Mededeling

Collapse
No announcement yet.

celldorado.com

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • celldorado.com

    hoi,

    ik heb last van celldorado.com pop-ups. Ik heb bij andere forums gekeken, en ik heb gezien dat ik RVAXO moest downloaden, dus dat heb ik gedaan, en dit is het logje van RVAXO en die van Hijackthis. Alvast bedankt!

    ---RVAXO.exe Updated: 2008-03-06---first run---
    Uninstallers:

    Files found:
    C:\WINDOWS\system32\spads.dll
    C:\WINDOWS\system32\superiorads-uninst.exe
    C:\WINDOWS\system32\sprt_ads.dll

    Folders Found:
    C:\Program Files\IntelligentAdvisor

    Hosts-file was reset, If you use a custom hosts file please replace it...

    --------------RVAXO.exe last run---------------
    Not deleted items:

    --------------RVAXO.exe finished----------------



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:26:59, on 6-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\system32\rlls.dll (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    --
    End of file - 8929 bytes

  • #2
    Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
    Dit zal alles van RVAXO verwijderen.

    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen(je kan hem ook hier vinden: C:\Combofix.txt)
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      hoi,

      ComboFix 08-03-07.1 - Eigenaar 2008-03-07 18:35:59.1 - NTFSx86
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.354 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Eigenaar.VICOMPUTER\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\pskill.exe

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-02-07 to 2008-03-07 ))))))))))))))))))))))))))))))
      .

      2008-03-06 18:49 . 2006-11-09 14:15 20,480 --a------ C:\WINDOWS\system32\825051.dll
      2008-03-06 18:49 . 2006-11-09 14:15 20,480 --a------ C:\WINDOWS\system32\6961c60.dll
      2008-03-06 17:29 . 2008-03-06 17:29 <DIR> d--hs---- C:\found.000
      2008-03-05 14:56 . 2008-03-05 14:56 <DIR> d-------- C:\Program Files\Trend Micro
      2008-02-29 12:23 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
      2008-02-29 12:21 . 2008-02-29 12:21 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
      2008-02-29 12:09 . 2008-03-06 19:22 <DIR> d-------- C:\Program Files\Windows Live
      2008-02-29 12:09 . 2008-02-29 12:14 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
      2008-02-29 12:09 . 2008-02-29 12:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-02-25 19:06 . 2003-07-20 19:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
      2008-02-25 19:06 . 2005-01-04 10:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
      2008-02-25 19:05 . 2008-02-25 19:05 <DIR> d-------- C:\Nexon
      2008-02-25 19:05 . 2008-02-25 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NexonUS
      2008-02-25 17:38 . 2006-10-23 01:30 1,689,088 --a------ C:\WINDOWS\system32\67f52be.dll
      2008-02-25 17:38 . 2006-10-23 01:30 1,689,088 --a------ C:\WINDOWS\system32\147ac8e0.dll
      2008-02-24 16:14 . 2006-11-09 14:15 20,480 --a------ C:\WINDOWS\system32\2dda49b.dll
      2008-02-24 16:14 . 2006-11-09 14:15 20,480 --a------ C:\WINDOWS\system32\1f81e02c.dll
      2008-02-22 21:19 . 2006-10-23 01:30 1,689,088 --a------ C:\WINDOWS\system32\b2970f0.dll
      2008-02-22 21:19 . 2006-10-23 01:30 1,689,088 --a------ C:\WINDOWS\system32\98e029a.dll
      2008-02-22 21:19 . 2006-10-23 01:30 1,689,088 --a------ C:\WINDOWS\system32\18c2b920.dll
      2008-02-22 21:19 . 2006-10-23 01:30 1,689,088 --a------ C:\WINDOWS\system32\13f9c6a7.dll
      2008-02-22 21:19 . 2006-11-09 14:15 20,480 --a------ C:\WINDOWS\system32\2b322ce8.dll
      2008-02-22 21:19 . 2006-11-09 14:15 20,480 --a------ C:\WINDOWS\system32\2a4c0e9.dll
      2008-02-22 21:19 . 2006-11-09 14:15 20,480 --a------ C:\WINDOWS\system32\1a0f96d9.dll
      2008-02-22 21:19 . 2006-11-09 14:15 20,480 --a------ C:\WINDOWS\system32\198dffd0.dll
      2008-02-22 20:42 . 2006-10-23 01:30 1,689,088 --a------ C:\WINDOWS\system32\b19efcd.dll
      2008-02-22 20:42 . 2006-10-23 01:30 1,689,088 --a------ C:\WINDOWS\system32\2bb04000.dll
      2008-02-10 18:22 . 2008-02-10 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
      2008-02-10 18:20 . 2008-02-10 18:20 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
      2008-02-10 18:20 . 2008-02-10 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
      2008-02-10 18:19 . 2008-02-10 18:19 <DIR> d-------- C:\Program Files\Common Files\HP
      2008-02-10 18:17 . 2008-02-10 18:17 <DIR> d-------- C:\Program Files\Hewlett-Packard
      2008-02-10 18:15 . 2008-02-10 18:16 <DIR> d-------- C:\WINDOWS\system32\URTTemp
      2008-02-10 18:14 . 2008-02-10 18:14 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
      2008-02-10 18:03 . 2008-02-10 18:24 90,186 --a------ C:\WINDOWS\hpoins06.dat
      2008-02-10 18:03 . 2005-06-03 06:53 5,389 --------- C:\WINDOWS\hpomdl06.dat

