Mededeling

Collapse
No announcement yet.

Trojan Horse meldingen Avast

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Trojan Horse meldingen Avast

    Ik krijg meldingen van Trojan Horses, er komt een melding van Avast, maar telkens is het een andere file waar ie aangeeft dat DAT een Trojan is. Volgens mij alleen maar dll. files, wie kan mij helpen? Alvast bedankt Ik heb er verder niet veel last van, maar die meldingen zijn erg vervelend, en ik zal blij zijn als het is opgelost

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:39, on 2008-02-19
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Sony Ericsson\Mobile2\File Manager\FMObexServer.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {24C61C09-62C0-42ED-B640-53F7FEC9098A} - C:\WINDOWS\system32\yayvuvw.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {BB26376C-F0BE-43E4-93F4-D5FBCD8DAF61} - C:\Program Files\Online Services\zocejos89104.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O20 - Winlogon Notify: yayvuvw - C:\WINDOWS\SYSTEM32\yayvuvw.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: MSCSPTISRV - Unknown owner - -C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Office Source Engine (ose) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (file missing)
    O23 - Service: PACSPTISVR - Unknown owner - -C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - -C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Unknown owner - -C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (file missing)
    O23 - Service: StyleXPService - Unknown owner - -"C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe" (file missing)
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - -"C:\Program Files\Windows Live\installer\WLSetupSvc.exe" (file missing)
    O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    O23 - Service: Windows Media Player Network Sharing-service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)

    --
    End of file - 8959 bytes

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen(je kan hem ook hier vinden: C:\Combofix.txt)
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      ---RVAXO.exe Updated: 2008-02-19---first run---
      Files found:
      C:\WINDOWS\system32\pac.txt
      C:\Temp\hKKsb1910.exe

      Uninstallers:


      Folders Found:

      C:\Temp\1cb
      C:\Temp\cXzz9
      C:\Temp\gTiis19

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------





      ComboFix 08-02-20.2 - Eigenaar 2008-02-19 22:28:06.12 - NTFSx86
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.562 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\yayvuvw.dll
      C:\Program Files\Online Services\zocejos89104.dll
      C:\WINDOWS\system32\d1
      C:\WINDOWS\system32\e9
      C:\WINDOWS\system32\e9\liopud89104.exe
      C:\WINDOWS\system32\nGpxx03
      C:\WINDOWS\system32\nGpxx03\nGpxx031064.exe
      C:\WINDOWS\system32\u3
      C:\WINDOWS\system32\yayvuvw.dll

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))
      .

      2008-02-19 22:01 . 2008-02-19 22:02 <DIR> d-------- C:\RVAXO
      2008-02-19 21:59 . 2008-02-19 14:43 705,776 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-02-19 21:59 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
      2008-02-18 21:05 . 2008-02-19 22:25 <DIR> dr-h----- C:\Documents and Settings\Eigenaar\Onlangs geopend
      2008-02-18 20:03 . 2008-02-18 20:04 <DIR> d-------- C:\Program Files\FlashFXP
      2008-02-18 20:03 . 2008-02-18 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FlashFXP
      2008-02-18 20:00 . 2008-02-18 20:00 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\FlashFXP
      2008-02-16 12:01 . 2008-02-16 12:02 <DIR> d-------- C:\Documents and Settings\Eigenaar\dwhelper
      2008-02-10 22:10 . 2008-02-10 21:14 <DIR> d-------- C:\Program Files\AviSynth 2.5
      2008-02-10 21:14 . 2008-02-10 21:14 <DIR> d-------- C:\Program Files\BearShare Pro
      2008-02-10 21:14 . 2008-02-18 19:25 <DIR> d-------- C:\DOWNLOADS
      2008-02-09 17:42 . 2008-02-09 17:44 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
      2008-02-09 17:42 . 2008-02-09 17:43 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
      2008-02-09 17:42 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
      2008-02-09 17:41 . 2008-02-09 17:41 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2008-02-08 15:59 . 2008-02-08 15:59 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\SmartFTP
      2008-02-04 15:45 . 2008-02-04 15:45 <DIR> d-------- C:\Program Files\eRightSoft
      2008-02-02 16:14 . 2008-02-02 16:14 0 --a------ C:\WINDOWS\mngui.INI
      2008-02-02 16:10 . 2006-11-10 09:47 18,704 -ra------ C:\WINDOWS\system32\drivers\se2Bnd5.sys
      2008-02-02 16:09 . 2008-02-02 16:09 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Teleca
      2008-02-02 16:08 . 2008-02-02 16:08 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\Sony Ericsson
      2008-02-02 16:04 . 2008-02-04 17:20 <DIR> d-------- C:\Program Files\Sony Ericsson
      2008-02-02 16:04 . 2008-02-02 16:04 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
      2008-02-02 16:04 . 2008-02-02 16:04 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
      2008-02-02 16:04 . 2008-02-02 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
      2008-02-02 16:04 . 2008-02-02 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
      2008-02-02 16:01 . 2008-02-02 16:01 25 --a------ C:\WINDOWS\cdplayer.ini
      2008-02-02 15:50 . 2008-02-02 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
      2008-02-02 13:02 . 2008-02-02 13:02 <DIR> d-------- C:\Documents and Settings\Eigenaar\WINDOWS
      2008-02-02 13:02 . 1999-03-23 09:12 299,520 --a------ C:\WINDOWS\uninst.exe
      2008-01-31 22:36 . 2008-01-31 22:36 <DIR> d-------- C:\Program Files\Common Files\Download Manager
      2008-01-30 21:14 . 2008-02-17 14:14 <DIR> d-------- C:\Program Files\SopCast
      2008-01-28 20:39 . 2008-01-28 20:39 5,760,054 --a------ C:\WINDOWS\AW_XenoMorph1600.bmp
      2008-01-28 17:05 . 2008-01-28 17:05 <DIR> d-------- C:\Program Files\Stardock
      2008-01-28 11:12 . 2008-01-28 11:12 <DIR> d-------- C:\Program Files\Real
      2008-01-28 11:12 . 2008-01-28 11:12 <DIR> d-------- C:\Program Files\Common Files\xing shared
      2008-01-26 15:54 . 2008-01-26 15:54 <DIR> d-------- C:\NVIDIA
      2008-01-26 15:53 . 2008-01-26 15:53 <DIR> d-------- C:\Program Files\Trend Micro
      2008-01-26 15:37 . 2006-12-22 12:28 271,360 --a------ C:\WINDOWS\system32\mscoree.dll
      2008-01-25 15:53 . 2008-01-26 15:58 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
      2008-01-25 15:53 . 2008-01-25 15:53 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\DAEMON Tools
      2008-01-24 20:27 . 2008-01-24 20:27 1,024 --a------ C:\.rnd
      2008-01-22 18:36 . 2008-02-06 15:27 <DIR> d-------- C:\Program Files\SystemRequirementsLab
      2008-01-22 18:36 . 2008-01-22 18:36 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\SystemRequirementsLab
      2008-01-22 18:05 . 2008-01-22 18:05 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
      2008-01-21 17:00 . 2008-01-21 21:43 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\GrabIt

