Mededeling

Collapse
No announcement yet.

Momenteel zit ik met een virus op m'n laptop genaamd Smitfraud-C.CoreService(core.cache.dsk)

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Momenteel zit ik met een virus op m'n laptop genaamd Smitfraud-C.CoreService(core.cache.dsk)

    Wie wil mij helpen om van die vreselijk irritante pop-ups van mijn computer af
    te halen die ontstaan door bovengenoemde malware.

    Ik ben al enkele dagen bezigom het virus eraf te krijgen, hetgeen mij niet lukt. Telkens als ik het geinfecteerde bestand(core.cash.dsk) heb verwijderd uit c:/windows/system32/drivers , komt dit hardnekkige virus zo weer terug.

    Hieronder het Hijackthis logfile

    Alvast heel hartelijk dank

    Tejo


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:51:49, on 24-2-2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O20 - AppInit_DLLs: APSHook.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe (file missing)
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 7095 bytes

  • #2
    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen(je kan hem ook hier vinden: C:\Combofix.txt)
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      log combofix

      ComboFix 08-02-24.4 - Theo 2008-02-24 20:07:39.3 - NTFSx86
      Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1233 [GMT 1:00]
      Gestart vanuit: C:\Users\Theo.PC_van_theo\Desktop\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Windows\system32\drivers\core.cache.dsk . . . . konden niet verwijderd worden

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-24 to 2008-02-24 ))))))))))))))))))))))))))))))
      .