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-03-05 14:04 --------- d-----w C:\Program Files\Catan
      2008-03-05 14:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-02-29 17:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2008-02-22 13:45 --------- d-----w C:\Program Files\EA GAMES
      2008-02-11 14:00 --------- d-----w C:\Program Files\Common Files\Adobe
      2008-02-10 18:36 --------- d-----w C:\Documents and Settings\Eigenaar.VICOMPUTER\Application Data\HP
      2008-02-10 17:22 --------- d-----w C:\Program Files\HP
      2008-02-01 20:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
      2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
      2008-01-15 08:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
      2008-01-15 04:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
      2008-01-12 17:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
      2007-12-21 19:03 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
      2007-12-07 02:18 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
      2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-10-23 01:30 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 17:32 68856]
      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 17:21 16270848 C:\WINDOWS\RTHDCPL.EXE]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
      "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 02:01 32768]
      "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
      "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 00:11 771704]
      "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-10-23 01:30 15360]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "nltide_3"="advpack.dll" [2007-12-07 03:18 124928 C:\WINDOWS\system32\advpack.dll]

      C:\Documents and Settings\Eigenaar.VICOMPUTER\Menu Start\Programma's\Opstarten\
      MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-12-30 10:39:34 557568]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-03 10:10:19 113664]
      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
      Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoSMConfigurePrograms"= 1 (0x1)

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
      "NoSMConfigurePrograms"= 1 (0x1)

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusDisableNotify"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
      "C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
      "C:\\Nexon\\KartRider\\NMService.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

      R0 m5287;m5287;C:\WINDOWS\system32\DRIVERS\m5287.sys [2006-02-26 16:21]

      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-03-06 15:00:02 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
      - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
      "2008-03-03 20:23:36 C:\WINDOWS\Tasks\Norton AntiVirus - Volledige systeemscan - Eigenaar.job"
      - C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-03-07 18:39:11
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-03-07 18:39:42
      ComboFix-quarantined-files.txt 2008-03-07 17:39:39
      .
      2008-03-01 21:52:28 --- E O F ---

      Comment


      • #4
        Open een kladblokbestand.
        Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.


        @ECHO OFF
        IF EXIST log.txt DEL log.txt
        ATTRIB -r -s -h C:\found.000
        rd /s /q C:\found.000
        ECHO Deleting files>>log.txt
        FOR %%g in (
        C:\WINDOWS\system32\825051.dll
        C:\WINDOWS\system32\6961c60.dll
        C:\found.000
        C:\WINDOWS\system32\67f52be.dll
        C:\WINDOWS\system32\147ac8e0.dll
        C:\WINDOWS\system32\2dda49b.dll
        C:\WINDOWS\system32\1f81e02c.dll
        C:\WINDOWS\system32\b2970f0.dll
        C:\WINDOWS\system32\98e029a.dll
        C:\WINDOWS\system32\18c2b920.dll
        C:\WINDOWS\system32\13f9c6a7.dll
        C:\WINDOWS\system32\2b322ce8.dll
        C:\WINDOWS\system32\2a4c0e9.dll
        C:\WINDOWS\system32\1a0f96d9.dll
        C:\WINDOWS\system32\198dffd0.dll
        C:\WINDOWS\system32\b19efcd.dll
        C:\WINDOWS\system32\2bb04000.dll) DO (
        IF EXIST %%g (
        ATTRIB -r -s -h %%g
        DEL %%g
        IF EXIST %%g (
        ECHO %%g not deleted>>log.txt
        ) ELSE (
        ECHO %%g deleted>>log.txt)
        ) ELSE (
        ECHO %%g not found>>log.txt))
        START NOTEPAD.EXE log.txt

        Ga naar Bestand - Opslaan als.
        Bij "Opslaan in" kies je: Bureaublad
        Bij "Bestandsnaam" zet je: del.bat
        Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
        Klik op de knop Opslaan.