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-18 19:49 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\uTorrent
      2008-02-14 14:28 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Vso
      2008-02-12 16:01 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
      2008-02-09 16:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-01-28 19:37 --------- d-----w C:\Program Files\AlienGUIse
      2008-01-28 16:05 --------- d-----w C:\Program Files\Common Files\Stardock
      2008-01-28 12:17 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\dvdcss
      2008-01-28 10:12 --------- d-----w C:\Program Files\Common Files\Real
      2008-01-19 14:03 --------- d-----w C:\Program Files\Sun
      2008-01-19 14:03 --------- d-----w C:\Program Files\Java
      2008-01-19 14:00 --------- d-----w C:\Program Files\Common Files\Java
      2008-01-19 13:02 65,536 ----a-w C:\WINDOWS\IFinst27.exe
      2008-01-19 10:55 --------- d-----w C:\Program Files\Windows Defender
      2008-01-09 13:12 --------- d-----w C:\Program Files\directx
      2008-01-09 12:50 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\GetRightToGo
      2008-01-07 18:55 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
      2008-01-07 18:55 --------- d-----w C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
      2008-01-07 16:22 --------- d-----w C:\Program Files\Disk Cleaner
      2008-01-06 18:47 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\LimeWirePlus
      2008-01-03 17:54 249,856 ------w C:\WINDOWS\Setup1.exe
      2008-01-03 17:53 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
      2007-12-29 19:41 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
      2007-12-29 19:41 47,360 ----a-w C:\Documents and Settings\Eigenaar\Application Data\pcouffin.sys
      2007-12-29 19:41 --------- d-----w C:\Program Files\VSO
      2007-12-26 13:47 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
      2007-12-22 22:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
      2007-12-22 21:59 --------- d-----w C:\Program Files\Logitech
      2007-12-22 21:59 --------- d-----w C:\Program Files\Common Files\logishrd
      2007-12-22 21:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
      2007-12-22 15:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
      2007-12-15 12:32 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
      2007-12-04 16:22 22,328 ----a-w C:\Documents and Settings\Eigenaar\Application Data\PnkBstrK.sys
      2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
      2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
      "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "NoResolveSearch"= 1 (0x1)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoBandCustomize"= 0 (0x0)
      "NoMovingBands"= 0 (0x0)
      "NoCloseDragDropBands"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
      "UIHost"="LogonUI.EXE"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
      C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=wbsys.dll

      [HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^Alienware Dock.lnk]
      backup=C:\WINDOWS\pss\Alienware Dock.lnkStartup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
      -C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
      "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      "SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
      "VTTimer"=VTTimer.exe
      "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      "NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit
      "RTHDCPL"=RTHDCPL.EXE
      "S3Trayp"=S3trayp.exe
      "nwiz"=nwiz.exe /install
      "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
      "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