      Geen nieuwe bestanden aangemaakt in deze periode

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-24 15:07 --------- d-----w C:\Program Files\Spybot - Search & Destroy
      2008-02-24 15:07 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
      2008-02-22 21:02 --------- d-----w C:\Program Files\Trend Micro
      2008-02-22 19:54 --------- d-----w C:\Program Files\Lavasoft
      2008-02-22 19:54 --------- d-----w C:\PROGRA~2\Lavasoft
      2008-02-22 19:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
      2008-02-22 15:20 --------- d-----w C:\PROGRA~2\Messenger Plus!
      2008-02-22 09:17 167,545 ----a-w C:\Windows\system32\drivers\core.cache.dsk
      2008-02-21 13:57 --------- d-----w C:\PROGRA~2\Sunbelt Software
      2008-02-21 13:53 --------- d-----w C:\Program Files\Sunbelt Software
      2008-02-16 11:14 --------- d-----w C:\Users\Kim\AppData\Roaming\ESET
      2008-02-15 12:55 --------- d-----w C:\Users\Theo.PC_van_theo\AppData\Roaming\uTorrent
      2008-02-15 08:31 --------- d-----w C:\PROGRA~2\Avg7
      2008-02-15 08:27 86,144 ----a-w C:\Windows\system32\drivers\mrxsmb200.sys
      2008-02-15 07:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-02-15 07:49 --------- d-----w C:\Program Files\Mouse Driver
      2008-02-14 17:18 27,744 ----a-w C:\Users\Theo.PC_van_theo\AppData\Roaming\nvModes.dat
      2008-02-14 17:03 27,649 ----a-w C:\Users\Kim\AppData\Roaming\nvModes.dat
      2008-02-14 14:50 --------- d-----w C:\Program Files\Packard Bell Eclipse
      2008-02-14 14:44 --------- d-----w C:\Users\Kim\AppData\Roaming\Sunbelt Software
      2008-02-14 14:08 --------- d-----w C:\Users\Theo.PC_van_theo\AppData\Roaming\Sunbelt Software
      2008-02-14 12:45 --------- d-----w C:\PROGRA~2\NVIDIA
      2008-02-14 12:37 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
      2008-02-14 12:35 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
      2008-02-14 12:35 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
      2008-02-14 12:35 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
      2008-02-14 12:35 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
      2008-02-14 12:35 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
      2008-02-14 12:35 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
      2008-02-14 12:35 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
      2008-02-14 12:35 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
      2008-02-14 12:32 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
      2008-02-14 12:32 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
      2008-02-14 12:32 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
      2008-02-14 12:32 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
      2008-02-14 12:32 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
      2008-02-14 12:31 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
      2008-02-14 12:31 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
      2008-02-14 12:29 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
      2008-02-14 12:29 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
      2008-02-14 12:29 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
      2008-02-14 12:29 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
      2008-02-14 12:27 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
      2008-02-12 17:09 --------- d-----w C:\Program Files\ESET
      2008-02-12 17:07 --------- d-----w C:\Program Files\Common Files\Adobe
      2008-02-12 17:07 --------- d-----w C:\Program Files\CCleaner
      2008-02-11 11:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2008-02-11 11:32 --------- d-----w C:\PROGRA~2\Symantec
      2008-02-10 13:53 --------- d-----w C:\PROGRA~2\ESET
      2008-02-10 10:43 --------- d-----w C:\Users\Theo.PC_van_theo\AppData\Roaming\ESET
      2008-01-24 17:57 --------- d-----w C:\Users\Theo.PC_van_theo\AppData\Roaming\BSplayer Pro
      2008-01-24 14:49 --------- d-----w C:\Program Files\CONEXANT
      2008-01-24 13:10 6,144 ----a-w C:\Windows\system32\drivers\moufiltr.sys
      2008-01-24 13:10 --------- d-----w C:\Program Files\Trust
      2008-01-19 09:26 --------- d-----w C:\Program Files\Office
      2008-01-19 09:12 --------- d-----w C:\Program Files\word2000
      2008-01-19 09:09 --------- d-----w C:\Users\Theo.PC_van_theo\AppData\Roaming\Template
      2008-01-19 09:08 0 ----a-w C:\Users\Theo.PC_van_theo\AppData\Roaming\wklnhst.dat
      2008-01-19 08:52 --------- d-----w C:\Users\Theo.PC_van_theo\AppData\Roaming\Microsoft Web Folders
      2008-01-18 17:53 --------- d-----w C:\Program Files\Windows Live
      2008-01-18 17:53 --------- d-----w C:\Program Files\MSN Messenger
      2008-01-18 17:53 --------- d-----w C:\Program Files\Messenger Plus! Live
      2008-01-18 15:35 --------- d-----w C:\Program Files\Webteh
      2008-01-17 21:30 --------- d-----w C:\Program Files\ShareazaPlus
      2008-01-17 20:58 27,430 ----a-w C:\Users\Joosje\AppData\Roaming\nvModes.dat
      2008-01-17 20:48 --------- d-----w C:\Users\Theo.PC_van_theo\AppData\Roaming\BSplayer
      2008-01-17 19:37 --------- d-----w C:\PROGRA~2\Roxio
      2008-01-15 20:13 --------- d-----w C:\Program Files\Logitech
      2008-01-09 18:02 --------- d-----w C:\Program Files\Windows Sidebar
      2008-01-09 18:02 --------- d-----w C:\Program Files\Windows Mail
      2008-01-09 17:26 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
      2008-01-09 17:26 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
      2008-01-05 14:43 --------- d-----w C:\Program Files\Microsoft Silverlight
      2008-01-05 11:50 --------- d-----w C:\Program Files\Microsoft Windows Vista Upgrade Advisor
      2008-01-05 11:47 --------- d-----w C:\PROGRA~2\Microsoft Corporation
      2008-01-02 17:55 --------- d-----w C:\Program Files\Java
      2007-12-28 19:17 --------- d-----w C:\Program Files\HP
      2007-12-28 19:17 --------- d-----w C:\Program Files\Common Files\InstallShield
      2007-12-28 19:14 --------- d-----w C:\Program Files\Hewlett-Packard
      2007-12-27 10:27 --------- d-----w C:\PROGRA~2\Hewlett-Packard
      2007-12-17 14:02 174 --sha-w C:\Program Files\desktop.ini
      2007-12-14 19:40 2,923,520 ----a-w C:\Windows\explorer.exe
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 12:26 484904]
      "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 18:25 1232896]
      "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-20 03:02 1006264]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]
      "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 10:54 50696]
      "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 12:18 472776]
      "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 15:12 317128]
      "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
      "CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 19:12 17920]
      "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
      "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 08:05 86016]
      "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 08:05 8534560]
      "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 08:05 81920]
      "SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-11-28 12:57 698864]
      "MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45 222208]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
      "LogonHoursAction"= 2 (0x2)
      "DontDisplayLogonHoursWarnings"= 1 (0x1)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=APSHook.dll