        Dubbelklik op del.bat en post de inhoud van de logfile die opent.

        Meldt of er nog problemen zijn.

        Comment


        • #5
          Deleting files
          C:\WINDOWS\system32\825051.dll deleted
          C:\WINDOWS\system32\6961c60.dll deleted
          C:\found.000 not found
          C:\WINDOWS\system32\67f52be.dll deleted
          C:\WINDOWS\system32\147ac8e0.dll deleted
          C:\WINDOWS\system32\2dda49b.dll deleted
          C:\WINDOWS\system32\1f81e02c.dll deleted
          C:\WINDOWS\system32\b2970f0.dll deleted
          C:\WINDOWS\system32\98e029a.dll deleted
          C:\WINDOWS\system32\18c2b920.dll deleted
          C:\WINDOWS\system32\13f9c6a7.dll deleted
          C:\WINDOWS\system32\2b322ce8.dll deleted
          C:\WINDOWS\system32\2a4c0e9.dll deleted
          C:\WINDOWS\system32\1a0f96d9.dll deleted
          C:\WINDOWS\system32\198dffd0.dll deleted
          C:\WINDOWS\system32\b19efcd.dll deleted
          C:\WINDOWS\system32\2bb04000.dll deleted

          Comment


          • #6
            Ik heb de pop-ups niet vaak, maar af en toe, dus ik kan niet snel checken of ze weg zijn, maar ik denk het wel dus heel erg bedankt!

            Comment


            • #7
              Doe dit nog:

              Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
              Dit zal alles van RVAXO doen verwijderen.

              Je Java software is verouderd.
              Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
              Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
              • Download Java Runtime Environment (JRE) 6u5 en bewaar het naar je Bureaublad.
              • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
              • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
              • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
              • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
              • Herhaal dit tot alle oudere versies verdwenen zijn.
              • Na het verwijderen van alle oudere versies, herstart je pc.
              • Dubbelklik vervolgens op jre-6u5-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.


              Download ATF cleaner (mirror)(gemaakt door Atribune)

              Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

              Dubbelklik op ATF cleaner om het programma te starten.
              Op het tabblad "Main", plaats je een vinkje bij Select All.
              Klik op de knop Empty Selected.

              Het volgende doen als je ook FireFox als browser hebt:
              Klik op tabblad "Firefox", plaats een vinkje bij Select All.
              Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
              (dit haalt het vinkje weer weg bij "Firefox saved passwords")
              Klik op de knop Empty Selected.

              Het volgende doen als je ook Opera als browser hebt:
              Klik op tabblad "Opera", plaats een vinkje bij Select All.
              Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
              Klik op de knop Empty Selected.
              Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

              Ga naar Start - Uitvoeren en geef hier het volgende in:
              Combofix /U
              Druk daarna op OK.
              Let op: Er moet een spatie tussen Combofix en /U zitten.

              Dit zal Combofix deïnstalleren.

              Post als laatste nog een nieuw logje van Hijackthis ter controle

              Comment


              • #8
                heel erg bedankt en altjeblieft, hier is het logje:

                Logfile of Trend Micro HijackThis v2.0.2
                Scan saved at 19:26:37, on 7-3-2008
                Platform: Windows XP SP2 (WinNT 5.01.2600)
                MSIE: Internet Explorer v7.00 (7.00.6000.16608)
                Boot mode: Normal

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\Ati2evxx.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\system32\Ati2evxx.exe
                C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
                C:\WINDOWS\system32\spoolsv.exe
                C:\WINDOWS\Explorer.EXE
                C:\WINDOWS\RTHDCPL.EXE
                C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                C:\WINDOWS\system32\ctfmon.exe
                C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
                C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                C:\Program Files\MagicDisc\MagicDisc.exe
                C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
                C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
                C:\WINDOWS\system32\HPZipm12.exe
                C:\WINDOWS\system32\svchost.exe
                C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
                C:\WINDOWS\system32\wuauclt.exe
                C:\WINDOWS\system32\msiexec.exe
                C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
                C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
                C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
                C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
                C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
                C:\Program Files\Internet Explorer\iexplore.exe
                C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
                O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
                O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
                O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
                O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Lokale service')
                O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice')
                O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
                O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
                O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
                O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
                O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
                O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
                O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
                O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

                --
                End of file - 9028 bytes

                Comment


                • #9
                  Graag gedaan hoor

                  Je logje ziet er ook weer prima uit

                  Comment

                  Sorry, you are not authorized to view this page
                  Working...
                  X