      R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 09:03]
      S3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-11-10 09:06]
      S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-09 17:43]

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      UxTuneUp

      *Newly Created Service* - GTNDIS5
      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-02-15 16:16:55 C:\WINDOWS\Tasks\1-Click Maintenance.job"
      - C:\Program Files\TuneUp Utilities 2008\OneClick.exe
      "2008-02-20 21:34:41 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
      - C:\Program Files\Windows Defender\MpCmdRun.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-20 22:32:18
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\Program Files\AlienGUIse\wbload.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
      C:\WINDOWS\ATKKBService.exe
      C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
      C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      .
      **************************************************************************
      .
      Voltooingstijd: 2008-02-20 22:36:26 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-02-20 21:36:16
      .
      2008-01-19 12:13:50 --- E O F ---

      Comment


      • #4
        Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
        Dit zal alles van RVAXO doen verwijderen.

        Download ATF cleaner (mirror)(gemaakt door Atribune)

        Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

        Dubbelklik op ATF cleaner om het programma te starten.
        Op het tabblad "Main", plaats je een vinkje bij Select All.
        Klik op de knop Empty Selected.

        Het volgende doen als je ook FireFox als browser hebt:
        Klik op tabblad "Firefox", plaats een vinkje bij Select All.
        Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        (dit haalt het vinkje weer weg bij "Firefox saved passwords")
        Klik op de knop Empty Selected.

        Het volgende doen als je ook Opera als browser hebt:
        Klik op tabblad "Opera", plaats een vinkje bij Select All.
        Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        Klik op de knop Empty Selected.
        Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

        Ga naar Start - Uitvoeren en geef hier het volgende in:
        Combofix /U
        Druk daarna op OK.
        Let op: Er moet een spatie tussen Combofix en /U zitten.

        Dit zal Combofix deïnstalleren.

        Post als laatste nog een nieuw logje van Hijackthis ter controle

        Comment


        • #5
          Ik krijg Combofix niet gedeinstalleerd.

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 18:28, on 2008-02-22
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16574)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Windows Defender\MsMpEng.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\AlienGUIse\wbload.exe
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          C:\Program Files\Alwil Software\Avast4\ashServ.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
          C:\WINDOWS\Explorer.EXE
          C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          C:\WINDOWS\system32\RUNDLL32.EXE
          C:\Program Files\Windows Defender\MSASCui.exe
          C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
          C:\Program Files\Windows Live\Messenger\msnmsgr.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\WINDOWS\ATKKBService.exe
          C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
          C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\WINDOWS\system32\PnkBstrA.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
          C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
          C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Windows Live\Messenger\usnsvc.exe
          C:\Program Files\Windows Media Player\wmplayer.exe
          C:\Program Files\Mozilla Firefox\firefox.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
          O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
          O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
          O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
          O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
          O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
          O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
          O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
          O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
          O23 - Service: MSCSPTISRV - Unknown owner - -C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
          O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
          O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: Office Source Engine (ose) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (file missing)
          O23 - Service: PACSPTISVR - Unknown owner - -C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
          O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
          O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - -C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
          O23 - Service: SonicStage SCSI Service (SSScsiSV) - Unknown owner - -C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (file missing)
          O23 - Service: StyleXPService - Unknown owner - -"C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe" (file missing)
          O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
          O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - -"C:\Program Files\Windows Live\installer\WLSetupSvc.exe" (file missing)
          O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
          O23 - Service: Windows Media Player Network Sharing-service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)

          --
          End of file - 7870 bytes

          Comment


          • #6
            Wat lukt er niet dan?

            Download eventueel Combofix opnieuw, laat deze opnieuw lopen en probeer daarna Uninstall opnieuw

            Comment


            • #7
              Alleen uninstallen lukt niet, zegt ie dat ie combofix niet kan vinden, maar ik heb ook gewoon die spatie gedaan enzo. Vorige keer had ik dit probleem ook al, maart toen lukte het me later wel. Nu ff jou manier proberen

              Comment


              • #8
                Als het echt niet lukt, verwijder dan alles van Combofix handmatig en doe daarna dit:

                Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                Kijk hier hoe je je systeemherstel moet uitschakelen.
                Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                Groeten smeenk
                Last edited by smeenk; 21-02-08, 19:28.

                Comment


                • #9
                  Okee, want als ik Combofix opnieuw download en daarna opstart krijg ik deze foutmelding:

                  Comment


                  • #10
                    Zie deze post:

                    Comment


                    • #11
                      Combofix staat er nog:S En kan ik niet verwijderen. En de map Qoobox kan die ook weg?

                      Comment


                      • #12
                        Kijk of je het in veilige modus kan verwijderen.

                        C:\Qoobox mag ook weg.

                        Comment


                        • #13
                          Toch gelukt na Systeemherstel uitschakelen en inschakelen

                          Bedankt!

                          Comment


                          • #14
                            Graag gedaan hoor

                            Comment

                            Sorry, you are not authorized to view this page
                            Working...
                            X