      [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Snelle start.lnk]
      path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Snelle start.lnk
      backup=C:\Windows\pss\Adobe Reader Snelle start.lnk.CommonStartup
      backupExtension=.CommonStartup

      [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
      path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
      backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
      backupExtension=.CommonStartup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
      --a------ 2007-03-22 15:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
      --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
      --a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBCSTray]
      --a------ 2007-11-28 12:57 698864 C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBRegRebootCleaner]
      --a------ 2007-11-28 12:57 141808 C:\Program Files\Sunbelt Software\CounterSpy\SBRC.exe

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "{4B892158-3238-4DFB-9181-3E857E7F1B92}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
      "TCP Query User{5F3A6630-1B19-4EF7-B554-02F2E11D3D11}C:\program files\utorrent\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent|Desc=uTorrent
      "UDP Query User{E20C6E8E-F673-4A40-8AE4-A359F87E4474}C:\program files\utorrent\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent|Desc=uTorrent
      "{7C445178-1B0E-4B01-985F-4328995DAACF}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
      "{993C241A-3153-400D-89DB-757AAC94CD74}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
      "{591B9AD9-0DDD-46B0-8C80-CD2AEBCF782E}"= UDP:C:\Program Files\ShareazaPlus\Shareaza.exe:ShareazaPlus
      "{224475D7-B289-4B54-85C0-C2BA852E2E90}"= TCP:C:\Program Files\ShareazaPlus\Shareaza.exe:ShareazaPlus
      "{96879061-3BB6-4EBC-8241-631C159972FB}"= UDP:C:\Program Files\ShareazaPlus\Shareaza.exe:ShareazaPlus
      "{D29A5F58-5D0C-4B66-A79A-6884FAFB9433}"= TCP:C:\Program Files\ShareazaPlus\Shareaza.exe:ShareazaPlus
      "TCP Query User{52847A11-868B-46FE-AB78-9219B8ECF12F}C:\gedownloade bestanden\utorrent.exe"= UDP:C:\gedownloade bestanden\utorrent.exe:utorrent|Desc=utorrent
      "UDP Query User{203BC991-B7AB-4918-A53A-FB34BD6E319B}C:\gedownloade bestanden\utorrent.exe"= TCP:C:\gedownloade bestanden\utorrent.exe:utorrent|Desc=utorrent

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
      "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
      "EnableFirewall"= 0 (0x0)

      R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2006-11-02 10:45]
      R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2006-11-02 10:45]
      R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 06:27]
      R3 moufiltr;Mouse Filter;C:\Windows\system32\DRIVERS\moufiltr.sys [2008-01-24 14:10]
      R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-17 00:50]
      S2 perfmons;perfmons Service;C:\Windows\system32\perfs.exe
      S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 16:43]
      S3 KMWDFilter;KMWDFilter;C:\Windows\System32\Drivers\KMWDFilter.SYS [2007-03-29 15:00]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      Cognizance REG_MULTI_SZ ASBroker ASChannel
      GPSvcGroup REG_MULTI_SZ GPSvc

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f648c97d-daf9-11dc-bd83-001b24dd61a1}]
      \shell\AutoRun\command - F:\ClickMe.exe


