-------- C:\Program Files\Webteh
      2008-02-15 20:08 . 2008-02-15 20:09 <DIR> d-------- C:\Documents and Settings\hp\Application Data\BSplayer PRO
      2008-02-15 20:05 . 2008-02-15 20:05 <DIR> d-------- C:\Documents and Settings\hp\Application Data\InterVideo
      2008-02-14 17:57 . 2008-02-14 17:56 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
      2008-02-14 17:57 . 2008-02-14 17:56 298,104 --a------ C:\WINDOWS\system32\imon.dll
      2008-02-14 17:57 . 2008-02-14 17:56 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
      2008-02-14 17:56 . 2008-02-16 20:30 <DIR> d-------- C:\Program Files\ESET
      2008-02-14 16:37 . 2008-02-14 16:37 <DIR> d-------- C:\WINDOWS\Sun
      2008-02-14 16:14 . 2008-02-14 16:23 <DIR> d-------- C:\Program Files\BitLord2
      2008-02-13 22:36 . 2008-02-13 22:37 <DIR> d-------- C:\Program Files\BitLord
      2008-02-13 18:12 . 2005-06-28 09:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
      2008-02-13 18:06 . 2008-02-13 18:06 1,167 --a------ C:\WINDOWS\mozver.dat
      2008-02-13 18:04 . 2008-02-13 18:04 <DIR> d-------- C:\Program Files\AuthenTec
      2008-02-13 17:57 . 2008-02-13 17:59 <DIR> d-------- C:\WINDOWS\system32\NtmsData
      2008-02-13 17:56 . 2008-02-13 17:56 <DIR> d---s---- C:\Documents and Settings\hp\UserData
      2008-02-13 17:54 . 2008-02-13 17:54 <DIR> d-------- C:\Documents and Settings\hp\Application Data\Talkback
      2008-02-13 17:53 . 2008-02-13 17:53 0 --a------ C:\WINDOWS\nsreg.dat
      2008-02-11 13:49 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-13 21:50 --------- d-----w C:\Program Files\Google
      2008-02-11 11:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-02-11 11:43 --------- d-----w C:\Program Files\HPQ
      2008-02-11 11:41 --------- d-----w C:\Program Files\InterVideo
      2008-02-11 11:40 --------- d-----w C:\Program Files\Fingerprint Sensor
      2008-02-11 11:38 --------- d-----w C:\Program Files\Windows Media Connect
      2008-02-11 11:37 --------- d-----w C:\Program Files\Java
      2008-02-11 11:37 --------- d-----w C:\Program Files\Hewlett-Packard
      2008-02-11 11:36 --------- d-----w C:\Program Files\Sonic
      2008-02-11 11:36 --------- d-----w C:\Program Files\Common Files\Sonic
      2008-02-11 11:36 --------- d-----w C:\Program Files\Common Files\Java
      2008-02-11 11:36 --------- d-----w C:\Documents and Settings\hp\Application Data\Sonic
      2008-02-11 11:35 20,576 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
      2008-02-11 11:35 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe
      2008-02-11 11:35 104,960 ------w C:\WINDOWS\system32\pxinsi64.exe
      2008-02-11 11:35 --------- d-----w C:\Program Files\Common Files\SureThing Shared
      2008-02-11 11:23 --------- d-----w C:\Program Files\ATI Technologies
      2008-02-11 11:21 --------- d-----w C:\Program Files\Synaptics
      2008-02-11 11:21 --------- d-----w C:\Program Files\Common Files\InstallShield
      2008-02-11 11:19 --------- d-----w C:\Program Files\WIDCOMM
      2008-02-11 11:19 --------- d-----w C:\Program Files\Broadcom
      2008-02-11 11:18 --------- d-----w C:\Program Files\CONEXANT
      2008-02-11 11:17 1,545 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Compaq nx6125 (EK157ET#ABH)_YN_0U_QCND60708DY_EU_46_I308B_SHP_VKBC Version 45.25_B68DTT Ver. F.0D_T051122_WXP2_L413_M1152_J60_7AMD_8Turion 64 ML-32_91.8_#080211_N_(EK157ET#ABH)_XMOBILE_CN10_Z_2F.0D.MRK
      2008-02-11 11:17 --------- d-----w C:\Program Files\AMD
      2008-02-11 11:03 --------- d-----w C:\Program Files\microsoft frontpage
      2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
      2007-12-07 01:08 662,528 ----a-w C:\WINDOWS\system32\wininet.dll
      2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-13 17:52 171448]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2005-04-08 11:08 73728]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 12:50 729178]
      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-09 21:05 344064]
      "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-06-29 13:48 233534]
      "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
      "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-31 05:20 122940]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 03:52 36975]
      "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-10-24 14:23 499712]
      "CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 19:12 17920]
      "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 08:57 405504]
      "WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2005-07-04 16:47 184320]
      "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-02-14 17:56 949376]
      "Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2008-02-17 12:14 2476408]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-05-31 14:29:16 577597]
      DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-02-11 12:41:06 184320]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
      C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll 2005-07-25 19:41 40960 C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

      R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2006-03-02 13:00]
      R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-04-18 02:00]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      Cognizance REG_MULTI_SZ ASChannel

      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-20 23:03:03
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????8?9?1?5??????? ???B?????????????hLC? ??????

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\DllHost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\HPQ\IAM\bin\asghost.exe
      C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
      C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      C:\Program Files\Eset\nod32krn.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
      C:\Program Files\HPQ\Shared\hpqwmi.exe
      .
      **************************************************************************
      .
      Voltooingstijd: 2008-02-20 23:04:21 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-02-20 22:04:05
      ComboFix2.txt 2008-02-20 18:04:27
      .
      2008-02-16 21:15:47 --- E O F ---

      Comment


      • #4
        Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
        Dit zal alles van RVAXO doen verwijderen.

        Je Java software is verouderd.
        Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
        Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
        • Download Java Runtime Environment (JRE) 6u4 en bewaar het naar je Bureaublad.
        • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
        • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
        • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
        • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
        • Herhaal dit tot alle oudere versies verdwenen zijn.
        • Na het verwijderen van alle oudere versies, herstart je pc.
        • Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


        Download ATF cleaner (mirror)(gemaakt door Atribune)

        Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

        Dubbelklik op ATF cleaner om het programma te starten.
        Op het tabblad "Main", plaats je een vinkje bij Select All.
        Klik op de knop Empty Selected.

        Het volgende doen als je ook FireFox als browser hebt:
        Klik op tabblad "Firefox", plaats een vinkje bij Select All.
        Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        (dit haalt het vinkje weer weg bij "Firefox saved passwords")
        Klik op de knop Empty Selected.

        Het volgende doen als je ook Opera als browser hebt:
        Klik op tabblad "Opera", plaats een vinkje bij Select All.
        Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        Klik op de knop Empty Selected.
        Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

        Ga naar Start - Uitvoeren en geef hier het volgende in:
        Combofix /U
        Druk daarna op OK.
        Let op: Er moet een spatie tussen Combofix en /U zitten.

        Dit zal Combofix deïnstalleren.

        Post als laatste nog een nieuw logje van Hijackthis ter controle

        Comment

        Sorry, you are not authorized to view this page
        Working...
        X