      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
      "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-02-22 10:34:00 C:\Windows\Tasks\At1.job"
      - C:\Windows\system32\kmd.exe
      "2008-02-22 13:05:49 C:\Windows\Tasks\At2.job"
      - C:\Windows\system32\kmd.exe
      "2008-02-24 19:14:31 C:\Windows\Tasks\At3.job"
      - C:\Windows\system32\kmd.exe
      "2008-02-04 19:00:00 C:\Windows\Tasks\Norton Internet Security - Volledige systeemscan - theo.job"
      - c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-24 20:15:41
      Windows 6.0.6000 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
      C:\Program Files\ESET\ESET Smart Security\ekrn.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\Windows\system32\locator.exe
      C:\Windows\system32\DRIVERS\xaudio.exe
      C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      C:\Windows\system32\conime.exe
      C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
      .
      **************************************************************************
      .
      Voltooingstijd: 2008-02-24 20:18:14 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-02-24 19:18:10
      ComboFix2.txt 2008-02-22 10:49:43
      .
      2008-02-14 12:53:54 --- E O F ---

      Comment


      • #4
        Start de computer in veilige modus.

        Ga naar Start - Uitvoeren en geef daar het volgende in:
        sc delete mrxsmb200
        Druk op OK.

        Doe het voorgaande nog een keer met de volgende regel:
        sc delete perfmons

        Zoek de volgende 2 bestanden op en probeer ze te verwijderen:
        C:\Windows\system32\drivers\core.cache.dsk
        C:\Windows\system32\drivers\mrxsmb200.sys

        Kan je ze niet verwijderen, probeer ze dan te hernoemen(rechtsklikken en kiezen voor "Naam Wijzigen")

        Herstart in normale modus en post een nieuw logje van Combofix

        Comment


        • #5
          Hallo Smeenk,

          Die vreselijk irritante pop-ups,die niet leken weg te slaan,komen op dit moment niet meer.

          Zou je de combofix-log nog weer even willen bekijken en zien of alles nu weer goed is.

          1000 maal dank

          Tejo

          ComboFix 08-02-24.4 - Theo 2008-02-25 16:42:04.4 - NTFSx86
          Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1260 [GMT 1:00]
          Gestart vanuit: C:\Users\Theo.PC_van_theo\Desktop\ComboFix.exe
          .

          (((((((((((((((((((( Bestanden Gemaakt van 2008-01-25 to 2008-02-25 ))))))))))))))))))))))))))))))
          .

          Geen nieuwe bestanden aangemaakt in deze periode

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-02-24 15:07 --------- d-----w C:\Program Files\Spybot - Search & Destroy
          2008-02-24 15:07 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
          2008-02-22 21:02 --------- d-----w C:\Program Files\Trend Micro
          2008-02-22 19:54 --------- d-----w C:\Program Files\Lavasoft
          2008-02-22 19:54 --------- d-----w C:\PROGRA~2\Lavasoft
          2008-02-22 19:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
          2008-02-22 15:20 --------- d-----w C:\PROGRA~2\Messenger Plus!
          2008-02-21 13:57 --------- d-----w C:\PROGRA~2\Sunbelt Software
          2008-02-21 13:53 --------- d-----w C:\Program Files\Sunbelt Software
          2008-02-16 11:14 --------- d-----w C:\Users\Kim\AppData\Roaming\ESET
          2008-02-15 12:55 --------- d-----w C:\Users\Theo.PC_van_theo\AppData\Roaming\uTorrent
          2008-02-15 08:31 --------- d-----w C:\PROGRA~2\Avg7
          2008-02-15 08:30 266,240 ----a-w C:\Windows\System32\andt.sys
          2008-02-15 07:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2008-02-15 07:49 --------- d-----w C:\Program Files\Mouse Driver
          2008-02-14 17:18 27,744 ----a-w C:\Users\Theo.PC_van_theo\AppData\Roaming\nvModes.dat
          2008-02-14 17:03 27,649 ----a-w C:\Users\Kim\AppData\Roaming\nvModes.dat
          2008-02-14 14:50 --------- d-----w C:\Program Files\Packard Bell Eclipse
          2008-02-14 14:44 --------- d-----w C:\Users\Kim\AppData\Roaming\Sunbelt Software
          2008-02-14 14:08 --------- d-----w C:\Users\Theo.PC_van_theo\AppData\Roaming\Sunbelt Software
          2008-02-14 12:45 --------- d-----w C:\PROGRA~2\NVIDIA
          2008-02-14 12:37 194,560 ----a-w C:\Windows\System32\WebClnt.dll
          2008-02-14 12:37 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
          2008-02-14 12:32 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
          2008-02-14 12:32 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
          2008-02-14 12:32 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
          2008-02-14 12:32 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
          2008-02-14 12:32 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
          2008-02-14 12:32 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
          2008-02-14 12:32 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
          2008-02-14 12:31 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
          2008-02-14 12:31 24,064 ----a-w C:\Windows\System32\netcfg.exe
          2008-02-14 12:31 22,016 ----a-w C:\Windows\System32\netiougc.exe
          2008-02-14 12:31 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
          2008-02-14 12:31 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
          2008-02-14 12:29 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
          2008-02-14 12:29 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
          2008-02-14 12:29 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
          2008-02-14 12:29 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
          2008-02-14 12:29 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
          2008-02-14 12:29 1,686,528 ----a-w C:\Windows\System32\gameux.dll
          2008-02-14 12:27 824,832 ----a-w C:\Windows\System32\wininet.dll
          2008-02-14 12:27 56,320 ----a-w C:\Windows\System32\iesetup.dll
          2008-02-14 12:27 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
          2008-02-14 12:27 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
          2008-02-14 12:26 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
          2008-02-12 17:09 --------- d-----w C:\Program Files\ESET
          2008-02-12 17:07 --------- d-----w C:\Program Files\Common Files\Adobe
          2008-02-12 17:07 --------- d-----w C:\Program Files\CCleaner
          2008-02-11 11:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
          2008-02-11 11:32 --------- d-----w C:\PROGRA~2\Symantec
          2008-02-10 13:53 --------- d-----w C:\PROGRA~2\ESET
          2008-02-10 10:43 --------- d-----w C:\Users\Theo.PC_van_theo\AppData\Roaming\ESET
          2008-01-24 17:57 --------- d-----w C:\Users\Theo.PC_van_theo\AppData\Roaming\BSplayer Pro
          2008-01-24 14:49 --------- d-----w C:\Program Files\CONEXANT
          2008-01-24 13:10 6,144 ----a-w C:\Windows\system32\drivers\moufiltr.sys
          2008-01-24 13:10 --------- d-----w C:\Program Files\Trust
          2008-01-19 09:26 --------- d-----w C:\Program Files\Office
          2008-01-19 09:12 --------- d-----w C:\Program Files\word2000
          2008-01-19 09:09 --------- d-----w C:\Users\Theo.PC_van_theo\AppData\Roaming\Template
          2008-01-19 09:08 0 ----a-w C:\Users\Theo.PC_van_theo\AppData\Roaming\wklnhst.dat
          2008-01-19 08:52 --------- d-----w C:\Users\Theo.PC_van_theo\AppData\Roaming\Microsoft Web Folders
          2008-01-18 17:53 --------- d-----w C:\Program Files\Windows Live
          2008-01-18 17:53 --------- d-----w C:\Program Files\MSN Messenger
          2008-01-18 17:53 --------- d-----w C:\Program Files\Messenger Plus! Live
          2008-01-18 15:35 --------- d-----w C:\Program Files\Webteh
          2008-01-17 21:30 --------- d-----w C:\Program Files\ShareazaPlus
          2008-01-17 20:58 27,430 ----a-w C:\Users\Joosje\AppData\Roaming\nvModes.dat
          2008-01-17 20:48 --------- d-----w C:\Users\Theo.PC_van_theo\AppData\Roaming\BSplayer
          2008-01-17 19:37 --------- d-----w C:\PROGRA~2\Roxio
          2008-01-15 20:13 --------- d-----w C:\Program Files\Logitech
          2008-01-09 18:02 --------- d-----w C:\Program Files\Windows Sidebar
          2008-01-09 18:02 --------- d-----w C:\Program Files\Windows Mail
          2008-01-09 17:26 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
          2008-01-09 17:26 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
          2008-01-09 17:25 11,776 ----a-w C:\Windows\System32\sbunattend.exe
          2008-01-05 14:43 --------- d-----w C:\Program Files\Microsoft Silverlight
          2008-01-05 11:50 --------- d-----w C:\Program Files\Microsoft Windows Vista Upgrade Advisor
          2008-01-05 11:47 --------- d-----w C:\PROGRA~2\Microsoft Corporation
          2008-01-02 17:55 --------- d-----w C:\Program Files\Java
          2007-12-28 19:17 --------- d-----w C:\Program Files\HP
          2007-12-28 19:17 --------- d-----w C:\Program Files\Common Files\InstallShield
          2007-12-28 19:14 --------- d-----w C:\Program Files\Hewlett-Packard
          2007-12-27 10:27 --------- d-----w C:\PROGRA~2\Hewlett-Packard
          2007-12-17 14:02 174 --sha-w C:\Program Files\desktop.ini
          2007-12-14 19:42 8,192 ----a-w C:\Windows\System32\riched32.dll
          2007-12-14 19:41 87,040 ----a-w C:\Windows\System32\msoert2.dll
          2007-12-14 19:41 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
          2007-12-14 19:41 205,824 ----a-w C:\Windows\System32\msoeacct.dll
          2007-12-14 19:40 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
          2007-12-14 19:40 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
          2007-12-14 19:40 542,720 ----a-w C:\Windows\System32\sysmain.dll
          2007-12-14 19:40 502,784 ----a-w C:\Windows\System32\wlansvc.dll
          2007-12-14 19:40 47,104 ----a-w C:\Windows\System32\wlanapi.dll
          2007-12-14 19:40 297,984 ----a-w C:\Windows\System32\wlansec.dll
          2007-12-14 19:40 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
          2007-12-14 19:40 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
          2007-12-14 19:40 2,923,520 ----a-w C:\Windows\explorer.exe
          2007-12-14 19:40 2,027,008 ----a-w C:\Windows\System32\win32k.sys
          2007-12-14 19:39 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 12:26 484904]
          "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
          "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 18:25 1232896]
          "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-20 03:02 1006264]
          "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]
          "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 10:54 50696]
          "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 12:18 472776]
          "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 15:12 317128]
          "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
          "CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 19:12 17920]
          "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
          "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 08:05 86016]
          "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 08:05 8534560]
          "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 08:05 81920]
          "SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-11-28 12:57 698864]
          "MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45 222208]

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
          "LogonHoursAction"= 2 (0x2)
          "DontDisplayLogonHoursWarnings"= 1 (0x1)

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
          "AppInit_DLLs"=APSHook.dll

          [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Snelle start.lnk]
          path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Snelle start.lnk
          backup=C:\Windows\pss\Adobe Reader Snelle start.lnk.CommonStartup
          backupExtension=.CommonStartup

          [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
          path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
          backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
          backupExtension=.CommonStartup

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
          --a------ 2007-03-22 15:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
          --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
          --a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBCSTray]
          --a------ 2007-11-28 12:57 698864 C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBRegRebootCleaner]
          --a------ 2007-11-28 12:57 141808 C:\Program Files\Sunbelt Software\CounterSpy\SBRC.exe

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
          "EnableFirewall"= 0 (0x0)

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
          "{4B892158-3238-4DFB-9181-3E857E7F1B92}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
          "TCP Query User{5F3A6630-1B19-4EF7-B554-02F2E11D3D11}C:\program files\utorrent\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent|Desc=uTorrent
          "UDP Query User{E20C6E8E-F673-4A40-8AE4-A359F87E4474}C:\program files\utorrent\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent|Desc=uTorrent
          "{7C445178-1B0E-4B01-985F-4328995DAACF}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
          "{993C241A-3153-400D-89DB-757AAC94CD74}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
          "{591B9AD9-0DDD-46B0-8C80-CD2AEBCF782E}"= UDP:C:\Program Files\ShareazaPlus\Shareaza.exe:ShareazaPlus
          "{224475D7-B289-4B54-85C0-C2BA852E2E90}"= TCP:C:\Program Files\ShareazaPlus\Shareaza.exe:ShareazaPlus
          "{96879061-3BB6-4EBC-8241-631C159972FB}"= UDP:C:\Program Files\ShareazaPlus\Shareaza.exe:ShareazaPlus
          "{D29A5F58-5D0C-4B66-A79A-6884FAFB9433}"= TCP:C:\Program Files\ShareazaPlus\Shareaza.exe:ShareazaPlus
          "TCP Query User{52847A11-868B-46FE-AB78-9219B8ECF12F}C:\gedownloade bestanden\utorrent.exe"= UDP:C:\gedownloade bestanden\utorrent.exe:utorrent|Desc=utorrent
          "UDP Query User{203BC991-B7AB-4918-A53A-FB34BD6E319B}C:\gedownloade bestanden\utorrent.exe"= TCP:C:\gedownloade bestanden\utorrent.exe:utorrent|Desc=utorrent

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
          "EnableFirewall"= 0 (0x0)

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
          "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
          "EnableFirewall"= 0 (0x0)

          R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2006-11-02 10:45]
          R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2006-11-02 10:45]
          R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 06:27]
          R3 moufiltr;Mouse Filter;C:\Windows\system32\DRIVERS\moufiltr.sys [2008-01-24 14:10]
          R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-17 00:50]
          S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 16:43]
          S3 KMWDFilter;KMWDFilter;C:\Windows\System32\Drivers\KMWDFilter.SYS [2007-03-29 15:00]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
          Cognizance REG_MULTI_SZ ASBroker ASChannel
          GPSvcGroup REG_MULTI_SZ GPSvc

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f648c97d-daf9-11dc-bd83-001b24dd61a1}]
          \shell\AutoRun\command - F:\ClickMe.exe


          [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
          "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-02-22 10:34:00 C:\Windows\Tasks\At1.job"
          - C:\Windows\system32\kmd.exe
          "2008-02-22 13:05:49 C:\Windows\Tasks\At2.job"
          - C:\Windows\system32\kmd.exe
          "2008-02-24 19:14:31 C:\Windows\Tasks\At3.job"
          - C:\Windows\system32\kmd.exe
          "2008-02-04 19:00:00 C:\Windows\Tasks\Norton Internet Security - Volledige systeemscan - theo.job"
          - c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-02-25 16:44:11
          Windows 6.0.6000 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          Voltooingstijd: 2008-02-25 16:45:04
          ComboFix-quarantined-files.txt 2008-02-25 15:45:02
          ComboFix2.txt 2008-02-24 19:18:15
          ComboFix3.txt 2008-02-22 10:49:43
          .
          2008-02-14 12:53:54 --- E O F ---

          Comment


          • #6
            Download: RVAXO.exe
            • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
            • Open nu de map RVAXO op je bureaublad en zoek het volgende bestand op: RunMe.cmd
              Rechtsklik RunMe.cmd en kies voor 'Run as Administrator'.
              Daarna mag je RunMe.cmd dubbelklikken. Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
            • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
            • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
              Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
            • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
            • Post de inhoud van de logfile in je volgende bericht.

            Comment


            • #7
              Hoi Smeenk,

              Een log van Rvaxo lukt mij niet. Ik zal hieronder even puntsgewijs doorgeven wat de laptop precies doet/aangeeft:



              1)Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
              2)Open nu de map RVAXO op je bureaublad en zoek het volgende bestand op: RunMe.cmd
              Rechtsklik RunMe.cmd en kies voor 'Run as Administrator'.
              Daarna mag je RunMe.cmd dubbelklikken. Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
              3)Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
              4)Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
              Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
              5)Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
              6)Post de inhoud van de logfile in je volgende bericht.


              1) Dit lukt
              2) Dit lukt ook: vista vraagt wel voor toestemming register-editor. Nadat ik heel snel een schermpje open en dicht zie klikken blijft de vaste schijf 5 minuten knipperen en er gebeurd vervolgens niets meer.
              3) gebeurd niet
              4) gebeurd niet
              5) geprobeerd maar onder C: staat geen file RVAXO-results-log
              6) helaas, maar lukt me dus niet

              Heb je enig idee wat de oorzaak hiervan kan zijn??

              Mvrgr,
              Tejo

              Comment


              • #8
                Hoi Smeenk,

                Nadat ik bij Gebruikersaccounts de UAC tijdelijk heb uitgeschakeld is het me nu wel gelukt. Hieronder de logfile van RVAXO.

                Zou je er even naar willen kijken. Alvast dank hiervoor

                Groeten
                Tejo



                ---RVAXO.exe Updated: 2008-02-26---first run---
                Uninstallers:

                Files found:
                C:\Windows\tasks\At1.job
                C:\Windows\tasks\At2.job
                C:\Windows\system32\vbzip11.dll
                C:\Windows\system32\drmgs.sys

                Folders Found:


                --------------RVAXO.exe last run---------------
                Files found:

                Folders Found:

                --------------RVAXO.exe finished----------------

                Comment


                • #9
                  UAC was de oorzaak, deze houdt te veel tegen

                  Post maar even een logje van Hijackthis en vertel of er nog problemen zijn

                  Comment


                  • #10
                    Hoi Smeenk,

                    Hieronder zie je de meest actuele log-file van hijackthis.
                    Die irritante pop-ups krijg ik nu gelukkig niet meer. Toppie
                    De computer start, vind ik, te traag op.
                    Heb jij misschien nog suggesties,tips, oid.

                    Alvast bedankt,
                    Tejo

                    Logfile of Trend Micro HijackThis v2.0.2
                    Scan saved at 20:09, on 2008-02-26
                    Platform: Windows Vista (WinNT 6.00.1904)
                    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
                    Boot mode: Normal

                    Running processes:
                    C:\Windows\system32\Dwm.exe
                    c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
                    C:\Windows\Explorer.EXE
                    C:\Windows\system32\taskeng.exe
                    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
                    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
                    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
                    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                    C:\Windows\System32\rundll32.exe
                    C:\Program Files\ESET\ESET Smart Security\egui.exe
                    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
                    C:\Windows\ehome\ehtray.exe
                    C:\Program Files\Windows Sidebar\sidebar.exe
                    C:\Program Files\Windows Media Player\wmpnscfg.exe
                    C:\Windows\ehome\ehmsas.exe
                    C:\Windows\System32\rundll32.exe
                    C:\Program Files\Windows Sidebar\sidebar.exe
                    C:\Program Files\Internet Explorer\ieuser.exe
                    C:\Program Files\Internet Explorer\iexplore.exe
                    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                    O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
                    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                    O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
                    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
                    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
                    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
                    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
                    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
                    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
                    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
                    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
                    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
                    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
                    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
                    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
                    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
                    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
                    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
                    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
                    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
                    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
                    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
                    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
                    O13 - Gopher Prefix:
                    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
                    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                    O20 - AppInit_DLLs: APSHook.dll
                    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
                    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
                    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
                    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
                    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
                    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
                    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
                    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

                    --
                    End of file - 6772 bytes

                    Comment


                    • #11
                      Doorloop de stappen van deze handleiding eens:

                      Comment


                      • #12
                        Smeenk,

                        Bedankt voor de moeite. Ik zal dit bericht als afgehandeld melden

                        Comment


                        • #13
                          Graag gedaan hoor

                          Comment

                          Sorry, you are not authorized to view this page
                          Working...
                          X